Is Linux as Secure as We'd Like to Think? 1091
man_of_mr_e asks: "With all the recent brouhaha about Blaster and Sobig, there's been a lot of talk about how poor Windows security is, especially compared to the Linux we all know and love. But is this really true? The website defacement archive at Zone-h shows that Linux accounts for 61% of the defacements in the last 24 hours (note, this figure changes, so it might be different when you view it). An analysis of the last few weeks of their archive shows a similar percentage of exploited Linux systems. Note also that the 'Unknown' category is rather high, and certainly contains at least some Linux systems, further increasing the percentage. Why is this? Are we just deluding ourselves about our own security? Could there be a Linux 'Blaster' just waiting to happen?" While "defacements" don't necessarily mean "root level break-in", sometimes getting your foot in the door is enough. If this happens, wouldn't Linux then be just as exploitable as Windows? Are there other reasons why the likelihood of a "Sobig" or an "ILUVYOU" would be lower for Linux than Windows?
Re:Psychology plays a role (Score:4, Interesting)
Security through obscurity (Score:5, Interesting)
Are there other reasons why the likelihood of a "Sobig" or an "ILUVYOU" would lower for Linux than Windows?
Anyone can write a worm that leverages a security hole in a default service of a default Red Hat Linux install. Or Windows XP Home Edition.
However, it takes considerably more skill to be able to write a worm that can target vulnerable services across multiple distributions of Linux, multiple versions of each distribution, etc.
As long as Linux evilware continues to exploit C program unchecked boundaries, a single universal worm that can effective exploit every potentially vulnerable Linux system remains highly unlikely.
Just my 2c... (Score:5, Interesting)
Yes, there are Linux hacks, though far fewer than Windows hacks. And I see the buffer overflow vulnerabilities and such that come out weekly for Linux software. Many of those vulnerabilities are theoretical, found by a perusal of source code and never actually taken advantage of. And the Open Source community fixes these _far_ faster than Microsoft will ever fix theirs.
Oddly, some of the foremost security guys (Bruce Schneier, for example) state very explicitly that Open Source software is far better security-wise than any closed source software (read Windows). And they explain the reasons in great detail. And there are several people on this list who deal with both OSes on security matters on a day to day basis, and I'm pretty sure they'll attest that Linux security is much stronger than Windows.
If nothing else, a Linux user can determine and control open ports, running services, and create firewalling rules. Windows users think a port is something a ship pulls into, and a firewall is something in their cars.
Social Engineering (Score:5, Interesting)
A) Exploits
B) Social Engineering
Exploits are hard to stop without patches. Get enough unpatched systems, and your virus spreads. There are a lot of guilty linux users here, I'm sure: people download software all the time without checking it's security. People run software daily without bothering to check for updates. It happens.
Social engineering, however, is by far the most widely used virus tactic. It's easier to fool a user than to fool a well-secured computer, says this adage. The basic premise fails under linux: it's really, really hard to get someone to run malicious code that you want them to run. Most linux users are above-average on the computer-tech-savvy curve - I would say that the mean computing knowledge for an average linux-desktop user is above the 90% mark on a curve of all computer users.
This means linux users don't do stupid things as readily. The subject line RE: DOWNLOAD MY NEW SCREENSAVER with the attached
Furthermore, it's tough to write code that will run without a hitch on everyone's system, as there's so few distro standards. Also, as email virii work, with linux being a small desktop percentage, it's tough to get emails into the boxes of most Linux users.
Last but not least: There are few people who want to see Linux die. The rivalry doesn't work in both directions. There are thousands of anti-MS'ers, but a sad few anti-Linux'ers (SCO not included. =P). What would the protests be? "Hey, assholes! Keep your free operating systems off of our clean hardware! You're ruining good pentium chips by corrupting them with something non-proprietary!" etc.
Just a few points. I'm sure there are better ones.
Defacement != Hack (Score:4, Interesting)
At least, not always
IMHO, the single greatest threat to having a site defaced is the use of insecure protocols for publishing. Let me be more specific: FTP. Most web development tools use FTP for their "publish" feature (e.g. Dreamweaver, just to pick on them). Securing FTP is a nightmare, with all the ports randomly popping up and so forth. You have to dumb down a firewall quite a bit, and having it tunnel over SSH only partialy secures it (and you still have to deal with the firewall woes).
So, an employee goes home at night, and updates his company's web site over her cable modem connection, and the 12 year old down the block running a sniffer captures the user ID and password. She then passes this information on in a chat room, and viola! The site is defaced shortly thereafter. It does not matter what OS the site is on.
Having said that, some systems are more prone to social engineering. If the server goes down due to numerous patches being applied (and the requisite reboots), a web developer might get used to the IS department resetting her password and thus more suceptable to that phone call asking for the login info. But my point is, web site defacements do not necessarily indicate the security of the OS. It is a combination of protocols used (how about only allowing SFTP?), policies, and implementation by knowledgeable admins. Unix (Linux, BSD, etc.) admins tend to be better at implementation and policy development then their Windows brethren, perhaps that is the causal connection.
Re:I think its the apps (Score:2, Interesting)
no matter how much MS winges
about IE being intergrated into the
OS
Care to enlighten us on how to remove IE from an XP system?
Linux worms (Score:3, Interesting)
Would it work? Of course it would work. For all the "Linux is secure!" talk going on, what they really mean is "Linux is secure if it's patched up to the most recent versions" (curiously enough, this is the same as Windows). I'll bet you cold hard cash that there are plenty of old unmodified Redhat 5.0 systems out there. How many root exploits have been found in the last few years? How many holes have there been in Apache, SSL, Samba, any other program that's installed by default?
Nobody's done it yet - but that doesn't mean it's not possible.
The only reason I haven't written the worm is because, in the end, I'd cause a whole lot of financial problems and headaches for a lot of people who didn't deserve it. I'd love to prove Linux doesn't have intrinsic perfect security, but I don't want to actually do damage to prove it.
But just wait - someone's going to do this someday. In fact, for all you know, somebody already *has* - they've just programmed it to be unbelievably stealthy and only target systems that the admin hasn't logged onto in months.
Go on - prove it's impossible. I dare you.
User level privilages (Score:4, Interesting)
Linux/Windows Security (Score:1, Interesting)
1. NT and it's descendants are SUPPOSED to have granular security model. However, it does no good at all to have a granular security model if you don't use it. Most every application I see either runs as Administrator OR must be installed as Administrator.
2. Linux may not have a granular security model, but in many ways this has been not as big an exposure since most admins have finally wised up and stopped running applications as root. As soon as a granular security model is globally available, I imagine pushback will quickly occur on application vendors to vanquish root access requirements (or at least they SHOULD stop requiring ROOT access).
Frankly, if end users and administrators had been demanding this early on, the exposures today would have been reduced many times. The easy road is not neccesarily the best road.
There are coming POSIX standards and other security measures that will make Linux a very ROBUST solution and the easy equal of NT's security model. If vendors will just support those models, then we will all be better off.
One example would be MAC (Mandatory Access Controls).
I would just be happy once the ability to assign privilaged operations to specific users/groups is widely available. I should never require a "root" account with all access abilities. More so, I should be able to have an account called "root" that by default has all access, and remove or re-assign them as needed.
Re:I think its the apps (Score:5, Interesting)
I think one could say the same about Windows, no? It has nothing to do with the security of the OS if hackers find vulnerabilities in a commonly used application (e.g. Outlook).
It's all numbers (Score:2, Interesting)
a) There are more people working to find exploits in Windows.
b) There are more people to affect by finding a Windows exploit.
What would be the point of distributing a worm that used a Linux exploit? Relative to Windows, Linux has basically no userbase, so you wouldn't have the "strength in numbers" to cause any widespread damage. Bottom line - if you want to wreak havoc, you need to do it on Windows, just by the numbers alone.
Re:Short answer No, Long answer Maybe (Score:5, Interesting)
I wish this were so funny. The last two VARs that a business I know of has gotten accounting systems from have configured the systems so that all of the users did log in as root.
absolutely right (Score:2, Interesting)
If somebody discovers a buffer overrun error on Unix, as has happened from time to time (like the ftp buffer problem discovered many years ago), it takes a lot of machine and architecture-specific information to do anything invasive. But on just about any Windows machine, you need to know much less in order to successfully exploit a buffer overrun.
I don't consider the security of Windows to be anywhere near that of Unix, and I think anyone who seriously tries to argue that (or even question whether they're possibly equivalent) has a lot to learn about operating systems.
Good question, however... (Score:2, Interesting)
It is very comforting to think that the OS I'm using has been improved by hundreds of thousands of people. Some of them have security in mind, some have performance in mind. I can hardly think that Microsoft has anything but the bottom line in mind. That's swell and all for the economy (kinda..?) but the bottom line doesn't help me sleep at night. The knowledge that I'm using an OS built by a generation, not a company helps me sleep.
As was stated in "Pirates of Silicoln Valley" - it wasn't that Microsoft did it best, they just did it first. Any CEO that would say that... whose best interest did HE have in mind???
R-
Hitting a moving target (Score:5, Interesting)
I think you are about half right about the first point... how many really clueless users do you know that run linux? To run linux, a person has to get over the "activation energy" of actually getting it installed. This goes beyond just having a pretty GUI installer rather than some text-based option... it's actually knowing how to answer the questions the installer asks: How many joe-sixpack guys even know what an IP address is? Or know their primary and secondary DNS server addresses? If some well-meaning geek has installed a linux system for their grandma, they probably set up IPtables and killed all the unnecessary services... that's a HUGE security advantage right from the start. It's amazing what a clueful install can do.
But onto your second point. I think it has more to do with the variety of linux users/systems rather than their iconoclastic attitudes (though the latter probably breeds the former, so in a way, you could be right). As a medical professional, I'd compare it to a genetically heterogeneous population. In a MS-centric environment, there's only so many ways to skin a cat... Win2K, WinXP, et al. That lack of variability has administration advantages, but that sword cuts both ways. Common systems are easily administered, but just as easily cracked if they share a common vulnerability.
In nature, genetic variability is your friend... keeps an entire population from being wiped out by a plague. The Cystic Fibrosis gene is a defect, but saved some people from death during the cholera epidemics of the middle ages, and the gene has stayed in the northern european population ever since.
Variation on systems is FAR more prevelant in the linux world. Different kernel versions, different daemon versions, different firewalls, different configs (chroot, etc). Add that to a tech-savvy population, and a successful linux worm becomes a serious challenge.
It's really apples and oranges to compare linux and MS environments.
Re:Psychology plays a role (Score:5, Interesting)
Unix and Unix like systems are based on a simple and easy concept when it comes to security. That is, if you don't have what is known as "root" you don't get to do any damage to system resource files.
Windows operates on an everyone is root notion, allowing anyone to make changes to system resource files. Not only that but because of the way Windows is designed where everything is mashed together, when one card falls so does the whole deck.
Unix and Unix-like systems operate on one tool for one job and with inventions like the pipe and IPC ta whole host of new functionality becomes capable just by passing output of one program to the next.
That's as simple as I can possibly explain it. I'm not saying Linux is the most secure thing since sliced bread, I'm simply stating the facts, and the fact is that Unix and Unix-Like systems tend to be more secure because they were DESIGNED that way. Windows was not designed with security in mind and the fact is that it is less secure.
All the other linux virus writing is less because windows is so prevelant hippy bullshit I'll save for PHB's. If you really believe that I've got an SCO license to sell you too.
An analogy... (Score:3, Interesting)
On that logic, windows is like a million clones of one person.. So when one virus takes hold, there is no genetic diversity.
Anyone have any similar ideas?
Re:Psychology plays a role (Score:2, Interesting)
The psychology of "hit the largest target, make the most amount of noise" is amplified by the simple fact that most windows boxes are configured almost identical as far as security/exploits go. *nix on the other hand, especially Linux boxes have a really wide range of configurations. Each distribution version has a new set of binaries with it, different distributions have sometimes largely varying tools, sometimes even tools unique to that one distribution.
So considering *nix as a target comparable to Windows is a mistake. You're really comparing lots of little targest to one huge target made of almost completely uniform installs (as far as most of the recent exploits go anyway).
Also, look at the number of windows developers in the world compared to the number of *nix developers for all distributions as a whole. I'd be willing to bet there are a considerable amount more Windows developers. So even if you just took a random sampling of developers and looked for ones willing/wanting to write virii, you'd probly hit more Windows developers. Which, I think the uniformity of "The Windows distribution" itself makes for a more attractive development platform to a lot of people. Write your software once, sell to a LOT more people. (instead of writing for say Solaris and porting to a bunch of other *nix platforms and possibly Windows)
It's all about the logistics.
Operating System Transparency and the Application (Score:5, Interesting)
There are really two different problems when it comes to securing against worms and the like, and for the moment I think Linux (and any Unix) has an advantage in both areas, although it's probably not as big as many people think.
First you have to look at what a rogue program can do once in the system. For this the entry vector is unimportant. With most Unix like systems the default is for the user to not have full privilages (eg, not be root), and thus the rogue program cannot make full use of the system. That doesn't mean it can't complete it's mission, but it does make several things much harder:
The main issue is, most of the operating system differences don't mean much, as it's the applications that are the holes. From the simple password in a URL, to a complex buffer overflow attack applications are very often the vector into the system. Here you have to separate the cultural differences from the application differences.
Cultural: Many Unix users still used text based mail clients in xterms, and even when they don't the GUI's were designed to more closely mimic the behavior of those interfaces. Attachments are evil, when run are generally carefully handed to a program as data. In windows virtually all mail programs are graphical. Many users demand them to implement things like javascript that auto-execute, many of them will happily run a foreign attachment with little more coaxing than a mouse click. At the end of the day these differences require user education. That may be helped by a transparent OS, but it's still a user education difference.
Application Differences: Windows (Microsoft) encourages developers to build tightly coupled applications. Look no further than OLE. That ability to embed excel in your word doc and have it just pop up over the UI requires a tightly coupled API for program to program interaction, generally exposing full interfaces. Rogue programs can exploit this, often not needing to know what application is in use, but rather just the API. Unix developers / enviornments generally encourage a loosely coupled behavior. Programs provide some command line / pipe oriented service and handle all their own details internally. You need only look as far as printing to see this quite well, as windows pushes driver bits into the application to change behavior, while unix makes it all happen with a "system()" command running a new program.
At the end of the day, I believe the following statements are all true:
Re:How I see it... (Score:4, Interesting)
Well if you just for one second assume that a Windows user is as competent as a Linux user, this sentence just does not make any sense. I haven't been running as administrator on Windows since NT4. I know how to use "Run as a different user" just as well that I can write sudo in Linux so there really is no need ever to log in with too much privileges on Windows. And as a technologically advanced user you also know your policies and such so you can harden all the other accounts in the system just the same way you might do it using Unix-like operating systems. It's even easier to do fine grained security hardening on Windows given you know how to administer your box.
And, when it comes to the RPC exploit, you just don't remember what happened with OpenSSH some time ago? A fix was available for quite some time and even then a huge amount of computers got cracked. If Linux was as popular as Windows, there might easily have been about the same number of "infections" as there were with Blaster.
To assume one system is more secure than some other just because it's different is simply stupid. Security consists of many different aspects and the underlying OS is just one of them.
did you fix it for yourself, or for everyone? (Score:5, Interesting)
So just out of curiosity, did you submit your changes to the PHPNuke folks? Or just fix it for yourself? Seems it would be a kind thing (good for your karma, and not just the
Care to comment on where you made some of your fixes in the code, so that if you didn't report them yourself, then someone else can make those fixes public?
Thanks!
Define "Linux" (Score:3, Interesting)
We really need to say is Linux, Samba, Apache, Mozzialla.....more secure then windows core ( which would include things like the DCOM exploit ), or SMB, IIS, and IE.....
The real question here is, can one company be as secure as the open source community.
This is a really complicated question. In one way you could say yes, because of the huge testing advantage an OS project has. This could also be turned to no if no one gives a fly f*ck about the project except its core developers and it doesn't get tested. Microsoft has a disadvantage about testing, but a much more real obligation to provide secure systems. Linux users like to boast, but windows has a very real financial obligation ( they are public ).
MS is going to get hit more, because they have more users, and the users they have are not always up to date or as intelligent. They also have a lot of people who blindly hate them. This is actually going to be to their advantage in a few years.
There are two very real problems with MS and the way they go about patches that I see, two problems that Linux is on top of.
1) most require a reboot.
If this wasn't the case, it would be perfectly okay to automatically patch. My production database server couldn't be patched right away because it needed the uptime ( I had 225 days before the damn blaster thing ) and we can't afford a cluster to switch over to while we upgrade. I tried every work around, but ultimately I had to patch and restart the thing at midnight on a Saturday. I'm sure on a linux box I could have fixed the exploit without bothering my database box. Or maybe I'd have to disable a feature while it happened.
2) Patches not very available.
I remember MS's site went down the day I was patching for the dcom exploit, because of a DDOS, but this is retarded with the web. They should affiliate with trusted providers like download.com to make sure you can get to these.
MS puts out some good products, sometimes they make stupid mistakes in design ( but sometimes so does the linux kernel ). The real advantage here is that Linux patches itself ( the community ) while MS seems to always have a security firm find there crap. There was absolutely no reason to have a buffer overflow in DCOM, none, zilch, zero. If it had been some weird or interesting exploit I would have felt something for them, but a buffer overrun, get your crap together.
The same goes for C/C++ linux guys. I'm suprised there hasn't be a security library standardized. Java guys can rest easy, at least for the buffer overruns, but there are plenty of ways to write an insure java app.
I think overall the response was good to blaster, but worms do have a real threat, but they utlimately the immune system of our computers ( their programmers ) will figure a way around.
Re:Psychology plays a role (Score:2, Interesting)
But... if Joe Windowsuser clicks on the EatMe.pif virus, the innate single-user nature of Windows means that that virus executes with all the juju it needs to steal the system. Every time. Whether Joe is the IT guru or the latest gormless area associate in marketing doesn't matter, because either way he can't protect his machine, except by not clicking on the malware.
If Suzy Opensource executes a Linux email virus, if such an animal existed in the wild for her to execute, it executes with Suzy's privileges. This means it most likely stays in its sandbox and doesn't make much trouble. Much less rewarding for the vandals that write these things, which leads to fewer vandals on this platform in a continuous spiral. The vandals go where the least effort makes the greatest splash.
It's no longer 1987 when everybody on the net was a good guy and I did everything as root. But all Windows users are de facto root all day, every day. If you run as root unnecessarily, you risk getting 0Wn3d. QED.
Linux mail clients (Score:3, Interesting)
I personally use Mozilla for email on linux (redhat 9), and as a simple test I sent myself an email with the /bin/ls binary attached. When I click on the attachment, I get a save dialog box which gives me the option to "open using an application" or "save this file to disk". There is no option to execute the code, let alone having such a dangerous choice be the default!
Continuing the test, I saved the file to /tmp, and Mozilla set the permissons to -rw-------, so in order to actually execute the contents of that file, I would need to use "chmod" (or the equivilant in a gui-based file manager) before it could be executed.
I have not tested with Evolution or other popular email clients. But if they are anything like Mozilla, where the user CAN NOT EASILY EXECUTE ATTACHMENTS and all attachment files are SAVED WITHOUT EXECUTE PERMISSION, I think it's safe to say the linux-based systems are much more resiliant to email-based virus code.
Of course, Microsoft Windows could have been made similarily secure if Microsoft (and others) had taken these simple measures. Well, at least not allowing executable code to be executed with a single click of the attachment. It's been many years since the first MS executable virus code and it's a continuing problem. When with email client software on the Windows platform finally reform to disallow easily executing attachments ??
Even if that were the case, to equal the level of protection the Mozilla/linux has by default, windows would need to implement execute permission (does it have this feature, even if it's never used to disallow execution?). Then the software would need to save all attachements without permission to execute them.
This exists today on Linux with popular email clients. Until Microsoft and others take these exrteemly simply precautions to prevent casual users from easily executing attachments.... or creates of Linux-based email clients make these incredibly unwise design decisions to allow easy execution and turn on execution permsission by default on saved files, I believe it's safe to say that Linux systems are much more secure than Mircosoft windows based PCs, in terms of propagting email attachment virus code.
Thou art 'root'. (Score:3, Interesting)
So, even though the standard Unix security model offers more protection than the Windows 3.x/9x lineage, you can still pull an XP Home (where by default every user is an Administrator) if you work at it.
You *need* to get out and about more (Score:4, Interesting)
I can introduce you to at least four. One of them writes anti-trojan software [diamondcs.com.au] for his living.
MS users hate MS (Score:4, Interesting)
Because they are forced to use MS products. Most people do not have strong feelings about stuff they have not personally encountered.
While I would never go so far as to say that Linux people purposely write virii to take down Microsoft, I certainly wouldn't say that Microsoft users are the guys writing virii to take down Windows Update.
The script-kiddie viruses require MSWindows to write, or at least test, the virus. Linux users have already escaped; why would they worry about MS? It is the MS users that write viruses to hurt MS.
I also like the theory that the MSBlast virus was written by MS. The primary purpose behind that virus was to annoy all the users enough to patch their systems.
- It also required every unpatched MSWindows PC to report itself to MS. MS might be able to use that information.
- The virus also seems to have been poorly written. MS may not have the monopoly on bad programmers, but they definitely have the largest concentration of them.
Anybody who wanted to cause real damage would write a virus that spends 24 hours spreading itself, and then silently wipes the "drives" starting at Z: and working backwords to C:. That would cause a few heart attacks in the corporate world. It would also force the world to switch away from MS. The MSBlast virus was just a warning shot, and I doubt it was written by someone who actually wants to harm MS.
I've never met anybody who was smart enough to write a good virus and simultaneously preferred using Microsoft Windows as his/her desktop OS.
With scripting kits, brains are not a requirement for writing a virus. See the stories about the virus writers who have been caught; none were particularly smart. (OK, they were CAUGHT, so the sample assumes some incompetence.)
Very few people prefer MSWindows; most people do not know there was a choice.
---
The Linux community wants to succeed by demonstrating that the community development process develops better code and applications than hidden proprietary code can produce. MS's security holes are a demonstration that their development process has severe faults. Linux and OpenOffice should remove MS's revenues very soon, and then MS will fall. We want to win fair.
Re:Psychology plays a role (Score:3, Interesting)
Also when you say comprehensive user security model can you elaborate? IE: ACL's, chroots, jails etc etc. I find it hard to believe that NT3.1 and every version of windows based on it has a such a model. I don't use windows in any serious manner so I wouldn't know but I'd like to read about the models 3.1 and up use for comprehensive user security.
Your implications are false (Score:2, Interesting)
He doesn't know a kernel from a koffice
Re:Hitting a moving target (Score:3, Interesting)
Distributions are to blame for much insecurity (Score:2, Interesting)
For one thing, whomever believes it's a good idea to continue relying on sendmail and BIND deserves broken bones. There are secure, faster alternatives [cr.yp.to] available, and while they're whining about backwards compatibility and the fac that DJB doesn't want them butchering his software, their users are getting rooted.
We also need to remember the distinction of what Linux really is. I'm not RMS, but we do have to remember that Linux is simply a kernel. It has indeed had security problems (the most recent that comes to mind is the ptrace exploit), and sometimes this is unescapable. But when I hit up for instance the slackware security advisory list, I notice that while there are a handful of system problems, they are also listing problems with software that has little to do with running the Linux system (BitchX, EPIC4, etc).
And then I remember that each time I go to Windows Update, I'm slammed with a list of critical security updates, some of which are even rollout packages containing many other security updates. And the volume of security updates on Windows Update still far surpasses that of my favorite distro.
Handing your average computer user your average linux distribution's default installation is like handing a baby a bunch of knives... the system usually works damn well and quite stable from the get-go, so they install it in a dark corner and forget about it.
Linux does not require technical ability (Score:5, Interesting)
There are several distributions (Mandrake, Lindows,
That said, I am using RedHat (because I live in the US and it is still the most popular distribution here.) The RH9 installer does not even make suggestions for how to partition the hard drive. (A friend asked if he should make the root ext3 or a swap partition? The interface implies that this is acceptable.)
Once Linux is installed, a typical user would never see the command line, and only needs to learn one GUI.
Linux can also remove some of the fear of computers because you do not need to worry about the usual viruses. Your aquaintances that have trouble right-clicking and double-clicking may be better with Linux, since the menus are usually written before the context menus, so every option can be accessed with one button of the mouse. (My grandfather uses the ENTER key instead of double-clicking, since a couple of strokes have upset his timing for double-clicks.)
You also assumed that the Linux users must have installed Linux. In the corporate world, computers are installed by IT, regardless of the OS. And today the home consumer can buy a computer with Linux already installed. That assumption is not safe.
---
Good application designers assume the users are complete idiots. Applications designed that way are easier to use, require less documentation, and have more safeguards to prevent GarbageIn. And when the complete idiot does ask for support, invite them to be a primary tester. Even idiocy can be useful.
For Linux to become the main personal computer operating system, it must be designed for use by idiots.
- Why does it seem that most users are of below-average intelligence? Do smart people avoid computers?
Re:Simple probability (Score:3, Interesting)
That's the real statistic we need to answer the question. What percentage of Linux boxes are unpatched and out of date?
This is ironic (Score:3, Interesting)
Re: Bad MS programmers (Score:3, Interesting)
Are you a MS programmer that I insulted? Or did they not hire you, so you assume the ones they did hire must be better than you? Or you believe that a company that makes that much money must be doing something correctly?
(Sorry that sounds like a personal attack. I hope you answered "No" to all but the first question.)
Read the websites about the hiring practices for MS. They are looking for a good personality fit with their processes. Maybe the questionaire asks, "Are you willing to release bad code because of deadlines?" and a positive answer gets the position.
I have no personal experience about the quality of programmers at MS. My personal belief is that there are very few good programmers anywhere. I do know that every time I need to fix a problem with MS software, I think about:
- how I would have written the code, then
- how a beginner programmer would have written the code, then
- how to write it worse than the beginner.
Then I assume the last case is true, and work around it. I have a reputation as a miracle worker for being able to see inside the code.
Best programmers do not rush. They know that code that works is much better than code that almost works. Taking the time to design something well is always worth it. By definition, well-designed programs take less time to write and test.
The problem with MS's code is not that it was not written well the first time, but that they have not done it correctly after hundreds of attempts, even after their customers report problems.
---
I am not a "Lunix zealot". I do not use Linux in the corporate world, and barely use it for personal stuff.
- I do recommend Linux to people and companies that cannot afford Apples (which I have not used in recent history.) And much of my recent work has been battling an incredibly poor multi-threading model in some of IBM's software.
- I am anti-MS because I am tired of rebooting, and know that I could design their apps much better than they ever will. If they have some of the best programmers in the world, why are their applications so bad?
It's the user, not the OS. (Score:3, Interesting)
Anyway, I blame my College for my lack of infection. The only email program we could use was pine. I still use it to this day, and it's my favorite email program. Nothing to configure, nothing to install, works anywhere in the world, extremely lag-resistant. The most important feature - you can't click on anything.
I digress: back to infection. No matter what program you're using, you can't just run whatever random garbage Undugu sends you. The majority of users will not understand that. My father, for example, can't understand the concept of Spyware, Adware, or Pr0nware. Eventually I had no choice but to physically destroy a CD he bought. It installed Spyware and Pr0nware, and he would not beleive me, no matter how many times I explained.
So, what does that have to do with Linux? It's simple. The majority of Linux users are smart enough to not click on any random thing that gets sent to you. That's the difference. It's like a gas station that offers free gas. The catch? It's 50 octane. A lot of people would go. Yes, they would. Those of us who know something about cars would know that that kind of rating would seriously mess up your car. Sure, you could install a refinery into your car and add anti-knocking agents, but you're better off not getting gas there.
People who use Linux are, from my experience, very well knoweldged about computers and take care of them. Once the goal of "Linux for the Masses" is achieved, then - AND ONLY THEN - will you see the true devastation that rampant idiocy can wreak on an operating system.
Format happy here (Score:1, Interesting)
(before I hosed it
No Contest (Score:5, Interesting)
That's where the similarities end. Linux is inherently more organic, configurable, stable and open. Windows has an upper limit on the config bashing you can do and the efficacy of doing so.
If I, with my Linux box have a vulnerabiltiy that that vendor, or code monkey who wrote the thing, doesn't have a patch for... not a problem. I can do any one of a thousand things to make my linux system either more secure or less susceptible including looking for alternative programs that do the same thing. From the kernel to userland... I have control. It's more work, perhaps, but so is police work.
Windows. Please. I'm at their mercy. Their patches. Their schedule. Their patches to their patches. Bah!
Look at it this way: Windows is a prefab house. It comes in one flavor. Once shape. and one color. It is architected (sic) in the hopes of being able to withstand a wide range of climates.
Linux, or any of the unixen, can be a tent you use to climb Everest. Or a mansion in Palm Beach. Or a Hotel in Monaco. Or a skyscraper in NYC. Whatever you want. It's up to you and how hard you are willing to work.
Re:Psychology plays a role (Score:3, Interesting)
Re:More to the point (Score:3, Interesting)
It's like all the people who want a Mac for gaming. I mean, there's tons of great games on the Mac. Like Warcraft 3. And... Warcraft 3. And the little apple puzzle thingy...... photoshop?
So if you want to run a very secure SSH server, OpenBSD is the way to go! For anything else (i.e. anything not in OpenBSD's "secure by default" install, which is everything besides OpenSSH), it doesn't make a whole hell of a lot of difference what OS you run it on.
Re:Psychology plays a role (Score:2, Interesting)
SECURITY IS AN ILLUSION (Score:3, Interesting)
Look at all the companies that were taken down by Blaster and Nachi. Didn't all these companies have extremely powerful and sophisticated firewalls guarding their networks? Sure they did, but the VPN/dialup/laptop users were able to get in after becoming infected and circumvent all the elaborate and expensive security. Somtimes I think firewalls are a total waste of money.
I won't even get started on the topic of extremely weak user password, unsecured dialup modems, and firewalls with way too many open ports.
Luckily all the worms and virii to date have been "mostly harmless", but the day is coming when a hacker in China or Russia is going to get the urge to make a political statement and start wiping out data.
Argue and discuss this topic all you wish, but know that the dialog is meaningless. SECURITY IS AN ILLUSION!
Re:Psychology plays a role (Score:1, Interesting)
It's not that it isn't important, it's that with ACL based security is kind of difficult to list who has what rights in a directory listing. When all you are showing is Read/Write/Execute rights assigned to User/Group/Everyone you can afford to list permissions in a directory.
P.S. (Score:3, Interesting)
I'm not kidding about the install time. A SuSE 8.1 3-disk install was asking for the config details before WinXP was done identifying hardware (same box.)
Add in the time and hassle of temporarily swapping out NVidia GeForce series video cards to do the initial WinXP install, and the raw-hardware-to-internet time is less than an hour for Linux, and almost 1.5 for WinXP on the same hardware (CUSL2 PIII/933 512M/PC133/CAS2 60G/7200RPM GF2MX.)
Linux is not inherently more secure (Score:4, Interesting)
The quality of the implementation in Linux is highly variable, depending on what part of the system you are looking. There are parts of Linux that are of an extremely high implementation quality such as the kernel, the Apache web server or other active and well researched projects. There are other parts of only medium quality such as for example the popular PHP language.
And there is a lot of stuff that is of actually pretty low quality, badly researched and incredibly crappily written from a security point of view. Common PHP applications such as PHP Nuke, TikiWiki or other "CMS" style applications belong into that category. Getting web server privileges through one of these using a pathname exploit, badly written uploads or other commonly known classes of security problems is usually a piece of cake. From that you need to find a local root exploit to own the machine. That's a little harder to do than a simple web exploit, but also nowhere near impossible.
Also, current PHP coding techniques do little to minimize the amount of such code being written and to encourage clean coding. Brings us directly to the concepts section: There is no equivalent of ASP.NET type infrastructure and tools in the PHP world. Window may have bugs, but in this particular instance they may be in an area where PHP for example has not even code to show...
When you are discussing security concepts, Windows often is on par or even surpasses common Linux systems. Windows failure is too often in the area of implementation, or it fails to leverage and deploy the concepts it implements. That's why Windows passes US and European securty evaluations, but does not feel "more secure" in day to day use. For example, Windows had Access Control Lists as part of NTFS since the very first 3.0 days.
Only with the advent of Windows 2000 Microsoft started shipping Windows with halfway decent defaults, though. Also, getting to see and check the ACLs of a directory hierarchy with onboard tools is laughably complicated to what Unix presents (namely, a moderately complex security system with ugo/rwx and ACLs tacked on for that special cases, and "ls -l" to mass check an entire directory with a single command).
Windows also has superior concepts regarding impersonation (instead of SUID), RAID as part of the default operating system way before the actual Unices had it, a PKI and a directory service as part of the default operating system shipment (and code that actually uses that, by default, unlike Unix, where you have to jump though hoops to get your mail server, samba server, your different logins and your client applications to use such a service if you had one by default) and serveral other things that look nice in the book.
Unfortunately, all of this is of little use against worm style attacks. Here the conceptually bad parts of Windows reign: Treating data as code and in some cases even automatically execute data that has been recognized as code (HTML mail with Javascript, Office macros, HTML with Javascript that is being executed when entering directories) is the major attack vector. Also, badly designed and protected desktop IPC, allowing for the shatter attack and other legacy sins make the Windows desktop a primary target for worms and viruses. None of the above security mechanisms help protecting against this style of attacks, which is why Windows looks good on paper, but not on your desktop.
Also, unfortunately, the Windows population in your average company is dense enough and homogenous enough to allow for wildfire type effects when the attack is spreading over the network.
Linux has similar vulnerabilities as Windows has, but we do not see them at the moment, because even if there were a worm that could uti
Yes it's not and no it is (Score:2, Interesting)
Windows however knows for a fact that is secure enough as a direct result it's not secure at all.
The latest clame that Windows is insecure by design is basicly saying that Microsoft didn't even think about security when the first designed the operating system years ago and just folowed the basic philosophys behind Dos.
At the time Dos was the only operating system to have viruses and people were crying fowl over this. That Microsoft could do better and if they do make a new operating system they should.
(It wouldn't be untill Apple adds multitasking that Macs would have any viruses)
To ferther the point a number of products entered the market to make Dos more secure. Password protection to keep users from using the computer and the ability to write protect hard disks were just two security features available from third partys.
All commertal network pacages I have had any experence with had quite a few security features to deal with the fact that they were missing from Dos. Yet people didn't use those features effectively and would leave systems open to virus infections passing over the lan. This would forshadow the Internet as it is today.
But in the end it's viglence not design that keeps Linux secure.
Becouse for as many windows worms we have seen lately and as many clames that BSD is the most secure Unix around....
The one and only BSD worm did the one thing no Windows worm could do. It took down the Internet. It flooded the network with billions of infections.
This could happen to Linux.
We can show Windows is insecure ground up. Viruses and e-mail worms need an insecure operating system to work.
Viruses need to be able to infect other binarys once run under the user account. This simply won't happen under a secure operating system.
Email worms need an e-mail client that will run programs attached to e-mail.
But normal non-email worms hack in from the outside. Look at that statistic again.. Even if only 1 Linux box is hacked that means a worm can do it. A worm can be made to hack into Linux systems just the same as a hacker could himself. Before you know it the worm has infected many systems. Millions of infected systems in the time it takes for one hacker to deface one Linux hosted website.
It could happen... IF...
If we sit on our butts. Worms take a while to write so it may be a month or so after 'discovery' that a worm is actually created.
If we sit on our butts and not make a patch,
Sit on our butts and not test the patch,
Sit on our butts and not apply the patch.
Then a worm could be released.
If we don't secure our systems.
Applying patches and bug fixes is only the start. There are countless procedural errors that could be made. Get something to test your system for all the known ways someone could hack your system and test for them. Know if your safe.
I remember one Solarus zellot actually freaking out when she discovered an SGI system was being used to run a website. She pointed out that the machies were not designed to run websites.
In other words the operating system was "secure enough" for a stand alone workstation.
Re: Bad MS programmers (Score:2, Interesting)
*checks win2k uptime*
35 days, 20 hours, 6 minutes and 7 seconds
this is not a server, locked up in some dark room somewhere, with no gui to make it crash, with no techies too scared to touch it because typing 'startx' may take down the whole network. it is my work machine. i currently have 3 instances of visual studio 6 open, one which is running a service in debug mode, another which runs a test app to the service thats running in debug mode, and the third is for working on another project i'm assigned to - up until recently it was also running another service in debugmode, for over 3 weeks if i recall correctly. i run distributed.net, irc, msn messenger, sql server constantly as well. query analyser is constantly open, as is outlook, opera, internet explorer, terminal services, and many in-house applications. i've also got cisco IP softphone running continuously, because of some dumbo IT decision to have software phones instead of normal phones.
im not the greatest programmer by anyones standards - heck, i'd guess i'm only slightly above average. this means that my code breaks(in all 3 instances of visual studio)... often(in all 3 instances of visual studio)... before it gets fixed. strange that my dodgy code, and my "crappy" OS is able to still remain running without any hassles?
so how have i managed to not reboot in over a month?
UNIX virii/worms (Score:4, Interesting)
But many UNIX worms/virii don't rely on code being executed as root. They spread using security holes such as buffer overflows, and doesn't need anyone to click on an attachment or execute an unknown binary.
I don't have the links to back it up, but wasn't the first worm ever a UNIX worm, written by a kid whose father was in the security business and told him about security holes in UNIX systems?
I don't think that the OS decides whether a system is secure or not. Sure, it is a factor, but sloppy administrators and developers are to blame as well.
Distinctions (Score:2, Interesting)
The simple thing is, and I have not seen this commented about, is that there is a difference between human attacks and virus attacks. With Windoze security, any stupid virus can destroy your system.
With Linux, however, the situation is different. Since privelege escalation is not trivial in Linux/Unix/BSD, viruses can generally only exploit userspace. Privelege escalation usually requires human intervention (or, at least, I have never read or heard of a virus that could escalate its priveleges on a Linux/Unix/BSD system). This means that Linux/Unix/BSD systems that are compromised are cracked by deliberate attackers with the attacked system specifically in mind. This is as opposed to some dumb bot that tries to infect everything on the net. Why there are not terms for the differences in these classes of attacks I cannot say, but there is no doubt that they are different. I will call them direct (human) and indirect (virus/bot).
Viruses, with the exception of superviruses, are also generally written to take advantage of one or two security holes. They cannot be written to contain every historical exploit that may exist in the wild. So, human attackers have possibly thousands of methods at their disposal while a virus has a few. One of the most commonly known military defense tactics is to get your enemy to attack you from one defensible point. Any enemy with thousands of entrances will find a weak one. Direct attacks are much more powerful than indirect attacks.
The simple conclusion is this: If someone knows what they are doing and wants to get in, they are going to get in. However, it is doubtful that Linux will ever be afflicted to any damaging degree by these silly mass mail viruses that damage your email or even wipe your hard drive.
The weakness of Windoze security is that even indirect attacks work on it.
Re:OS versus applications (Score:2, Interesting)
Re:Passwords are too blame...or (Score:1, Interesting)
Some root exploits were done by running ptrace exploits from phpshells etc. before secure kernels went out.
It's partly negligence on the user's side and partly 3rd party "management" softwares' fault. Most of these servers do not have a dedicated admin clamping every aspect down. Openings for hackers are almost unavoidable in that light. And guess what: a reinstall is a lot cheaper (usually free) than paying an admin. That's what most people choose to do.
Yet Annother Stab at Windows (Score:1, Interesting)
It may not be the coders fault, the problem is simply that the windows internals are screwed up. It may look like it's all shiny and cean on the surface, but underneath it's just kludge on kludge.
Re:Here's my rant on human stupidity... (Score:2, Interesting)
Er, because it's not? Having to type in a password to do pretty much anything on Linux is a total pain in the ass and gives no extra security on a single user desktop system.
Think about it. There are about a hundred different ways to get a Linux computer to do malicious things without root access. Here are some examples. Let's assume all the user has to do is run a program, as SoBig.F has shown that people are still willing to do this in large numbers. What can we do?
We can:
$ sudo chmod -x /usr/sbin/lsof (for example) /usr/sbin/lsof /usr/sbin/lsof: Permission denied /lib/ld-linux.so.2 /usr/sbin/lsof
........
$
bash:
$
You see how feeble UNIX security really is now?
Basically, the idea that Linux is inherantly more secure than Windows is so massively flawed I don't even know where to begin. If Linux is going to be stronger than Windows, it must be through the power of a caring community to look out for users best interests, while letting them get on with their work and play.
I think I'll keep ranting about this until somebody does it, but what we need is a community anti-malware project. Think of it as a cross between Debian and Sophos - with a strong founding moral code, a community that features wargaming and debates upon how to make the system more secure, as well as one that builds an infrastructure which can seek out and eliminate malicious software on users systems after infection has occurred.
After all, simply having walls is not good enough. You have to be able to deal with breaches in those walls too. The only thing we've got like this now are the distro backporting teams, which is good for servers, not so useful for home users.
Skill, Knowledge, and Effort (Score:1, Interesting)
Put it this way, I work for a Fortune 500 company that I will leave unnamed. The IT group uses a "default install" for the servers... we still have servers running Win2K SP2, with a ton of security patches. Our Sun boxes have Telnet and FTP open, no TCP Wrappers, no SSH, and a ton of ports open like finger, rexec, rsh, etc. Nobody ever bothered to lock them down. The Linux (RedHat AS) boxes are a little better, but its a default install... our web servers come loaded with Squid, and well.. pretty much everything. Stupid, Stupid, Stupid.
I'm trying to change it, but I'm also working against a corporate mentality that says that even though *I'm* in charge of production boxes, I can't patch them... there is another "team" for that. So, I could have them all fixed up in a week, but can't touch them.. I need to define what I want and request it from the team at the data center.
Re:In addition (Score:2, Interesting)
Re:Here's my rant on human stupidity... (Score:3, Interesting)
While your statement is an fairly accurate observation about the way most people use computers, it's your wording and your assumptions. I'm saying that many of those practices come from a simple lack of education, like choosing smart passwords that aren't 'a'. If you just assume that Joe User can't handle smart passwords, then you probably aren't going to bother educating him about that and other secure practices, and that is a big part of the problem.
Re:In addition (Score:2, Interesting)
Two years ago I took an art director position at a small manufacturing company. The network admin was a complete idiot. Of the 25 users on the network, nine used the company name as their login password, four used a portion of the company name, five used their first name, two used one of their children's name, two used their dog's name, two used their birthday and only one person had enough sense to use a nonsensical letter/number combination.
The password to the hosted web site, e-mail server and the network firewall was the company name. And, this is the kicker, the network admin's password to the server was her dog's name. After realizing what a severe security breach this was (and being told that since I used a toy computer -- a Macintosh -- and as such didn't know anything about computers) I struck up a conversation with the network admin about her likes/hobbies/family. 30 minutes later, armed with several possible passwords, I successfully gained access to the server and locked her out.
Re:OS versus applications (Score:3, Interesting)
And... I can configure stuff Without using 27,000 different command line tools! I can configure a web server without using a 300 page book and the support of an angry newbie-hating newsgroup! Seriously, though... I'm sure you'd get peeved if I kept comparing XP to Mandrake 6. I don't see why so many people keep using the BSOD as a reason... it's been removed for 2 years now... WinXP just resets when a major error occurs. If you're still complaining about BSOD, you haven't used Windows recently.
Re:In addition (Score:3, Interesting)
I have no illusions that my systems are 100% uber-hacker-proof. In fact, I'm aware of a few ways that a hacker could obtain, say, a user password - but it's a choice between convenience (not necessarily for myself, but for the users) and security.
Redhat is a good distro to get started on, and many of us (including myself) started on it. I wouldn't recommend it on commercial systems, but much of that is personal preferences.
I think my primary beef with RH is that people seem to assume that Linux IS RedHat, with drivers/etc often being only available as RPM's of a closed-source solution. Linux is very much about open source, and in an optimal world drivers would be source-available so that they could be matched to any distro. People have started distro holy wars over less, so I'm not going to get into it, but in my mind RH has always been better as a desktop distro (until I found morphix/knoppix).
But it's all about stepping stones. As an email forwarded to me once stated: You start out with something like RedHat, then you maybe go a bit more trimmed like Deb. Eventually you go to a distro where you make your system from the kernel up. By the time you get to the stage of creating your own distro... you end up realizing that it will be a very very long time before you ever get laid again, if ever!
The worst are not those who screw up, it's those who don't listen to words of wisdom, or learn from their mistakes. You get those no matter what OS/distro you use
Open Vs. Closed source, Not Windows Vs. Linux (Score:2, Interesting)
It's very hard to beat mother nature. Try developing AI software that's smarter all-around than an average five year-old child. It's similarly more difficult to harden your OSs security holes in a sterile lab, Vs. letting the planet full of open-source savages hammer away at your sourcecode and then considering their suggestions for improvement.
For instance, RPC has been enabled for use from the internet since Windows NT, and it's been a problem since Windows NT. It remained a problem through NT, windows 2000, and windows XP. It was no secret that:
- c$ shares open to the internet were a problem
- many many boxes had username=Administrator, password=blank
- guest accounts were enabled by default
- psexec and psreboot were freely available
Was anything done by MS to fix this problem? No. Why not? Was it because they're evil and should be equated to the borg? No. It's because MS is profit-motivated, and their bottom line wasn't negatively affected by leaving these problems unaddressed. Their customers would surely have benefited by a fixed OS, but that's not the driving force for a company such as MS.
When the OpenSSH exploit was identified as a problem, it was immediately fixed. Practically ALL the linux distros made the patched version of OpenSSH available immediately, and all subsequent versions of their distros had the patched OpenSSH. Was it fixed because we Showed the Money to the owners of the OpenSSH sourcecode? No. It wasn't an issue. Mother nature dictated that it was time for OpenSSH to evolve, so it improved or it died.
Those that don't look at these issues as matters of principal deserve what they get. Those that continue to ignorantly use closed-source and proprietary-file-format OSs and software, placing all their sensitive accounting and other business data into closed-source developer's hands, have no one to blame but themselves.
I'm not saying that everyone should train themselves to be a ninja programmer and write their own software. Business owners need to hire intelligent IT staff, and treat that aspect of their business with the respect that it deserves.
The IT decisions (apache Vs. IIS, outlook Vs. ANYTHING_ELSE, exchange Vs. IMAP, Windows Vs. Linux, MS OFFice Vs. OpenOffice) should get the same attention as accounting decisions, legal decisions, and HR decisions. That's not usually the case though. If the business owners don't know the right answers, they should hire at least one or two seasoned IT veterans to advise. Many of these unpatched business computers are the result of sloppy hiring at the upper IT level. If competent people manned the upper IT positions, better firewalls would be established, PCs would be patched, and possibly there'd be a little bit less closed-source, closed-file-format, proprietary software and OSs in use.