Re: Linux, BSD, and Unix are fundamentally insecure.
From: WinGuy (no_spam_at_nomail.bot)
Date: 09/11/04
- Next message: Thomas Schweikle: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Previous message: Dr. Richard E. Hawkins: "Re: mozilla crashing system madness continues"
- In reply to: Tim Hammerquist: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Next in thread: JEDIDIAH: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 11 Sep 2004 16:33:19 GMT
Interesting topic. I suppose there's going to be much more of this type of
topic in the near future as the "move to Linux" et al continues to gain with
governments of entire countries and in the private sector. I'm impressed
that most of the respondents in this topic have at least tried to remain
civil in conversational tone, that's going to be needed as more and more
ex-Windows users migrate away in the next few years. They are not happy
migrators.<g>
I'm not at all a newbie to Microsoft operating systems, I date back to DOS
5.0 days (and even further back to Apple ][ and Lisa days before I migrated
to MS). That gives me a little perspective on what happened. Apple made it
difficult for 3rd party developers, and their market share suffers even
today for that reason. I know because I used to repair the things, but when
policy changed so that only the dealer could get technical assistance, which
locked me out as an independent repair person, I moved to MS systems and
never went back (and never will, either). Right or wrong, that was why I
(reluctantly) went with MS.
I am a newbie (very much so) with UNIX style systems such as FBSD. The lag
is because I really thought it would die. But then I thought the same of the
C programming language, too. Time has proven me very wrong in both of those
crystal ball derived assumptions. So here I am today, playing catch-up (but
not with C, a language I truly hate to program in but can when necessary).
I'm currently (in another thread here) pulling my hair out trying to build a
FBSD statefull transparent intrusion detection capable firewall. The tools
are there, but I'm currently too ignorant to even understand all the kind
help offered in this forum so far. Of course, I'm working until I drop each
day just trying to get a grasp on FBSD, with my "project" being the vehicle
to that end.
Why is this MS fellow (me) dabbling in FBSD all of a sudden? Well, I think
the new Microsoft Longhorn system will indeed be a major rewrite of Windows
and with security at its core. MS has taken severe and somewhat deserved
financial hits because of its historical lack of security. That lack is easy
for me to understand why. People forget that just 8 to 10 years ago almost
no one had broadband internet access, there was almost no advertising on
internet and indeed very few of the public even thought internet would ever
be an integral part of their daily lives. Virus and the like were usually
harmless and proof of concept, not really intended to be malicious. Windows
was designed for those people, as they were the market, and all the creepy
nasty things that now take advantage of the OS networking shortcomings today
were hardly envisioned "way back" then nor were they the substantial problem
that they now are. Longhorn is the only possible solution for MS, NTFS and
DOS based versions of Windows were really the same old underlying Windows
code patched and re-patched to try to improve the product. Like for the
reason of replacing DOS with NTFS, one can only patch so much before it's
not practical to continue doing so and something new is needed -- from
scratch.
But Unix (popular above all else back then in the business world, but not in
the private sector) was designed for networking to begin with, as are all
its derivatives. It was designed for a corporate environment, and
networking, to begin with. Windows was designed for single users, and
networking was an add-on because until just the last few years the "home"
and small business market didn't do much in the way of networking! That's
what makes the 2 types of operating systems apples and oranges when one
attempts to compare their security features when it comes to networking.
Windows to date never was designed with networking at its core, it was added
on in pieces and that made it vulnerable from its inception but at a time
when vulnerability really wasn't much of a problem (things have certainly
changed in that regard, especially within the last 3 years or so, and thus
the need for Longhorn.)
The core question is why do so many people use what everyone knows to be an
insecure OS? I think it's for the same reason that many are now moving away
from it; the graphical interface and ability to have a cohesive office
production environment (the maturing of X-Windows, for example). People like
those windows! But the fact that networking (in particular the internet) has
grown in usage SO dramatically, worldwide, in just the last 5 or so years,
is something that was not foreseen and the result has been patch after patch
after patch as the OS, being most popular of all, was and still is a
tempting target for abuse.
There are 2 kinds of security. Physical security is accomplished by locking
the computer behind doors and using work stations (basically a client/server
approach). No one gets to remove the hard drive, CMOS battery, etc. Almost
every manufacture I've worked for puts the servers behind lock and key and
requires workers to use LAN networking for any type of files related to
company business (including for ease of backup purposes). Perhaps the
workstation has a floppy and so on, but it is remote from the physical
computer.
The other type of security is access permissions. Again, Unix type systems
had this from the get go and MS jumped on the bandwagon only when NT came
along. That really wasn't so long ago, either. Again, it's basically the
same old Windows with most of its previous security holes but at least file
permissions exist with it and XP. The problem is that many things in the OS
itself are just not amendable to running at limited permissions, and those
items are full of network accessible exploitation. Nothing is going to do
much to help that beyond a good redesign of Windows (and Longhorn must be
just that). The same basic reason that DOS could not be made to work like
NTFS does is why Longhorn must address similar types of issues and there
just isn't a better answer to the problem beyond redesign of Windows from
the ground up. Meanwhile, patch upon patch must be implemented in base code
that is so old and complicated by all those previous revisions and patches
that it's just become unwieldy.
My thoughts are that UNIX types of operating systems, as a consumer product
both privately and in corporate, had better make hay while Longhorn is being
developed. This is the biggest and probably last chance to make significant
and permanent market capture at the expense of existing and near future MS
systems. The user, private or corporate, has already spoken and the deaf
will pay a loosing price: it needs to act and work easily like Windows does,
out of the box, or it will not get the market. More, it must be compatible
with user files created from MS office products. Witness the very reluctant
move away from MS, it's only because of security problems and not because
other systems are easier to use or compatible with archived documents and
data (they are not, it confuses and frustrates me and if I think that way
then so do many others and that translates into market issues).
Currently, every OS has its reasons for a market to accept or reject it. But
this is changing, very fast. What will be dominant 5 years from now, and
why? Pounding a desk with a shoe about what is and isn't better right now
just servers no real purpose beyond agitation. What matters is what occurs
in the next 2 to 6 years.
- Next message: Thomas Schweikle: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Previous message: Dr. Richard E. Hawkins: "Re: mozilla crashing system madness continues"
- In reply to: Tim Hammerquist: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Next in thread: JEDIDIAH: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
