Linux optimize

Is Linux the most secure OS?

Linux-based systems get a lot of press in IT trade publications. A lot of that press relates to its security characteristics. In fact, some claim "Linux is the most secure operating system (OS) of them all." How much truth is there in a statement like that?

Linux-based systems get a lot of press in IT trade publications. A lot of that press relates to its security characteristics. In fact, some claim "Linux is the most secure operating system (OS) of them all." Such statements are, of course, unsupportable hyperbole; while many Linux distributions may outshine both MS Windows and Apple MacOS X by a significant margin, there's evidence to suggest that most Linux distributions are not up to the standards of FreeBSD, for instance -- let alone OpenBSD, with possibly the best security record of any general-purpose operating system.

That's even leaving out special-purpose OSes such as a number of RTOSes, IBM i, OpenVMS, and TrustedBSD. In the sense that many people tend to think first, foremost, and often only of Linux-based systems when they think of open source OSes (and even think of "Linux" as an OS without distinguishing between distributions), however, they have a point: all else being equal, a popular open source OS has definite security advantages over a popular closed source counterpart. Linux distributions are far from the only open source operating systems, though. Just for the sake of argument, insofar as Linux is emblematic of open source OSes, then, and that MS Windows is emblematic of closed source OSes, it may not be so unrealistic to say "Linux is the most secure OS of them all," where "them all" consists of only two choices -- but the world is not that simple.

"Linux" in the abstract, however -- as a stand-in for the average Linux distribution -- is simply not the most secure OS available by a more comprehensive view of OSes. There are, in fact, some Linux distributions that have been created for research purposes that are intentionally as poorly secured as possible in default configuration. The range of default configuration security for Linux distributions spans a broad array of choices between "intentionally as airtight as a screen door" and Hardened Gentoo. Obviously, the average, or the norm, is somewhere between the two.

Furthermore, determining a "most secure" OS is not as straightforward as it might at first sound. One of the most common criteria used by people who don't really understand security, and by those who do understand it but want to manipulate those who don't with misdirection and massaged statistics, is vulnerability discovery rates. Those of us who know better are aware that there's a lot more to security than counting vulnerabilities. Other, more credible criteria, may involve factors such as:

  • code quality auditing
  • default security configuration
  • patch quality and response time
  • privilege separation architecture

. . . and a whole lot more.

Even if we ignore any OS that won't, for instance, run a popular browser (such as Firefox), a popular email client (such as Thunderbird), and a popular office suite (such as OpenOffice.org) in a WIMP GUI on an Intel x86 architecture computer, the average Linux distribution doesn't beat every other option in all categories by any stretch. Ubuntu Linux, arguably the Linux distribution with the greatest mindshare, certainly doesn't.

In fact, for every category that occurs to me off the top of my head as I write this, there are operating systems that beat Ubuntu on every category, some of which are actually other Linux distributions -- even if some people say Ubuntu is the most secure Linux distribution. Of course, if that was true, and it was true that Linux was the most secure OS, that would make Ubuntu more secure than OpenVMS. Suffice to say I don't buy that implication.

If you're one of those people inclined to say "Linux is the most secure operating system of all," you should probably rethink that. A much stronger case can be made for the security of some other OSes than the average Linux distribution. Even if it couldn't, the variability of Linux distributions in general, and the differing criteria for the security of an OS that may come into play in comparisons, make such a statement quixotic at best.

The long version of the answer to the question "Is Linux the most secure OS?" is that it depends on what OSes you're comparing, or whether you're comparing specific OSes at all (instead of something like "open source vs. closed source"), and for what purposes you mean to evaluate the security of an operating system. If you make claims like that, someone who knows better will have an easy way to discredit your argument. Be more specific, not only in your arguments, but in your thinking -- because it's too easy to form bad habits that may lead to making bad decisions about your own security, and because giving people inaccurate information about security like that can create real problems. If you mean that all else being equal popular open source OSes are more secure than popular closed source OSes, say so. If you mean that Ubuntu's default configuration is more secure than MS Windows Vista's, say so. Just saying "Linux is the most secure operating system of all," on the other hand, is imprecise and inaccurate.

The short version of the answer, of course, is "No."

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

194 comments
enoll1
enoll1

Heck no, not even close. z/OS 1.x , for one, is far more secure than ANY other OS mentioned in the article or comments on the article.

brigido.arbeteta
brigido.arbeteta

Hi, Well, as per my experience systems, OSs, etc... lifecycle is very similar to real life. I mean that when more in danger you are your tendecy is to protect and to react quicker to the possible security threads. I don't mean A is more secure that B. But all of us agree that MS platforms are aimed by hackers prior to other ones. But we have to keep in mind that day to day the entry point for hacking techniques it's not OS, entry point are the applications such as navigators, email clients, and so on. Even to get a computer hacked no vulnerability is needed if the user installs something with his credentials with no concience of what's happening in the background. Security is as relativa as the following statement. The problem are not the known security issues. Problem are those issues are not yet known or never known. So complexity in security is equivalent to count every layers Physical, HW, OS, Apps, SVCS, Network....and to manage this in an integrated way and security focused it's never done as estrictly as needed. The problem is the COST. It's very difficult to convince to a CFO about those invisible COSTS, etc. So for me the most secure system is the one managed by the right people. It's like to drive a car... depends on who's driving. Even depending on who's around, and evenn if your car is not the best, if you drive good and you drive concentrated it's a lot more difficult to suffer an accident. Think about it guys. Regards from Spain. This is my blog: http://itiland.blogspot.com/

emu2
emu2

I agree that the vulnerability count alone is not a good measure for the level of security of anything. However it is, among the other factors listed in the article, something that has to be considered when talking about security. I grow tired of these kind of X is more secure than Y or vice-versa kind of arguments - the problem being that there simply is not fixed set of security criteria. What someone considers secure or insecure is often very subjective - even among security experts. It all depends on who you talk to and in what context. Even if you agree on exactly what you compare and on what grounds, there's usually still plenty left to argue about.

lastchip
lastchip

I wrote on TR: "Is there any such thing as a secure operating system?". My conclusion then, as it is now is, there is not. If it's written by humans, it can be broken by humans! All you can hope to do, is make it as difficult to break as possible. If that goal is achieved, then the time required to break the system, outweighs the potential benefits and those with malicious intentions, will move elsewhere to easier pickings.

cboom
cboom

You don't hear of thousands of Linux workstations and severs going down due to a virus attack! If you need to learn more about using Linux and Linux Commands, you can go to http://www.ilearnlinux.com/Linux-Commands/ to learn how to use lots of Linux commands and see free sample Linux video tutorials! Best of success in securely working with Linux! Clyde Boom, The Easy Linux Training Guy ;) http://www.iLearnLinux.com (I Learn Linux dot com)

TripleII-21189418044173169409978279405827
TripleII-21189418044173169409978279405827

Linux is more secure than Windows, but I don't think it is as secure as Solaris (don't know about OpenSolaris) or the BSDs. Now, that said, SOME Linux are as secure, such as Bastille or Monta Vista, security is their prime focus. I would suggest Debian Stable is more secure than Ubuntu 8.04 (simply because the new functions are not as vetted, not a slam). Now, the most secure OS ever, Knoppix (or any CD based distro). It CAN"T be infected or 0wned, ever, even if full of security holes, next reboot, it is pristine. I think Apple has sacrificed BSD security for convenience, making it not as secure (the number of critical updates seems to bear this out), and still include Quicktime, the mandatory security exploit propagation application (I hear it plays music too!) Windows, however, still brings up the bottom. Vista is better with non-admin, but that's about it, and it still supports Active-X, so can never be secure. TripleII

Jaqui
Jaqui

such an idiot

apotheon
apotheon

From the article: That?s even leaving out special-purpose OSes such as a number of RTOSes, IBM i, OpenVMS, and TrustedBSD. If TrustedBSD is considered a "special purpose OS", z/OS (aka OS/390++) is definitely a "special purpose OS". It is definitely not a "general purpose OS". One might as well call CP/M "the most secure OS" then, because it's essentially incapable of networking. Why don't we take it back before MVS, actually, from which z/OS and OS/390 are ultimately derived, and address OS/360? . . . or we could try comparing apples to apples, and stick to general purpose OSes. Regardless of the type of OS you're talking about, anyway, the truth of the matter is that the relative security of it depends on how you are using it, for what purposes and under what circumstances. As I said in my somewhat newer article, Major security myths of 2009: In fact, one cannot reasonably make such a sweeping claim that any OS is the most secure in the world, because the relative security of a given OS depends on too many factors, including how it will be used and configured, the sorts of dangers to which it will be subjected, and the specific standards of security that are most appropriate to a given circumstance. I think, if you're declaring any single OS the most secure in the world after reading Is Linux the most secure OS?, you've missed the point. The truth is that z/OS isn't "far more secure than ANY other OS mentioned" because that's a completely meaningless statement without addressing the sort of variables that apply to a given deployment when trying to determine the level of security provided by a given OS.

Tony Hopkinson
Tony Hopkinson

There is a difference between unsecured and insecure. Leaving aside achictural isues such as privilege separation, if your password is blank you are not insecure your are unsecure. If that password is for a low rights user, you are less vulnerable, than you would be if it was root/admin. Systems with real privilege separation are inherrently more secure in that they at least have the potential to be less vulnerable when compromised. And unfortuately it is when. From a practical point of view, you are more right than wrong, but if secure out of the box is ever going to be a reality, more decisions have to be taken out of our hands, no matter our competence.

apotheon
apotheon

"[i]I agree that the vulnerability count alone is not a good measure for the level of security of anything. However it is, among the other factors listed in the article, something that has to be considered when talking about security.[/i]" I started typing up a reply to this, but realized that it was getting very long. Looking at it, I decided it would make a good article. If you want to see my response, read [url=http://blogs.techrepublic.com.com/security/?p=472][i]Vulnerability counting revisited: a hypothetical example[/i][/url].

Sterling chip Camden
Sterling chip Camden

If someone wants in, they can break a window. But they'd rather find the unlocked car with the keys in the ignition. And if you've got a car alarm (with a sticker so indicating) they'll definitely move on to easier targets.

JCitizen
JCitizen

While I'm at it I won't assume your just another spammer for your wares!

Neon Samurai
Neon Samurai

Actually, the Damn Vulnerable Linux distrobution is specifically meant to be a screendoor. They recommend only runnnig it from the liveCD as a learning lab as installing it on a production system is madness. You do get a clean system off each reboot though since the liveCD can't be written too in most cases.

seanferd
seanferd

But I actually noticed a low-post spammer the other day who actually was spamming something that could be considered to be actually targeted at the users of an IT site. I nearly $#@+.

brigido.arbeteta
brigido.arbeteta

Hi Tony, You're right. But what I meant is that having all basic things such the one you mention solved. In example by forcing strong password and policies and so on. We have the "magic triangle" People, Processes and Tools/Technology. So even getting good processes and tools in place we depend always of the people. Even without having the proper tools or processes with good people you can keep security in a good status. So I ment that good staff is always the best. Processes helps us to measure and to know how are we doing this or that and tools helps to management and technical staff to achieve their goals easier. So remember right people in the right place performing the right actions :). Regards, B.

lastchip
lastchip

but it's evolutionary. To use your example, many years ago, one could steal a car simply by using a piece of wire to pull the door lock button and then hot wire the ignition. An experienced thief could do it in seconds. So the manufacturers decided, they would put a steering lock on the car, but soon found out, the thieves were quite happy to use brute force to remove that obstacle and away they went again. Next they removed the door lock buttons, or more accurately, repositioned the locking system. Again, this was overcome by resourceful thieves. Now you have coded keys to initiate computer controlled ignition systems. While that hasn't totally stopped car crime, it's certainly had a significant effect. The point is, as more knowledge was gained, more countermeasures were introduced and as each step "raised the bar", fewer thieves were able to circumvent the system. Isn't this what we are talking about? Not an ultimately secure operating system, but one that has been hardened to such a degree, that only the most sophisticated thieves *may* be able to breach. But, as has already been mentioned elsewhere here, if you harden drastically, the system may become unusable, so surely the panacea is to have a system that is as secure as possible, but still friendly enough to be usable.

apotheon
apotheon

. . . and if you have automatic roll-down quarter inch steel shutters to cover the windows when you lock the car, acquired for free because they're "open source", the would-be thief will probably forgo the car that requires small shaped charges to break a window in favor of one with exposed windows. I guess the analogy breaks down after a certain point. How is an armored steel shutter "open source", anyway?

robo_dev
robo_dev

You're making a whole lot of worst-case assumptions here... Assuming that: -you're running Knoppix with no firewall -you're exposing services to the Internet -the services that your exposing have vulns -the vulns of those services have exploits -the user of those exploits knows you exist -the exploit aimed at you can work in memory without writing to disk -any data exchange is done without encryption Based on all that, the chance of being 'owned' is .00000001% On a PC with a read-only file system, there is typically no data, and we can expect that SSL encryption would protect most data streams. Therefore the prospect of my Knoppix box getting 'owned' worries me not.

apotheon
apotheon

Even with a more secure LiveCD than DVL (such as Knoppix), the fact the system install can't be "permanently" compromised doesn't change the fact that someone could capture network packets and harvest usernames and passwords for, e.g., your bank account. The OS needs to be designed with security in mind, the application software needs to be reasonably secure, and the system configuration needs to be good, if you want real security -- even if rebooting wipes all unauthorized code from the system.

Jaqui
Jaqui

are hard to call. if their advertisement is IT related, and related to the topic it's posted in, is it really spam?

Tony Hopkinson
Tony Hopkinson

Every process you put in place is one to cope with the unsecure and the insecure. Strong passwords are a response to people picking easy to guess ones. Technically it's no more of a challenge to brute force crack password than p455W0r; In fact short of some dumbass using blank, password or admin, three atempts and your access is fried is a far more sensible mechanism. By your lights windows should be dead, and ActiveX should never have happened. By mine they stayed in place because it was convenient and you got a job as a comfort blanket. Watching 30% of my resources being 'wasted' looking to see if I let in a nasty, is not something I consider better. Being locked to one desktop. because some arse downloaded a Britney Spears Naked screen saver is not better. Having to try and cope with a short life 10 character mixed case, alpha and punctuation password is not better. So better for whom? Shoddy insecure software and may be not so shoddy security providers, For me ? don't even go there.

brigido.arbeteta
brigido.arbeteta

Hi Again dear colleague :), If you have a service, product, application that requires to be unsafe to provide functionallity then you should consider to change it. It's obvious that it depends of the cost. Wich is more expensive? the cost of to have that vulnerable application or the cost of to get a secure one? That's what I considered always when I was IT Manager. Again. I believe in people and right people will take the right actions such as decide and escalate to managament the risks and constraints of having a bad/insecure infrastructure. So IT is complex yes, but when people work as a team from end to end (management to technical staff) in that way things works considerably better. And bad systems are replaced in a regular basics in a very natural way. Regards from Spain again ;-)

Tony Hopkinson
Tony Hopkinson

that a strong password policy can make you less secure. More than several people will use say a variant of their SSN, I know one guy who uses Year.Month We are both well aware of people who write them down or some such. Having good people helps, good tools help, good proceses help, joined up thinking helps Bear in mind though sometimes you have to compromise security in favour of accessibility. For instance there are shed loads of people wide open to javascript exploits. If that's turned on your competent people won't be making it secure, they will be moderating and curing the consequences of it not being secure.

apotheon
apotheon

Just don't fall into the trap of believing usability and security are necessarily exclusive of each other. As I hope I pointed out in [url=http://blogs.techrepublic.com.com/security/?p=390][i]Interface design is security design[/i][/url], greater usability can actually coexist with greater security -- or can even [b]improve[/b] security, if done well. There will be cases when there's a trade-off, but with good design there are many cases where the two, far from being mutually exclusive, are mutually [b]inclusive[/b].

Neon Samurai
Neon Samurai

Your exchange with Norm the last two posts has been a good read and I do love the technical stuff especially if I end up having to learn something too keep up. As for the essay, it wouldn't be the first time a discussion lead you too a late in the day article posting. I say our link too it when I had only a few minutes to check for updates and didn't get to read it until after my imagination had run a while so I'd just assumed it was going to direct me back into the TR listings. I'm curious to here your thoughts but by all means, at your leasure. I'm not going anywhere soon unless the benevolant moderators make it so.

normhaga
normhaga

>""Leading from that, my position is that there is no such thing as a secure computer, unless it is unplugged and has no data on it." I understand the sentiment, but I think my definition of "a secure computer" is something like "This machine's security hasn't been compromised." It's only going to stay secure with diligence, attention, and a strong principles-based approach to security, of course -- and a bit of luck." This sums up the point that I was inferring, excepting the point that as soon as anything is placed on a computer, ranging from programs to data, security is at some point compromised. Compromised does not mean exploited or exploitable however. >>""Apotheon is a fan of signature based testing for applications." Please elaborate. "Signatures" is a term used in far too many ways in the realm of IT security for me to immediately know what position you're describing as being mine, in this context." If I recall the thread correctly, there was a conversation in which you mentioned checking the signature of a file before allowing it to execute. I interpreted this to mean something such as checking the CRC, SHA, or MDA sums against a database prior to allowing execute permissions. This is something, to the best of my knowledge, that McAffee started by running a checksum against their viral updates in the mid to late 80's. It worked ... for a while. In this case, once you locate the check code you return TRUE or FALSE as needed, if you locate the beginning of the check, why bother with calculating the sum. Todays world is a little more sophisticated than this though, there is code that will disable antivi/firewalls. So far it only works with the product is was written for but give it time. Computer security requires constant paradigm shifts, which I call reframing an idea. Yes, I know my explanation to Neon was simplistic and left out thing like interrupt remapping, etc. I did not want to overly confuse others that do not have the technical background to follow the particular. FYI: the thread made TR's premier list. I would like to think that a good part of it was the discussion we had. I would like to see more of it. norm

apotheon
apotheon

[b]normhaga:[/b] I appreciate the kind words. "[i]I also see and fully understand Apotheon's position in which he felt unjustly attacked - sorry Apotheon, it was not personal, though I can see how it could be taken that way, and I do apologize![/i]" I'm actually having a difficult time remembering that right now -- so I guess you can consider the matter forgotten. Literally. I appreciate the apology nonetheless, and offer a general purpose apology of my own if I jumped to a conclusion too hastily. "[i]Leading from that, my position is that there is no such thing as a secure computer, unless it is unplugged and has no data on it.[/i]" I understand the sentiment, but I think my definition of "a secure computer" is something like "This machine's security hasn't been compromised." It's only going to [b]stay[/b] secure with diligence, attention, and a strong principles-based approach to security, of course -- and a bit of luck. "[i]Apotheon is a fan of signature based testing for applications.[/i]" Please elaborate. "Signatures" is a term used in far too many ways in the realm of IT security for me to immediately know what position you're describing as being mine, in this context. [b]Neon Samurai:[/b] I intend to respond at some point to your "I thought you'd snuck another one into the TR articles" comment -- but I just don't feel up to the task yet. Sorry.

Neon Samurai
Neon Samurai

There is one hat colour. It?s red and it?s used as branding for a specific Linux based distribution. Black-, white-, grey-, puce-hat? Give me a break. There is ?hacker? and ?not Hacker? and it stucks that we still have to give popular culture more labels to differentiate between hacking and criminal activity or intent. I?d best cut myself off short; lack of sleep seems to be taking it?s toll today and my hat rant could take pages. I?m a big supporter of ?You didn?t break it? How do you know when/how it breaks and how to fix it?? ? I?ve learned so much fixing my own messes. I wish they?d all been intentional though. ?Well, on the same tact, Linux?

Neon Samurai
Neon Samurai

With some of the puzzles I have remaining unsolved, I often start wondering if it's just me. Good to know it isn't in the case of PDFCreater. For me, the issue is reading them on the N810. I dump anything of interest to PDF and transfer it over to the N810 for commuter reading. Some stuff get's kept but it get's deleted as I read through the list (archives are kept elsewhere). Acrobat manages to produce a PDF that presents readable text properly on desktop, notebook or rught down to the tiny screen of a Palm PDA so it works great for my needs. The test PDF I tried consistantly left me with tiny unreadable font on smaller screens, broke images badly and generally didn't produce something very usable. OOo's export is better but it's still not Acrobat unfortunately. The only thing I could come up with is that Acrobat gets to use it's own font management and clean Windows font libraries while the other's are more limited. Here's too hopeing for improvements soon.

Dumphrey
Dumphrey

I know what you mean about PDFCreator. I love, every machine I can, I do install it, but, it is incapable of producing print grade pdfs. We tried, for 5 hours... you can tweak settings and get acceptable (for print mind you, not screen view) pdfs, but never anywhere near as good as Acrobat. Hopefully that will change with time. I am also starting to explore other alternatives to Acrobat for PDF generation.

normhaga
normhaga

At the risk of dredging up more peasantries, I hold Apotheon in the highest regard. I find his beliefs and positions in most cases enlightening :). While SecurityFocus is pinned to my Firefox toolbar, I spend little time there; so I had not noticed Apotheons activities. The debate that occurred happened because of differing philosophies, beliefs and focus. I do not buy into the colored hat thing, only the security thing; to secure something, you have to know how to break it. The places I spend time try to break you from the moment you log on. At any rate, no matter how fiercely debated, nor how hostly, I hold Apotheon in very high regard. I do not hold grudges on seriously debated issues; I choose to learn what I can from them and not all truth is comfortable. I also see and fully understand Apotheon's position in which he felt unjustly attacked - sorry Apotheon, it was not personal, though I can see how it could be taken that way, and I do apologize! Leading from that, my position is that there is no such thing as a secure computer, unless it is unplugged and has no data on it. Barring the above computer, I have learned that junk is often spouted about security in any form, not just computers. If we listen to MS, then Windows is a secure OS. If we listen to experience, then we know better. Windows was not created in a vacuum. It evolved from OS/2, but with Bill Gate and teams changes to avoid some of the things I.B.M. held the patent to. Windows was also not conceived as a completely new OS, it evolved from DOS 5 with the menu shells, which evolved from the text batch menus. The code for Windows extended DOS functions and functionality. When you add new code to an existing base, you often end up with the same errors. MS chose to call this a feature (reframe or re-spin something) and it was because it allowed backwards compatibility. Want to lose your business base? Force your base to have to invest in 100,000's or millions of dollars for new software or equipment needlessly. That lesson was taught by I.B.M. with OS/2, that and making the mistake of telling someone how they will use their machine. Well, on the same tact, Linux was not concieved of in a vacuum, it is a rewrite of Minux, which is a rewrite of BSD Unix, which is a rewrite of System 7, all of which was helped along with the code stolen by the L.O.D. from the AT&T Bell Labs. Dennis Richie wrote most of Unix as it then existed, then wrote C because he needed a simple but powerful language to code for Unix. Pseudo assembly and assembly were just to difficult to write clean code efficiently, Pascal to cumbersome, Basic was not powerful enough, and Fortran did not have the power or extensibility to efficiently manipulate file systems. From the ground up Unix was designed as a multi-user, multi-tasked OS which was based loosely on VAX and VMS. What this kinda meant was that before you turned a process over to an interrupt handler, you checked to see what it was doing and what it would do. If you will, you sand-boxed an interrupt call and allowed it to proceed when you knew it was safe to run, or allowed it to run and only allow it to complete its task when the operation was known to be safe. This practice is contrasted by the MS practice of allowing an interrupt to run and attempting to contain the damage after it has been done. However, as in most things in computer science there is no one single efficient method or practice; each has its place. MS could have rewritten their code base to stop the matter, but you would alienate business by breaking programs. Being a profit corporation, it is understandable that MS would choose not to alienate business. Linux, on the other hand, is not a profit if something needs to be broken, it is. Apotheon is a fan of signature based testing for applications. Me I remember my days of cracking Commodore 64 PET games where CRC was used as a signature check. CRC checking screwed me for about six months, then I figured out how it could be broken. As a result, I am not a fan of signature testing; I think it is a start, but only a start. We have to remember that if someone wrote it, someone can break. Maybe not today, but eventually. Yes a virus (malware) is not taking advantage of function calls a wanted program is taking advantage of for a reason. It is attempting to do something that the OS would probably prohibit if the standard calls were made. I choose not to get involved in the ethical arguments or questions because my positions are known or can be inferred and because there is at least one government agent on this board attempting to entrap people. I choose not reveal the handle. Before I go, while it is an error on my part, I use assembly interchangeably with machine code. I am far from the days in which I could write hex for machine code in my mind. I simply see both as mnemonics for machine instruction. I have had a difficult day eradicating a virus I though extinct (boot sector that attached to a Cisco logon) from two machines. I had been at it from 10:00 am and did not isolate the problem until 3:00 pm. So I will go. norm

Neon Samurai
Neon Samurai

It was a great read though. I suspect I'll be back in the morning with my work issued Adobe Standard (I hate to admit that it produces the cleanest PDFs for me still but I'm sure I missed settings in PDf Creator and other's I've tried). My introduction to the business model was a superficial explenation in highschool accounting and later in Uni management courses. The more indepth analysis came from watching the documentary Corporation. After you see an FBI criminal profiler apply his trade too a Corp as a legal and concious entity, you take some time too think it through. Pure, unadulterated, undiluted sociopath. It shouldn't be anyone's only source but it's a good documentary to start with. I'm surely guilty of uttering the defense term more than once. I prefer to think of it as pointing out the reason for it's gluttony and highlighting the biggest problem but I guess it does take attention off the angry monkey dance too some degree. But then, there really is no defense for some companies either through policy or executive representation. How did Douglas Addams put it; a small rock at the edge of the universe inhabited by monkeys primarily concerned with digital watches and small green pieces of paper. All yee hail the mighty green pieces of paper; it is our highest form of religion it seems. At least the board of directors and executive levels can be held legally liable when a corp goes way outside the lines and get's caught; they seem to always afford the best lawyers or crucify a scapegoat though. That brings another thought to mind. The sheer economical weight that an entity of such a size can wield. A researcher or other tester finds an issue in a corporations product; it suddenly becomes that one person and whatever atterny they can afford versus the team of atternies and years of litigation a corporation can write off as an expense. There are more than a few ways that they are downright scary. A question though; What do you think of the emergance of groups or departments within corporations devoted too social responsability towards the customers and manufacturing employees? (start a new discussion if applicable, I'm sure I'll find it easily enough. I also gotta go grab an updated LiveCD image, this one's default dictionary is definately not english.)

apotheon
apotheon

Neon Samurai . . . something you said: "[i]hurray corporate law and responsability too the shareholder's interests.[/i]" . . . inspired me to write an essay about [url=http://sob.apotheon.org/?p=444][b]corporate responsibility[/b][/url].

Neon Samurai
Neon Samurai

I think both resonses are right too if you can believe it. Hopefully, I can do this without drudging up more ongoing disagreement. I've seen enough of your posts to know you have the programming experience and hardware knowledge to know what your saying. I hadn't considered the hardware layer as I'm more a software type but I do have to mull over the processor layer more and see where it leads. I also didn't realize that the processor was using assembly; I'd developed the idea that Assembly was the lowest level of coding above raw machine language based on it using almost human readable source and having seen five line programs written purely in hex. That opens another blackbox for me like the first time I had to open a PSU casing years ago. It leaves me with questions though: - is the virus not taking advantage of the same function that other programs would use for valid reasons? - the hardware just does what it's told, exactly what it's told and nothing more. If I say Del c:\*.* /y, it's doing to happen regardless of if it's a good idea or not. Wouldn't that put the falt within the software above? - if other OS can manage to work with the hardware command set and not open it up to viral code, why is it so difficult to address in some OS; the kernel has been changed and rewritten a few times already so there's been opertunity for a proper design. (I was just asking myself "but, these OS run on the same cpu architecture." when you mentioned that Linux and the Windows kernel handle interupts differently.) I'd personally prefer to limit the software while leaving the hardware commandset available. It's the software policy that should control those little pulses rather than the hardware; ok, unless we're talking MAC but that's some hardcore hardware coded security when done right. (This does make our favourite villiage madman's claim that the virus is in the cpu a little more rational too. ;) ) At the same time, I mentioned that I'm a software guy (I couldn't afford hardware so extending through software was my particular kind of hacker illness. ;) ). I've also seen enough exchanged between Apotheon and others on the securityfocus mailing lists to know he's pretty solid on his side of the argument. - Again, if other OS manage to use the same processor without opening themselves up to malicous code; what gives with the OS that are still vulnerable? - Even if MS is trapped by there obsession with supporting the past glorries; why can't they address what needs to be addressed? - Is the "echosystem" of AV blackmail really that important to keep alive? (I guess it is since MS is in it now and won't just kill off that potential cash cow for the better of the end user. (hurray corporate law and responsability too the shareholder's interests.) - Should a company claiming to be responsible and providing the majority market share really be continuing to support old and badly written code that requires those virus hooks to remain in place? So many questions come to mind. I'd probably spend hours banging my head off both sides as they caused more questions. It would probably justify a discussion on it's own. As mentioned though, there's already more than enough debate on the topic and it's all there in the archive to review.

JCitizen
JCitizen

like I do. Seemed like a good analogy to me! =)

normhaga
normhaga

In general I agree with Apotheon. Where I do not, it is well aired in this forum as well as why. I do differ with Apotheon's opinion as to why old virus, etc. still work under XP/Vista. My point of view is that the underlying Intel/AMD architecture is at fault. This is a broad statement, so a little explanation is in order. The base machine code of the 8086 (originally Intel 8080 but later changed to avoid confusion with the Mostek 8080) through the most current 80x86 is the same. The assembly code was extended (more instructions) in the newer CPU's but the older instructions were left for backwards compatibility. The OS is partly at fault, but the OS depends on the system interrupts. Older virus were written almost exclusively in assembly and relied heavily on interrupt calls. Even though event, rather than interrupt, driven, under the hood XP/Vista calls those interrupts for basic functions, such as disk, keyboard, and video access among other things. Linux handles those same interrupts a little differently than Windows does so a Windows virus will fail on a *nix box. I do not want to go into more detail for obvious reasons. I think you can put the missing pieces together.

apotheon
apotheon

The really egregious rate of virus proliferation on MS Windows is a result of Microsoft's policy toward virus-exploitable vulnerabilities, not its popularity -- as I explained in [url=http://blogs.techrepublic.com.com/security/?p=286][i]The truth about viruses[/i][/url]. Just picking some numbers out of thin air (because I don't want to look up the actual numbers right now), for argument's sake: 1. 600 MS Windows viruses were discovered in the wild during a given period. Those viruses all leverage the same couple dozen vulnerabilities in MS Windows -- about twenty-five viruses per vulnerability. This happens because Microsoft refuses to acknowledge the vulnerabilities, and leaves it to AV software vendors to use signatures-based defenses to protect systems against infection. Every time a signature is developed to protect against a virus, another virus variant that exploits the same vulnerability is developed by some virus writer. 2. 1 Unix virus that requires the intervention of the user to actually work was created as a proof of concept in a Symantec lab as part of the corporation's ongoing campaign to convince Unix users they need to buy Symantec antivirus software. Unfortunately for Symantec's grand marketing plan, as soon as the vulnerability the virus leverages becomes known, Unix developers develop a patch for that vulnerability, and once again there are no viruses in the wild that can actually affect an up to date Unix system. The situation is actually slightly more complex than that, but I'm just trying to explain the basic concept to you -- and help you understand why the proliferation of viruses on MS Windows systems doesn't prove the popularity of MS Windows is the major factor determining its poor security characteristics. Of course, popularity of a piece of software does factor into security, but apparently [url=http://techrepublic.com.com/5100-10877-6064734.html]not the way you think[/url].

Neon Samurai
Neon Samurai

Why is it that the most popular OS can run virus code from long ago which has long since been identified? Shouldn't a virus be a proof of concept indicating that the underlying platform code needs correction? Sure the number of vulnerabilities too an OS is a consideration in the overall security posture. If anything though, one would expect the popularity of an OS to decline due to its ongoing susceptibility too unaddressed vulnerabilities benefiting only malicious intentions. Seriously, should Dos viruses still work against WindowsXP and Vista? There was a great example around here someplace. A company makes an OS while a separate company makes a program run on that OS. Malicious code can be made to run on the system by breaching the program. When the vulnerability is reported to the OS Company, they say it?s a flaw in the program. When the vulnerability is reported to the program company, they say it?s a flaw in the OS. Eventually, the program company addresses the flaw in that single case because the OS Company chooses not to. The vulnerability in the OS that allows the program to be breached remains unaddressed and the malicious code continues to work with every other program that gets installed. Fixing the underlying OS platform would correct that flaw for all additional programs installed. There have been many viruses for Unix like OS including most of the first viruses ever written but fixing the flaw in the OS blocks those viruses outright. It can be seen as popularity causing so many attempts at malicious code but it seems more accurate too consider it an indication of the OS code quality which allows so many viruses to work. The OS/AV model seems like a band-aide on a broken leg at best. I?m willing to accept that my perception is completely flawed, I just haven?t found evidence too convince me of it yet.

ben.rattigan
ben.rattigan

The widespread use of a system is one in many security considerations. Popularity doesn't define security it is a factor of it. How many viruses have been written specifically for Microsoft Windows and how many for all the other operating systems? I don't have the answer but I think we all know it.

Neon Samurai
Neon Samurai

Trying to keep the shutters within the hardware relm rather than equating them directly to snort or good firwall code was where it really got stretched.. I knew it'd break eventually once we got the pole in there to bend it around.

Dumphrey
Dumphrey

uses Polk and Infinity speakers, and no one I know uses Leaders or Goldmund. Does that make the Polks/Infinitys better? Nope, it just means were poor. Popularity is a better indicator of advertising then quality. So far your point has only been popularity=security. That logic is so flawed I can not even begin to see htf you got there...

apotheon
apotheon

"[i]Is that because the those "open-source" steel shutters are not as widely used and those Microsoft ones you pay that you see everywhere are?[/i]" No -- it's because the shutters make it more difficult to simply break the window.

apotheon
apotheon

"[i]I had to pay for the phisical hardware to run the code on and paid in time to learn to use the different approach to using my hardware.[/i]" Isn't the hardware equivalent to the car itself? Aren't the shutters analogously equivalent to software, in this case?

Neon Samurai
Neon Samurai

I had to pay for the phisical hardware to run the code on and paid in time to learn to use the different approach to using my hardware. One has to pay for the hardware metal material and pay time to learn and install the shutter system. The best practice policy and design is easly obtained though and if you happen. (hm.. I think that's gotta about do it. Either way, I think it's stretched enough that it's not going to fit again even after a run through the dryer. You got eny more leverage you can brace a foot against and pull? It's making those too tight piano wire sounds finally.)

ben.rattigan
ben.rattigan

Is that because the those "open-source" steel shutters are not as widely used and those Microsoft ones you pay that you see everywhere are?

apotheon
apotheon

Ah, but . . . open source software can be downloaded and installed without spending any money on anything you aren't already spending the money on, anyway (e.g., bandwidth, assuming you have an Internet connection). How does [b]that[/b] apply to physical security measures like armored shutters?

Neon Samurai
Neon Samurai

The sutter setup is evolved over time through trial and error that allows anyone to contribute updates to the blueprints provided they actuall fix a flaw or improve the setup in other ways. The mechanism remains hardened even though the design is open. (now I'm just curious to see how far the analogy can be pushed before it breaks apart)

Neon Samurai
Neon Samurai

I actually had a liveCD I was trying to figure out how to update a bit of software in but after having hearing how it could be done, the effort is beyond the benefits. I'll just wait for a newer OPHr.. liveCD image or build my own with the latest version and mklivecd. ;)

JCitizen
JCitizen

Why doesn't anyone publish a live CD that can [b]ONLY[/b] write to flash storage, has a session I/O firewall to prevent keyboard and display hooks plus a good internet firewall? - OpenBSD based firewall sounds good! This also assumes that a malware execution could not "fool" you into thinking you rebooted when the session was actually in standby or could somehow saved to SDRAM and keep it energized during reboot. I know that is stretching reality, but my paranoid fertile mind is always in overdrive. I would assume anyone upon jerking the flash drive before reboot, would scan it before introducing it to another system unit. Even better yet, if you could load updates on a relatively isolated system unit w/burner and update the original ISO image before burning it to a DVD-R for the next trip to the airport -> Well it ain't perfect but hopefully you catch my drift! I haven't even compiled my first put together distro yet so please forgive any ignorant statements I may make. If any of this smacks of any reality and/or sounds like too much trouble just to have a quicky public WIFI OS, then maybe I've made a point anyway!

JCitizen
JCitizen

then cross my fingers behind my back and pray!

apotheon
apotheon

As long as they actually correct the problem before any of us try to use the service, I guess I don't really need the name. Good for them, being apologetic and choosing to fix the problem, in any case. Probably nine out of ten of my attempts to inform people of technical problems with their Websites and Web applications go ignored. Of the remainder, some get viciously defensive responses, even though I always try to use a helpful, respectful tone in such emails. I guess some people just don't want to be helped.

Sterling chip Camden
Sterling chip Camden

... that will (hopefully) pay me, and so they needed my taxpayer ID. The form was secure, but they later sent me an email confirmation that had my name and SSN in unencrypted clear text! I contacted them -- they were apologetic and are correcting it. I won't name them here.

apotheon
apotheon

I'm quite aware of some of the security issues here at TR -- those that are easily recognized from a browser, anyway. Sadly, I have no input into how things are run.

Neon Samurai
Neon Samurai

.. and it always twiggs me out every time I send the TR specific uname/passwd over the network. If that's on a tech site then one needs to consider how many non-tech sites are spewing unames across the network. oh.. if only I hadn't developed ethics early on in life. ;)

Neon Samurai
Neon Samurai

Too use the term popularized by misstyping gamers. I see your point I think. *IF*, you are booting off a liveCD image build with no loaded deamons listening on ports for use only as a platform to host a browser where all other data interaction is by webapp over SSL then sure, very small chance of a breach occuring. But even then I have questions: - when was the liveCD image last updated with latest patches or is it patching on the fly at each boot and from what repository? - when was the browser version on the liveCD last updated. - are you sure there's nobody inbetween your browser and the remote server breaching SSL? - are you sure the system on the other end hosting your webapp and, here's the part that scares me about this new cloud fad, remote stored data is uncompromised? - are you sure that the system your booting Knoppix off hasn't been modified to feed Knoppix a user saved data from a writable storage media? (I'm too lazy too confirm and can't remember if Knoppix is one of the liveCD that offers "save your profile to flashdrive for next time" function or if that just Damn Small and the other liveCD.) " Now, the most secure OS ever, Knoppix (or any CD based distro). It CAN"T be infected or 0wned, ever, even if full of security holes, next reboot, it is pristine. " This bit here in your post gave the impression that by simply using a liveCD one was magically immune to any potential for security breach. Actually, it didn't specify read-only even so a liveCD on a rewritable that can save it's data for next boot is also in the mix. Around here, reading into a post can go baddly very quickly even when assuming one meant a read-only media with outside mitigating steps. My point was that the partition type (squashFS for liveCD usually I believe) on a read-only media becomes irrelevant the moment you press the power button. The most distant and basic of computer code initalizes the system RAM and expands the BIOS image into. The BIOS image is then uncompressed into ram, initializes the basic hardware including storage interfaces and triggers the OS boot code (that first 512 or so of your hard drive, floppy, flashdrive or CD depending on boot order in BIOS). In the case of a liveCD, the read-only OS image is uncompressed into a read/write ramdisk. Whammo!.. your working with a read/write file system that happened to expand from a read-only package. The OS is fully capable of being modified as long as the power remains on; I save files to my liveCD's desktop all the time until ready to transfer them to non-volitile storage before powering down. It's not the filesystem that anyone cares about. It could be squashFS, ext2/3, ReiserFS, ZFS, NTFS, fat16/32 but it's still only the paper the data is written on. The data is the goal along with anything in the ramdisk hosted code that helps one gain access too that data. I also like knoppix and keep a disk in my toolkit along with four or five other liveCD based OS. I feel it more responsible to use a liveCD on my work issued notebook when not on company time. It keeps my use of the hardware seporate from work's data on the platters and I've not permission to partition the drive for my own nonWindows needs anyhow. When connected too a network, I also assume SSL can be compromised depending on the network. My home network; unlikely but possible on the intermediary wires outside my house. The local coffee shop; I'm not doing any banking even if SSL is secure. Last, deamons/services don't have any vulnerabilities until they do and someone knew about the vulnerability before everybody else did; OpenSSH recently over Debian/Ubuntu way being a good example. So, I'd resubmit DVL. It's a teaching distro purposfully build with every possible fix and patch for vulnerabilities left out. The distro creator describes it as "a curruption of Linux based Operating Systems" by it's own purpose for being. - It's a liveCD so why is it not inherently impenetrable? - It expands out of a read-only media on boot so why can I modify the system while it's running? There are some very nice advantages to useing liveCD but they're not the cure of cancer.

apotheon
apotheon

"[i]-you're running Knoppix with no firewall[/i]" Y'mean like if you're using a laptop on a public wireless network? "[i]-you're exposing services to the Internet[/i]" Y'mean like all those services that Knoppix tends to start up by default? How about printing, SSH, and Samba? "[i]-the services that your exposing have vulns[/i]" That's a crap shoot, in some respects. Of course, with a LiveCD, the existence of discovered vulnerabilities tends to be higher than with an installed system, since LiveCDs don't exactly get updated regularly the same way an installed system might. "[i]-the vulns of those services have exploits[/i]" . . . which is just a matter of developing an exploit. This is not something over which you, as the user and target, have any control. I'd rather not trust the security of my system to the forbearance of someone else. "[i]-the user of those exploits knows you exist[/i]" That's what network scans are for. "[i]-the exploit aimed at you can work in memory without writing to disk[/i]" Considering LiveCDs have a tendency to load everything into a RAMdisk when write access is needed, that's sort of a given. "[i]-any data exchange is done without encryption[/i]" . . . or the encryption software is misconfigured, or you suffer from [url=http://blogs.techrepublic.com.com/security/?p=460]bad software patching mistakes[/url], or what you're doing can be compromised without intercepting network traffic, or any of a number of other possibilities. "[i]On a PC with a read-only file system, there is typically no data, and we can expect that SSL encryption would protect most data streams.[/i]" 1. Only the stored filesystem is unalterably read-only. The filesystem loaded into memory so you can actually interact with it, on the other hand, can often be altered until your next reboot. 2. SSL is far from the only means used to encrypt network traffic, and encryption is far from universally used -- and, worse yet, even when it is used, it's often badly implemented (such as only encrypting the connection after the authentication data is sent, as some banking websites are known to screw things up). "[i]Therefore the prospect of my Knoppix box getting 'owned' worries me not.[/i]" In terms of firing up a system and running it for a while without reboots, I'd pit the security of my hard drive installed FreeBSD laptop against that of an identical system booted off the current Knoppix LiveCD any day.

apotheon
apotheon

"[i]A valid SSL browser session, as you know, would not be at risk from packet capture, and man-in-the-middle attacks would be thwarted by the browser security mechanisms that validate certificates. In most cases this would alert the user if the certificate was invalid.[/i]" A valid SSL browser session is a heck of a lot of assumptions, almost all of which are bundled up in the collective assumption that your session is "valid". For browser security mechanisms to thwart MITM attacks, they have to work properly. Sometimes, they don't. That's what we call a "vulnerability". The value of a "valid certificate" depends in large part on how you go about validating it. If you just trust that a certificate is going to protect you because it's issued in accordance with the restrictions of a CA, you're not "validating" the certificate effectively. In fact, all you're doing is introducing a third party to trust -- which, in many respects, [b]reduces[/b] overall security rather than enhancing it. . . . and of course there's the example you gave, of "Secure Phishing", as well as other potential attacks like [url=http://blogs.techrepublic.com.com/security/?p=426]cross-site scripting[/url] that take advantage of the "trusted" status of a given site. (edit: link)

robo_dev
robo_dev

The concept of a truly read-only file system does enhance security, but obviously it's not everything. It does change the rules a lot regarding the methods of compromise and makes the attack surface much smaller. What I was going to argue a bit with is your mention of someone stealing information via packet capture. A valid SSL browser session, as you know, would not be at risk from packet capture, and man-in-the-middle attacks would be thwarted by the browser security mechanisms that validate certificates. In most cases this would alert the user if the certificate was invalid. My 'oh nevermind' comment was since I was starting to contradict my own argument in my own post....examples such as 'Secure Phishing' with compromised sites using self-signed certificates are cases where the SSL padlock gives a false sense of security. Cheers

apotheon
apotheon

I can't tell whether you're being "funny" or you just missed my point.

robo_dev
robo_dev

So, in theory, you can capture my SSL traffic all day and all night, but as long as the bad guys haven't fed me a fake certificate and are a man-in-the middle.....oh nevermind.