Windows

Unix vs. Microsoft Windows: How system designs reflect security philosophy

There are distinct differences between Unix and MS Windows security philosophies. Two design policies serve as apt examples of those differences.

One of the key differences between the Unix approach to system security and the MS Windows approach is that significant security characteristics of Unix systems are a consequence of good architectural design. Many of these same characteristics, when there is any attempt at all to incorporate them into MS Windows, are implemented as features on top of the OS instead of designed into the system architecture.

For instance, privilege separation in Microsoft Windows has long been a problem for Windows security. Some privilege separation does exist in MS Windows at the architectural level, but it is only a half-hearted implementation, dependent upon user-level features behaving well and being used as intended.

Modularity within the system is another example of architectural security in Unix, but lacking in MS Windows. There are applications that tie into every major part of the MS Windows system in such a promiscuous fashion that something as apparently trivial as a browser exploit can actually reach into kernel space, and from there affect the entire system. The same kind of close coupling between parts of the system does not exist in the base system of Unix.

The importance of privilege separation

Some might complain that all the information you want to protect on your system is stored where your user account can access it, so that privilege separation does not really help security much. These people fail to grasp the full extent of what security benefits you gain from separation of privileges, however. Privilege separation does more than prevent infections and intrusions from gaining access to root privileges.

Malware that makes its way to the system via the network is hindered by the fact that server processes typically run under specialized user accounts on Unix systems. This means that getting in through some network port usually gets the intruder no further than the affected service. This is even true of many services that are started from a normal user account, because those services are typically configured to switch user account "owners" when they start to take advantage of the benefits of privilege separation.

Many tools of malicious security hackers require administrative access to work effectively for them. Keyloggers are one of the major bogeymen of MS Windows security, but they require access to administrator-level components of the system to operate effectively on Unix. This means that a keylogger inserted into the system via some unprivileged user account does not have the access it needs to do its job.

Other security threats, such as rootkits, trojan horses, and botnet clients, also require root access on a Unix system to work. On MS Windows, the lack of rigorous privilege separation short-circuits this defense against malware.

User control and automatic execution

Microsoft Windows is well known for its tendency toward virus and worm infections. This is in large part because of the fact that MS Windows tries too hard to do everything for the user. Arbitrary malware often automatically executes when effectively unrelated tasks are performed. When opening what appears to be a Microsoft Word document, but is, in fact, a cleverly designed malware executable, MS Windows will helpfully redirect the execution of the file from Word to what is actually needed to execute the file.

By contrast, Unix systems do not do this sort of thing by default. It is more normal on Unix systems to execute a program with the file in question as an argument to the program execution. Thus, if you try to execute a cleverly disguised piece of malware pretending to be an OpenOffice.org document using OO.o to do so, the operating system will not just automatically ditch OO.o and execute the file by whatever means seems appropriate. Instead, the word processor will just fail to properly open the file, because it is not the right type of file for that application.

Other examples of unwarranted automatic execution in MS Windows include AutoRun. As detailed in U.S. military compromised by removable media malware, the United States Department of Defense was compromised by malware carried on removable media that was automatically executed every time the media was read by an MS Windows computer. While it is possible to turn off AutoRun functionality, it is not always easy, and that functionality should not be the default anyway. Even worse, Windows Update has been known to surreptitiously reactivate capabilities like AutoRun.

A difference in philosophy

These differences in the design and relative security of Unix and Microsoft OSs illustrate a distinct difference in philosophy between them. Unfortunately, the difference appears to be that where Unix has a philosophy of security built into the fundamental design of the system by default, MS Windows has a philosophy of "Who cares about security?"

MS Windows is not alone, however. Certain variants of Unix-like systems appear to be headed down that road as well. While Linux distributions like Ubuntu seem to run afoul of the common negative correlation between security and popularity just like MS Windows, they still have a ways to go to achieve the same level of blatant disregard for security. Part of the reason for this is the Unix-like foundations of the system.

Sadly, it seems all too likely that gap will be bridged in time.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

77 comments
Pergesedcaute
Pergesedcaute

Hey folks. Interesting article, lots of interesting comments, many with much truth to them. Nonetheless, i think they mostly miss an important point. Before I start, please note that I realize that the history doesn't change the current facts, but stick with me; I'm leading upto a point about the current situation. Historically Windows and *nix were developed in and for completely different contexts and for extremely different uses. Windows was and is a commercial product developed to be directly marketed to offices and end users. It was and, excepting the server products, which are an aberation, continues to be essentially a single user OS designed to be easy for the non expert end user, to be used primarily for non technical tasks, or tasks which are technical in some way that has nothing to do with computing or networking. I will not comment on the blunders where it has failed to meet some of these goals. Overall it has been extremely successful at these things. Unix was, from early on, a multi user networked OS with a clear separation between users and the system administrators. Anyone using it as a network server is strongly advised to respect that separation now more than ever. Yes, this history has led to a messy situation in Windows. And yes, this has been unfortunate as personal security has become more important. But seriously, if Windows treated me like a non root Unix user on my own home pc, it would be infuriating and inconvenient. And if a Linux server DIDN'T treat me that way, it would be an invitation to disaster that would affect a lot more than my personal stuff. As a programmer I have worked and do work in both environments. Nothing that is critical to clients and users lives or runs on my Windows pc unless it is something I am developing for pcs. But I sure use the pc for a lot for other things! So, basically, I am not saying that all of the reasons for the messiness in Windows are reasonable, but even the best designed Windows would have to allow the user to make his own computer insecure in order to be usable and uninfuriating and appealing to its intended user and for its intended use. This is the opinion of a user and a programmer, but not, I freely admit, the opinion of an expert in OS architecture, but it seems to me that it would be extremely difficult for there NOT to be an inverse relationship between the security of a system and the freedom of a user to do what he wants, change what he wants, and mess up what he wants. You all are lucky, my flight was just called, so I'm done.

freep
freep

Sorry, bro, but this article shows both an obvious pro *nix bias and a lack of understanding about how security -- both privilege and file protection -- works on Windows. I won't complain about the gross generalizations or the use of terms that you don't define. That's just a side show to the obvious lack of technical accuracy. Pulllleeeeez understand. *nix "root" = Windows "admin"; If every user of a *nix system ran as root, the way most users on Windows run as admin, you'd have exactly the same vulnerabilities... in fact, you'd have it WORSE. And what does THIS mean: "When opening what appears to be a Microsoft Word document, but is, in fact, a cleverly designed malware executable, MS Windows will helpfully redirect the execution of the file from Word to what is actually needed to execute the file." So, you're saying if I try to open a file that has a file type of .docx from Word... and that file is really an executable... that Word will EXECUTE it? No, dude, it won't. Or are you saying that if I have a file that's got a .docx file type of .docx and I double-click it, and it happens to be an executable and not a word doc, the Windows will EXECUTE it? No, dude, wrong again. Seriously... where do you get this stuff?

tbostwick
tbostwick

Unix all the way 13 years plus running well over a 100 users, remote access, thin clients - full development including complete website integrations and java based/web-browser GUI's to provide BI. Windows fails in all catagories because of constant maint. issues, patches that destroy functionality and the list goes on. In essence, MS has created a world that requires so many xCSE's because it's complicated and convoluted. Zero issues with malicious software trying to work it's way in - inherently makes even looking at Windows a non-issue.

CorneliuT
CorneliuT

And see the world. Then go and get an OS that nobody is using and feel safe that nobody will attack you because nobody cares about your 0.0000001% market share. Now, that you are back and refreshed go through the history of the OS development and see that every OS out there has a million of critical security bugs and every day there are more found including Linux (which I love by the way), MacOS and others. Bugs not fixed in Windows for 8 years? Bugs not fixed in Linux for 8 years: http://www.darknet.org.uk/2009/08/serious-linux-kernel-vulnerability-for-all-2-4-2-6-kernels/ Oh, and once such a vulnerability is found in a Unix/Linux kernel you see 100 distributions of Unix/Linux taking anywhere from 1-2 days to 10-20 days to release fixes. http://news.softpedia.com/news/Critical-Vulnerability-Silently-Patched-in-Linux-Kernel-152678.shtml One fix, 1000 patches. Now, XP was as system designed more than 12 years ago when only BBS existed and the OS concepts and security had different meanings. Yes, it had a lot of problems but it's old. Let it die and move on. W7 and W2K8 kernels are secured from the kernel design up so all your fluffy comments have no value anymore. You need to be an admin to be able to take over the system, install malware or keyloggers. I'll just stop now. Anyway, You just love linking every article of yours to every other article of yours to every other article of yours.

apotheon
apotheon

I think you have not considered the actual comparative characteristics of these systems. Compare, for instance, the ease of using su on a Unix system with the annoyance and difficulty of using UAC on MS Windows Vista.

j-mart
j-mart

A statement often made but seldom proven. It's all point and click just as with Windows. I have been using debian for some time now, and if anything for home use is more straight forward than using Windows with many advantages. Apt packaging, synaptic and software center make software installation much simpler and safer. Linux is not Windows, it does not do things the same way, it does them better. Attempting to apply Windows methods to Linux will not work. Making a small amount of effort to learn the basics of doing things the Linux is all that it takes.

apotheon
apotheon

> this article shows both an obvious pro *nix bias That's only because the basic architecture of Unix systems is designed with security in mind, whereas that of MS Windows leans more in the opposite direction. In short, it's actually a pro-security bias. > *nix "root" = Windows "admin" That's the story, but the way user account management (including the MS Windows admin account) is integrated into the system is naive and broken, and results in privilege separation that leaks like a sieve. What good is an unprivileged account if unauthorized privilege escalation is as easy as it is on MS Windows? > If every user of a *nix system ran as root, the way most users on Windows run as admin, you'd have exactly the same vulnerabilities... in fact, you'd have it WORSE. 1. This isn't about running the system when logged into the administrative account all the time. Yes, if you do that, you'll make things worse for yourself, regardless of which system you're using, but that's irrelevant to the points made in the article. 2. Actually, there are other factors that come into play so that running a Unix system as root will still not be as dangerous as running an MS Windows system using the admin account -- such as automatic execution features like AutoRun. 3. You say Unix would have it "worse", but don't explain how or why, or give any examples. Something tells me you said that just because you want to try to make MS Windows look good by comparison. What possible excuse for a reason could you possibly have to make that claim? > So, you're saying if I try to open a file that has a file type of .docx from Word... and that file is really an executable... that Word will EXECUTE it? No, dude, it won't. Nope, that's not what was said at all. > Or are you saying that if I have a file that's got a .docx file type of .docx and I double-click it, and it happens to be an executable and not a word doc, the Windows will EXECUTE it? No, dude, wrong again. The only thing wrong with the statement that MS Windows "helpfully" executes things you thought were other things entirely is the utterly broken grammar you used to try to say it. > Seriously... where do you get this stuff? How about decades of experience, studying the architecture of MS Windows systems over the years, and the ability to think for oneself? Your supposed counterarguments consist of nothing but bald-faced, unsupported assertions that anyone who disagrees with you is biased, and insinuations that anyone who disagrees with you must be misinformed, crazy, malicious, or just stupid. Come back when you can present a well-reasoned argument with some kind of supporting logic or evidence. It would help if you understood the arguments with which you choose to disagree, too.

j-mart
j-mart

Go back through the previous posts and read this one : http://techrepublic.com.com/5208-12846-0.html?forumID=102&threadID=337348&messageID=3374971&tag=content;leftCol and http://techrepublic.com.com/5208-12846-0.html?forumID=102&threadID=337348&messageID=3374965&tag=content;leftCol Unix was designed forty odd years ago by some of the best around at the time to be an OS that was secure in a multi-user multi-connected environment. There has never been a need to change the basic architecture to still perform this task. As the Microsoft product has evolved from a product that was not originally designed from the ground up to be multi-user or connected to anything it is not surprising that the Unix like OS's out perform Windows in this environment. There is no argument. In a multi-user, multi-connected world Unix like systems will always be more secure. To be as secure or more secure in this environment, Microsoft would need to chuck out what they have, get a clean sheet of paper, write in bold, underline, highlight, or whatever so the don't get lost along the way "Multi-connected Multi-user Secure OS" just like the creators of Unix probably did forty odd years ago. If you can't understand this computers is not your best career choice.

Tony Hopkinson
Tony Hopkinson

You are quite correct though, what you said is bollocks..... As to why you said it, must confess I'm struggling. By the way Kernel is not root......

PJonDevelopment
PJonDevelopment

freep wrote: "... So, you're saying if I try to open a file that has a file type of .docx from Word... and that file is really an executable... that Word will EXECUTE it? No, dude, it won't. Or are you saying that if I have a file that's got a .docx file type of .docx and I double-click it, and it happens to be an executable and not a word doc, the Windows will EXECUTE it? No, dude, wrong again. ..." Actually, in this point, you are sorely mistaken, freep. The point the author raised regarding this is the fact that in Windows the file extensions are hidden by default (I've lost the count of how many times I have changed the option to SHOW the file extensions as soon as I finish installing a system), and many users -- and some sysadmins -- don't bother changing the default. That said, an executable with the right name and icon would appear to a naive user a Word document, or even a text file, and thus when double clicked the S.O. would indeed run the executable, instead of passing it to the appropriate software to open. In the *nix world, file extension means nothing. You CAN HAVE an executable with a .DOC or even .TXT extension and run it. However, the point being that the graphical interface WILL use the extension to determine what type of software is required to open the file, because this have been some sort of standard for ages.

robo_dev
robo_dev

Concepts such as privilege escalation and process separation are not 'stand alone' issues, they exist as part of the overall system, as security is all about layers. The point here, is that the design and architecture of the OS kernel not as relevant as what goes on top the kernel, and how the services and processes are exposed to attack. There are differences, to be sure. If you compare the heart of the kernels of CG Linux versus Windows XP. But this is mostly irrelevant, as a misconfigured or poorly patched GG Linux system will get owned before a patched and locked-down XP system. Why? It's all about attack surface and finding vulnerabilities. Attacks do not succeed because one OS is more secure in a generic sense. Attacks succeed if there are exposed exploitable services or unpatched vulnerabilities. An out-of-the-box Windows PC has an attack surface the size of Texas, while a hardened UNIX or Windows server has a very small attack surface. A successful exploit can only happen if there is a vulnerability, and the vulnerability can be performed on the device, by the attacker, which means possibly bypassing logical or physical controls. The issue with a Windows wokstation, obviously is that it's 'do anything' capability can be used for both good and evil. If you deploy a Windows server in the recommended configuration for NIST EAL-4 certification, it's not the same thing as the unpatched XP workstation of Joe-six-pack.

apotheon
apotheon

> Bugs not fixed in Windows for 8 years? Bugs not fixed in Linux for 8 years: There's a big difference between an eight year bug that was first introduced eight years ago, then was discovered yesterday, and got fixed today (which is basically the only kind of eight year old Linux bug you'll find) and an eight year bug that was first introduced twelve years ago, then was discovered eight years ago, and still hasn't been fixed (which is more the kind of bug I'd expect to see in MS Windows). > Oh, and once such a vulnerability is found in a Unix/Linux kernel you see 100 distributions of Unix/Linux taking anywhere from 1-2 days to 10-20 days to release fixes. . . . as opposed to MS Windows, where basically any time a critical vulnerability is discovered, Microsoft basically says "You'll get a fix on the second Tuesday of next month if you're lucky. Otherwise, it'll be at least another month after that. Maybe it'll be next year." > Now, XP was as system designed more than 12 years ago when only BBS existed and the OS concepts and security had different meanings. 1. 12 years ago, in 1998, we were using NT 4.0 or Win98, and even Win2k had not been finished and released. XP was put together between 2000 and 2001, and released in 2001. In case you can't subtract, that was nine years ago, not twelve. You've exaggerated by more than thirty percent. 2. 12 years ago, in 1998, I was already using IMs and Web-based chats, and BBSes hadn't been in regular use for about a decade. 3. 12 years ago, in 1998, viruses were already a problem, asynchronous DSL broadband Internet access was on the market, and you could actually buy boxed Linux distributions for home use at brick-and-mortar consumer electronics stores. People who designed OSes other than MS Windows already knew about the importance of architectural privilege separation and avoidance of automatic execution of arbitrary code. The PGP protocol had already been available for years -- still basically the state of the art for digital signatures and encryption in email. Security concepts were not so different after all. > W7 and W2K8 kernels are secured from the kernel design up so all your fluffy comments have no value anymore. Incorrect. Cite your source for how superficial security features have been turned into architectural design characteristics, with proof of concept examples from the way the OS operates, or expect to be ignored as someone who makes wild claims without evidence to back it up. > You need to be an admin to be able to take over the system, install malware or keyloggers. 1. Not necessarily. There are ways to circumvent what MS Windows laughably uses as privilege separation. 2. It's usually relatively easy to escalate privileges without authorization on MS Windows, anyway, so even if it was necessary to have administrative account access, that wouldn't be much of a deterrent. > Anyway, You just love linking every article of yours to every other article of yours to every other article of yours. . . . and I'm sure if I rephrased the contents of an earlier article, padding out the word counts of new articles so that the same information was available to readers, you'd complain about that instead.

itadmin
itadmin

Yes, Windows is for the masses, the great unwashed. If one wants to make money, like Bill did, choosing a product to market to the masses as opposed to a few geeks is really the only choice. Accordingly, one has to design the product to fit the intended market. In the case of Windows, hand holding, trying to think for the user (heavens bless her poor soul, she is not too intelligent - all she wants to do is create pretty pictures and buy shoes online), not inconvenience the user with much in the way of security and permissions, etc. Windows is an excellent fit for its intended audience and made a great deal of money. Hats off to Bill. Unix and Linux never tried to be that. So, for serious, demanding use, what do we have? Go to http://www.bbc.co.uk/news/10187248 and click on By OS. It is in pictures so even Windows people will eventually understand it. Next go to https://www.scientificlinux.org/ I quote the first sentence: "SL is a Linux release put together by Fermilab, CERN, and various other labs and universities around the world. Its primary purpose is to reduce duplicated effort of the labs, and to have a common install base for the various experimenters." Now why would these super geeks choose Linux? And for bleeding edge science, too. It's a matter of horses for courses. Windows is the pedal car for the intellectual children, but when it comes to serious number crunching and heavy math, Linux is the way to go. Boy, did I have fun writing this. :)

nwallette
nwallette

On my Windows 7 Pro workstation, I have the following dozen instances of SVCHOST.EXE. Here's a list of Windows services that each instance is responsible for: svchost.exe -- Power, PlugPlay, DcomLaunch svchost.exe -- RpcSs, RpcEptMapper svchost.exe -- Wscsvc, LMhosts, Eventlog, DHCP, Audiosrv svchost.exe -- wudfsvc, UxSms, WmRdpService, TrkWks, SysMain, PCASvc, Netman, HIDServ, CscService, AudioEndpointBuilder svchost.exe -- WuAuServ, WinMgmt, Themes, ShellHWDetection, SessionEnv, SENS, Schedule, ProfSvc, MMCSS, LanmanServer, IPHlpSvc, IKEEXT, GPSvc, CertPropSvc, Browser, BITS, AppMgmt svchost.exe -- WdiServiceHost, W32Time, nsi, NetProfm, fdPHost, EventSystem svchost.exe -- TermService, NlaSvc, LanmanWorkstation, DNSCache, CryptSvc svchost.exe -- MpsSvc, DPS, BFE svchost.exe -- StiSvc svchost.exe -- PolicyAgent svchost.exe -- WCNSvc, SSDPSrv svchost.exe -- WinDefend If this *ONE* *FILE* got infected by a virus, can you even imagine the damage it could do? ONE .exe file is responsible for everything from secure IP communications to drawing the stupid glass transparency effect on my windows. Even better, each "group" up there is running as a SINGLE PROCESS. *face-palm* That's a stupid, stupid, HORRIBLE idea. It would be, even if those processes were running as an unprivileged user account. But they're not! Oh, no, it gets better! That one file is running as "SYSTEM", "LOCAL SERVICE", and "NETWORK SERVICE". Yeah. Free access to the whole disk and the whole network stack. Bitchin'! The nice, warm, cozy feelings I get when I realize this exact same architecture is used on the US Defense Dept.'s servers.... Fills me with joy, sirs. The Windows Kernel may (or may not) be secure. Everything running on top of it is a horrible, ugly, rotten mess. But hey! It's #1 for a reason, right? We use Microsoft products because we bought an enterprise agreement, which we bought because we use Microsoft products. I will never understand business mentality.

tux_delux
tux_delux

"Now, XP was as system designed more than 12 years ago when only BBS existed and the OS concepts and security had different meanings" Only BBS existed in 1998?! I hope you're trying to use some twisted form of hyperbole there. Also, your link to the 'bug not fixed in Linux for 8 years' is a bit misleading in its leadup. It's a LOCAL privilege escalation bug (meaning you have to log in LOCALLY for it to work. If I have physical access to a machine, I can do a lot worse to it than load malware on it), and it was DISCOVERED last year and patched right afterward. It didn't go unpatched for 8 years while it was known, which is what you looked to be implying. This is NOT like the serious Windows' bugs that go unpatched for long lengths of time and are so simple to execute and infect.

apeterson22
apeterson22

Microsoft is a corporation. They sell there over priced products so they need to support them. When a bug is found it is because they are the only ones who are responsible for fixing them. Linux or Unix is usually free to install and repackage. When you purchase an OS you are purchasing the support. Hesse the reason Microsoft pushes out its bug fixes quicker then most Linux distros. The more you pay for something the better you expect it work and the support to be if it doesn't work. If Windows was a free and open source OS we would not be having these discussions. Linux and UNIX are different OS's yet because there open source they get lumped into the same category more times then not. MAC is a Linux version that is locked down, closed up, and sold, but they are not lumped in the incorrectly categorized Linux/UNIX category. Fact is, the average user does not care how secure or how things work, as long as they work. They only care after something bad happens to them. Most end-users think they are 100% safe because they have a single virus scanner on there PC. IT departments are stuck back 5-6 years back because of the end-users, while at the same time it is due to the end-users that we have job security. This dicusion should really be separated into end-users OS's and IT professional(Server) OS's.

tbostwick
tbostwick

Whether you're running straight up Unix, or Linux/AIX or even Mac OS X - the article points out excellent issues with the world's #1 OS. It still exists today and Unix isn't dead, dying or going away. If we're talking what kind of laptop someone is sitting at VS what is running the core business - 90% + of the world's webservers ARE NOT running Windows for the very same reasons this article points out. Not sure you read the correct post before responding. In regards to OS on a home PC or laptop - I'll take Ubuntu or Mac OS X over Windows any day of the year - hands down (Mac OS X - running on my tower for 9+ years, not one down day) (Ubuntu - running on my laptop and now my Asus netbook for well over 2+ years - not one down day) (Windows 7 Ult server - running for 1 year -several down days - issues recognizing newly installed software from time to time - looks pretty though)

Pergesedcaute
Pergesedcaute

Well, I just landed and I'm waiting for my next flight. Underslept and jetlagged, but I'll try to be coherent. I actually think that what you say is true and yet doesn't address the whole point. There is no question that you could build a better end-user operating system on top of Linux or from scratch and that Windows has had and has some serious shortcomings and the messy structure of an old city. In fact, it has been done. Look at Mac OS. The point is that the end user WANTS a window to pop up automatically when they insert a dvd; they WANT an OS that chooses the right application when they double click on a file; they want one application to bust in to another and use its capabilities. If they thought about it, they probably wouldn't want to hide extensions for known file types, but again Windows is not ideal. They do want software to install without having to understand more about permissions than that they either trust or don't trust what they are installing. So the question this ends up raising is, even if you build a better operating system on top of Linux, how secure will it be when you give the end-user root in a way that is transparent to her, and you allow programs to do run automatically when you insert a cdrom or double click on a file or you give all the running programs access to one another? Sure, it will be somewhat better than Windows, but the basic problem reappears. In fact, I suspect the best you can do for the end users safety is to follow some of Apple's example. Part of the genius of Apple's software has been their success in fooling a large part of their user base into misinterpreting restrictiveness as ease of use. My point is not about Windows itself; I'm not a Windows apologist. My point is that what you want for a single user, end user OS to do and how you want it to behave is very different from how you want a network server to do and how you want IT to behave, and that this difference has security consequences. I used to live in a town where people would walk into a shop leaving their car or bicycle outside unlocked, possibly with their belongings sitting in the basket or on the front seat. Until the problem of bicycle and car theft becomes serious enough that the inconvenience outweighs the convenience, they will continue to do that. But even in that town, the Bank uses and has to use an armored car. Tell your Grandmother why she should only su to root for x, y, and z specific tasks, and what file permissions different files should have, and the next week go back and tell me that she is not just logging in as root because everything works more easily that way.

derpadorp
derpadorp

Where to begin... Well, first off, how about the claim that Unix was designed to be secure at all? That's absolutely nonsensical. Unix was "designed" to be a halfway usable replacement for Multics because Multics was a bear to actually use. Security was expressly _not_ important to early Unix users (and boy did it remain so--people, including AT&T, who used it in production suffered for it). It remained a joke both in practice and in design up through the Unix Wars--just look at Stallman's "no passwords, no wheel groups" nonsense. Securitization of Unix systems really only became notable when FreeBSD (and later OpenBSD) came to the fore, and when Linux became established. And guess what? That "secure by design" nonsense you're peddling? If it was true, why does every Linux distro by sane developers ship with AppArmor? Why can I not throw a rock without hitting a SELinux warning? Answer: because the moronic "root or peon, no gradations" system of Unix _sucked_ and needed to be fixed. And it was fixed. With AppArmor and SELinux, a Linux system has a permissions and ACL system that is approximately equivalent in expressivity, albeit not user-friendliness, to the one available in NT since 3.51. As for NT? You know, the dominant operating system on PCs the world over? The "Microsoft product" has not "evolved" from a single-user system. This is insane and false. The "Microsoft product" is NT, which was designed--yes, from the ground up!--to be a multi-user environment. Hell, NT is even POSIX-compliant (albeit with an external package today, because nobody bothered to use it). I get that you don't like Windows, but you should leave your dickwaving fanboy nonsense at home. You, not the GP poster, are the one who doesn't understand what you're talking about. He has a clue. You do not. (And, by the way? To forestall the "herpa herpa herp ur a M$ fanboy" nonsense? I've been an open-source contributor for half a decade and have been running Unix machines since 1995. I had a Unix machine before I had a Windows one. The thing is, though--I'm not so insecure in myself that I've got to attach to a _computer operating system_ as my personal and social identity. Maybe you should get that looked at.)

Oz_Media
Oz_Media

Even executables I want, know and trust get a UAC check before executing. I know people complained to high heaven when the UAC in Vista was a constant nag but maybe i served a purpose. They have since toned it down a GREAT deal, it's just one check, if it needs admin rights it will check again and that's it. From what i have read here, and not being a security expert by any stretch of the imagination, would that not resolve such issues, or make them more of a user issue than an OS issue.

freep
freep

Actually, in this point, you are sorely mistaken, freep. Sorry, but what I *wrote* is quite correct. However... The point the author raised regarding this is the fact that in Windows the file extensions are hidden by default OK... You raise a good point. NOT showing file types is incredibly annoying. I wish the author was more clear that this is what he's talking about. NOW... this doesn't really have anything to do with "privilege separation" or lack of "modularity within the system." It has to do with how the GUI is designed... It's not an architecture argument, it's a presentation argument. It just goes to show -- again -- the author's "lack of understanding about how security -- both privilege and file protection -- works on Windows." There are soooo many things we could legitimately bash Windows about. Why write about something that you yourself don't properly understand? The author needs to go look up "privilege separate" and learn something about Windows architecture before he writes an article like this.

Oz_Media
Oz_Media

Very easily restored if infected? I've seen a corrupt svchost file on my Win7 station, sell inflicted of course, and just rebooted and selected restore last good configuration, it restored the system files and svchost worked flawlessly again. When I used XP and had a bad svchost file, bogged down due to malware or something, I just used a registry cleaner to clean it and it ran fine from then on. What am I missing here? Is it that Windows has these files that COULD be infected or is it that they cannot be easily recovered when they are infected. I don't see it as catastrophic if they provide a means of reverting it.

j-mart
j-mart

The Ausie cricket team recently dicked by the Indian team

Neon Samurai
Neon Samurai

I'd like to see the data on that. Bug discovery, report, fix development progress, fix delivery, patching results. I'd be surprised if any reputable general purpose distributions where ranking lower than Microsoft; either way, the figures would be interesting. I don't think it's about the money though. Firefox (no money) patched long before Apple or Microsoft browsers (both money). Debian (no money) was very prompt with the last security related kernel patch. You can watch it's patch development from developer announcement through to package delivery. (osX is a BSD not a Linux; BSD userland and I believe that Darwin is a modified BSD kernel) Windows and Unix like OS both must provide system security. It's a common trait among all general purpose platforms being compared. This isn't comparing how well Linux runs Win32 apps or Windows runs Posix binaries. This is comparing how well each provides a secure environment and why the difference exists. "Fact is, the average user does not care how secure or how things work, as long as they work. They only care after something bad happens to them." Agreed fully. No one cares about risk until they are on the wrong side of it. This doesn't make system security any less important or the discussion of better alternatives where security is a key criteria.

Slayer_
Slayer_

Made my own autorun USB drive to give to clients. When they plug it in, it automatically installs our software on their workstation. No fus, no training required. they just remove the drive when it says on the screen "Done"

apotheon
apotheon

You don't really need AutoRun for removable media. Even if you do think you need it, though, there's no reason it can't be sandboxed with something like chroot or a FreeBSD jail.

apotheon
apotheon

I'm glad you found some value in it. I see your account here is pretty new. Welcome to the community.

seanferd
seanferd

[Edit: Upon reading further in this thread, I see this post is rather redundant.] All that excess baggage! Look: True privilege separation, built into the architecture from the ground up, is transparent to the user no matter what OS it is. Except Windows, which doesn't have it. Windows, if one were to magically shove in a kernel which had real privilege separation, would behave almost exactly the same for Joe as it did yesterday, before we secretly replaced his version with ours. Now, you may have some points that I have not quite followed where you find the usability of Linux insufficient for Joe. Privilege separation is not one of them.

j-mart
j-mart

Much of the perceived user difficulty with the Linux desktop is myth, some built on most having gotten used to windows, the rest is just because that?s what they have heard. Most users, I find will get comfortable within a short time with a bit of use.

nwallette
nwallette

Let's take this back a step. Chad talks about Unix (not just Linux!) being securerer than Windows because there's a mentality in the design that says "if you don't need access to [something] to do [something else], then you shouldn't have access to [something] at all." Windows has just recently (Vista) started pushing the idea of least-privileged security. Under XP (and for sure, under 9x), everyone... EVERYone.. ran as a local admin. Most software written had no idea what to do when ran as "Guest" or "User". The security restrictions were there -- can't install a new hardware device as User -- but no one took the effort to notice the effects. Look at the README file that comes with.. anything. "You must be administrator to --" Now, the tables are slowly, slowly turning. Under 7, I can run as a plain User most of the time. Some software just doesn't work, but most of what I need to do can be done. When I need to do SysAdmin-y things, it's back to Admin I go. The trouble is, even now, the amount of software that "requires" me to be an Admin is somewhat ridiculous. And it does not often degrade gracefully in the manner to which I'm accustomed on my Linux PCs. On most of my Linux boxen, I do run as root. Because, on most of them, I'm doing things that legitimately require root access most of the time. I use them for development, appliances and special-purpose builds, for administration, and on servers where having a Joe User account would just be an extra step before SU'ing to root anyway. BUT, when I DO use Linux as a "general purpose workstation", I can successfully run as a normal User. When I need to do something special, like install a package or twiddle with some hardware, I'm either asked for root credentials, the software says "you have to be root to do this", or I don't even have access to begin with ('/usr/sbin' isn't in User's path). Things rarely just crash or give me cryptic errors ("Failed to dongle the system.lib.umathurman.unit: -0x2efe135frodo") like on Windows. Enough rambling. Let's go back to insulting each other.

Tony Hopkinson
Tony Hopkinson

Given it's a far from comfortable one for anyone including MS, seeing as they keep getting deservedly slated, how do we move to where we want to be...

Pergesedcaute
Pergesedcaute

I thought I had hit a limit, but apparently I can post a reply. Apotheon, thanks. I read your post and came out of it convinced that the problem is, as you say, one of good design and not, as I was arguing, some kind of inviolable relationship between convenience and insecurity. I'm somewhat embarassed by having to be corrected on so many point, but it's always healthy to be shown how much I don't know. As a bonus to being straightened out, any embarrassment is completely secondary to my delight at finding out that I can, in fact, play World of Warcraft under Linux.

Saurondor
Saurondor

Is there really a reason to compromise? So far convenience in this conversation has boiled down to autorun. If you put a disk or USB drive in your machine what is so important to autorun? I can have many executables in a USB drive, which one will autorun? What's the convenience of autorun in that case? For me none! Just a popup to open the unit is fine. Can't I just autorun with reduced privileges? What scenario would justify an autorun with full user rights? Does the autorun for the DVD need to access anything outside the DVD? So I can arrive to an autorun setup which runs inside a chgroot jail and does not affect either user or system space. Thus the convenience is obtained without the expense of security. But its cheaper and more lucrative to give you the bare bones autorun and then sell you an added tool to keep malware at bay.

apotheon
apotheon

> linux based macos MacOS X is not based on Linux at all. It has a Mach kernel (not the Linux kernel), which is the only thing about any Linux distribution that makes it "Linux". One might argue that something is Linux-like if it uses the same userland utilities that most Linux distributions use, but those core utilities are actually the GNU toolset, and are the excuse some people use to demand that people call Linux-based OSes "GNU/Linux". Of course, while MacOS X has evolved to include some GNU tools, it originally started with a full BSD Unix userland, and still has a lot of that. In short, there's basically nothing Linuxy about MacOS X at all, though a fair bit of it is at least nominally Unixy. > if you don't need to leave userland (get Grandma a netbook) I'm not sure you're aware of how "userland" is generally used by professionals. The "userland" is the complete set of tools people use to interact with the system, whether as a root/admin user or via some nonprivileged user account. I think you mean "if you don't need to leave [standard nonprivileged user accounts]" or something like that. > if World of Warcraft really ran under Linux It does. My girlfriend refused to play it in MS Windows, actually -- in part because she did not want to have to deal with a dual-boot system, and in part because it performs better on a Linux system via Wine. Setting it up takes a little more than on MS Windows, but once it is set up it works great. > If you let users . . . 1. Autorunning executables is always a bad idea. Don't let users do it. There are other options, though, that can satisfy both good security practice and users who want things to happen automatically. For instance, pop up a dialog that tells the user what kind of program is associated with that file format, and asks what the user wants to do. The way things work on Unix-like systems (including Linux) by default is already better than autorunning everything. If you think it's a word processor document, use the word processor to open the file -- and if that doesn't work, don't just automatically send the file to whatever does open it; let the person know it is not the correct file type for the program. Why is sending malware to the VBScript interpreter when you try to open it in MS Word such a great idea? Another option if you really want to let users open stuff from the file rather than from the program is to use something like a right click menu to offer options for what to do, of course. Of course, with the double-click behavior I described above, this is kind of redundant. All of the above is about as convenient as MS Windows' standard behavior, and much more conducive to good security. Unfortunately, the sad fact of the matter is that Linux distributions like Ubuntu are getting more and more like MS Windows, even going so far as to try to adopt ill-advised behavior like Microsoft-style AutoRun. I believe this is because the people making decisions for these software projects see that MS Windows is more popular on the desktop than their own projects, and think that in order to get some of that market share they have to do exactly the same things MS Windows does -- but the truth of the matter is that they should not duplicate MS Windows' mistakes since the best they'll do in that case is ensure that nobody has any particular reason to switch OSes, since they're both the same. What they should be doing is coming up with ways to supersede any conveniences of MS Windows with improvements that do not sacrifice the strengths their own systems already enjoy as benefits over MS Windows. Keep the improved security, and use convenience capabilities that do not sacrifice security, stability, and so on. Like you, though, they take the short-sighted view that to "succeed" they have to duplicate bad choices. 2. If the user double clicks an attachment from some Russian phisher, there won't be any security impact of that action unless the people who developed the software running on that OS stupidly duplicated MS Windows automatic execution behavior. 3. Browsers, word processors, and DBMSes (or maybe you meant DB client applications when you said "database program") can share code for back end functionality without sharing memory space and performing in other unsafe ways. The design of the OS architecture is part of what determines whether shared code is shared safely or unsafely; MS Windows chooses "unsafely", while the standard Unix model chooses "safely" with proper privilege and process separation, memory space separation, and other characteristics of good security design. 4. While being a more popular OS increases the benefit of compromising it, it does not increase the ease of compromising it. There might be an increase in the number of instances of systems being compromised for each unpatched, exploited vulnerability in the wild for the system being more popular, but -- all else being equal -- it does not follow that there would be as many unpatched, exploited vulnerabilities as there are for MS Windows. In fact, for an open source system, greater popularity also brings the benefits of a bigger pool of contributing testers and developers, whereas greater popularity for a closed source system like MS Windows brings nothing but a bigger workload for the developers the vendor can afford to employ. > On a single user desktop everything worth doing, stealing, or destroying can be done, accessed and destroyed by Joe, or else Joe is not very happy with his desktop. You clearly did not read the article very closely. Please read the section entitled "The importance of privilege separation" -- again if you read it once already. It starts with these words: "Some might complain that all the information you want to protect on your system is stored where your user account can access it, so that privilege separation does not really help security much. These people fail to grasp the full extent of what security benefits you gain from separation of privileges, however. Privilege separation does more than prevent infections and intrusions from gaining access to root privileges." From there, it goes on to describe some of the other benefits, but your statement about "everything worth doing, stealing, or destroying" completely ignores that description of those other benefits. When the article says "These people fail to grasp the full extent of what security benefits you gain from separation of privileges," it seem "these people" means people like you. > But as I said before, the fundamental problem is that the more important and powerful Joe is, and the more concessions we make to Joe's preference for convenience over security the more we will see the consequeces of the inverse relationship with system security. There are times when a compromise between security and convenience might be a practical necessity, but those times are far more rare than many people think. You do not need to make concessions to convenience in the general case: instead, you can just design the system so that convenience does not compromise security. Yes, it really is possible, in almost every case. In fact, I only admit the possibility that security might sometimes need to make concessions to convenience because I have no proof that there is never such a case -- but I'm having a lot of difficulty coming up with an example where such a concession is actually necessary. Convenience and security can, in at least the vast majority of cases, live together peacefully. The fact that MS Windows has given up on that does not prove its converse. In short, your reference to convenience's "inverse relationship with system security" is factually inaccurate. Whether or not there are times when security concerns and convenience are in conflict, there is not an overall inverse relationship between security and convenience. That's a pervasive myth that harms both convenience and security, in part by convincing people to give up on one every time they pay any attention to the other, rather than leaving them to think about how to satisfy both needs simultaneously.

Pergesedcaute
Pergesedcaute

That post IS a response to what I am saying, and what you say is also not wrong. I gave the example of the people in my old town who left their cars and bicycles unlocked, and said that until the rate of theft rose enough to make the inconvenience outweigh the convenience they would not change their ways. As things stand now, what you describe is almost exactly what happens. The windows box used by my teenagers, even with a working antivirus, slowly accumulates crap that shouldn't be there, crap of all kinds, and after about a year the consequences become so intolerable that the kids complain to the point where I have to step in and do something drastic. My mother uses her computer somewhat more carefully, same with my wife and others, but every once in a while they let something bad happen and they call me for help. If I'm not around they call someone else. Maybe it costs some time and even some money, but generally not enough to make them want to give up their power to do things wrong. If the problem becomes so regular and intolerable that the balance shifts, they will make more concessions in terms of power, convenience, and having to learn things. And if people steel Grandma's blue rinse enough times, she will start locking the door. But the balance will never be the same for single user desktops and for network servers because bikes and blue rinses will never be the same as banks and museums, and because people will never subject themselves to the same level of care and protocol in their personal lives that they expect from the banks and museums that serve them.

Tony Hopkinson
Tony Hopkinson

Joe and Grandma still want to be secure, what you are saying is they don't want to 'pay' for it. It's too much trouble to lock the door, but people keep walking in and stealing my blue rinse, say's Grandma... huh ???

Pergesedcaute
Pergesedcaute

Look, linux based macos is already better than Win, and if you don't need to leave userland (get Grandma a netbook) because you preinstall andhardware and other things aren't an issue, then almost any Linux desktop is a better choice than Win. And if you make a good effort to handle and restrict the use of priveleges without exposing the user to stuff that they don't want to learn, then you are ahead of Win. For all I know, some of the end user, desktop oriented builds out there are easier, slicker, and all around better than Win right now. And certainly if I didn't need to develop for Win, and if World of Warcraft really ran under Linux, I would be using Linux full time instead of splitting between the two. But have another look at the title of my previous post! This is not a Windows v. Linux issue! If you let users have a desktop from which external media can autorun, and double clicking on an executable (whether by looking at an extension or a header) leads to executing code; if the user bizarrly chooses to double click on an attachment from someone they don't know who wrote to them in Russian; if you allow the user to have a browser, a word processor and a database program that get so intimate that they have children; if your OS is dominant as the desktop OS of choice (Linux is already the OS of choice for just about anything else) and every web page and its mother is offering you nicely packaged slick downloads, then user land is going to be compromised pretty quickly. On a Linux SERVER, if the user account "joe" gets compromised, but the attacker can't leverage that into something more, then the disaster has been effectively limited and contained by well managed privileges and keeping things seperate. On a single user desktop everything worth doing, stealing, or destroying can be done, accessed and destroyed by Joe, or else Joe is not very happy with his desktop. But because of the other things that Joe also wants, Joe is much more prone to compromising userland than a remote user on a well administered Linux server would ever be. Luckily, though, this is just Joe's bicycle, and not the town bank (see my previous post) so this is not a big deal affecting hundreds of other people. So maybe losing the Windows legacy would reduce, say, the chances of a key logger, because Linux is better designed than Windows. But as I said before, the fundamental problem is that the more important and powerful Joe is, and the more concessions we make to Joe's preference for convenience over security the more we will see the consequeces of the inverse relationship with system security. Linux might improve the coefficient, but it won't eliminate this relationship. Single user desktop security just isn't the same as server security, and shouldn't be, as I said in my first post.

Saurondor
Saurondor

There's a big difference between wanting a window opened when a DVD is inserted and having the contents of said DVD executed. Linux does open a window when new media is inserted. It even asks you if you want to play it, browse it, use some photo utility etc. If you want the right application to open up when a file is double clicked you need to use Linux. Windows is no good. Linux checks the header of the file to determine file type, Windows the extension. For the sake of this post I did the test. Deleted the extension of a JPEG and Linux still thinks it a JPEG. Downloaded a JPEG as "download" (no extension) and Linux knew it was a JPEG. Put the .png extension, Linux still thought it was a JPEG. Delete the extension on Windows and you're out of luck. Put two extensions to a file and Windows gets confused. Installing software. Well the ease of installation on Windows is due to the distribution through install shields that bundle the application, but are not part of the OS. Without the install shield you'd have a harder time installing things on Windows. For starters you have the registry to deal with. Then dll dependencies. Then lack of symbolic links complicates dll dependencies. On Linux you do have applications with install shields and you have those without. Some can be handled by the OSs package manager others can't. Some applications can be a real nightmare to install because the lack the supporting tools, but that's the problem of the developer not the end user. But if you do have the right supporting tools then it is easier to install and maintain. Configuration data is kept in a well known place. Binaries in another and user data in yet another spot. Linux solves dll hell in a way more elegant way than Windows. Which also simplifies software installation and maintenance.

Tony Hopkinson
Tony Hopkinson

I do, you probably do, grandma won't give a crap. So the answer is.... Why does grandma have to su at all? If having to switch roles is the problem, why not implement privilege separation, and then set it up so all grandma's tasks can be done at the level she's comfortable with? Inconvenience isn't good security, it's bad design....

j-mart
j-mart

When you place a cd / dvd in drive (Kde 3.5) will do the same as WinXP. open a window with a list of options - open in file manager, burn a copy, play if a music cd. This does not require system to run as root to do this. The Linux desktop has been as user friendly as any windows equivalent for some time now. Running as a user does not prevent opening a file in the correct application by clicking on it's icon, but it will let you know if it is an executable file masquerading as a data file by prompting for root password. Installing from official repositories is both simple and much safer than willy-nilly clicking on all sorts of windows exe files spread uncontrolled all over the net. The proper root / user does not make the desktop more difficult for the average user, if anything, it is easier for novice users as by restricting root access, these novice users are prevented from breaking anything. When I let anyone use one of my Linux machines with very limited computer experience, i tell them not to be frightened of breaking anything as the machine won't let them do anything that will break the system. The difficulty of using Linux desktop myth is just that, a myth. Many once believed the sun was the center of the universe, a line of thought not based on fact, and observation of the real world but on philosophical reasons, the Linux desktop also should not be judged philosophically, but also with an open mind and real world observation.

apotheon
apotheon

> just look at Stallman's "no passwords, no wheel groups" nonsense. Don't blame Unix for the fact that Stallman wanted to drag Unix security backwards. Stallman is Stallman. He is not Unix. In fact, he explicitly denies any Unix-ness. If anything, Stallman is in some respects anti-Unix, really. > the moronic "root or peon, no gradations" system of Unix _sucked_ and needed to be fixed On the other hand, a lot of what's provided by add-on tools can be done in a less centralized fashion using basic Unix privilege separation tools, such as user groups, the suid bit, and so on. The basic system is in fact capable of gradations, though perhaps not to the level of fine-grained control you would prefer. There's also the fact that the simple privilege separation system you deride so readily is, at least, actually effective within the confines of its capabilities, whereas Microsoft's attempts to retrofit for privilege separation have always been exceedingly porous and pointless. In a comparison between Unix and MS Windows architectures, the former most certainly is "designed for security", at least relatively speaking. The fact that more advanced security architectures now exist in theory, and have been grafted onto Unix systems as add-on systems, does not mean there was not some security design in what came before those more advanced architectures. It just means that, perhaps, those previous designs have been superseded for some use cases. In fact, in some respects it could be argued that the very fact that it is so easy to graft such systems onto Unix platforms without resulting in an easily compromised kludge is, itself, a case of good security design, even if security per se was not the foremost reason for making the platform so extensible in the early days of its design. The fact of its easy extensibility also makes it likely that when the current crop of new security architectures becomes obsolete, they can be swapped out for whatever has arisen to replace them. In the meantime, systems like MS Windows will be rewritten from the ground up to accommodate new architectures for security purposes, will have those new architectures layered on top as kludges that are highly porous and easily circumvented, or will simply not support such new architectures at all. With that in mind, I'd rather have Unix as the foundation on which my secure system is built. Meanwhile, a microkernel system like MINIX 3 may eventually rise to a position of prominence and greatly enhance basic platform security. Even if it does so, it'd still essentially be Unix, because of the generally modular design of Unix as a Platonic ideal. The same cannot really be done with something like MS Windows, which would essentially require swapping in a completely new concept of an OS, ensuring that all that survives the transition is a brand. > With AppArmor and SELinux, a Linux system has a permissions and ACL system that is approximately equivalent in expressivity, albeit not user-friendliness, to the one available in NT since 3.51. Ridiculous. NT 3.51 had all the security of a twenty foot high, four foot thick steel barricade with nobody monitoring it, gaps big enough to drive a truck through, and handy pedestrian tunnels running under it. The theory of a particular security architecture is meaningless if its implementation is completely hosed up. > The "Microsoft product" is NT, which was designed--yes, from the ground up!--to be a multi-user environment. Many of its design assumptions ignored the kind of multi-user concerns that make for a secure, stable, multi-user environment, however. > Hell, NT is even POSIX-compliant (albeit with an external package today, because nobody bothered to use it). Satisfying the letter of the law while violating its spirit is a pretty piss-poor way to claim compatibility. That is, of course, Microsoft's goal anyway, so I guess that's a win for MS Windows. > The thing is, though--I'm not so insecure in myself that I've got to attach to a _computer operating system_ as my personal and social identity. Maybe you should get that looked at. You are obviously not a (competent) psychologist, because if you were you would know better than to try to diagnose people over the Internet.

Slayer_
Slayer_

Two styles, one that infected you when you browsed its contents, and another when a server or automated process tried to check its contents.

Oz_Media
Oz_Media

For office to office file transfers we used to just rename the file XEX and it would make it through, the recipient had to save it as an exe to run it of course but it worked around the issue, I also had GroupWise set to block exe's at that time but had to find a workaround for management.

Sterling chip Camden
Sterling chip Camden

Many malware providers these days wrap their EXE in a ZIP file to get around Outlook's filter. The body of the message will instruct the user to open the zip file to find the document contained therein, which is really an EXE but since most users have "Hide known extensions" turned on they may not notice. Microsoft tossed around the notion of scanning ZIP files to exclude files within them, but if they did that they'd lose a lot of users who want to legitimately exchange EXE files but don't care (or don't know how) to set up some alternative means of transport.

Slayer_
Slayer_

Outlook (all versions) have been perm blocking EXE's since at least 1997. You have to edit your registry to unblock them. Maybe thunderbird or evolution or something isn't blocking them, but that?s their problem. Also, when you run an EXE for the first time, since SP2, Windows will ask you if your sure you want to run the program. So, to reiterate, you have to hack your registry to get the file, and you have to answer windows if you are sure you want to run it. Get infected after defeating all this and its your own damn fault.

Oz_Media
Oz_Media

I replied to a comment and explained that I didn't know the answer but GUESSED that UAC was a resolution. Even my reply to YOU was a question. Your reply offered nothing relevant, to me, that I was seeking in reply. It meant nothing to me at all. For you to then suggest I am here to take an offensive is ridiculous. How does posing an open ended question, with a disclaimer explaining my personal lack of knowledge on the subject, possibly get construed as stirring or having a bad day? What's with you IT folks and your insanely defensive nature, is it just an American thing or is it the IT mindset that puts one so instantly on guard ? I merely asked a freaking question related to what I though would thwart such instant installation of code, j-Mart, I am sorry if that is not intelligent enough for you.

j-mart
j-mart

Read the post I referred to. My point being, taking this example of some of the inner workings of WIN7 can trust be placed with UAC, or in some situations can malware bypass this and run anyway. Are you joining this forum for an intelligent discussion or are you just having a bad day, bored, or just stiring for the entertainment as I don't think you could be as thick as some of your posts would indicate. There is no argument, that when it comes to security the Unix OS's are superior to Windows, as they are right from the original concept and from the ground up designed that way. Unix has stayed around for forty odd years because it works.

Oz_Media
Oz_Media

First of all the post you linked to didn't address a single word from my previous comment. try to follow the thread, we are specifically discussing how an EXE in an email will run an installer automatically. I questioned such an ability as Windows has the UAC pop up when an exe is trying to run an installer or requires system access. I never said it improves security but the ability for an executable in an email, as was being discussed, to just randomly startup and run it's installer would be questioned by the UAC in WinVista/7, would it not? Do people ignore it and click okay anyway? you bet. Is that the OS fault? no way.

apotheon
apotheon

I look forward to the peace and quiet, and the increased signal:noise ratio in discussion.

Oz_Media
Oz_Media

As always your overly defensive BS is rampant and not worth my time, nor is you OP. You are simply a waste here, where you once simply offered straight up, professional expertise, you have resorted more and more to just throwing out someone else's articles, some of which you don't even understand yourself, and put them forth as the same, fact based and personal experience. Such inconsistency is not worth a tinker's dam, if you can't trust the source as being accurate anymore.

apotheon
apotheon

> Way to defend your comments, split hairs Differentiating between "reasonable argument with supporting logic and evidence" and "unsupported contrary assertions" is not "splitting hairs". It lies at the very root of determining the value of a person's argument, and is ignored only in two cases: 1. The person ignoring that difference is an idiot. 2. The person ignoring that difference is more interested in supporting presumptions than in understanding the truth of the matter. If you can't get past the point where you think the difference between a meaningful, reasoned argument and a completely unsupported assertion is "splitting hairs", there's no much point in discussing anything with you. > I was about to reply with kudos Given your track record, I don't believe you. > I then found that, just as you do with other subjects you pretend to have insight into, that your information is to be questioned and is not all seemingly fact. You arrived at this conclusion based on the fact that two or three people made unsupported assertions, and that you like disagreeing with me, apparently. See above, re: how to judge the quality of an argument. > when you speak of subjects you have little or know experience with Of course, your judgment of whether I know anything about a given topic is in every case that I recall entirely based on whether you agree with me (which you pretty much never do, oddly enough). > I know as a fact that you don't get it, you are FAR too defensive to admit it even if you agreed. I actually concede points to others when it is warranted. Even if you saw such instances, however, you surely wouldn't admit it, because you are far too focused on taking the offensive in any dealings with me, and appear inclined to stalk my articles so you can cast aspersions on my character and competence. > The problem is, you are credible one minute and speculative and incorrect the next. Speculation is not necessarily incorrect, and any speculations I make are clearly labeled as such. I never (unless I have done so once or twice by accident, but I doubt it) claim that mere speculations are factual statements, I never set out to mislead with my articles, and I never say half the things you attribute to me.

Oz_Media
Oz_Media

Way to defend your comments, split hairs, LOL. How about defending the accuracy of your own comments instead of looking for the irrelevant aspects of others? When I first read the post, I was about to reply with kudos, noting that this is you area of expertise and I appreciate your input in afield which I have little knowledge, a field where I have ALWAYS credited your knowledge. Then I begin to read numerous corrections and disagreements, instead of the usual blanket agreement when you speak on security issues. I then found that, just as you do with other subjects you pretend to have insight into, that your information is to be questioned and is not all seemingly fact. So lets go right back to why this irks me so to begin with. You have a reputation of being a security guru and have been known to offer very accurate and informative editorials on the subject. My beef was always that when you speak of subjects you have little or know experience with, people are mislead as they are used to the accuracy of your comments. If you were one of those that people took in stride, like Andy Rooney for example, he makes a few valid points but everyone knows he also adds a lot that is pure emotion and not actually fact based info. It would be fine, people would be amused and intrigued but would not take it to the bank. But whereas you are someone who normally speaks quite seriously and accurately on security issues, people accept your comments unless they know better and they are easily mislead when you go into your checkstand rag commentary. I know as a fact that you don't get it, you are FAR too defensive to admit it even if you agreed. Don't even TRY to pretend it is my fault, that I am wrong, that I don't understand you. The problem is, you are credible one minute and speculative and incorrect the next. This lack of consistency just makes your posts into nonsensical ramblings that people who seek such info just wont accept after a while. Again, I KNOW you don't get it, you don't even have to TRY to say you do or that it is MY problem;you simply just don't get it at all.

apotheon
apotheon

> I read it an it seemed to make some sense and offer insight that I thought was informative. After reading comments here I find that most feel otherwise, most who know FAR more than I care to on the subject. "Most" in this case is basically one out of every five or six people. I recommend you learn how to count. On the other hand, you seem to think that quantity of negative respondents is more important than the quality of what they have to say, anyway, so I'm not sure it much matters whether you learn to count. If you base your impression of whether something is true or not on so superficial and error-prone a set of criteria, you'll only make a correct judgment occasionally by accident. Somehow, an intelligent person like Tony Hopkinson was able to figure out pretty quickly that freep didn't even understand the article, let alone the topic -- but you're still willing to take freep's disorganized, unsupported word for the stupidity of the article over the word of people who actually have intelligent things to say in this thread.

Oz_Media
Oz_Media

I've read some posts by the writer that are extremely informative, well researched and stem from his personal experience and skill set. On the other hand, I have read much that, as you suggested, the writer does not properly understand. In the case of the latter, you are wrong, just try explaining to him that he may not understand something. You will be deemed vicious for such a personal attack, via a personal attack of course. In this case it is not subject I know, nor claim to have experience with. I read it an it seemed to make some sense and offer insight that I thought was informative. After reading comments here I find that most feel otherwise, most who know FAR more than I care to on the subject. As I have suggested before, when tasked with informing people with your expertise, one should stick to subjects of such expertise as others that accept such knowledge,a s I did here, will be easily mislead and lead astray, again as I was here. However, this poster seems to feel that abusing such reader trust and just offering words for the sake of filling space is acceptable and validated. Again, in this case I can't refer to accuracy either way, but I wouldn't be surprised as it is so very common from this particular editor. No wonder you see people with half cocked and completely screwed up theories everywhere, they rely on information from the uninformed.

nwallette
nwallette

Having one file responsible for dozens of services means that all of the services are attack vectors. A flaw in the Themes handler could allow an exploit that has access to IPSec tunnels, for instance. What do the two need to have in common? Nothing. But they are the same codebase. And BOTH run as a privileged user account, which means they have access to anything and everything. You're talking about the user experience degrading if it becomes infected. With most malware out these days, poor performance is the giveaway that something is wrong. But what if it isn't a script-kiddie that owns your box? What if it's really clean, efficient code that you don't notice running? It could easily be "infected" and doing god-knows-what on your box for the life of that installation. Yeah, this probably borders on paranoid. Grandma's computer with family photos and some email is probably not a hot target. But it's the same system you use to hit your bank, and I use at work to transfer confidential info, and the same system your pharmacist uses to fill your prescriptions, etc..

seanferd
seanferd

Mach kernel (via Nextstep - NeXT computer, Steve Jobs' other venture).