JP Vossen on 22 Apr 2009 20:55:45 -0700 |
> Date: Wed, 22 Apr 2009 20:03:50 -0400 > From: Art Alexion <art.alexion@gmail.com> > Subject: Re: [PLUG] It's happening. Mac Viruses [...] > One of the problems with windows that make it vulnerable is that MS > creates these security back doors for its products that the virus > writers exploit. For example, Outlook can write to directories that > the user executing outlook has no permissions to write to. I didn't know that about OL but am not surprised. The tie the apps too tight too. I often lock up an Office app, which locks them all, while FF, TB, etc. keep working just fine. Aside from the too tight (and illegal in some cases) integration between user apps and the OS, one of big security problems with Windows is that until Vista, you pretty much *had* to run everything as administrator (read root) or it didn't work [1]. The reasons for that vary, and go back to the MS obsession with backward compatibility [2] and the facts that "Windows" was originally a GUI on top of a single-user, non-networked OS. But that's obviously terrible. And that's not to even mention to sloppy code, and a codebase that's grown much too complicated [2]. > AFAIK, the Linux model is that programs that user A executes can't do > anything that user A couldn't have done. Yes, Linux malware can certainly affect the individual user. And Linux and Linux apps are certainly far from perfect, so there will be flaws that will lead to privilege escalation. But in general it's a lot better. And if/when Linux achieves the market penetration to be a serious target, I think one of the major mitigating factors will be SELinux (or AppArmor if Ubuntu keeps beating that dead horse). They are already there and they more-or-less work, it would just be a matter of really locking them down. If the PDF tool has read access only to itself and its libs, and write access to *nothing* it matters less if it has a vulnerability; it can't infect anything. It would be tedious, and there would be lots of user issues, but it's already there. I'm not aware of anything from MS like that for Windows. Some third-party HIDS might come close, but by definition third-party isn't native/core. I haven't given this much thought but it seems like the "everything is a file" thing might make it harder for malware to hide, since there is no registry evilness. On the other hand, the gconf stuff isn't far from a registry, and an obfuscated file name is an obfuscated file name. More thought needed there. One final point before I step off my soapbox. I've been reading Carla Schroder's blog lately and one point she makes is that when the mainstream press talks about "computer" security or malware problems, they really mean Windows. It's an interesting point. E.g., http://blog.linuxtoday.com/blog/2009/03/53-pages-10-mon.html Later, JP _______________ [1] I'm aware that it is eventually possible to configure W2K or XP to mostly work when running as a regular user. But it's difficult to do, and tends to cause lots of problems (like Windows doesn't have enough problems already). That's a high barrier to entry that almost no home user, and few but very large or very secure organizations will bother with. Contrast that with Ubuntu or the Mac that Just Work like that out-of-the-box. And you don't hear bitching about gksudo like you do about Vista's UAC. (I've never used Vista and never will.) [2] Backwards compatibility is in general a Good Thing, and "obsession" with that is arguably one of the reasons they have a near monopoly. And watch what happens when they do dare to bend a it a little... (See: Vista.) But it also leads to code bloat and complexity (an enemy of security) and possible security regressions. ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|