|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Linux v. Windows security (was Mac Viruses)
|
> Date: Wed, 22 Apr 2009 20:03:50 -0400
> From: Art Alexion <art.alexion@gmail.com>
> Subject: Re: [PLUG] It's happening. Mac Viruses
[...]
> One of the problems with windows that make it vulnerable is that MS
> creates these security back doors for its products that the virus
> writers exploit. For example, Outlook can write to directories that
> the user executing outlook has no permissions to write to.
I didn't know that about OL but am not surprised. The tie the apps too
tight too. I often lock up an Office app, which locks them all, while
FF, TB, etc. keep working just fine.
Aside from the too tight (and illegal in some cases) integration between
user apps and the OS, one of big security problems with Windows is that
until Vista, you pretty much *had* to run everything as administrator
(read root) or it didn't work [1]. The reasons for that vary, and go
back to the MS obsession with backward compatibility [2] and the facts
that "Windows" was originally a GUI on top of a single-user,
non-networked OS. But that's obviously terrible.
And that's not to even mention to sloppy code, and a codebase that's
grown much too complicated [2].
> AFAIK, the Linux model is that programs that user A executes can't do
> anything that user A couldn't have done.
Yes, Linux malware can certainly affect the individual user. And Linux
and Linux apps are certainly far from perfect, so there will be flaws
that will lead to privilege escalation. But in general it's a lot better.
And if/when Linux achieves the market penetration to be a serious
target, I think one of the major mitigating factors will be SELinux (or
AppArmor if Ubuntu keeps beating that dead horse). They are already
there and they more-or-less work, it would just be a matter of really
locking them down. If the PDF tool has read access only to itself and
its libs, and write access to *nothing* it matters less if it has a
vulnerability; it can't infect anything.
It would be tedious, and there would be lots of user issues, but it's
already there. I'm not aware of anything from MS like that for Windows.
Some third-party HIDS might come close, but by definition third-party
isn't native/core.
I haven't given this much thought but it seems like the "everything is a
file" thing might make it harder for malware to hide, since there is no
registry evilness. On the other hand, the gconf stuff isn't far from a
registry, and an obfuscated file name is an obfuscated file name. More
thought needed there.
One final point before I step off my soapbox. I've been reading Carla
Schroder's blog lately and one point she makes is that when the
mainstream press talks about "computer" security or malware problems,
they really mean Windows. It's an interesting point.
E.g., http://blog.linuxtoday.com/blog/2009/03/53-pages-10-mon.html
Later,
JP
_______________
[1] I'm aware that it is eventually possible to configure W2K or XP to
mostly work when running as a regular user. But it's difficult to do,
and tends to cause lots of problems (like Windows doesn't have enough
problems already). That's a high barrier to entry that almost no home
user, and few but very large or very secure organizations will bother
with. Contrast that with Ubuntu or the Mac that Just Work like that
out-of-the-box. And you don't hear bitching about gksudo like you do
about Vista's UAC. (I've never used Vista and never will.)
[2] Backwards compatibility is in general a Good Thing, and "obsession"
with that is arguably one of the reasons they have a near monopoly. And
watch what happens when they do dare to bend a it a little... (See:
Vista.) But it also leads to code bloat and complexity (an enemy of
security) and possible security regressions.
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| http://bashcookbook.com/
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|