Art Alexion on 23 Apr 2009 04:40:35 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux v. Windows security (was Mac Viruses)

JP, the Carls Schroder article linked to other articles re limiting  
the intrusion of flash cookies which were very helpful. Thanks!


Art Alexion
Sent unsigned from an iPod. That's the reason for the top posting as  

On Apr 22, 2009, at 11:55 PM, JP Vossen <> wrote:

>> Date: Wed, 22 Apr 2009 20:03:50 -0400
>> From: Art Alexion <>
>> Subject: Re: [PLUG] It's happening.   Mac Viruses
> [...]
>> One of the problems with windows that make it vulnerable is that MS
>> creates these security back doors for its products that the virus
>> writers exploit.  For example, Outlook can write to directories that
>> the user executing outlook has no permissions to write to.
> I didn't know that about OL but am not surprised.  The tie the apps  
> too
> tight too.  I often lock up an Office app, which locks them all, while
> FF, TB, etc. keep working just fine.
> Aside from the too tight (and illegal in some cases) integration  
> between
> user apps and the OS, one of big security problems with Windows is  
> that
> until Vista, you pretty much *had* to run everything as administrator
> (read root) or it didn't work [1].  The reasons for that vary, and go
> back to the MS obsession with backward compatibility [2] and the facts
> that "Windows" was originally a GUI on top of a single-user,
> non-networked OS.  But that's obviously terrible.
> And that's not to even mention to sloppy code, and a codebase that's
> grown much too complicated [2].
>> AFAIK, the Linux model is that programs that user A executes can't do
>> anything that user A couldn't have done.
> Yes, Linux malware can certainly affect the individual user.  And  
> Linux
> and Linux apps are certainly far from perfect, so there will be flaws
> that will lead to privilege escalation.  But in general it's a lot  
> better.
> And if/when Linux achieves the market penetration to be a serious
> target, I think one of the major mitigating factors will be SELinux  
> (or
> AppArmor if Ubuntu keeps beating that dead horse).  They are already
> there and they more-or-less work, it would just be a matter of really
> locking them down.  If the PDF tool has read access only to itself and
> its libs, and write access to *nothing* it matters less if it has a
> vulnerability; it can't infect anything.
> It would be tedious, and there would be lots of user issues, but it's
> already there.  I'm not aware of anything from MS like that for  
> Windows.
>  Some third-party HIDS might come close, but by definition third-party
> isn't native/core.
> I haven't given this much thought but it seems like the "everything  
> is a
> file" thing might make it harder for malware to hide, since there is  
> no
> registry evilness.  On the other hand, the gconf stuff isn't far  
> from a
> registry, and an obfuscated file name is an obfuscated file name.   
> More
> thought needed there.
> One final point before I step off my soapbox.  I've been reading Carla
> Schroder's blog lately and one point she makes is that when the
> mainstream press talks about "computer" security or malware problems,
> they really mean Windows.  It's an interesting point.
> E.g.,
> Later,
> JP
> _______________
> [1] I'm aware that it is eventually possible to configure W2K or XP to
> mostly work when running as a regular user.  But it's difficult to do,
> and tends to cause lots of problems (like Windows doesn't have enough
> problems already).  That's a high barrier to entry that almost no home
> user, and few but very large or very secure organizations will bother
> with.  Contrast that with Ubuntu or the Mac that Just Work like that
> out-of-the-box.  And you don't hear bitching about gksudo like you do
> about Vista's UAC.  (I've never used Vista and never will.)
> [2] Backwards compatibility is in general a Good Thing, and  
> "obsession"
> with that is arguably one of the reasons they have a near monopoly.   
> And
> watch what happens when they do dare to bend a it a little...  (See:
> Vista.)  But it also leads to code bloat and complexity (an enemy of
> security) and possible security regressions.
> ----------------------------|:::======|-------------------------------
> JP Vossen, CISSP            |:::======|
> My Account, My Opinions     |=========|
> ----------------------------|=========|-------------------------------
> "Microsoft Tax" = the additional hardware & yearly fees for the add-on
> software required to protect Windows from its own poorly designed and
> implemented self, while the overhead incidentally flattens Moore's  
> Law.
> ___________________________________________________________________________

> Philadelphia Linux Users Group         --
> Announcements -
> General Discussion  --
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --