|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Linux v. Windows security (was Mac Viruses)
|
JP, the Carls Schroder article linked to other articles re limiting
the intrusion of flash cookies which were very helpful. Thanks!
--
Art Alexion
Sent unsigned from an iPod. That's the reason for the top posting as
well.
On Apr 22, 2009, at 11:55 PM, JP Vossen <jp@jpsdomain.org> wrote:
>> Date: Wed, 22 Apr 2009 20:03:50 -0400
>> From: Art Alexion <art.alexion@gmail.com>
>> Subject: Re: [PLUG] It's happening. Mac Viruses
>
> [...]
>> One of the problems with windows that make it vulnerable is that MS
>> creates these security back doors for its products that the virus
>> writers exploit. For example, Outlook can write to directories that
>> the user executing outlook has no permissions to write to.
>
> I didn't know that about OL but am not surprised. The tie the apps
> too
> tight too. I often lock up an Office app, which locks them all, while
> FF, TB, etc. keep working just fine.
>
> Aside from the too tight (and illegal in some cases) integration
> between
> user apps and the OS, one of big security problems with Windows is
> that
> until Vista, you pretty much *had* to run everything as administrator
> (read root) or it didn't work [1]. The reasons for that vary, and go
> back to the MS obsession with backward compatibility [2] and the facts
> that "Windows" was originally a GUI on top of a single-user,
> non-networked OS. But that's obviously terrible.
>
> And that's not to even mention to sloppy code, and a codebase that's
> grown much too complicated [2].
>
>
>> AFAIK, the Linux model is that programs that user A executes can't do
>> anything that user A couldn't have done.
>
> Yes, Linux malware can certainly affect the individual user. And
> Linux
> and Linux apps are certainly far from perfect, so there will be flaws
> that will lead to privilege escalation. But in general it's a lot
> better.
>
> And if/when Linux achieves the market penetration to be a serious
> target, I think one of the major mitigating factors will be SELinux
> (or
> AppArmor if Ubuntu keeps beating that dead horse). They are already
> there and they more-or-less work, it would just be a matter of really
> locking them down. If the PDF tool has read access only to itself and
> its libs, and write access to *nothing* it matters less if it has a
> vulnerability; it can't infect anything.
>
> It would be tedious, and there would be lots of user issues, but it's
> already there. I'm not aware of anything from MS like that for
> Windows.
> Some third-party HIDS might come close, but by definition third-party
> isn't native/core.
>
> I haven't given this much thought but it seems like the "everything
> is a
> file" thing might make it harder for malware to hide, since there is
> no
> registry evilness. On the other hand, the gconf stuff isn't far
> from a
> registry, and an obfuscated file name is an obfuscated file name.
> More
> thought needed there.
>
>
> One final point before I step off my soapbox. I've been reading Carla
> Schroder's blog lately and one point she makes is that when the
> mainstream press talks about "computer" security or malware problems,
> they really mean Windows. It's an interesting point.
> E.g., http://blog.linuxtoday.com/blog/2009/03/53-pages-10-mon.html
>
> Later,
> JP
>
> _______________
> [1] I'm aware that it is eventually possible to configure W2K or XP to
> mostly work when running as a regular user. But it's difficult to do,
> and tends to cause lots of problems (like Windows doesn't have enough
> problems already). That's a high barrier to entry that almost no home
> user, and few but very large or very secure organizations will bother
> with. Contrast that with Ubuntu or the Mac that Just Work like that
> out-of-the-box. And you don't hear bitching about gksudo like you do
> about Vista's UAC. (I've never used Vista and never will.)
>
> [2] Backwards compatibility is in general a Good Thing, and
> "obsession"
> with that is arguably one of the reasons they have a near monopoly.
> And
> watch what happens when they do dare to bend a it a little... (See:
> Vista.) But it also leads to code bloat and complexity (an enemy of
> security) and possible security regressions.
> ----------------------------|:::======|-------------------------------
> JP Vossen, CISSP |:::======| http://bashcookbook.com/
> My Account, My Opinions |=========| http://www.jpsdomain.org/
> ----------------------------|=========|-------------------------------
> "Microsoft Tax" = the additional hardware & yearly fees for the add-on
> software required to protect Windows from its own poorly designed and
> implemented self, while the overhead incidentally flattens Moore's
> Law.
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|