JP Vossen on 19 Aug 2010 12:08:08 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Windows security

Date: Thu, 19 Aug 2010 13:24:08 -0400
From: Edmond Rodriguez<>
Subject: Re: [PLUG] X11 server for Windows

On Wed, Aug 18, 2010 at 5:05 PM, JP Vossen<>  wrote:

>  "Microsoft Tax" = the additional hardware&  yearly fees for the add-on
>  software required to protect Windows from its own poorly designed and
>  implemented self, while the overhead incidentally flattens Moore's Law.

I am all for Linux and have been using it almost exclusively.  I have
used XP quite a bit.

At a Central meeting once I brought the Windows vulnerability thing up
and asked what some of the vulnerabilities were.   I know there is all
the buffer overrun stuff that comes up all the time.  I sometimes get
security advisories in email similar to the buffer stuff for Linux
software.  Don't most of the problems come from people trying to trick
users into running various exe files or installing software?

Lots of times they do. Adobe Acrobat has been especially hard-hit of late, followed by MS Office, and then all the usual web-based problems.

I ask the question, if Linux were as highly used as Windows, would we
feel threatened?  Would people write software to try and trick us
(especially a novice user)?   Like trying to run some binary file from
some web dialog box made to look like a system dialog box or other
trickery to get an exe to run.

Without getting into a religious war, yes, that's certainly an argument. I think there are reasons why Linux will withstand additional malicious attention better that Windows though, read on.

One person responded that a major problem with Windows vulnerabilities
is that many people run as administrator by default.  I never thought
of that before, but it does seem true.

That is *very* true! Or, it was with XP and below... Vista and more-so Win7 have gone a long way towards fixing that.

So I guess I am wondering, other than it's popularity causing people
to want to do harm, what are the major vulnerabilities of Windows?
How much of the vulnerability is because of it's popularity (not
design) as compared to Linux?

IMO there are a number of factors.

* For XP and older it was virtually impossible to run as a non-Admin user, so anything bad that happened could and did affect the entire system. * I never ran Vista, but from what I hear it popped up so many "Such-and-such needs to do something administrative" messages that users just automatically clicked OK, so they may as well be running as admin. * Win7 seems reasonable with that, though I run that as little as possible. (Need it for work.) * The Windows development model is completely broken, not so much fundamentally (though I'd argue that too), but by convention. Any app that you install may overwrite *system* libraries and components (AKA "DLL Hell")! WTH? MS has kludged around that with various insane trickery, such as pretending to allow the app to overwrite files, but really just putting them elsewhere with a pointer. * Internet Exploder was unnecessarily integrated too tightly into the OS, thus make it easier to get deep into the OS when a vulnerability was found.
* Active-X
* The Windows code-base is far too complex for any one person, or probably any group of people, to really understand anymore. You can argue that for Linux too, but with Linux you can break it down into pieces, which does not seem possible for Windows. (Maybe with Win Server 2008 or whatever, that finally has a headless mode?) Complexity is the enemy of security. * Windows is too opaque. That's not a problem for MS itself, or maybe it is, I don't know how compartmentalized they are now. Pretty sure they used to be very open internally, but... It's had to really know and understand what it's doing, and you can't secure something you don't understand. With Linux, you at least have the option of checking the source code. And if you haven't or can't, at least there is the possibility someone else has. With Windows, not so much. * Related to opaqueness is the Windows Registry, see previous argument. You can make an argument against Gnome's gconf stuff too, though at least exceptions and modifications are accessible as XML files, if you know where to look. * These days, it's much easier to keep a Linux system--including applications--fully up-to-date (assuming you stay inside the package system). Windows only natively updates itself, and maybe other MS apps. Sure lots of Windows apps update themselves, but lots don't. * Speaking of which, right now, you are probably much less likely to accidentally install malware on Linux (again assuming you stay inside the package system). Compare: I need an app that does foo:
	Search the repo
	Click install (or aptitude install foo)
	Figure out what menu it went into (or the command name)
	Run it, it should mostly work
	'aptitude purge' it if not what you wanted
	Google around, hoping you have a good query
	Find something that looks good, read the web site
	Find out how to download it
	Download it
	Figure out where it went
Figure out how to install it (yeah, yeah, usually just double-click--except when it isn't) & install it
	Hope it doesn't break anything (less of a problem these days)
	Figure out what menu it went into
	Run it, see if it works at all
	Configure it
	See if it can auto-update and if you trust that
	--or-- repeat as needed looking for updates
	Hope that it will uninstall cleanly if not what you wanted (it won't)

Wow, this is getting long. OK, wrap it up, Linux has SELinux and/or AppArmor. Neither is used to the extent it could be, but ramping that up if Linux suddenly got 50% market share is doable, I think. (Not necessarily easy, but then, packaging an app isn't always that easy either, yet thousands of folks around the world do that for many thousands of apps. Adding SEL/AA profiles would be tedious, but possible). IIRC, Sugar/OLPC does something like that. Very powerful stuff.

Finally using safer libraries, randomizing where things go in RAM, and using the NX bit where possible, which modern kernels may already do, would also eliminate many if not most buffer overflow problems. (Windows may be doing some of that now too.)

Wow, shutting up now,
JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --