A Taste Of Computer Security 192
andrew_ps writes "Amit Singh has published on his KernelThread.com a paper (mini book really) on computer security. A Taste of Computer Security is a VERY comprehensive paper in what it covers, but is remarkably easy to read. This is not some list of "sploits" though! Topics covered include popular notions about security, types of mal-ware, viruses & worms, memory attacks/defences, intrusion, sandboxing, review of Solaris 10 security and plenty of others. Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."
The UNIX vs MS Windows discussion is lacking (Score:5, Insightful)
For example, the bottom of this page [microsoft.com] shows a list of games that require Administrator authority to play. Why should administrator authority need to be granted to play a game? And to suggest granting Administrator access to people just so they can play them?
I have found no more powerful example of Microsoft's lack of commitment to security than this. I think this philosophy more than anything else contributes to the proliferation of destructive worms and viruses.
Summary (Score:3, Insightful)
*NIX disables things by default. This is done for security. Users could make *NIX insecure.
The number of different *NIXs makes it tedious to create viable exploits.
In spite of what the guy says, I think most of us already knew this stuff. Have I missed anything?
Re:The UNIX vs MS Windows discussion is lacking (Score:1, Insightful)
I certainly think it is when Microsoft is either the writer or publisher of said game...
Re:The UNIX vs MS Windows discussion is lacking (Score:5, Insightful)
Obviously, to make low level system calls for direct hardware access in a copy protection scheme.
I have found no more powerful example of Microsoft's lack of commitment to security than this.
While some blame attaches to Microsoft, since they choose to use such a copy protection method with their games, the real culprit is Macromedia, who made the SafeDisc copy protection system at fault.
So, what do you think will happen if it can be proven that the copy-protection methods the Content lobbies (RIAA/MPAA/BSA) are using are a threat to Homeland Security?
Re:The UNIX vs MS Windows discussion is lacking (Score:1, Insightful)
It is the programmers who use certain resources and assume that everyone else has the ability to write to them.
Re:The UNIX vs MS Windows discussion is lacking (Score:3, Insightful)
Sounds like a cop-out to me. 'low-level' system calls are just that - *system* calls, and the system should have a way to allow processes run under non-admin accounts.
At the very least, why can't the installer put a 'setuid' (or whatever the windows equivalent is) program that does the bit-banging? Does the 'system' not allow it? (If not, then the system is indeed broken.)
Re:Sure.. (Score:5, Insightful)
> this guy on crack?
> This isn't a fair analysis, it's just more "MS is teh gay linucks is
> awwwwsome!!!!!11!" tripe.
His thesis is actually more along the lines of (and I'm quoting from the Win v Unix section of the article):
"Current Windows systems have some of the highest security ratings (as compared to other systems)... However, the number of documented security issues and the real-life rampant insecurity of Windows are not speculations either! The problems are real, both for Microsoft, and for Windows users."
Nowhere here is he saying that MS sucks, or that linux r0x0rs. Again, from the sam part of the article:
"We stated earlier that UNIX was not even designed with security in mind. Several technologies that originated on Unix, such as NFS and the X Window System, were woefully inadequate in their security."
The argument that explains the paradox is along the lines of what many of us already know - that MS is more prevalent, has a wider spectrum of users (inexperienced to experienced) and exists in a wider range of vulnerable environments - not just cozy, isolated research labs.
So while your arguments are valid, they don't really go against the overall opinion of the article.
Re:CC evaluation? Orange book? (Score:5, Insightful)
Basically a EAL or Orange book certified system will not allow casual transfer of data from a higher security level to a lower security level. That is the core of the qualification concept. All the stuff about admin roles, etc is just fluff oriented towards managing the concept and the granularity to which it is managed.
After the wave of buffer overrun hacks that followed the publishing of Alef1's paper "Smashing the Stack for Fun and Profit" in 1996 I had a conversation with the security head of a bank-to-bank transfer house head of security. We were discussing what can we do about intrusions like this. His first suggestion was to raise the security level to B1 or higher. At which point I had to point to him that all intrusions were circumventing the security mechanisms, not breaking through a problem in them so the Orange Book level of security did not bloody matter at all.
On a similar note, Old SCO OpenServer 3.x which had C2 certification was quite hard to hack in its normal mode of operation. Raising the system to C2 and the enabling of roles required to do so made the system a walkthrough. It took me around 5 minutes to get root on it by doing casual operations, no real hacking involved.
Re:The UNIX vs MS Windows discussion is lacking (Score:5, Insightful)
If Vendors choose not to allow for this, it is certainly not due to a lack of functionality in the underlying system.
Re:Sure.. (Score:5, Insightful)
They store config files in different places, with different names (ldap.conf vs nss_ldap.conf, etc). They install apps to different places, and so on and so on. Now we can deal with XFree vs X.org (migrating to X.org on Gentoo also broke, well, almost freakin everything I use, and I still don't know how to properly configure the new font paths for tightvnc)
For that matter, don't ask a guy who's RHCE is a year old to secure a RedHat box, because for all you know, he doesn't know shit about, as an example, Samba 3.0's new config options or iptables (since he was taught ipchains). The OSS world likes to completely reinvent apps between revisions, for some reason.
Whereas, one XP box is pretty much the same as the next, and not far removed for Win2k.
I've had the same problems with both. I installed PuTTY in Windows as Administrator, tried to run it as a user, oops.. No user rights.. This is when you find out what kind of user you are. Do you switch to Administrator, screw around with permissions, and test until it works and you feel it's secure, or do you just go "fuck it" and add your username to the Administrators group so you don't have to deal with that kind of shit every day.
I'm not ashamed to admit I'd put myself in the latter category. Screwing around with filesystem ACLs and group memberships isn't what I like to spend my time doing. My firewall/router is about the only "secured" box on my home lan, which is fine, since I lock the doors when I leave so the likelyhood of a script kiddie sitting down at one of my machines is low.
There is a point to be made, and it's that it's nearly impossible to have the best of both worlds. It's either simple and painless to use (desktops), or super-hardcore secure (servers). Both OS's can function in both roles.
Re:Sure.. (Score:5, Insightful)
There are too many "knobs." The exposed interfaces are either too complicated, even with documentation, or too weak and limited. Security on Windows is hard to configure correctly (try setting up IPSEC).
This guy can't seriously expect me to buy his argument that properly configuring a unix box is "easier", can he?
You are purposefully misunderstanding his point. He was not stating that Windows is "harder" than unix to secure, merely that the "average" unix user will generally have a deeper understanding of how the underlying OS works as opposed to an "average" Windows user. Think about it.
Unix has a larger barrier of entry in terms of learning the OS and understanding how it works until you get to a point where it is "usable". Windows on the other hand has a much lower barrier of entry and a deep understanding of the underlying actions of the OS are not required in order to utilize the system. As a result the complexity of securing unix systems is not as complex to the average unix user since they already have overcome that initial large barrier whereas Windows is more complex to the average windows user because they are faced with a magnitude of complexity they normally do not see.
I do agree with you that Windows can be locked down thoroughly and be just as secure as a unix machine.
Re:The UNIX vs MS Windows discussion is lacking (Score:2, Insightful)
It's no more fair to criticize XP because legacy games designed for Windows 95 were poorly written and need to be run as root, no more than it is to criticize the new Gentoo 2004.2 because the original linux Doom and Quake ports required svgalib, and thus had to be run as root.
And there were exploits, oh boy, were there ever. Those were my asshole script-kiddy days. Camping, huh? Well just wait until you load the next map, complete with buffer-overflow giving me root access, etc.
Re:The UNIX vs MS Windows discussion is lacking (Score:5, Insightful)
You know, you have pointed out one of the two major failings of Windows security-wise. The other is at least as bad, however.
People often think of UNIX being a nightmare of dependencies, but from a security perspective, the dependency nightmare is actually far worse on Windows. Some of this I can understand, but some I cannot. For example, it is true that copy and paste in Windows depend on RPC. This is understandable (in Gnome, they depend on CORBA). But last time I tried to secure a Windows box by turning off RPC on the PPPoE interface, it would not authenticate until I re-enabled it. Apparently the PPP authentication mechanisms require that RPC is running (works if firewalled) on the same network interface, or at least that is what I was told when I finally called technical support (Microsoft). Granted this was Windows 2000 and I was using a third-party PPPoE extension, but still...
At least with GNOME, I don't have to have CORBA listening on my network interfaces....
If I am securing Linux or UNIX, there is generally it is usually clear what can be turned off whithout adverse results to the rest of the software. This is NOT true with Windows, and I have generally found disabling unnecessary services to be extremely difficuly on Windows because it is difficult to determine what is actually necessary.
I find Windows security to be a complicated headache compared to UNIX security.
Of course, real security depends on the admin, not the OS.
Same tired old arguments (Score:2, Insightful)
"Windows is supposed to be an easy-to-use platform, while Unix is supposed to be cryptic and hard-to-use." - good grief. An ad-hoc conclusion like this pretty much points to a lack of actual logical analysis.
"Microsoft's success, as reflected in their incredible market share, amplifies their security problems". So, giving an email client the ability to infect a system has nothing to do with it? The article seems to gloss over MS's efforts to graft its applications into its OS as part of the problem. By this logic, killing turkeys causes winter.
"A potentially relevant issue is the phenomenal amount of resentment against Microsoft and Microsoft products that is seen in many circles." So, Microsoft's security issues are because people hate them. Get my violin.
"'Security' is hard to formalize, hard to design (and design for), hard to implement, hard to verify, hard to configure, and hard to use. It is particularly hard to use on a platform such as Windows, which is evolving, security-wise, along with its representative user-base." ! He seems to be saying that windows security is evolving and its users are also 'security-evolving', and as as a result, windows security is getting worse. Well, wait a minute. Maybe he's right on that one...
Re:frustrated with "anti"-virus on Windows (Score:1, Insightful)
there is truthfully very little innovation in the virus community, outside of a few examples, so a scanner configured to look for known viruses and those that look similar to known viruses is going to catch almost everything...
in short, don't blame MS because McAfee and Symantec refuse to innovate.. just find a company that does...
Re:The UNIX vs MS Windows discussion is lacking (Score:3, Insightful)
You still tend to put a bit better protection around the small amount of root-stuff, primarily because it's relatively simple to do.
The fat non-root stuff, even on servers, is really the important stuff.
The stuff that actually helps with security is that Unix things tend to think that it's a good idea if the user is aware of what is going on, and will go to a bit of extra trouble to be informative whenever and wherever possible.
[ ] Always trust Microsoft
[ ] Always trust Red Hat
[ ] Always trust OpenBSD
Reactions?
MS exploits explained... (Score:3, Insightful)
In this context, a rule-of-thumb definition of security is often cited: a system is considered secure if its "secure-time" is greater than its "insecure-time." Secure time is simply the time during which a system is protected, that is, free of "incidents". Insecure time is the sum of the time it takes to detect an incident and the time it takes to react to the incident (summed over all incidents in a given interval):
I've never heard such a naive definition of security. Apparently, regardless of how many security holes my system has, or how many times I get hacked, I can call it secure as long as it can be recovered quickly.
So, by this definition, my system is still secure even when:
- A hacker exploits IIS and downloads all my customer names and CC numbers.
- A hacker destroys all of my data from the last backup; as long as I can recover it quickly, data loss doesn't matter, right?
- A hacker DDOS' our server and we lose several days worth of business. Our system is still up, so obviously it's not secure.
- A hacker installs a rootkit on our server. You see, it doesn't matter if the box is owned, as long as its up and running, right?
- A hacker zombies the machine and uses it to send SPAM, or worse, host illegal content.
Need I go on?I don't think I could come up with a better explanation of why Microsoft will never design secure software than this one: they're definition of what constitutes a secure system is simply out of touch with the requirements of running a business.