A Taste Of Computer Security 192
andrew_ps writes "Amit Singh has published on his KernelThread.com a paper (mini book really) on computer security. A Taste of Computer Security is a VERY comprehensive paper in what it covers, but is remarkably easy to read. This is not some list of "sploits" though! Topics covered include popular notions about security, types of mal-ware, viruses & worms, memory attacks/defences, intrusion, sandboxing, review of Solaris 10 security and plenty of others. Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."
Interesting "book", great read for PHBs! (Score:4, Interesting)
Re:The UNIX vs MS Windows discussion is lacking (Score:4, Interesting)
Sure.. (Score:4, Interesting)
Ok, so his thesis seems to be that Windows is insecure because it's too hard? Is this guy on crack?
There are too many "knobs." The exposed interfaces are either too complicated, even with documentation, or too weak and limited. Security on Windows is hard to configure correctly (try setting up IPSEC).
This guy can't seriously expect me to buy his argument that properly configuring a unix box is "easier", can he?
This isn't a fair analysis, it's just more "MS is teh gay linucks is awwwwsome!!!!!11!" tripe.
It's really not hard at all to secure Windows, and you can lock it down every bit as tight as any Unix if that's what you want to do. Just because people don't doesn't make it the OS's fault.
How about all the newbies running their X sessions as root because it's the only way they can get the soundcard/dvd-r/tv-tuner/misc hardware to work?
Is it Linux's fault that once you start piling OSS layers onto ALSA and jam the whole pile of shit into Gentoo's default devfsd setup, that it's a huge pain in the ass to get a non-root user to be able to play sounds? Cuz it is. Don't give me the bullshit about "all you have to do is add the user to the audio group" stuff.
What about lazy fucks like me who quit trying to have their daemons chroot and su to another user, because every fucking time they type emerge -u world portage decides to change all the file permissions and ownerships around, so now all of a sudden slapd cant read or write it's data directory, hosts.allow and hosts.deny are no longer world-readable, etc, etc.. Fuck it, the only way to guarantee my LDAP server stays up is to have it run as root. And, of course, it has to stay up, else noone could log in.
I can't remember which distro now, but it shipped with a single * in the xdm's Xaccess file - ie; anyone anywhere could get a local X session on it.
What about every app that uses svgalib having to be suid root, or run as root. Those mythTV boxes and advanceMAME cabs are just big fat fuckin backdoor waiting to be exploited.
The only point I'm trying to make is, any PC out there is no more secure as it's user/owner/admin and the apps they run. Most normal people dont enjoy spending 8 hours a day doing nothing but configuring their systems.
Re:The UNIX vs MS Windows discussion is lacking (Score:2, Interesting)
Re:The UNIX vs MS Windows discussion is lacking (Score:3, Interesting)
This is not a fair criticism. The 'security initiative' thing is still relatively new, and they are burdened by a large number of legacy security problems from the many years of development with any regard for security problems.
Most of the games in that list, for instance, were originally intended to be played in the 9x series of OS's, which had no notion of anything that was not administrator access (actually, 95/98/ME users had more access than NT admins do!).
There are certainly areas where Microsoft's commitment has been lacking, but the least privilege principle is one of the better areas. Michael Howard et al have been pushing hard for this within Microsoft, and more importantly, pushing for better developer education on how to write code that adheres to least privilege.
Because when you get down to it, if an application requires administrator access to run, it is not the fault of the Operating System.
Re:Interesting "book", great read for PHBs! (Score:5, Interesting)
I would go so far as to say this should be made the must-read EULA for joining Slashdot. It might cut down some of the pointless conjecture and idiotic jibber that so clutters every discussion that mentions Windows, security or anything related. Hell, Slashdot may even grow still and quiet once in while. Not.
- Oisin
The core security problem with Windows. (Score:4, Interesting)
It's more than just the fact that there are existing applications that expect to have write access to system directories and do other dengerous things, it's that Microsoft doesn't seem to be able to respond appropriately. For example, our early Citrix-based server showed the path to solving the problem of writing to system directories... it mapped system write access into the user's profile, and you had to switch to an explicit "installer" mode to actually modify things in the system.
Microsoft owns that code now, it's surely in Terminal Server, but instead of implementing it they created a high level workaround... the sort ofthing you'd expect to see coming from a third party... that monitors the system and puts files back when they change. This not only breaks more applications than the old Citrix-style code did, but it provides another hiding place for viruses that manage to infect the repository or trick the system into backing them up.
Similarly, the whole protocol/handler problem in Internet Explorer... or rather the Microsoft HTML control... (and being inexplicably copied by Apple and the KDE people) could be almost completely prevented by simply making the protocol and helper application binding the responsibility of the application calling the control instead of making the control guess whether the application it's calling is hardened for use by untrusted pages, and if not then it has to guess whether the page it's displaying is trustable or not.
Re:The UNIX vs MS Windows discussion is lacking (Score:2, Interesting)
Ok, so it can't erase the *whole* HD or meddle too much with the system, but it can do everything I have the right to do, such as finding and using mail clients and start spreading if that is what it is about.
It could also simply sit idle and log keystrokes until I enter my root pw if that is needed, or just any banking info, or whatever. What it can't do would be stuff like opening a spam mail relay. Until it gets the root pw, that is. Or maybe it is enough to capture your normal pw and use sudo? Did you set it up without restrictions?
Other possibilities include invading lots of local config scripts that are run when starting applications, and oh, when was the last time you checked what was in your KDE autostart? Or any of all the other files that are usually run?
Most things don't matter if root/Administrator access is available - that is for servers.
Actually, I could have something like this running since a long time ago, maybe some russian is watching me type this. After all, I've allowed outgoing connections and I don't do real security audits. After all, this is my home desktop user system. I think it is lots better of than most, but it is not a server.
frustrated with "anti"-virus on Windows (Score:5, Interesting)
On this Windows box at work I'm protected from thousands upon thousands of viruses except the one that gets written tomorrow and the idiot that opens its brilliantly socially-engineered email attachment.
This is rhetorical and wishful: when are we going to get some anti-virus software that protects us before an outbreak?
(please don't say don't run Windows, it is realistic but not realistic today right here)
Re:Interesting "book", great read for PHBs! (Score:2, Interesting)
Re:The UNIX vs MS Windows discussion is lacking (Score:4, Interesting)
No, this is a fault of Windows. We don't know how these games run or why they require admin authority. It might be to access the sound card, or the video drivers, or DirectX or something similar. But in all those cases it's a fault of Windows for not providing non-admin-level access to the required resources.
It may have something to do with backwards compatibility with Windows 9x. In that case, yes, the application probably could have littered itself with millions of 'if (WindowsVersion >= 4) SafeFunction() else UnsafeFunction() calls, each of which would have killed performance dead. They also could have shipped fat binaries or even two binaries, and had the installation program make the right choice up front. All those solutions add their own problems to an already complex product, though, and if those types of bad solutions are required, I'd say it's the fault of the OS for requiring them.
I would also think that if it were something they could easily fix at the application level, Microsoft's newest releases would not make this list. However, since it includes "Microsoft Flight Simulator 2004 - Century of Flight" I'd say that in these days of Microsoft waving the "Security First" flag, they have never actually addressed the root problem. And the root is Windows, not the application.
Re:The UNIX vs MS Windows discussion is lacking (Score:2, Interesting)
That said, you'd still hope they'd find a more-secure spot to write down the user's config. Wasn't there a branch on the root of the registry that was writeable without administrator permission? Is an ini-file impossible to consider as the settings store of a freakin' game?
Re:The UNIX vs MS Windows discussion is lacking (Score:3, Interesting)
I'd argue that that's a symptom and not a cause. Behind all the technical errors there's a mindset that causes them.
For example, somebody thought it was a good idea to have web server plugins run in the address space of the web server. It's only a good idea if you place more value on speed than on reliability and security. Somebody thought it was a good idea to speed up the system by moving more and more functionality into Ring 0. Somebody thought it was a good idea to have Turing-equivalent programs execute when you open an Office document, placing features above security. Somebody thought Javascript in email was a good idea.
The same mindset, until recently, valued rapid code development over security.
Everthing came together in Slammer. The philosophy of feature-richness put a SQL database into products whose buyers didn't even know they had it. The philosophy of convenience had it listening on the network by default. And so on.
By now the old Microsoft attitudes and assumptions have been baked into the foundations and built on by ISV's. Change will be slow and painful even with firm commitment by Microsoft.
Re:The UNIX vs MS Windows discussion is lacking (Score:5, Interesting)
Given that, explain why "Microsoft Flight Simulator 2004 - Century of Flight" should still make the list? If software they've released years after they've been aware of these problems still demands bad security practices, who is to blame? The application programmers or the environment in which they must work?
You said, "if an application requires administrator access to run, it is not the fault of the Operating System." Explain how a train simulator could possibly require admin authority except in a poorly architected environment? Then answer, 'who provided that poor architecture?'
This is Microsoft -- author of both these applications as well as the OS. They've had the chance to address it, they've had the incentive to address it, but they have not done so. I stand by my comment.
Re:The UNIX vs MS Windows discussion is lacking (Score:3, Interesting)
Yesterdays article on "Phish" scams links to a "test". One of the examples has the marks of a scam but is considered "legitimate". It is from MSN.
I think a lot has to do with expectations and attitudes. I would expect many if not most games on Unix to just refuse to run as root. An intentional segfault is even more fun. NT may have more elaborate security mechanisms but they are too hard to get at. With Unix you tend to get a mess of rwx in your face. Anybody know how to put group permissions to their limits?
Hiding file extensions probably does much more damage than administrator access.
Unix has an unfair advantage with the name "root". "Administrator", just by the name, makes a much more attractive target. I was smart enough to rename the domain admin to "root". If I leave some user's machine logged on as root their natural reaction is to get their stuff back as fast as possible.
Unix software tends to be as informative as it can as to where the problem resides. Microsoft software tends to try to shift the blame elsewhere if at all possible. The latest XP did not allow me to assign LPT1 to a remote printer. Kept coming with login prompt for the remote resource which never works. Finally disabled the hardware port in the bios. If you can confuse your enemy as to what the problem is, seems like you've got a considerable advantage.