Re: Linux and security

From: Johannes Halmann (softpro_at_gmx.net)
Date: 07/28/03 

Date: Mon, 28 Jul 2003 17:57:35 +0200

>> Oy. In many cases, sure. But other common vulnerabilities, such as the
>> default exporting of the "C:" drive as a share, the overly friendly
>> auto-opening of email attachments by various default Windows clients,

true, i totally agree with that. it is actually hard if not impossible to
make windows secure. this comes at the cost of a little less comfort (which
i'm quite willing to take) but which might prove to be too much for your
average john doe who can't really be bothered with different roles (root,
user, ...).
so, maybe the core problems of windows are merely a reflection of the
lazyness and comfort that users want! i'm not excusing M$ here or saying
that people don't want security (they don't :-), but isn't that maybe the
core problem: the unawareness of users and their carelessness?

> Another good point. Microsoft, in their quest to kill GNU/Linux, has
> withheld their Office suite from us. "Oh please Brer Bill, don't throw
> us in that briar patch!" So we don't have all the macro viruses.

yeah, but openoffice has a powerful macro language (correct me if i'm
wrong) and if you want to do things with such a language, malicious macros
will always be a possiblity. you can have safe defaults and a design with
the prohibition of malicious code in mind, but with a powerful macro
language you can never rule out macro virii!

> I'm not aware of any free MUA for Unix which is as bad as MSOE. kmail
> won't even render HTML without explicit permission! MSOE is perhaps the
> biggest user-based (i.e., not worms) vulnerability of Windows.

true, but the issue has been discussed for years now! that doesn't solve
anything but perhaps one should focus less on the abominable IE and just
assume for the comparison that an alternative browser and an alternative
mail client are used. this is certainly not realistic, but when it comes to
IE and OUTLOOK, EVERY operating system wins against M$ with hands tied!

> I do agree with Johannes in that as more Windows people come into our
> world, they will bring their Windows ways, and some of their Windows
> problems will inevitably follow. Also, as our world grows, we'll become
> a more fun target for mischief-makers.

thx, but let's try not to make it sound like those millions of new users
are "our" enemies (whoever "we" are ;-). it's similar to child education:
new users have to be made aware what threats are lurking especially on the
net and what steps can be taken against those problems.
if all windows users had been instructed in such a fashion (and weren't
using IE/OUTLOOK), the internet and the world as a whole would be a better
place *gg*

> But I hope that we (particularly
> those of us who do the coding) have learned from MS's bad example of
> software design. That, combined with the underlying design of Unix,
> should prevent our virus problem from ever reaching the levels it has
> for Windows ... even among our clue-challenged newbies.

sure, i hope so too. i'm still not sure that it's so much about software
design (of course that's a grave factor), but about:

* secure defaults (windows lacks those EVERYWHERE - have a look at default
permissions of a samba share on W2K *arg*)

* sane options (don't allow users to do stupid stuff with a single click)

* hierarchical levels of security - isolate errors/attacks as soon as
possible and keep users AWAY from the kernel :-))

* a stable system which is totally independent of applications (X-server,
daemons, ...) (unlike IE being a core windows component*ARGH*)

* stick to the rule of giving minimal privileges (SELinux is quite
something here!). don't allow a browser to access ALL your files, why
should it be allowed to access any devices, ...

ok, that's it with my ramblings :-))
thx for your comments,

Johannes

Relevant Pages

  • Re: Pasting text without attributes/formatting
    ... change the default behaviour of pasting in Windows so it does this in any ... > paste command in Windows. ... However, in Word, you can use a macro to ... >> Jonathan Finney ...
    (microsoft.public.word.pagelayout)
  • Re: Word 2007 Save As
    ... should apply to all of Windows, not just Word and not just Word 2007. ... it may help if you post the part of the macro code ... The error message came from Microsoft Office Word. ... This happened (all templates and words at network) when I open template ...
    (microsoft.public.word.vba.customization)
  • Re: difference between XL VBA on Windows and the Mac???
    ... difference between XL VBA on Windows and the Mac??? ... This same macro runs fine on a Windows computer. ... Excel on a Mac uses the VBA equivalent of Excel 97. ...
    (microsoft.public.excel.misc)
  • Re: MACRO for dual screen screen captures pasted into PPT.
    ... ALT PRINTSCREEN wont fill the requirement because I need to capture multiple ... Selection: Invalid request. ... Select the pasted picture each time before running the macro. ... SOFTWARE is Office 2007, Windows XP. ...
    (microsoft.public.powerpoint)
  • Re: MACRO for dual screen screen captures pasted into PPT.
    ... Selection: Invalid request. ... Select the pasted picture each time before running the macro. ... msoScaleFromTopLeft ... SOFTWARE is Office 2007, Windows XP. ...
    (microsoft.public.powerpoint)