Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall

From: Lassi Hippeläinen (lahippel_at_ieee.orgies.invalid)
Date: 05/07/04

Date: Fri, 07 May 2004 06:31:15 GMT

Richard H Miller wrote:
> Lassi =?iso-8859-1?Q?Hippel=E4inen?= (lahippel@ieee.orgies.invalid) wrote:
> : Leythos wrote:
> : >... Once the Nix systems
> : > and apps hit the desktop with as many installs as Windows you'll see
> : > weekly exploits about them too.
> : Not likely. Unix has been hacked (and attacked) many years longer than
> : Windows. And Unix architecture is far better than Windows, in the sense
> : that software modules can be isolated from each other.
> : -- Lassi
> This is not correct
> 1) If you are talking about the kernels of the two systems, the NT OS has
> a more secure design. The ability to implement security is part of the
> kernel [This is based on previous disclosures by Microsoft and knowledge
> of the ancestors of NT]. Security is part of the kernel design. You can
> design isolation into the software.

I haven't analyzed it, and I don't believe blindly what Microsoft
claims. Real life tests show that even if security is available, it
isn't being used much.

> Security in Unix is a bolt-on. It has not been integrated into the kernel
> but is an add-on. Module isolation is not part of the design of the kernel
> and many of the exploits rebut the concept of module isolation.

There are sandbox versions of Linux. Using them is as fair as calling
both 9x and NT with the same name...

> You can implement a more secure platform using the NT kernel than a Unix
> kernel. [Bear in mind that you can also design even more secure systems
> if there are hardware assists for security. The Unisys 1100/2200/[whatever
> it is now] actually contains hardware elements that aid security]

If you mean 'rings' in memory protection, the idea goes back to Multics
(at least). And Unix inherited the basics of memory management from it.
Also IBM had its own tricks.

Intel supported hardware memory protection already in 80286, but Windows
completely ignored it. 80386 had even better memory management features.
That is why Linus Torvalds started porting Unix to it, which lead to

-- Lassi