Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall

From: Richard H Miller (rick_at_bcm.tmc.edu)
Date: 05/07/04


Date: 7 May 2004 18:12:20 GMT


Lassi =?iso-8859-1?Q?Hippel=E4inen?= (lahippel@ieee.orgies.invalid) wrote:
: Richard H Miller wrote:
: >
: > Lassi =?iso-8859-1?Q?Hippel=E4inen?= (lahippel@ieee.orgies.invalid) wrote:
: > : Not likely. Unix has been hacked (and attacked) many years longer than
: > : Windows. And Unix architecture is far better than Windows, in the sense
: > : that software modules can be isolated from each other.
: >
: > : -- Lassi
: >
: > This is not correct
: >
: > 1) If you are talking about the kernels of the two systems, the NT OS has
: > a more secure design. The ability to implement security is part of the
: > kernel [This is based on previous disclosures by Microsoft and knowledge
: > of the ancestors of NT]. Security is part of the kernel design. You can
: > design isolation into the software.

: I haven't analyzed it, and I don't believe blindly what Microsoft
: claims. Real life tests show that even if security is available, it
: isn't being used much.

I never disputed that. What I dispute is your claim Unix architexture is
better than Windows. My discussion was on the basis of security architecture.

The NT kernel [including the W2K and W3K] has security designed into the kernel.
Among the concepts are:

The idea of security parameters and user account settings that allow a much finer
granularity than admin/non-admin [or rott/non-root]

A file system design that also allows greater flexibility in designing discretionary
access control

Everything I have seen about the NT code base shows that security was part of the
architecture and *potentially* allows a secure implementation to be developed.

I do not see any indications that the design included mandatory access controls and
I am pretty sure no attmept was made to close covert channels.

: > Security in Unix is a bolt-on. It has not been integrated into the kernel
: > but is an add-on. Module isolation is not part of the design of the kernel
: > and many of the exploits rebut the concept of module isolation.

: There are sandbox versions of Linux. Using them is as fair as calling
: both 9x and NT with the same name...

I have no idea what you meant here. The Unix kernel does not include any security
built into it. Security in Unix is an add-on [a well done add on that does provide
good implementation but it is still an add-on]. The unix user accounts still do not
have the concept of differential authorization [you can grant higher priv's to
individual accounts without giving them root].

: > You can implement a more secure platform using the NT kernel than a Unix
: > kernel. [Bear in mind that you can also design even more secure systems
: > if there are hardware assists for security. The Unisys 1100/2200/[whatever
: > it is now] actually contains hardware elements that aid security]

: If you mean 'rings' in memory protection, the idea goes back to Multics
: (at least). And Unix inherited the basics of memory management from it.
: Also IBM had its own tricks.

Do I do not. I wrote what I meant. Unix inherited the basics of memory management
from Multics but did not have the hardware structure to implement the Multics
model.

: Intel supported hardware memory protection already in 80286, but Windows
: completely ignored it. 80386 had even better memory management features.
: That is why Linus Torvalds started porting Unix to it, which lead to
: Linux.

But this still is not the same has having security designed into the hardware and
using that to assist in your system design

>From my standpoint, Unix [and Linux] as well as Windows are not as well developed
and implemented in the terms of security as the systems I worked on. All three
have deficiences in their design and implementation that make them not as secure.

It is highly unlikely that either of these system will achieve anything higher
than C2. The Unisys 2200 [C series] actually got a B2 rating and the M series
was designed to potentially acquire a B3 rating.

I also want to remind people that I have made no claim that Windows NT and above *as
delivered* is more secure than Unix or most Linux distros *as delivered* today. This
is not the case. Hoewever, as has been stated by others, one can harden a Windows machine
so that it can function with certain things open to the net. I would be more prone
to use Unix in this case.