Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall
From: Richard H Miller (rick_at_bcm.tmc.edu)
Date: 05/08/04
- Next message: Casey: "Re: WatchGuard FireBox III?"
- Previous message: Duane Arnold: "Re: WatchGuard FireBox III?"
- Maybe in reply to: Lars M. Hansen: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall"
- Next in thread: Phil Da Lick!: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 7 May 2004 22:29:41 GMT
Luke Tulkas (Luke_Tulkas_88@hotmail.com) wrote:
: "Richard H Miller" <rick@bcm.tmc.edu> wrote in message
: news:c7gjnc$fc2@gazette.corp.bcm.tmc.edu...
: >
: > Luke Tulkas (Luke_Tulkas_88@hotmail.com) wrote:
: >
: >
: >
: > : a) Is there such a thing as a kernel in Windoze? (I asked the same
: > : question some time ago and didn't get any relevant answers.)
: >
: > Yes
: Which part(s) of the actual installation represents it?
: Specifically: the Windoze GUI is integrated (whatever that means, if it
: means anything at all). Is that "integration" referring to "being part
: of the kernel"?
no...this is where microsoft is diverging from a good concept by 'integrating'
non-kernal stuff in the minimum runset
: > : b) When you say NT OS, do you mean just the NT or it's successors
: (2000,
: > : 2003, whatever) also?
: >
: > Everything in the NT code stream NT 3.51 through W3K
: OK.
: I'm really curious about a couple of things. NT had drivers in protected
: mode. Since the great unification (and one can't have that without kids
: being able to play games, can one? ;-)) those drivers are out in the
: wild. Any faulty driver (intentionally malicious or not) is a potential
: liability.
: 1. Since M$ honchos are trying to convince us that every new flavour of
: Windoze is more secure/stable then the previous one, how does that
: "compute"? Specifically: was that protection a part of the kernel or
: not?
: 2. Why would anyone invest anything into (making of) a kernel with such
: security potential if one then makes a complete mess out of the
: surrounding system?
Who knows. I strongly suspect the marketing god of 'compatibility' reared
its head here along with its mate 'rich feature set'. I have never said the
implementation of the NT line represented a good security mix. Microsoft
choose not to use the power their kernel people provided to implement a good
user shell. I strongly suspect they made a bunch of decisions especially in
the desktop NT systems to enable them to be used without effort by the consumer.
Having to give a user full admin rights to install software is stupid. Allowing
direct access by application programs to hardware devices is stupid. The memory
model they use is stupid. Much of this goes back to making sure the consumer's
game device still works or programs written for WFW still run is a decision that
causes much of the problem. By the same token for Unix, having a magic UID that has to be
used for all priv'd operations is stupid. Allowing an application to switch into
priv'd mode is not really smart.
>From what I have seen, XP is starting to go down the correct path. whether it
gets there remains to be seen. There are still too many critical pactches and
some of the latest ones represent real doozies. However, in many cases, the fact
the underlaying fualt goes back into the W9X code line indicates to me we are
seeing problems with old code.
Remeber also that NT did run for a while on the Alpha chipset.
The bottom line, as Lars has also indicated, is to use the appropriate platform
to accomplish the task. Whether people like it or not, the current 'best' platform
for office style work is MS Office. Many of the thick client ERP systems will
only run on Windows machines. If I am trying to develop a fairly complicated file
security model, NTFS provides better granularity than the Unix model of owner,group
and world permissions.
I like Linux. We use it for several of our platforms and it is being used more and
more by our researchers. If Linux can really get application suites that provide the
same functionality as windows, I would really push for them when appropriate. I am
uneasy about the increasing monoculture windows does represent and hope that Linux
can occupy some of the current microsoft space.
We also use Solaris and have a large number of MAC systems.
None of the current systems is as good as systems 10-15 years ago in provide a rich
configurable and useful security envoronment. Multics, OS1100/2200, MCP and MVS all
provided security embedded in both hardware and software.
On the whole, in the current envirnment, *NIX is slightly easier to configure to be
secure. All thing equal, given a choice between *NIX and windows I would currently
implement on *NIX. Hwoever, I will implement on Windows if required and I can secure
it. *There are no absolutes in this profession*
- Next message: Casey: "Re: WatchGuard FireBox III?"
- Previous message: Duane Arnold: "Re: WatchGuard FireBox III?"
- Maybe in reply to: Lars M. Hansen: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall"
- Next in thread: Phil Da Lick!: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
