Re: Microsoft finally acknowledges the security drumbeats

• Next in thread: Bruno Wolff III: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: Bruno Wolff III: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: Philip J. Koenig: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: Jeffrey Siegal: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: Ken Ashe: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: John R Pierce: "Re: Microsoft finally acknowledges the security drumbeats"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: John R Pierce <spam@is.invalid>
Date: Thu, 31 Jan 2002 10:30:02 -0800

On Thu, 31 Jan 2002 14:33:02 GMT, alun@texis.com (Alun Jones) wrote:

>While that is definitely true, and I have my own experience to show me that
>the personality of a company is often indicative of that of "the guy in
>charge", it's also worth noting that when the NT architecture was designed and
>developed, it was not solely a Microsoft project, and it was not developed by
>old Microsoft hands. New blood was brought in - IIRC, the head of the project
>was formerly in charge of design for VMS (a quite securely designed OS, I
>think we can agree), and the project was twinned with that of IBM's OS/2
>development. Indeed OS/2 and NT split when Microsoft and IBM split on that
>project. The core architecture design is likely to be the same between the
>two systems.

actually, it really isn't. OS/2's kernel was about what you'd expect
from a 'multitasking DOS'. It was monolithic, it had no security model on
internal OS objects, in many ways it was built on a traditional OS models.

NT by comparison was written from the ground up to be a microkernel
architecture with both a hardware abstraction layer (HAL) and system level
APIs implemented by plugin subsystems (initially including Posix, OS/2,
and Win32, although they ended up dropping all but win32 after a few
iterations), and designed from the ground up around a robust security
model where every 'object' in the core system, at the kernel level, had an
access control list associated with it. In the name of performance, many
of these fundamental design decisions have been compromised over the
various iterations (for instance, NT4.0 moved the GDI subsystem and its
associated display drivers to ring 0).

Virtually *ALL* of the security issues around NT/2000/xp have revolved
around bolted on system services, not the fundamental OS core. Due to its
primary use as a Windows desktop system, and the far-too-common sloppiness
of windows based application software and setup programs and their
single-user mindset, its sadly too common for most NT/2000/XP users to run
with Admin privs in their regular user account which greatly increases the
security risk.

It is in fact quite feasible to nail down a NT or win2000 server to quite
reasonable levels of security, I'd go so far as to suggest its not
fundamentally harder than securing a Sun Solaris system where you have to
rip out and replace all sorts of subsystems (the bind, sendmail, etc in
standard solaris are based on really old versions), or typical Linux
distribution. The NSA has produced some pretty good albeit draconian
guides on this... http://nsa2.www.conxion.com/win2k/index.html

• Next message: gaius.petronius: "blocking RFC 793 ports 1024-49151"
• Next in thread: Bruno Wolff III: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: Bruno Wolff III: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: Philip J. Koenig: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: Jeffrey Siegal: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: Ken Ashe: "Re: Microsoft finally acknowledges the security drumbeats"
• Reply: John R Pierce: "Re: Microsoft finally acknowledges the security drumbeats"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]