Re: 10 Immutable Laws of Security

Yes, I fully agree.

When I first took up NT I was astounded to discover that most APIs
that created anything had an argument for a security descriptor, but that
supplying a NULL was the common practice, and this resulting in no
ACL in the descriptor on the new object (meaning Everyone Full).
The MS left hand obviously did not use effectively what the MS right
hand had designed, nor make efforts to encourage others to do so.
That was then, but old habits die hard and problems linger.

This however is to me a usage/practices issue (i.e. use all this "extra"
stuff as if it is DOS, that is, null no-op it out). So if that is "the
model"
then yes, I can fully agree. I was taking "model" in an architectural
sense, as in what plumbing exists, apart from whether it is well used.

Roger

"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote in message
news:uieguUu0GHA.4448@xxxxxxxxxxxxxxxxxxxxxxx
I agree with you the actual underlying tools for security are there with
the NT family with the possible exception of drivers. The problem is that
Microsoft has for years endorsed if not encouraged sloppy programming which
forces everyone to run as administrator all the time. Because programmers
expect to be able to do what they want their programs are vulnerable to
being used to exploit the system. If everyone ran as standard users and
programs actually worked that way all the UAC stuff in Vista and a lot of
malware would magically disappear. This is what I meant by security model.
All the Linux distros and Unix variants I have worked with assume no one
runs as root and programs are written to work with this model. In Windows
very few programs are written to work with this model.

--
Kerry
MS-MVP Windows - Shell/User
http://www.vistahelp.ca/forum/Forum.htm


Roger Abell [MVP] wrote:
Hi Kerry,

Yep, I hear you . . . to an extent.
Until the code for climbing out of a vm hosted environment
gets into the sploit libs, I will just stay with the browser in a
vm guest where I can elect to discard all changes.

So, why did I say "to an extent" ? I have run Unixes of
various vendors, IBM mainframes and AIX, worked with
DEC VMS, with Multics, and others . . . and I believe that
the Windows NT family has the best security model of them
all. Why? Because it is rich in what one can do with it, and
it is strong if one does not do dumb things to defeat it.
In other words, had you said not "it has a better security
model" but intead something like "it has a sufficiently more
simplistic security model that one needs to be really, really
dumb to defeat it by mistake" then I think we would fully
agree. Of course, the human factors implied in this, due to
the richness, might be argued to be a shortcoming of the
security model itself. I however am just indicating that the
implemented design (with ACLing being applicable to any
named object, with the richness from the group architecture,
and with the realtively amazing performance despite the heavy
overhead) is IMO superior to any other general purpose OS
in common use. (IOW we agree but I am picking lint <g>)

Cheers,
Roger


"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote in message
news:uEXpq3p0GHA.4312@xxxxxxxxxxxxxxxxxxxxxxx
I hate to say it but I use Linux when I have to browse to a dodgy
site. Firefox, Opera, etc. all have known flaws especially if java
is involved. Firefox has become popular enough that it is targeted
by some exploits. Other popular Windows programs have been targeted
as well. For all the Linux zealots out there this is not because I
believe
Linux is somehow better. It does have a better security model than
Windows and is definitely not targeted like Windows is.

--
Kerry
MS-MVP Windows - Shell/User
http://www.vistahelp.ca/forum/Forum.htm


Roger Abell [MVP] wrote:
"Ian" <Ian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9F105E0A-548D-45B7-B506-C07BCE876BAB@xxxxxxxxxxxxxxxx
<insert>
Law Zero: If you want your computer to live and thrive.. Don't
browse untrusted websites with IE!
</insert>


Very true, unless one does much customization of the zone settings.

Some would have us say "don't browse with pre-7 versions of IE,
but perhaps the jury is still out on that one.




.

Relevant Pages