Slashdot Mirror
The World's Most Secure OS (?)
Anonymous Coward writes "Titled The World's Most Secure OS, this article in The Standard talks about what is needed to be "Secure by Default"" Probably the best OpenBSD article I've read in recent months. Theo doesn't pull his punches (then again, he never does), in particular, discounting the "more eyes means better security" philosophy. Then again, he's probably right.
[ Update: noeld wrote in with a link to a similar article at rootprompt.org. Must be something in the water. ]
wrighty.
does that mean that bill gates has been telling me naughty lies? i thought windows 2000 was the most secure...
oh i feel so used now...
*burns all his clothes and jumps into the shower sobbing*
Be you Admins? nay, we are but lusers!
you mean other peoples emails?
oh *that* sensitive data...
Be you Admins? nay, we are but lusers!
What makes it so hard for RedHat or any other company that produces Linux distros to come up with a super secure system like OpenBSD or FreeBSD?
Not to say that linux is insecure, but why can't they just configure linux to be secure right out of the box. Default installations shouldn't include freaky services and programs. Users should add the programs that they want by themselves.
For administration it's so nice to have SSH installed by default, so I don't have to worry about some kiddie on my LAN running a port sniffer on my telnet session. It's also kind of nice that it never crashes unless I do something particularly stupid (which I think I have thus far avoided, oh except for that time when I didn't have a swap partition.)
Theo is certainly a character. His work speaks for itself.
The mailing lists are just the way they should be; interesting, very technical, very easy to offend, and really amazingly helpful.
I've also been pleased with the fact that IPSec is built right on in there, so when the time comes for me to play with VPNs, I'm already 90% of the way there.
Now, whether or not I'd call OpenBSD user-friendly or easy to use, that's a different story. I guess I feel pretty good about having a Unix-y/BSD box around that makes me learn more CLI stuff every once in a while.
Free music from Jack Merlot.
Every open-source project needs someone like this on the team, regardless of his/her other abilities.
- Derwen
http://fsfeurope.org/
While on the whole, I don't agree with MS' practices (coding, design, law, etc.), I have to agree with them on the judgment they made the other day (or week, who am I to remember all this crazy tech news) with regard to the default password on SQLServer 7.0.
There is a certain level of aquired knowledge and experience that I believe is necessary to work at the professional level; especially when it comes to the Internet and public software applications. One of the things that any admin knows (or at least should know!) is that you have a hard password and you change it often (I change mine on my server at home on a weekly basis).
My point is this: while an NT admin (or MCSE brat; whatever is at hand) might be able to get away with using a software with a default password, and then blame it on MS, a REAL admin knows his/her system and knows better than to not change a password. BSD is not only more secure because the default install is smart, it is more secure because the user is too.
BSD is secure because it is developed by security freaks that audit (and reaudit) the code looking for possible exploits and programming errors that could compromise a system. They have a zero tolerance stance when it comes to security, and I can do no more than commend them on this. Good job guys and gals, all of us BSDers are thankful and appreciative for all you hard work.
Rami
--
rJames.org - illustration
The power source of my home computer stopped working yesterday. Now that is the most secure system in the world.
If you can hack it, you are truly a real guru.
I use OpenBSD for my firewall/NAT box at home, and installation is dead-simple, quite painless, and only installs the bare basics - no need to sit through half an hour of clicking widgets to select packages.
I like Linux - None of the BSDs have the software base that Linux has, and it's a lot speedier. I don't need the security for my X box - after all, it's behind the OBSD firewall, and SSH tunneling is my friend when I need to access it from the outside.
What I'd like to see is a Linux distro which installed the bare basics - glibc, gcc, net-utils, bin-utils, file-utils, kernel, etc, X optional. Not something like Mandrake or Red Hat which has evil tendencies to put both GNOME and KDE on your box whether you want to or not.
The closest thing I've come to this is following Linux From Scratch's excellent instructions and compile the entire system from source - this is admittedly a lot of work, but at least you _know_ what's on your box when you install it, and you don't have to worry about vendor-specific kernel modifications and all that crap... And I ended up with a distro of <250MB after installing the most important things, including the full kernel source unpacked. This as opposed to the 800+ I had cluttering my disk after I put Mandrake 7 on it.
So, distributors, are you listening? I think there would be quite a high demand for something like this, especially from power users... BareBones Linux, anyone?
--
Pokéthulhu
Gotta catch you all!
The way I see it:
And what is so great about these three groups is that they steal code from each other. What is in one will eventually turn up in the other.
-- The universe began. Life started on a billion worlds...
-- Except on one where stupidity was there first.
Of all out-of-the-box OSes OpenBSD probably is the most secure. But if you want security you don't use a default installation. Other OSes just need some more work to get at the same level.
Ceci n'est pas une
Everytime I read op Bugtraq that "OpenBSD fixed this vulnerability five months ago through a standard audit", I wonder, why the heck don't they make this fix more public, so other OS's (freebsd, linux, whatever) can also profit from it.
I'm not so paranoid to think that OpenBSD wants to keep their fixes to themselves, in order to stay "the most secure OS out there".
So what is it then? Do other OS's developers just don't look at the OpenBSD pages to see what's fixed?
If it's a public tool (e.g. GNU), do the OpenBSD people submit a patch back?
If the OpenBSD keep up the good work, I think everyone can profit from it and then Bugtraq will read "Thanks to OpenBSD, all OS's fixed this vulnerability 5 months ago"
<grub> Reading
Now would be a good time to remind you of kha0s Linux
http://www.kha0s.org (thats a zero, not an "o") which tries aims to be secure by default.
I wonder if Redmond Linux will try and be as secure as windows (http://www.redmondlinux.org/)
--
dont Mark me up as informative
(Reverse physcology for those bastards who keep on moderating me down from 1 to zero)
The only truly secure box is the one that is turned off. If you want a secure linux box, then pull the plug out of the back of the damn wall.
BSD is better or should I say it is easier to install the OS so that all the obviously compromising crap is turned off or not installed.
What I want to know is whether or not the more expensive Redhat secure server could stand up next to a properly configured standard issue BSD box?
ACK
OpenBSD does an amazing job of presenting an extremely secure distribution, I will stipulate that right at the get go. I think it's a bit premeture to say that it's the Most Secure OS though. There are a number of implimentation of the DoD B1 security standard (as applies to operating systems, specifically) in the world - these include Trusted Solaris from Sun and PitBull from Argus Systems Group.
Granted, these operating systems take a quite different approach to security (rather than requiring strict application audits as in OpenBSD they instead try to eliminate the need for such audits through strict kernel control manifested in a number of sneaky ways). These systems have been, and are currently widely used by military, intelligence, financial, and, increasingly, high end e-commerce systems. In an attempt to increase public awareness and popularity of PitBull Argus Systems Group has begun giving it away for non-commercial use. Anyone interested in high security servers is highly recommended to check it out. It's no holy grail, and by no means the right solution for every problem, but it is a very interesting take on the problem, and quite a different way of looking at system architecture and administration than most of us get exposed to on a regular basis.
None of this is intended to steal OpenBSD's thunder - it's a great accomplishment, and far closer to existing operating environments than it's B1 counterparts (which makes it more accessable, and more flexable). Often, a B1 system will be severe overkill (or just too much of a pain to configure and manage), where OpenBSD will just work. So I'm not saying that OpenBSD is no good, I'm just saying that choosing the "Most Secure OS" isn't quite so clear cut...
Oh, BTW, there is a Trusted BSD project, but it's fairly young and as I understand it building a trusted OS is quite time consuming. When it's ready I think it will likely kick ass, but it may yet be a long way off.
--
Behold the Power of Cheese!
Has OpenBSD never been submitted for security evaluation. M$ went to big heights over the C2 stamp on NT4. How about an officeal evaluation of OpenBSD's security
BTW, is a cut-down version of OpenBSD still OpenBSD?
Okay I have to admit I don't know shit about BSD, but I could see the point to have such a project... Even if it's just to say to your boss "look pops, it's OpenBSD booting a write-protected media, it's bound to be secure!"
---
"Hasta la victoria siempre!" El Comandante
There is a Linux distribution with much the same philosophy. It's still being worked on from my understanding of things, tho I'm not at all an authoritative source. The name of the distribution is Nexus and the website is here. As usual, the proper reply to "Why isn't there a widget for this?" is "Because you haven't written it yet." If you want this, help out and do what you can.
The Department of Defense has four classes of operating system security where A is the best and D the worst and where the C class has two subgroups C1 and C2. OpenBSD as (almost) all other unices are at level C1 but Windows NT (and proably also 2000) are at level C2 (a higher level), however I think few would use theese operating systems in environments OpenBSD normally serves. Still when you read about operating system security the Windows guys can always claim they are using the more secure OS. Maybe we could (kindly) ask the Department of Defense to intruduce another OS scale ... Bug-free-ness...
It's not secure...I only know of one OS that's fully secure (remotely). MacOS, hehe. Try to root my box :)
http://www.xpurple.com
If anything, he discounted the idea that more Linux users makes Linux more secure than OpenBSD. He says that most of these people can't write programs over 300 lines, and that they're no real help to the security of the system.
But that doesn't discount the idea that, for a given system, more eyes make for better security. OpenBSD would be more secure if more people were doing the same thing that Theo does with it. Okay, there's a possibility of too many chefs spoiling the stew at some point,I guess, but in general I think that it's pretty clear that more eyes looking at a given system makes that system more secure than it would be with fewer eyes.
Anyone arging that any system Foo is more secure than any system Bar if more people are looking at Foo than at Bar has a problem with their logic. (And, granted, most people have a problem with logic.) Like one person posted, his system is pretty secure now that the power supply has failed...
Rather than say that he discounts the "many eyes" argument, I would say that he brings out how important a few well-trained eyes spending a lot of time on a set of code can be. That's easy to forget (or to never know if all you know about writing code comes from reading ESR...).
FWIW
--
Liberty uber alles.
(PS: This isn't flamebait - I don't use either Linux or BSD in anger...)
Do you have a citation for the 260 copies of OpenBSD used for "most sensitive data" BTW?
This story details that the NSA (the people who dictate what platform is used for greater than Secret data) are progressing with Linux as a new secure platform. Though this doesn't mean BSD will not be considered, it's fairly indicative.
I've often thought that Linux versions should include more crypto/security as standard (e.g. SSH, GPG, EFS, IPSEC (or even PPTP!), secure file deletion etc etc).
Rgds, Sam
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
OpenBSD certainly is a strongly secure O.S., and such level of security is also -but not only- due to some facts: it has a small, then more maintainable, code base; its developement can exploit the experience matured by all other OSs out there. Actually, it is no secret that most security bugs stem from bad programming attitude and that security-conscious programming is possible. I do not need OpenBSD at the moment, but to know that there is an OS programmed with security always in mind helps me sleep well, for when I'll need it I'll know where to find one.
Well it's mentioned in the article.
And it was posted on /. what more could you ask for?
wrighty.
Theo has a security audit model that works terrifically well - having trusted, talented people audit the crap out of the code and being real finicky about releases.
The Linux model (and the generic Open Source model, at that), relies on a broad pool of users with code access reading and using it. A lot of bugs, many of them security-relat, will be found this way.
However, though security bugs will be found and fixed with the infinite-monkeys methodology, it does fall short on finding security issues proactively. You can find a lot of holes in that fashion, but to really ultra-secure and OS, you need people who are as freakish about security as Theo. The other side of that is that the users who seek out OpenBSD are also likely to be much smarter about security themselves.
Linux is a reasonably secure OS for the "average" user, and the methodologies are adequate for the end result. The companies distributing the OS need to be more proactive about looking for holes, though - there's a lot of ways to root a Linux box, and the consequences of allowing it to happen are sufficiently high that it's worth more work to find holes before they get into the distro.
Say what you will about Microsoft, but their Windows Update is a really nice mechanism for distributing patches and updates - none of the Linux vendors (even Mandrake) come close to that level of functionality. Most Slashdot readers will be fairly proactive about their boxes, but that doesn't mean all Linux users are like that. They need an easier way to patch and update their boxes when holes are found.
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
"buffer overflows" (which overwhelm a machine with data packets)...
Correct me if I'm wrong, but a buffer overflow is _not_ overwhelming a machine with data packets. That sounds more like a DoS attack. A buffer overflow is more like declaring a static char a[20] then exploiting the 20-character limit, inserting malicious instructions in the "over-the-20-character-buffer" overflow to be executed. If the program is, say, a daemon or a program run as root, well the overflowed instructions are also executed as root, allowing one to create an account, open a port for himself, yadda yadda yadda...
Buffer overflows have plagued the software industry for years, and are obviously more apparent in OS's that are connected to the Net. I'm sure MS Office is just full of 'em, but they're not always easy to discover.
However, the notion that OpenBSD is the "most secure OS", or even the "most secure OS in common use", is absurd. Nor is it the most secure OS "out of the box". Rather, it is the leader in out-of-the-box security in a rather narrow set of popular, open-source, Unix-like operating systems.
There have been commercially-available mandatory access control Unix-based operating systems on the market for years. The "trusted" variants of the commercial Unices are great examples. These operating systems get their security from the compartmental design of the system, and are thus largely immune to (unavoidable) trivial programmer errors.
A great microcosm of this same competition exists in the free SMTP MTA's. Modern, secure mail transports are written in a compartmentalized fashion, so that a bug in one subsystem doesn't compromise the whole thing, or worse, the whole OS it runs on. Systems like Venema's Postfix and Dan Bernstein's qmail (which has never had a published security hole) are examples of this design.
Meanwhile, legacy MTA's like Sendmail and Exim remain popular, despite a history of insecurity. Sendmail's authors would happily claim that, after literally decades of audit, it is secure despite a monolithic design. Nobody that takes security seriously buys this argument anymore, though, because effective alternatives exist that are built on a more secure design. So what's the difference between Sendmail and OpenBSD? Well, OpenBSD is orders of magnitude more complex and has had less than 10% of the long-term attention that Sendmail has had.
Calling OpenBSD "secure" in light of competition from Argus Secure Solaris or even wrapper systems like SeOS is not much better pitting Sendmail against qmail.
It's definitely true that in practical terms, OpenBSD is a more trustworthy distribution of free Unix code than Red Hat Linux. However, with very few exceptions, OpenBSD's design remains stagnant and embraces an obviously-inferior security model. Who do you expect to implement compartmentalization and Mandatory Access Control first, OpenBSD or Linux?
My money is not on OpenBSD in the long run.
The topic of an OpenBSD bootable business card (or simply a small CD-ROM installation) was raised on misc@openbsd.org recently. I believe there's an interest in the project, and one correspondant was going to contact one of the people who'd helped put together the LinuxCare BBC (a pimp-ass Linux-on-a-CD distro that's with me always). Sorry, forget names, but check the past couple of weeks of archives.
My suggestion was that such a distro would be a great admin/rescue/demo tool, particularly if it allowed someone to set up a firewall with the system. One plus of OpenBSD is its union mount method, which allows mouting nonwritable media ass if they were a writable filesystem (I've heard that this may be a feature of the 2.4 Linux kernel as well). This allows for both the security of having nonvolatile media, and the flexibility of a mutable fileystem. Pretty cool.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
main(O){10<putchar(4^--O?77-(15&5128 >>4*O):10)&&main(2+O);}
Users != programmers. I don't think anyone who uses the phrase "more eyes mean better security" conisder the "eyes" of people who never work with the code. His statement is FUD and flamebait, but then again, that's consistent with his reputation.
Obviously a focused audit will be more effective then casual debugging, but that scales as well.
Actually Debian does a great job with network updates, although it uses a command-line interface instead of a button. RedHat also has similar functionality in RPM and a fairly nice GUI interface to this tool called GnoRPM.
Both of these tools are much better than Windows update IMHO, because they also update applications (including server applications with security holes) in addition to updating the kernel itself.
I'm fairly certain both of these distributions had this functionality before Microsoft "innovated" the Windows update mechanism.
--d
std::disclaimer<std::legalese> sig=new std::disclaimer; sig->dump(); delete sig;
If you read the Microsoft NT C2 Configuration article closely, with comprehension, you'll find that it speaks of NT 4.0 being evaluated, but never certified, as being C2 compliant. This was addressed in this BugTraq post. Believe you me, if NT 4.0 had been certified, Microsoft would be singing it to the heavens. But they don't want you to know that. You'll also note that "The C2 Administrator's and User's Security Guide" is itself a MS Windows executable (http://www.microsoft.c om/technet/security/exe/C2SecGuide.exe), hardly the most secure and safe way to transmit data around the Internet. Anyone got an open-standards version of this document?
They also don't want you to know about the man they killed after he first got WinNT 3.51 C2 certified, then told Microsoft that it would not be possible to get C2 certification for WinNT 4.0. Ed Curry, military man, NSA-certified technician, and a former independent contractor for Microsoft first had his business, health, and ultimately life destroyed. I knew Ed only from online encounters in Nick Petreley's InfoWorld forums, but the man was a friend, willing and capable of sharing fascinating information. Ed Curry died in December of 1999 of a stress-induced stroke. He is survived by a wife and young daughter.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
Besides, evaluation requires huge amounts of $$$ and documentation, and may not actually involve an exhaustive code audit. (C2 certainly does not.) Frankly, Theo is not impressed with TOS evaluations, and might have to wea ken OpenBSD's crypto to get such a rating.
It is much more reliable to just turn things off until you have time to audit them.
OTOH, Theo's decisions are not flawless. C2 would require ACLs, and Theo does n't want them in OpenBSD. I think he's correct, that they usually are a problem, but I think that an admin should have the option of using them.
We digress a little here, but M$ introduced Windows Update as part of Windows 98, in mid '98. The Red Hat update wizard they have arrived with the debut of RH 6.0, whenever that was. Sure, the Linux update wizards are robust and capable, but the Microsoft one was there real early in the game, and it works very well. They update any apps that Microsoft is willing to allow into the MS sandbox (for instance, Flash and Shockwave updates can be downloaded from it), but not third-party apps in general.
They also have an Office Update site as well that uses the same technology (a funky ActiveX control) to check for and patch Office 2000 code.
What Microsoft doesn't do is roll every single update into Windows Update - a lot of the security hole patches for servers are only accessible from the kbase article or the Security homepage. Windows Update is more focused on the consumer OS and apps.
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
10 programmers, working every day for 18 months would have to audit over 65k of source per day to reach 350 megabytes. My guess that on average, 65k of source would end up being about 1800 lines of code.
I wonder (a) how much of that is in comments and (b) if perhaps some portions do not need to be audited.
WWJD? JWRTFM!!!
Actually, GCC should be highly discouraged on a firewall/bastion host. Never give the kiddies any breaks.
I like music
[shudder]
I greatly admire Theo's work. I just don't think you'd want two of him on the same project, maybe even the same planet.
--
--
E_NOSIG
Anyway, if you do look for a link, good luck:
Looks like he's been purged with Stalin-like efficiency
- Derwen
http://fsfeurope.org/
Agreed... yet you can always remove it later, but then again, what's going to stop a kiddy from just download binaries... *shrugs*
I'm no security expert.
-
Don't you mean aychteeteepeeslashslashslashdotdotorg?
well, duh. no networking, no services of any kind, and, well, that's it.
:)
if you don't have console access, you can't get into even the least secure minix box
- Entertaining Bits from the Ancient Kernel Tree
It blows the MS mechanism into tiny chunks.
:) You could also use one of the "console GUI" tools such as capt or aptitude, or an X-based tool like GnomeApt.
:)
Debian has apt, which has several advantages over Windows update:
1. Debian is mirrored on several zillion servers, so if one is slow or down, you can simply choose another. Route to MS gets messed up? Too bad for you...please hang up and try again.
2. You can update ALL of your packages, barring those you've had to compile from source, which, considering the sheer volume of Debian packages, =="not bloody many".
3. You can use it from the command line, which is a good idea if you're updating X-Windows
4. You don't have to do anything evil like run ActiveX controls to use apt-get.
5. Apt-get will let you upgrade the ENTIRE SYSTEM AT ONCE. Try using Windows update to move from NT 4.0 to Windows 2000 -- without even rebooting
WMBC freeform/independent online radio.
This reminded me of an experience I had about ten years ago. Right after college, I spent a few months working at a retail PC store while looking for a good engineering job. One day, a guy came in asking for advice on how he could keep his system secure while he was at work. He claimed that "they" were getting onto his PC, he knew this because files that were in one directory would be moved to another directory. I assumed that he was leaving his PC on so that he could dial into it from work but, when I mentioned this during the conversation, he told me that his PC was turned off all day. I explained that with no power, his HDD would not be spinning and there was no way that anyone could access it remotely. With a completely straight face he responded, "They can". He finally left relieved when I suggested that he unplug the phone line from the jack during the day.
Just wanted to let you know that power or not, "they" can still get at you.
Take a look at the BSD-derived OS shipped with the Sidewinder firewall, which they call SecureOSTM. Secure Computing has compartmentalization implemented in what they call Type Enforcement.
I do not deploy Linux. Ever.
The various BSD flavors (Open,Free,Net,BSDI) do compete against each other in some respects, but generally each has a well-defined niche, with minimal overlap between them.
There are some applications for which even I, ardent OpenBSD proponent that I am, choose another OS.
I do not deploy Linux. Ever.
Well, the MandrakeUpdate utility seems as easy to me as Windows Update. From their web page:
"An update utility called MandrakeUpdate is installed on your Linux-Mandrake desktop. All you have to do is launch MandrakeUpdate to update your system through a graphical utility. The program lets you choose your ftp server within a list of server mirrors. Then it fetches each update you have to make and lets you choose those you really need."
Yet no distribution of linux is as secure as OpenBSD. Your entire line of reasoning is specious, and you conclusion is unwarranted.
Theo is correct. Security analysis is difficult - even most experienced programmers have no idea how to properly apply security in their code. "More eyes" in this case are largely irrelevant and maybe even detrimental if they don't know what they are doing.
In any case, it doesn't appear that the linux community has mustered "more eyes" than the OpenBSD team, and your presumption with regards to this is largely naive.
It doesn't change the fact that they achieved the rating, and that by following the same guidelines, someone else can have their installation certified.
It doesn't, because that fact doesn't exist.
Its been EVALUATED. Not certified.
And no, you can't have YOUR installation certified, either.
Additionally - the 3.5 (not 3.51) Certification - *was* without a network or a floppy drive.
I simply intended to show that NT4 can be made C2 compliant, and put an end to the 3.51/no floppy/no network anecdotes.
You were simply, wrong.
First - its 3.5. On 3 machines (2 x86, 1 Alpha) with a certain service pack. And no floppy, no network card. its not anecdotal. Go find the facts, and read them.
And the default of NT isn't complaint/certifiable. NT 4 has *never* been certified as C2 (Orange Book) secure.
And attempting to put an "end" to the factual complaints based on a badly flawed understanding is not a good idea.
Addison
Most secure OS my @$$. OpenVMS right out of the box is literally orders of magnitude more secure than any *nix. NO buffer overflow exploits (never had 'em, never will). NO means of gaining priviledged access from a nonprived account. NO means of cracking passwords in SYSUAF (thanks to a strong one-way hash). Heck, you need a prived account just to look at SYSUAF! The amazingingly TINY handfull of security wholes which have occassionally cropped up in VMS over the last 23 years have been promptly corrected.
The only ways to break into a VMS system are:
- "Social hacking" -- tricking someone into telling you their password or guessing at sites with poor password policies,
- Packet sniffing at sites where SSH and other secure connection techniques are not used (again, a policy issue),
- Gaining physical access to the console and using documented procedures for by-passing password protection.
That is all. Period. There are NO other ways. Zero. The same cannot be said of ANY other OS.And don't hand me the "closed-source, proprietary OS, security through obscurity" arguements. The OS is better documented than any other in the world (most of it available on the web), including the system internals. Source listings are available for a fee for every part of the OS except those portions related to license handling (for obvious reasons).
If you want to secure your FreeBSD system a little more, check out SecureBSD
:o)
I haven't tried it myself, but it looks pretty good, and they have a nice logo too.
Actually, having more people around seems to achieve a different effect: less accountability to quality.
nosig today
I'm hopeful that Nautilus/Eazel will fill the role for Linux distros that Windows Update does for Windows XX.
You're not sufficiently paranoid. Why do you assume that those leaks were unwanted?
Haven't you ever seen Wag the Dog?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
mount /home and /tmp (the only place kiddies should be able to write to) noexec. that'll give 'em something to think about.
I clicked around (about ten clicks' worth) and couldn't find a nice technical document that told me what Pitbull was. There was a place to purchase it for $25, though. I didn't see anywhere I could just bust a download.
Lots of press releases, though. Is this an example of security through absurdity?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
debian had it before windows update. RedHat didn't.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I think you need to put down the bag and stop breathing vapors.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Maybe most secure Unix-type OS and/or most secure open source OS, by default or otherwise. But I think OS/400 is much more robust and secure, in total. -- BV
``"...buffer overflows" (which overwhelm a machine with data packets)...'' Since when?
--Ryv
I know Karsten from the same online forums that we both knew Ed Curry from. Microsoft did a ton of stuff to him. Some of which simply cannot be sustantiated. For instance after his company was destroyed, at one point he got a job, then his boss' boss got a phone call from Microsoft, and his boss was ordered to fire him. Which kinda sucks when you are supporting a wife and kid.
.sig.
As for the current location of that online community, follow my
BTW a question you probably have right now is whether or not we can be believed. Well we both have sufficient credibility to be automatic +2's on this site, and in fact were among the first batch of moderators selected here. You could also do a Google search for either of us. Or look for Ed Curry.
Yeah, what happened to him is pretty astounding. The lack of press reporting on it is pathetic. But I assure you that the basic story is true.
Regards,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
Else Microsoft would be jumping up and down screaming about how they were really certified. Instead they play BS word games and nobody calls them on it. :-(
Regards,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
I am an InfoSec professional, but this is not professional advice. Moreover, I really like OpenBSD, so please don't take this as a BSD flame. :)
:)
The problem with buzzwords is that they so rarely mean what their obvious meaning is. When I see "secure by default", that tells me "I can install OpenBSD in its default install, throw Apache and my MTA-of-choice on it, and it'll still be safe". That's what secure by default suggests to me; that a clean install of the OS and the daemons you need to run your business will be secure, by default.
The problem with it is that this isn't anywhere near to the case. I've got lots of kudos for OpenBSD's large, distributed security audit. I think it's a brilliant idea, and I wouldn't mind seeing Linus say "okay, for the next six months all development is frozen and we're going to audit our codebase".
Unfortunately, security audits are not synonymous with security. (Trust me on this one.) Security is a process, not a product; it cannot be magically generated by anything, not even OpenBSD's vaunted audits. You run into Heisenberg's Catastrophe at some point--assuming that your auditing process was complete and accurate, your codebase is safe; but then you have to audit the audit process to make sure you didn't leave anything out... then you have to audit the audit of the audit... and so on.
These are the main problems with audits that I've found:
LIMITED MANPOWER. The scorn that Theo heaps on the Linux community is, in some sense, warranted. What Theo misses is that where Linux has a huge amount of manpower, mostly of limited skill, OpenBSD has a miniscule amount of manpower, mostly of fairly high skill.
The problem is that security audits are limited by manpower more than they are technical skill. A thousand coders of only amateur skill can go through code at a huge rate; it's not hard to spot unconstrained buffers (buffer overflows), pointers that never get free'd, etc. If they were only ten coders strong, it would not matter how much skill they had, they simply wouldn't have the manpower to do a thorough code review.
INCOMPLETE SECURITY AUDITS. OpenBSD's security audit means they have an extremely high-quality kernel and tools. When even ls has been audited, you know they're doing something. However, Apache, sendmail and other large programs have not been audited by the OpenBSD team. Putting an old, vulnerable version of Apache on an OpenBSD box exposes potential risk.
(Before the OpenBSD people accuse me of FUDding, let me emphasize potential. The root exploit against Apache/Linux might fail on Apache/OpenBSD, due to OpenBSD's security consciousness. The point here is not to say "Apache makes systems insecure"--it's to say that there are a lot of daemons running on modern boxen, and many of these daemons have not been audited.)
INCOMPETENT SYSTEM ADMINISTRATION. Most root exploits I've seen--regardless of operating system--have taken place due to incompetent system administrators. OpenBSD does some things right by shutting down all nonessential ports by default (as opposed to Red Hat, for instance), but these are just Band-Aid measures over the festering, necrotic wound of incompetent sysadmins.
INCONVENIENCE. One of the biggest motivations for people to bypass security precautions is that security is inconvenient. If a user bypasses a precaution, that's worse than if the precaution never existed in the first place. There's a difference between a sysadmin who says "all our passwords are secure, because we use shadow passwords and force our users to change them every month" and the sysadmin who says "I don't know if our passwords are secure, despite the precautions we take".
The former, more likely than not, has users who are so frustrated by the bondage-and-discipline security precautions that they leave their passwords on Post-It notes attached to their monitors. The latter probably has them, too, but at least isn't fooled into thinking he's safe.
OpenBSD has some very useful security precautions, yes--but the most useful precautions are those that are transparent to users (security audits, jailing daemons, etc). The more intrusive your security becomes, the greater the likelihood your own users are going to circumvent them.
LIMITED FEATURES. Remember that oftentimes security is enhanced by adding features. Adding ACLs, for instance, could be a boon to sysadmins everywhere and result in more secure boxen. Since OpenBSD's developers spend so much time auditing, though, they're significantly behind the pack when it comes to keeping current with other Unices.
... All that said, though, if I were setting up a network, all of my machines visible to the outside world (mailserver, webserver, etc.) would be running OpenBSD or Pit Bull or Trusted Solaris. Probably OpenBSD, due to the fact that I already know UNIX reasonably well and I don't need the bondage-and-discipline of Trusted Solaris (see "INCONVENIENCE" above).
I was at IWE along with Karsten and Ben, and held several conversations with Ed. His life was basically destroyed by Microsoft because he wanted to tell the truth.
Regards,
Regards,
-scott
While I did not chat with him extensively, I did see him on the forums, and watch as he attempted to salvage his career and finances from the savaging Microsoft gave him. I also read the report of his death, and grieved with the rest of the IWETHEYers. You can find us at IWETHEY
InThane
Instead of Anonymous Coward, they should Slashdot should change the name to Anonymous Moron.
Look, most reporters don't know a thing about computers. Political leaks are caused by people. Someone's pissed off, and they tell a reporter things they shouldn't. Or they let something slip, like that judge last week, or they use the old 'the public has a right to know' arguement.
The security of the system isn't a problem in this case, it's the people involved who are making all the leaks. The most secure system in the world won't stop that.
NecroPuppy
I like you, Stuart. You're not like everyone else, here, at Slashdot.
And CDE is basically Gnome + KDE rewritten in Java and LISP for the 68030 architecture.
No viruses, no hacks, no exploits totally rock solid! and armed with BONE BeOS may very well be your next server too.
A) I think that everything that guy says in regard to people who review open source should be taken with a grain of salt. He obviously has an attitude problem and suffers from quite an overblown ego. That doesn't mean much other than we cannot trust his opinions on matters like Linux. B) The comment about surprise that there has not been a super secure linux distro? What about khaOS?? And I cannot speak for other distributions but I know that there is a package for SuSE (6.4) in the security section that super secures the installation by removing all possible wholes in the system and blocking most all services. I know it isnt the same as in OpenBSD but it is enough to keep the newbie hackers from breaking down the walls of my modest server. C) The complaint that most distributions come pre-configured for all sorts of software with no care for system security: WHAT THE HELL IS WINDOWS THEN?!?! It is so aggrivating to hear people bitch and moan all the time about hard linux is to install and how hard it is to use. So the distro manufactuers start making easy to use linux. People start buying it. Everyone is happy until someone complains that it is stupid to make things easy to use because it compromises security. I am not saying we can't have our cake and eat it too but Linux needs to be cut some slack because everyone working on it is doing their best to make it accessible to the public and right now that means weaker security. One more thing though: just because distros come with pre-configured installations, most people will choose to change the installation and make configurations of their own based on experience. It seems that it is only the new linux users that will be affected by the security flaws of base install. But then again, they probably wont be running a major website based on mysql and setting up their own firewall right away either so it all needs to be kept in perspective.
Maybe the phrase isn't supposed to mean that, but you have to be more precise.
c.f. the problem with computers in general. They understand what you say, not what you mean.
This is all kind of disheartening - 250 results, not a one really gives any information about what several people claim MS did to this man. And the only page that really mentioned his the cause of his death mentioned it because his lawsuit against MS was dropped because of it!
I was hoping that the IWETHEY users could give links to the archives, since I couldn't find anything after a fairly quick look - I concentrated more on the Google search. It's kind of sad that there doesn't seem to be anything on the web explaining what MS did - maybe someone should write something.
You are in a maze of twisty little relative jumps, all alike.
You're talking a full OS..not just a kernel. That's a major difference between a system like *BSD and any Linux distribution. They're talking the kernel and all of the userland including libc, and all tools and utilities that make up the base system. Linux distribution on the other hand are the kernel and whatever third party packages the Distributor decides to include. It's lack of an integrated source tree makes it not only smaller (less source) but less secure (with various authors behind each of the various packages.)
--
My comments and opinions completely reflect those of anyone and anything I am remotely associated with.
For FreeBSD, there exists the PicoBSD project, basically an initiative to produce slimmed-down versions of FreeBSD useable in embedded and/or read-only environments. However, this is for FreeBSD, not OpenBAS, and while I personally prefer FreeBSD, it does not match OpenBSD in terms of security (while still being more secure than the average Linux distribution). On the
As a state gets corrupt, its laws multiply; the most corrupt states have the most numerous laws. (Tacitus, Annales 3:27)
Sorry. Typos happen every now and then. Apology goes to the OpenBSD enthusiasts out there. :-))
As a state gets corrupt, its laws multiply; the most corrupt states have the most numerous laws. (Tacitus, Annales 3:27)
Just to add another voice to all those which have told you're full of jackpoo SuSE comes with a nice utility called YaST which stands for yet another setup tool. Has has several nice features such as system configuration and package handling. YaST which as of 6.4 comes in an X based GUI version (as opposed to ASCII GUI) which allows you to update your whole system from SuSE's ftp servers. I think YaST is a bit more useful than the Windows Update because it lets you control the package management better. The Windows Update won't run a conflict catcher like YaST does which sometimes causes problems with things. The only real important difference in my opinion is that Windows Update is web based because they have a browser that is tightly integrated with the OS which with monopoly argumentsaside is a good thing because it means less third party dependence.
I'm a loner Dottie, a Rebel.
http://www.were-wolf.net/politics/ed_curry/
This is a history of pretty much exactly what happened to him, and why.
InThane
The big VMS bug: DECnet.
While I love VMS, don't get me wrong, there are a lot of people out there with VMS boxen which have a DECnet daemon that has SYSPRV enabled.
This doesn't strike them as bad, until some user with NETMBX runs tell.com, runs authorize.exe through tell, and gets SETPRV. :)
That said, I'd rather run a webserver on VMS than any other OS. The ability to use ACLs to control access by CGIs to specific files is far too attractive; most *nix systems wind up having to grant world read/write access to things that CGIs generate, which is just dumb and bad.
Frankly, if you want security in VMS, you pretty much have to deny your users NETMBX and install individual applications with it. The problem is you have to install a lot of applications.
my old sig used to be funny, but then slashcode ate it and now it's not funny anymore
The main BSD system I have experience with is truly God-like in its security and implementation. There are many years of UNIX experience in a custom enterprise FreeBSD environment. I love Linux too, but you have to hand it to the BSDers for having their stuff together and having sheer power. (_) {"} ~~_ _
"When in fear or in doubt, run around scream and shout".
I switched from RH Linux to FreeBSD on my *nix boxen, and I really enjoy the cvsup && make world (not the literal commands I use) method of updating versus rpm hell (the Linux universe's .dll hell?).
Maybe this is only possible with the relatively centrally controlled *BSD's, but it is nice to have practically a fresh install whenever you need it, and you know that at least the core of the OS has been tested to work together.
NB: This is not meant to engage in religous warring--just a feature I like from the *BSD side.
---
In a hundred-mile march,
> Can you play QIII accelerated under :)
> OpenBSD? UT?
Utah-GLX works under BSDs with minimal tweaks. So I guess one can play QIII under BSDs as well as under Linux.
> Does BSDs come with a graphics capable web browser?
Is Netscape not good enough for you? What other super browser is available for Linux which does not also worl on xBSD?
Sound is usually supported rather well under BSDs. The only exception are soundcards for which drivers are available on binary-only form for Linux. You would do yourself favor avoiding these cards anyway
Their reasoning for doing is flawed. They think lack of a shell equates to security, look at Microsoft, we know that is a fallacy. Also that mac server's performance is crap compared to any unix server. Truth is, mac's are not servers, they are desktops.
this space for rent
The only beef I have with this article is the claim that OpenBSD is "the worlds most secure operating system." The NSA actively rates OS and networking equipment with their EPL (Evaluated Products List.) I would note that Wang Goverment Services holds a 'B3' rating with the NSA for their XTS-300 package which includes the STOP 5.2.E OS and their own x86 hardware. Wang's technical overview of the system is very impressive and needless to say the security features offered are far and above anything available from OpenBSD. The NSA's rating scales from A1, B3, B2, B1, C2, C1 to 'minimal protection.' a comparative example would be NT4.0 which is listed (http://www.radium.ncsc.mil/tpep/epl/epl-by-class. html) as a 'C2 class' operating system.
It should be noted that each successive class is a superset of the previous classes described.
atleast this is what i've heard....not like *I* would *EVER* try to h4x0r a VAX...
William D. Freeman http://members.xoom.com/EvilGNU -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s+:++ a---
I object to fact that alot of extra software I'll never use is installed by default. For instance, I don't use rsh,rcp and it is just taking up space. What would be nice is if they broke everything into packages ( ala linux )
and allowed me to finely costomize my machine at install time ( and later if I wished ), perhaps this new packaging format will allow me to do just that.
-ffatTony