Slashdot Mirror
Microsoft, Monocultures, Security FUD & Other Fun
techiemac writes "Dan Geer, who has been mentioned on Slashdot before due to his warnings about Microsoft's "monoculture" has just been written up by AP for his warnings about the widespread use of Microsoft products and the serious security flaws that are being discovered. This story is quickly becomming big news (Yahoo is currently carrying it on their front page). For those who don't know, Dan Greer was fired from @Stake Inc for his criticism of Microsoft (they are a big client of @Stake Inc). " Somewhat related, there has been interesting reaction pieces on ORA and OSDN to a recent, some say ill-informed article run on DevX.
This is not the first time that A. Russell Jones has made controversial claims about Linux on DevX. At the end of august last year this story was run here on /. where he claimed that there should be a standard desktop for Linux.
You can't win Darth. If you mod me down, I shall become more powerful than you could possibly imagine
For those who don't know, Dan Greer was fired from @Stake Inc for his criticism of Microsoft
Dan Greer was not fired because he criticized Microsoft. He was fired because he published his opinions about the Microsoft monoculture without making it clear that those were his personal opinions and not those of @Stake.
Tarsnap: Online backups for the truly paranoid
So, what you're saying is that if there's a plague of worms attacking Windows systems, we shouldn't export non-Windows systems to England?
Remember, there was lots of food being grown in Ireland during said famine; but it was being exported to England.
Tarsnap: Online backups for the truly paranoid
The benefit of linux, bsd, and other non-microsoft OS's come from the variety of services run. Microsoft's OS's have to run many services and modules that other OS's can leave to the discretion of the operator. For instance, I can run an old version of linux with no services and its safe. I can run any number and variety of servers. Microsoft seems to have to do it one way and one way only with all these modules that have to be running.
One solution to the monoculture problem is multi-OS architectures in which a single process is executed on multiple independent codebases within each box.
On high-reliability systems (Space Shuttle & X-29 flight controls), multiple redundant subprocessors attempt to compute the same answer. If the subprocessors get different answers, the majority-rules and the system logs the exception. If each processor ran independent code, then exploits of any one codebase would be detected and disinfected. A multi-system with one exploited/infected codebase would continue running while ignoring the output of the infected subprocessor.
The system would still have some vulnerabilties. Simultaneous attack on a majority of the codebases might succeed in redefinig the majority to suit the malware. Also, codebase independence is very hard. More than likely several codebases might share the same fault (e.g. a buffer overrun bug). Attacks on the overseer/majority-rules system might also succeed. Finally, if the standard has an exploit (e.g., decrypting WiFi WEP), then all codebases implementing the standard are vulnerable.
The biggest downside is bloat and cost. But at least it would give people a reason to buy the latest greatest chips from Intel, AMD, IBM, etc.
Two wrongs don't make a right, but three lefts do.
What's certainly true is that there's a lot more to having good security than getting rid of the monoculture problem. Probably the most important thing is to care about security from the start...
Anyway, something the DoD and others have done for some time is to have triple barriers for certain things like firewalls. So instead of having the same firewall product and system all over the place, for each firewall, you have a series of 3 systems: one is a "hardware" firewall (an appliance basically), followed by two different firewall products running on two different architectures. This way a single flaw on one firewall or system will not comprimise overall security.
They also turn the IT infrastructure into compartments, each walled out with firewall groups. So you have one compartment for front-end servers, one for desktop users, one for your data, etc.
Yeah it adds to complexity, but this is what the paranoid types do to give themselves peace of mind.
I don't think the point is to try to integrate multiple different OS's in a single organization. The point is that each organization can standardize on a different OS, so that an attack aimed at a particular OS only affects those organizations which are using that OS, which is ideally a minority of all organizations. The internet is already an integrated network of many different OS types. The only thing needed for interoperation is TCP/IP and XML.
appended to the end of comments you post, 120 chars
It's Dan Geer.
-dave
The integration of the browser's ability to directly run code in Windows is the big hole that Microsoft has failed to fix. Integration of user software, such as Outlook or Office, directly to the operating system makes Windows the virtual equivalent of a petri dish for the internet and giving every 11 year old hacker the ability to cripple corporate networks globally.
Oh yes it does. But only if it can own the standard:p it20040212.
http://www.pbs.org/cringely/pulpit/pul
html
And it if can't own the standard, then it will make the standard as complex as possible as to deter enterance - I give you SOAP as a first exhibit.
h
Patriotism is a virtue of the vicious
I call bullshit. Give me one example.
I work as a consultant in Health IT and I'll give you 5 that I've found in my travels.
1. Pharmacy systems
2. Allergy interaction checking systems
3. Dietary system, wrong or delayed diets can kill a patient
4. Workstations in the ER that have access to critical applications and patient charts
5. Workstations that communicate with the ambulence and med chopper teams
And here I thought all this time it was "No one ever got fired for choosing IBM".
"Wisdom is not a product of schooling but of the life-long attempt to acquire it." -Albert Einstein
Actually, other crops were grown, it's not like there was nothing but potatoes as far as the eye could see. They were just the tenant farmers' staple. The other crops were exported under armed guard.
"the Slammer worm knocked out 911 emergency telephone service in Bellevue, Washington."
a st er_security/index_np.html
http://www.salon.com/tech/feature/2003/12/16/bl
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Ok, I'll bite. How about the USS Yorktown shutdown in 1997. A Windows NT bug crashed their engine control system and required that they be towed to port. Dockside repairs took several days. You can get the full story here.
Had this happened in a battle, it would have likely resulted in loss of life and probably the ship.
"These laws they're passing won't even compile anymore, let alone execute." - anon
As I said in the news about the source code leakage, this is a false fear, the same one MS uses about the GPL "do not read GPL code or you'll never be able to write commercial code afterwards".
Copyright is _NOT_ patent. You can read copyrighted work and then write something similar by yourself. Copyright does not protect ideas, structures, algorithms or data formats. Copyright protectes the actual code - copy/pasting or recopying Windows code into Free Software would be disastrous. Reading Windows source code to understand protocols or formats and then writing your own Free implementation is not.
Of course, you're not allowed to have windows source code at first, and you can be sued for having it. Not for writing source code with the knowledge you gained for it; the same way that reverse engineering is fordbidden in US, but if you use reverse to write Samba or a XFree driver, Samba or the driver will be legal. You can be sued if it's proven you used reverse, but your code will not.
I was in IC in '99 for some heart stuff, and the monitor system was NT based. Centralized at the nurses station, with remote wireless monitoring.
Damn thing would beep when my heart rate went below a threshold value, which happened only when I slept. Long night.
Derek
Yeah, without Microsoft products, Al Gore couldn't have invented the internet.
I see my mission now.. to reply to every post with this lame ass joke with information about how it is NOT TRUE. You've heard of snopes.com, the Urban Legends Reference Pages? Please read this article before posting this lie. The proper joke would be, "Al Gore says he took the initiative in creating the Internet!". While certainly a poor choice of words for Mr. Gore even in context of the interview, he did not claim to invent the Internet.
That goes for you too, moderators. This cliche is certainly not +5 Funny and you know it.
Speak truth to power.
Reverse engineering is NOT illegal, you just have to do it carefully. Various companies do it ALL THE TIME. You have one group decompile the program or take apart the device. They then write a specification for the device based on what they learned (bonus points if it's a school). This specification is given to a middle layer which then passes it on to the programming team. The programming team writes code to match the spec they got from the middle layer. The code is no different from what they would write if the spec was simply made from scratch, in fact, the programming team is never told that they're working from a reverse engineered spec. All you have to do is make sure that no one from the decompile team has contact with anyone from the programming team and you're good to go.
If absolutely nothing else, you can do the reverse engineering in the UK, where reverse engineering is explicitly allowed by law. The law even says that regardless of EULA terms, you can decompile software.
Had this happened in a battle, it would have likely resulted in loss of life and probably the ship.
Nice attempt at FUD there, skippy. It's a pity you're misinformed and ignorant of the true facts.
In a letter to the "Comment and Discussion" department, published in the Aug 98 Naval Institute Proceedings, page 22, Captain Richard T. Rushton, then-CO of Yorktown, categorically states:
Or this one: http://www.cs.virginia.edu/~survive/NEWS/news003.
http://www.gcn.com/archives/gcn/1998/november9/6.
So all in all, it doesn't sound like the system crashed to me... You can't bring back a dead system by changing data in a field. You can't even change the data if the system is down.
Coming soon - pyrogyra
While this guy might be a little overzealous, this should be modded more 'informative' and less 'troll'...
Thanks for the clarification about reverse in the US, I didn't know that.
For UK, it's true, but not only for UK, most European countries (including France and Germany) have similar laws: reverse engineering is allowed for interoperability, whatever the EULA says.
The same was done for the European patents directive: the version that was voted by the European Parliament includes a specific clause allowing to bypass patents for interoperability reasons.
Last I knew, the New York Stock Exchange ran on NT. Also, I happen to know that many airline dispatch systems run on NT as well. I've never heard M$ say not to use their OS.
"The struggle itself toward the heights is enough to fill a man's heart. One must imagine Sisyphus happy." Albert Camus,
To the letter of the law, that's true. However, there's also something called plagiarism which DOES NOT have to be a "cut-n-paste," but can be a situation in which I looked at your work and implemented my version in much the same way. That is a potentially illegal breach of copyright in software just as it is in school with papers.
As such, the best way to protect oneself from copyright violations is complete ignorance of anything one might potentially infringe. As you say, an implementation is not copyrightable, so if you have never seen someone eles's implementation, you're clean. Basically, proving you've seen someone else's code can be damaging if you get sued for violation. You don't want that. And there's no reason to make the first critical part of their case for them.
Of course, this is what makes copyright different than patent, as you say. Ignorance does not protect one from patent violations (although it can with regard to penalties, which can be trebled given intent, I believe). Ignorance aka "cleanroom implementation" DOES give complete immunity with regard to potential copyright violations.
I know of only one application that uses deflate but does not use zlib: putty (Windows ssh client). Excellent code, uses own zlib implementation partly to avoid monoculture, partly for other (very good) reasons.
Another culprit is OpenSSL. I'd REALLY like to see a nonrestrictive-licensed (BSD or public domain, not GPL) API-compatible OpenSSL alternative. In fact, I'm considering doing it myself, but I'm not fooling myself about how much work this is.
Other (smaller) examples: MD5. All code I've seen uses the same public domain MD5 implementation. The code is short enough that security shouldn't be an issue, but it's still a bit strange that everyone uses the same code when MD5 is a publicized Internet standard.
One really dangerous example is ASN.1. This is so horribly complex (commitee-designed) that nobody would want to implement an ASN.1 encoder/decoder when a public domain implementation exists, so everybody uses the same code. This is the code that caused those SNMP vulnerabilities a while ago: good example of code monoculture since it affected *nix, Windows and even embedded stuff like Cisco IOS.
If you actually read the Windows EULA, you'd see that Windows is not to be used in critical systems the failure of which could result in loss of life.
I'd say that the moron who deployed such systems (YOU!) is more responsible here than Windows itself.
On the Unix side...it is easier...the admins can easily give us the rights we need to install, script and run Oracle/apps. Fine grain privs. on the Unix side is a wonderful thing...but, and this is just from my experience..Win doesn't have as fine a grain control...and admin. is needed for so many things, if it touches the registry...
Unfortunately you've got this exactly backwards.
Ok, let's start with the Unix permission model: r/w/x for user, group, or everyone. That's it w/o adding additional software.
Windows uses ACLs by default, so you can say only Joe and Sally have access to this (with no relationship between Joe and Sally). Eg, and administrator could setup a %ProgramFiles%\Oracle and let you install anything you want below it. You could also create groups of course, and put Joe and Sally into the DBA group.
As for your registry needs admin access, this is completely incorrect. Registry access is fully ACLed just like file access (and just like so many other things in NT: threads, mutexes, pipes, services, printers, etc...). Now, you can't put permissions on an individual value but you can put permissions on the keys. So, again you could be given the proper permissions necessary to modify the portions of the registry you need to.
There are tricky parts on the registry. For COM objects for example you need to update the key HKCR\CLSID and probably HCKR it's self. You'd need to setup it up so that your account has these permissions: Query Value, Create Subkey & Enumerate Subkeys. That'd let you insert values, and the pre-existing CREATOR OWNER value gives you full control of the subkeys you created. Now you can add any new COM objects to the system, but you can't delete/edit the ones that are there.
So in NT you have one security model that applies to a diverse range of objects throughout the entire system. In Unix you have users, groups, and access control on files. This almost works very well in Unix because "everything is a file" - the only problem is not quite everything is a file (is a process a file? a thread? are the posix threading APIs and objects files? how about the entries within a config file? are those file? - unfortunately the answer to all of these is NO).
So I think in practice you'll find that NT's security model is not only more finer grained in the permissions that can be handed out, but is also more fine grained in the objects that can have access control applied to them.
If you're looking to automate administration tasks, might I suggest you take a look at cfengine?
I was unable to find a link that explained the situation in more (technical) detail. If you have a link that would indicate specifically whether the operating system of the computer running the database software was still alive or not after the crash, then that would be helpful. Otherwise the issue remains unclear.
Here you go:
http://www.gcn.com/archives/gcn/1998/november9/6.
Coming soon - pyrogyra
True in a humorous way to a point:
Ximian Evolution -- Certainly the look and feel is outlookish, but unified calendar / contact / task / email clients are old hat, and far pre-date Outlook. Outlook just had (arguably) the best UI, though it was often quirky and hard to use. One of Evolution's best features, though, is its virtual mailbox handling which is a hybrid of VM (Emacs) and mutt handling.
Mozilla -- This one Microsoft had nothing to do with, though they did push Netscape's development cycles, that was just competition, not a reaction to MS' closed products per se. Mozilla is the child of Netscape and Netscape was a re-implementation of Mosaic from scratch... interestingly Microsoft's IE is a descendent of another Mosaic variant: Spyglass.
Except that you are wrong. The user that is created when you first launch Windows XP always has administrative privileges by default. So, a "stupid windows user" actually has to remove himself from administrators group and set up a separate account with more limited privileges, and then always use that account. I don't know anybody who has done this, or even is aware that there are more security risks if they don't.
Besides, most windows users (and even many apps written for them) still view a Windows box as a single-user system. i.e., when I use Linux, I can't arbitrarily store my files outside of my home directory without becoming root or another user. In contrast, most Windows users that I know, store their files all over the place under C:\, D:\ or whatever.
I'm not sure, if even MS decided to take administrative rights away from the default user, how many apps that would break or not be able to run under that user at all due to lack of privileges to read/write outside your home directory. Maybe, by the time Longhorn comes around, I am guessing, it won't be as much of an issue.
I don't know how many are running Win2K, but, again, XP default user has administrative privileges. You retract a little from your previous statement - yes, XP gives you "power" to create a user with less rights, but how many Sixpacks do it? I don't know of any.
If number of vulnerabilities were comparable it might be fair.
If Windows 2000 came with several pop, imap, http, and ssh servers and many office suites and email clients and browsers then it might be a fair comparison. Redhat ships (er, shipped) with every bit of software you might need -- compare the entire range of Microsoft software to Redhat's and that might be a fairer comparison.