Slashdot Mirror
A Taste Of Computer Security
andrew_ps writes "Amit Singh has published on his KernelThread.com a paper (mini book really) on computer security. A Taste of Computer Security is a VERY comprehensive paper in what it covers, but is remarkably easy to read. This is not some list of "sploits" though! Topics covered include popular notions about security, types of mal-ware, viruses & worms, memory attacks/defences, intrusion, sandboxing, review of Solaris 10 security and plenty of others. Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."
All very nice. Looks very interesting... but is there a PDF available?
Looks like an interesting read, and if nothing else, something we should be slipping onto our PHB's desks!
Kernelthread is by far the best source of information about OS X, barring Apple itself.
The perfect sig is a lot like silence, only louder
For example, the bottom of this page shows a list of games that require Administrator authority to play. Why should administrator authority need to be granted to play a game? And to suggest granting Administrator access to people just so they can play them?
I have found no more powerful example of Microsoft's lack of commitment to security than this. I think this philosophy more than anything else contributes to the proliferation of destructive worms and viruses.
John
I'd never heard of MS Bob until I read this article. Wonder why it wasn't called MS Bill?
Omnis amans amens
Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."
Ok, so his thesis seems to be that Windows is insecure because it's too hard? Is this guy on crack?
There are too many "knobs." The exposed interfaces are either too complicated, even with documentation, or too weak and limited. Security on Windows is hard to configure correctly (try setting up IPSEC).
This guy can't seriously expect me to buy his argument that properly configuring a unix box is "easier", can he?
This isn't a fair analysis, it's just more "MS is teh gay linucks is awwwwsome!!!!!11!" tripe.
It's really not hard at all to secure Windows, and you can lock it down every bit as tight as any Unix if that's what you want to do. Just because people don't doesn't make it the OS's fault.
How about all the newbies running their X sessions as root because it's the only way they can get the soundcard/dvd-r/tv-tuner/misc hardware to work?
Is it Linux's fault that once you start piling OSS layers onto ALSA and jam the whole pile of shit into Gentoo's default devfsd setup, that it's a huge pain in the ass to get a non-root user to be able to play sounds? Cuz it is. Don't give me the bullshit about "all you have to do is add the user to the audio group" stuff.
What about lazy fucks like me who quit trying to have their daemons chroot and su to another user, because every fucking time they type emerge -u world portage decides to change all the file permissions and ownerships around, so now all of a sudden slapd cant read or write it's data directory, hosts.allow and hosts.deny are no longer world-readable, etc, etc.. Fuck it, the only way to guarantee my LDAP server stays up is to have it run as root. And, of course, it has to stay up, else noone could log in.
I can't remember which distro now, but it shipped with a single * in the xdm's Xaccess file - ie; anyone anywhere could get a local X session on it.
What about every app that uses svgalib having to be suid root, or run as root. Those mythTV boxes and advanceMAME cabs are just big fat fuckin backdoor waiting to be exploited.
The only point I'm trying to make is, any PC out there is no more secure as it's user/owner/admin and the apps they run. Most normal people dont enjoy spending 8 hours a day doing nothing but configuring their systems.
I don't need no instructions to know how to rock!!!!
Windows enables things by default that enable exploits. This is done for ease of use. Users can make Windows secure.
*NIX disables things by default. This is done for security. Users could make *NIX insecure.
The number of different *NIXs makes it tedious to create viable exploits.
In spite of what the guy says, I think most of us already knew this stuff. Have I missed anything?
The core security problem with Windows is that Microsoft has been unable or unwilling to take advantage of the core security capabilities of Windows.
It's more than just the fact that there are existing applications that expect to have write access to system directories and do other dengerous things, it's that Microsoft doesn't seem to be able to respond appropriately. For example, our early Citrix-based server showed the path to solving the problem of writing to system directories... it mapped system write access into the user's profile, and you had to switch to an explicit "installer" mode to actually modify things in the system.
Microsoft owns that code now, it's surely in Terminal Server, but instead of implementing it they created a high level workaround... the sort ofthing you'd expect to see coming from a third party... that monitors the system and puts files back when they change. This not only breaks more applications than the old Citrix-style code did, but it provides another hiding place for viruses that manage to infect the repository or trick the system into backing them up.
Similarly, the whole protocol/handler problem in Internet Explorer... or rather the Microsoft HTML control... (and being inexplicably copied by Apple and the KDE people) could be almost completely prevented by simply making the protocol and helper application binding the responsibility of the application calling the control instead of making the control guess whether the application it's calling is hardened for use by untrusted pages, and if not then it has to guess whether the page it's displaying is trustable or not.
is here.
As an aside, items like ASET and RBAC are not new for S10; IIRC they have been included since S8.
Or instead of reading about these things, individuals can download the Solaris 10 Beta 5 ISOs and try them out. Go to this page and scroll to the bottom to Solaris Express.
I want to drag this out as long as possible. Bring me my protractor.
I more or less disagree with him on his treatment of the Windows adherence to the CC and Orange book standards.
Even though Windows 2000 is EAL 4+ certified, that doesn't mean it is a secure system. On the contrary, the protection profile Microsoft chose to use specifically states that the threats Win2k should guard against do not include either malicious outsiders or malicious users.
A more or less similar situation exists when we regard the C2 certification for Windows NT. That certification is obtained only when using a NT 4 system with several subsystems removed and no network access.
Both certifications sare the facts that a very specific hardware-software combination has been audited. This is so extreme that EAL 4+ is only valid for a Windows 2000 system with a very specific set of patches applied (SP2 and 1 patch IIRC). In other words, totally useless for any serious real-world application.
I'm very impressed with zones, the resource control and monitoring are even better than in 9, dtrace is just about the coolest thing I've ever seen on Unix, and zfs and the souped-up NFS look great too. (Though I haven't had the chance to play with those yet,)
Nice to see Sun can still innovate.
On this Windows box at work I'm protected from thousands upon thousands of viruses except the one that gets written tomorrow and the idiot that opens its brilliantly socially-engineered email attachment.
This is rhetorical and wishful: when are we going to get some anti-virus software that protects us before an outbreak?
(please don't say don't run Windows, it is realistic but not realistic today right here)
Speak truth to power.
A very interesting thing about the comparison in the end of the article is that he looks at all the different OSs as they are right now. Except for MS Windows, where he says, it has good chances of being secure when the next SP is released... Isn't this always the case with MS products? "we know something is f*cked up, but it will be fixed in the next version, promise!".
Maybe he's just propagating what MS is saying there though, since the rest of the analysis doesn't suffer to badly from this.
If noone rtfa, then what's the slashdot effect?
The security "philosophy" of the Mac platform, and of the Mac community, is immature yet. While Mac OS X has a good amount of circumstantial immunity against malware, it is significantly lacking in its security paraphernalia as compared to the cutting edge feature-set found in its competitors. The difference is more stark on the server side, where the competition is stiffer.
Isn't this argument sort of like saying that Macs are only secure because they are obscure?
I have read OS penetration has little to do with security. Additionally, with Mac OS X there is a BSD underpinning that utilizes ipfw. OS X is shipping with a strong firewall built in, that doesn't seem circumstantial to me. Does this mean the the BSD's are also circumstantially secure?
I am not saying OS X is completely secure, I have seen the recent exploits, but certainly Mac OS X security is methodical and planned since its roots are from a relatively secure BSD.
Maybe I am reading too far into the above statement. I am not more educated in this subject than the author, but it certainly seems like an unfair treatment of a relatively secure OS.
No, I can't install anything else, I don't manage this desktop. I do UNIX for a living. The printed output also looks horrible. Be that as it may, an excellent article. I could have spent all day meandering around his site. I did read most of the history of Apple and a bit about Mac operating systems, but duty calls.
He was not stating that Windows is "harder" than unix to secure, merely that the "average" unix user will generally have a deeper understanding of how the underlying OS works as opposed to an "average" Windows user. Think about it. The difference between Windows users and Unix (Linux) users, (and the reason Linux boxes tend to be more secure) is that Winodws users install drivers - Linux users write their own drivers. This was true at his company, at least. (he manages routers, etc at a fortune 500 securities trading company).
If you folks are ANYTHING like me, the first thing you read was the section Windows-v-UNIX. The author's points were non-biased and well thought out. That 'forced' me to read the rest. The article is now being routed through all my buds (PHBs, UNIX and Windoze Sys Ads, Developers), both in company and in other venues. A lot of 'intelligent' conversations will be started on this subject - again! It is unfortunate that some of us keep trying to get proof for our point of view instead of trying to see the other side of things.
"Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."
after reading the anchor i can only conclude the following:
1. the author makes references to certain things about windows that i cannot easily verify. why?
2. there is a great deal more said of apple computers than linux in a comparison of windows vs. linux. why?
3. as for 'C2' clearance, that was 10 years ago, and on 'NT' which is not supported any more. what is the point of discussing DOD clearances of windows, but not of linux?
the article is a fine begining, but it appears to be still an unfinished work in progress. i hope to get a chance to read the final work.
If you look at the article, you would see that administrative privileges are only one of the possible solutions for the problem. I've played Freelancer and Train Simulator as the totally powerless "guest" account on my XP computer without incident. I suspect that other items on the list may run as non-administrators as well, so suggesting that all those games will not run as administrator is misleading.
The material on his site is good but his layout has way too much eye candy. To me, its very visually distracting and hard to focus on the content of his article...thats just me though :)
"We stated earlier that UNIX was not even designed with security in mind. Several technologies that originated on Unix, such as NFS and the X Window System, were woefully inadequate in their security."
Not true.
X window HAD Kerberos authentication built in. Unfortunately, the US Government dictated that encryption was a "munition" and hence export controled.
This, in turn, ment that X window had to have Kerberos removed....
This guy reads like frigging ESR.. shudder
You really shouldn't call Windows users that. They can't help it.
And don't make me do a Beavis and Butthead laugh for following a comment about 'knobs' with one about 'exposed interfaces'.
~Idarubicin
to not have a private opinion on windows. The page is down, was that a joke or was there something up once that got hastily removed?
That started to change after Office 2000. That kits rus fine as a non-administrator on Win2K and later. It's all of the other developers I have to convince.
Use Evolution instead of Outlook? Bewa
His last suggestion is to put a system up and publicise the login but request that no-one tampers with it, just to see how people behave.
He obviously missed this site from a few years back:
http://totl.net/HonourSystem/
From the guys that brought you the potato-powered PC....
All I did was change where Q2 stored its saved games, downloads and configs. The result not only works just fine as a non-admin, but supports different settings for each user.
Game developers, in fact all developers, have no excuses.
Use Evolution instead of Outlook? Bewa
This sums up America so well on so many levels.
Do really dense people warp space more than others?
In the "Unix .vs. MS Windows" part, all I saw was a re-hashing of common miscomceptions, and little substantive on interesting info, and some revealing logic stumbles.
"Windows is supposed to be an easy-to-use platform, while Unix is supposed to be cryptic and hard-to-use." - good grief. An ad-hoc conclusion like this pretty much points to a lack of actual logical analysis.
"Microsoft's success, as reflected in their incredible market share, amplifies their security problems". So, giving an email client the ability to infect a system has nothing to do with it? The article seems to gloss over MS's efforts to graft its applications into its OS as part of the problem. By this logic, killing turkeys causes winter.
"A potentially relevant issue is the phenomenal amount of resentment against Microsoft and Microsoft products that is seen in many circles." So, Microsoft's security issues are because people hate them. Get my violin.
"'Security' is hard to formalize, hard to design (and design for), hard to implement, hard to verify, hard to configure, and hard to use. It is particularly hard to use on a platform such as Windows, which is evolving, security-wise, along with its representative user-base." ! He seems to be saying that windows security is evolving and its users are also 'security-evolving', and as as a result, windows security is getting worse. Well, wait a minute. Maybe he's right on that one...
"We are all geniuses when we dream"
- E.M. Cioran
"...It's really not hard at all to secure Windows..."
I know. Just pull the phone line or network cable from a Windows box and you're in the environment it was designed for. Security problem solved.
Reading a book directly at a computer's screen sucks big time.
Windows enables things by default that enable exploits. This is done for ease of use. Users can make Windows secure.
By making Windows "secure" by disabling stuff, you also usually break a lot of things that the user needs/wants.
int main(void) {while(1) fork(); return 0;}
Its actually more restrictive than that.
NT's C2 certifiaction was for a particular model of Compaq hardware [an old P5/EISA box] no network interface, and NT 3.5 [with specified patches].
The certification did not include adding _any_ additional software or hardware to the basic configuration.
Caution: Do not stare into laser with remaining eye.
We were a McAfee shop for years and it only worked half-assed most of the time, despite what you read in all the trade rags about who's got the best antivirus software. Last year we ran out of patience, and obtained eval copies of all the big name antivirus suites (email, fileserver, desktop, web filter, the usual corporate antivirus bundles), and set up a test lab with a Windows Server and 10 workstations in our training room to serve as a clean test bed to throw about 1000 different virii we'd collected at the test network and see how it handled it. We're actually a govt organization with 35 servers and 500 workstations, but the test setup was sufficient to prove what we wanted to find out. The top four products were: McAfee, Symantec, Trend Micro and Sophos.
McAfee exhibited all the issues and problems we'd already known in our live environment.
Symantec/Norton had so many install problems that we could even install it successfully. This was on plain vanilla, fresh installs of Windows 2000 Server and XP workstations. Their tech support expected us to go thru a bunch of troubleshooting nonsense, but when the damn installer keeps crashing, that speaks volumes about what kind of quality control (or lack thereof) that this company's products go thru. No thanks! Norton goes in the trash.
Sophos seemed to work alright except for lack of support for all our email platforms, but their licensing practices and costs are complete bullcrap. Literally double the purchase and annual maintenance of the others. Not worth it.
Trend Micro's "NeatSuite" bundle just simply worked. Correctly. The first time. Right out of the box. Plopped the cdrom in, clicked thru the default setup configs, and whammo -- smooth running antivirus solution with easy browser-based management of the server, "push" install to all the clients, that detected and uninstalled pre-exisiting McAfee and Norton, auto-updating that's invisible to the end users. Over-the-Internet updates of the scan engines and virus definition files to the local server, and then pushed out to the desktops works perfectly. We bought Trend and have been running it for almost 2 years now. Not one single virus has ever gotten thru since. Annual maintenance is a small bit pricier than McAfee or Norton, but not too bad. With the latest updates we even got a new feature that adds powerful attachment filtering capabilities, and spam and porn blocking to the email system. I wish we would have changed to Trend much sooner. Oh, and by the way, their stuff is available for Linux severs too. We can get updates for virus definitions scheduled every hour too, Trend's record for getting updated definition files published is exemplary, compared to what we had with McAfee.
"This document is copyright © 2004 Amit Singh. All Rights Reserved.
It is illegal to republish this document in any form (where "form" includes, but is not limited to, online publishing). You are allowed to make hard copies of this document if you so desire, provided it is for your own personal, non-commercial, and non-business related use. "
Dunno, but I think that kind of sucks. "Hey, it's online, but it's illegal for you to mirror it."
Oh well.
heh, beautiful. I've been looking for a good excuse to tell clients not to use Intuit Quickbooks - that thing requires Power User access just for its copy protection scheme. "It's a terrorist threat by Intuit to force you to compute insecurely!"
Their competition, Simply Accounting, works just fine as a limited user.
And DirectX, OpenGL work fine as a Restricted User. See Pan-Am's testing page for an example.
Use Evolution instead of Outlook? Bewa
No, this is a fault of the game authors. Windows supports gaming technologies for Limited Users just fine. See Pan-Am's testing page for an example.
One thing common of all those Microsoft games, was that Microsoft didn't develop them - they contracted a third party to do it. Check the credits and splash screens to see for yourself. OK, with the exception of Flight Simulator, and even that was done by someone else at one point. Fault Microsoft for not enforcing their own rules on their contractors, but fault the contractors too!
Use Evolution instead of Outlook? Bewa
Am I the only one who read that as Agent Smith the first few times? Wow, it must be a good day for me!
Another aspect of the clichéd portrayal of hackers is their supposed obsession with hexadecimal (and lots of numbers). Many books on hacking actually have chapter and section numbers in hexadecimal.
uhm... now, i may not be a 'l337 h4x0r', but i would like to know where this aparent connection came from... where, in hex, does one find an 'L'? maybe this Amit Singh is talking about those malicious 4C 00 33 00 33 00 37 00 wintel h4x0r5?
(sorry -- unicode slipped in... ;)
In this context, a rule-of-thumb definition of security is often cited: a system is considered secure if its "secure-time" is greater than its "insecure-time." Secure time is simply the time during which a system is protected, that is, free of "incidents". Insecure time is the sum of the time it takes to detect an incident and the time it takes to react to the incident (summed over all incidents in a given interval):
I've never heard such a naive definition of security. Apparently, regardless of how many security holes my system has, or how many times I get hacked, I can call it secure as long as it can be recovered quickly.
So, by this definition, my system is still secure even when:
- A hacker exploits IIS and downloads all my customer names and CC numbers.
- A hacker destroys all of my data from the last backup; as long as I can recover it quickly, data loss doesn't matter, right?
- A hacker DDOS' our server and we lose several days worth of business. Our system is still up, so obviously it's not secure.
- A hacker installs a rootkit on our server. You see, it doesn't matter if the box is owned, as long as its up and running, right?
- A hacker zombies the machine and uses it to send SPAM, or worse, host illegal content.
Need I go on?I don't think I could come up with a better explanation of why Microsoft will never design secure software than this one: they're definition of what constitutes a secure system is simply out of touch with the requirements of running a business.
The society for a thought-free internet welcomes you.
Like most security-related rants, this article fails to first scope what it intends to mean by security.
I personally like to scope security as end-user security for someone using their computer as a client machine, NOT a server. Opening a shiny new box, plugging it on the network, and do very basic things most people do: check email and surf pr0n, sign-up for "free stuff".
Right now, by plugging a brand new installation of XP onto an unprotected network, you get owned by Sasser within seconds. There were many before Sasser, among a few that come to mind are CodeRed and Nimda.
How did those worms spread so fast? One easy answer: Services that users did not need were running on a default installation of the operating system. You woulda thought microsoft would have learned to turn all services off by default since 2001 for client machines. Nah. They've kept many open.
Apple has been smart about this. It provides two very distinct operating systems: An end-user operating system, the mainstream Mac OS X, and a server operating system, aka Mac OS X Server. Apple knows to be humble about the network services it offers, even if most of 'em are open-source and quite mature, and KEEP THEM TURNED OFF on end-user, client machines. That's what regular Mac OS X is for. You can buy a new end-user Mac, plug it in a network, run nmap against it, and you'll get zero hits. Not one. Not a single network service is running by default.
Virulent and devastating Worms and Viruses don't spread thru server machines, those tend to live in pretty-heavily firewalled networks. No. They spread thru END-USER machines.
SP2 had better do one thing and do it real well to the average end-user client machine: TURN OFF ALL SERVICES.
Beyond that, musing about security is mostly beating a very dead horse. Every single time you turn a network service on, you are opening yourself to infection risks. The OS architecture ought to mitigate those risks. A sysadmin with a clue or two will keep his server secure, regardless of what OS it runs, because that sysadmin knows security is about constant vigilance and works in many many layers.
Again, when talking about security, people should scope the discussion within the distinction of end-user usage and server usage.
Extraordinary Vacations. Exceptional Prices
"This guy can't seriously expect me to buy his argument that properly configuring a unix box is "easier", can he?"
:D
Easier - perhaps not, but granted you have adequate knowledge of both enviroments, securing a Unix box MUCH less tedious.
"Is it Linux's fault that once you start piling OSS layers onto ALSA and jam the whole pile of shit into Gentoo's default devfsd setup, that it's a huge pain in the ass to get a non-root user to be able to play sounds? Cuz it is. Don't give me the bullshit about "all you have to do is add the user to the audio group" stuff."
I can run my X Evironment, play mp3's, videos, and play America's Army all under my normal user account in FreeBSD. Perhaps you should give it a whirl? You should do it while you can though, as I hear BSD is dying.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
The primary environment in which a typical Windows system exists has traditionally been hostile especially after the advent of the Internet. While Unix systems share the same environment today, their traditional environments were comparatively trusted: research labs and universities. Similarly, Unix users have had backgrounds differing from Windows users. ... sigh ...
So the "Internet" did not exist until after Windows