Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Taste Of Computer Security

Posted by michael on from the where-there's-a-whip-there's-a-way dept.

andrew_ps writes "Amit Singh has published on his KernelThread.com a paper (mini book really) on computer security. A Taste of Computer Security is a VERY comprehensive paper in what it covers, but is remarkably easy to read. This is not some list of "sploits" though! Topics covered include popular notions about security, types of mal-ware, viruses & worms, memory attacks/defences, intrusion, sandboxing, review of Solaris 10 security and plenty of others. Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."

15 of 192 comments (clear)

  1. Amit Singh, thank you! by CharAznable · · Score: 3, Informative

    Kernelthread is by far the best source of information about OS X, barring Apple itself.

    --
    The perfect sig is a lot like silence, only louder
  2. Re:The UNIX vs MS Windows discussion is lacking by fireduck · · Score: 2, Informative

    I second this complaint. As I recall, one of the recent Blizzard games (fairly sure it has to be Warcraft 3, but it might have been Diablo 2) required admin rights in order to play online through battle.net. Took me a while to figure out why online wasn't working for me, until I switched to admin account, and then voila. I complained in their forums about this (with the predictable response from other players, "why don't you just switch your setting?"); few patches later Blizzard made the game playable with normal user setting. So, it's good that some companies get it, althought it would have been nice if they had gotten it from the start.

  3. Re:The UNIX vs MS Windows discussion is lacking by Anonymous Coward · · Score: 3, Informative

    ...the real culprit is Macromedia, who made the SafeDisc copy protection system at fault.

    Minor knitpick, but Macrovision makes SafeDisc, not Macromedia...Macromedia is the company that gave us that other monstrosity (aka, Flash).

  4. Re:The UNIX vs MS Windows discussion is lacking by tomknight · · Score: 2, Informative
    "i like how all the games listed are microsoft games"

    That's probably because this is the Microsoft knowledge base.

    Sheesh.

    Tom.

    --
    Oh arse
  5. A better article on Solaris 10 security by sczimme · · Score: 3, Informative


    is here.

    As an aside, items like ASET and RBAC are not new for S10; IIRC they have been included since S8.

    Or instead of reading about these things, individuals can download the Solaris 10 Beta 5 ISOs and try them out. Go to this page and scroll to the bottom to Solaris Express.

    --
    I want to drag this out as long as possible. Bring me my protractor.
  6. CC evaluation? Orange book? by winchester · · Score: 3, Informative

    I more or less disagree with him on his treatment of the Windows adherence to the CC and Orange book standards.

    Even though Windows 2000 is EAL 4+ certified, that doesn't mean it is a secure system. On the contrary, the protection profile Microsoft chose to use specifically states that the threats Win2k should guard against do not include either malicious outsiders or malicious users.

    A more or less similar situation exists when we regard the C2 certification for Windows NT. That certification is obtained only when using a NT 4 system with several subsystems removed and no network access.

    Both certifications sare the facts that a very specific hardware-software combination has been audited. This is so extreme that EAL 4+ is only valid for a Windows 2000 system with a very specific set of patches applied (SP2 and 1 patch IIRC). In other words, totally useless for any serious real-world application.

  7. Re:The UNIX vs MS Windows discussion is lacking by peragrin · · Score: 3, Informative

    Of the Games Listed the Bulk are Microsoft made games. So it is the game writers fault, but since MS is the game writer you can just skip a step and blame MS.

    for you who didn't click on the link

    * Microsoft Age of Mythology
    * Microsoft Age of Mythology: The Titans
    * Microsoft Age of Empires II: The Age of Kings 2.0
    * Microsoft Age of Empires II Expansion: The Conquerors
    * Microsoft Age of Empires II Gold Edition
    * Microsoft Baseball 2001
    * Microsoft Casino
    * Microsoft Classic Board Games
    * Microsoft Combat Flight Simulator 2: WWII Pacific Theater 1.0
    * Microsoft Combat Flight Simulator 3: Battle for Europe
    * Microsoft Crimson Skies
    * Microsoft Dungeon Siege 1.0
    * Microsoft Flight Simulator 2004 - Century of Flight
    * Microsoft Flight Simulator 2002
    * Microsoft Flight Simulator 2002 Professional Edition
    * Microsoft Flight Simulator 2000
    * Microsoft Flight Simulator 2000 Professional Edition
    * Microsoft Freelancer
    * Microsoft Golf 2001 Edition
    * Microsoft Halo: Combat Evolved
    * Microsoft Impossible Creatures
    * Microsoft Links LS 2000
    * Microsoft Links 2001
    * Microsoft MechCommander 2.0 1.0
    * Microsoft MechWarrior 4: Vengeance
    * Microsoft MechWarrior 4: Mercenaries
    * Microsoft Metal Gear Solid
    * Microsoft Midtown Madness 1.0
    * Microsoft Midtown Madness 2 2.0
    * Microsoft Motocross Madness 2 2.0
    * Microsoft NBA Inside Drive 2000 1.0
    * Microsoft NFL Fever 2000 1.0
    * Microsoft Pandora's Box 1.0
    * Microsoft Rise of Nations
    * Microsoft StarLancer 1.0
    * Microsoft Train Simulator 1.0
    * Microsoft Zoo Tycoon
    * Microsoft Zoo Tycoon: Complete Collection
    * Microsoft Zoo Tycoon: Dinosaur Digs Expansion Pack
    * Microsoft Zoo Tycoon: Marine Mania Expansion Pack

    --
    i thought once I was found, but it was only a dream.
  8. Re:Summary by jimicus · · Score: 2, Informative

    Redhat 7.2

    Play fair. The article discusses Win2K and XP. RedHat 7.2 is a few years older than XP, and predates RedHat deciding not to enable everything by default.

  9. Re:The UNIX vs MS Windows discussion is lacking by badriram · · Score: 3, Informative
    The words over there when you read the games list were "you may experience". It does not happen for all users. I run halo all the time with a unprivildged user account, and trust me it works.

    Also if you look at every major application made by MS, all of them run in user space, I run enough machines in my university to know what application do and what do not work in Windows user space. The one major problem we do run into is Visual Studio, but that is because of the debugging features, which can also be granted easily.

    There are enough opensource apps in windows that have this problem.
    • Firefox, first run after installation requires Admin to run it, otherwise crashes over and over again
    • MySQL, if you enable innoDB, Which is by default, it likes to crash in user space

    But yes this problem is more pronounced with other third party windows applications.
  10. Mac security circumstances? by Anonymous Coward · · Score: 2, Informative

    The security "philosophy" of the Mac platform, and of the Mac community, is immature yet. While Mac OS X has a good amount of circumstantial immunity against malware, it is significantly lacking in its security paraphernalia as compared to the cutting edge feature-set found in its competitors. The difference is more stark on the server side, where the competition is stiffer.

    Isn't this argument sort of like saying that Macs are only secure because they are obscure?

    I have read OS penetration has little to do with security. Additionally, with Mac OS X there is a BSD underpinning that utilizes ipfw. OS X is shipping with a strong firewall built in, that doesn't seem circumstantial to me. Does this mean the the BSD's are also circumstantially secure?

    I am not saying OS X is completely secure, I have seen the recent exploits, but certainly Mac OS X security is methodical and planned since its roots are from a relatively secure BSD.

    Maybe I am reading too far into the above statement. I am not more educated in this subject than the author, but it certainly seems like an unfair treatment of a relatively secure OS.

  11. Re:The UNIX vs MS Windows discussion is lacking by Ytsejam-03 · · Score: 2, Informative
    I specifically was looking for one of the biggest problems with Windows -- Administrator authority is too easily doled out (by default, every home user is also an administrator.) This is exacerbated by the fact that so many Windows applications require the user to have Administrator authority.
    Application developers deserve just as much blame for this as Microsoft. It's a catch-22: practically everyone who uses Windows logs on as Administrator, so making sure non-administrative users can run your app is generally not a requirement.

    To make matters worse, Windows allows developers to store global variables in a shared memory segment, which IIRC is located in the dataseg of a given .exe or .dll. This provides an easy way to do IPC. IIRC, usage of shared memory segments is the reason that Office 97 and other apps require write(!) access to the System32 directory. Of course when I've seen shared memory segments mentioned in the MSDN documentation, I've never seen any mention of the security implications.

  12. Re:The UNIX vs MS Windows discussion is lacking by Minna+Kirai · · Score: 4, Informative
    Why should administrator authority be needed to play a game?

    So the game can have "root"-level control over your machine, to ensure that you're not cheating with 3rd-party apps running on the same machine. It must be able to inspect all applications and drivers in memory, comparing them against a list of "cheat signatures" rather like a virus-scanner does.

    Seriously. This is exactly what's happening. Evenbalance.com licenses cheat-prevention software modules to several major game publishers, and they've started disallowing players on XP machines unless they're running under the "administrator" account.

    Just read the FAQ here:
    1. Why does PunkBuster now require players to run the game as an administrator under WinXP/2K?

      Because some cheats/hacks cannot be detected otherwise

    The reason you give is obselete- mistrust of the end user is the new, upcoming explanation.
  13. Games can run without Admin - Example here by gfecyk · · Score: 2, Informative
    Quake II XP? You better believe it.

    All I did was change where Q2 stored its saved games, downloads and configs. The result not only works just fine as a non-admin, but supports different settings for each user.

    Game developers, in fact all developers, have no excuses.

    --
    Use Evolution instead of Outlook? Bewa
  14. Ditch McAfee, get Trend. by Anonymous Coward · · Score: 3, Informative

    We were a McAfee shop for years and it only worked half-assed most of the time, despite what you read in all the trade rags about who's got the best antivirus software. Last year we ran out of patience, and obtained eval copies of all the big name antivirus suites (email, fileserver, desktop, web filter, the usual corporate antivirus bundles), and set up a test lab with a Windows Server and 10 workstations in our training room to serve as a clean test bed to throw about 1000 different virii we'd collected at the test network and see how it handled it. We're actually a govt organization with 35 servers and 500 workstations, but the test setup was sufficient to prove what we wanted to find out. The top four products were: McAfee, Symantec, Trend Micro and Sophos.

    McAfee exhibited all the issues and problems we'd already known in our live environment.

    Symantec/Norton had so many install problems that we could even install it successfully. This was on plain vanilla, fresh installs of Windows 2000 Server and XP workstations. Their tech support expected us to go thru a bunch of troubleshooting nonsense, but when the damn installer keeps crashing, that speaks volumes about what kind of quality control (or lack thereof) that this company's products go thru. No thanks! Norton goes in the trash.

    Sophos seemed to work alright except for lack of support for all our email platforms, but their licensing practices and costs are complete bullcrap. Literally double the purchase and annual maintenance of the others. Not worth it.

    Trend Micro's "NeatSuite" bundle just simply worked. Correctly. The first time. Right out of the box. Plopped the cdrom in, clicked thru the default setup configs, and whammo -- smooth running antivirus solution with easy browser-based management of the server, "push" install to all the clients, that detected and uninstalled pre-exisiting McAfee and Norton, auto-updating that's invisible to the end users. Over-the-Internet updates of the scan engines and virus definition files to the local server, and then pushed out to the desktops works perfectly. We bought Trend and have been running it for almost 2 years now. Not one single virus has ever gotten thru since. Annual maintenance is a small bit pricier than McAfee or Norton, but not too bad. With the latest updates we even got a new feature that adds powerful attachment filtering capabilities, and spam and porn blocking to the email system. I wish we would have changed to Trend much sooner. Oh, and by the way, their stuff is available for Linux severs too. We can get updates for virus definitions scheduled every hour too, Trend's record for getting updated definition files published is exemplary, compared to what we had with McAfee.

  15. He says: No mirrors. by EvilStein · · Score: 2, Informative

    "This document is copyright © 2004 Amit Singh. All Rights Reserved.

    It is illegal to republish this document in any form (where "form" includes, but is not limited to, online publishing). You are allowed to make hard copies of this document if you so desire, provided it is for your own personal, non-commercial, and non-business related use. "

    Dunno, but I think that kind of sucks. "Hey, it's online, but it's illegal for you to mirror it."
    Oh well.