Slashdot Mirror
Microsoft Claims Linux Security a Myth
black hole sun writes "Microsoft bigwig Nick McGrath claims that Linux security is highly exaggerated, and that the open source development model is 'fundamentally flawed.' The gist of his argument appears to be his claim of lack of accountability among distributors, coupled with generic statements short on facts. 'Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux.' He goes on to say that 'Linux is not ready for mission-critical computing. There are fundamental things missing,' pointing out the lack of a development environment and no single 'sign-on system' giving reference to Microsoft's foundering .Net passport program." I guess Linux can only aspire to the greatness of Windows when it has such secure applications as Outlook and Internet Explorer. Historically those have been proven to be of a caliber all their own.
They take responsibility for their distribution. They will patch their kernel if anything seems wrong with it. From time to time they pay for an audit. Similarly the debian people vouch for their kernel, and so on. The vanilla kernel.org kernel is only accountable to the kernel.org people, true, but most "enterprise" distribution makers will stand up for every package they distribute.
I am trolling
...especially because they claim they are explicitly not responsible for anything.
There are fundamental things missing,' pointing out the lack of a development environment and no single 'sign-on system' giving reference to Microsoft's foundering .Net passport program.
It should be floundering, not foundering!
Fact: Much of what winders suffers from is incompetent users. Nothing is really stopping the developers from writing spam bots for windows because idiot users on Linux could run bad code just as easily as idiot users on windows.
For now, yes, but as SELinux, or RSBAC, or any of the Mandatory Access Control, role based systems gain popularity in mainstream Linux (and SELinux, for now, seems to be the best candidate on the popularity front), the ability for idiot users to run bad code goes down massively.
Yes, in theory an idiot user could run bad code, but under a well implemented SELinux policy, while the code may run, it wouldn't actually have rights to do much of anything. At worst it might be able to fill up the home partition with useless data, or something along those lines, but spam bots and zombies and mass mailing viruses would be a far more difficult task to write indeed. A sufficiently smart idiot could grant the process the rights to do what it wants, but really...
Yes, such a system is not a cure all. People can still do bad things to themselves, and no matter how well you build it, there's always an idiot who can break it. It does, however, significantly raise the security bar on what it is easy to trick a user into doing.
Jedidiah
Craft Beer Programming T-shirts
First of all, I can't trust this article because it's not digitally signed!
Now, on to the point. If someone comes out and says: "the default Linux kernel released by most distributions is not secure." I'll say 'hell yes'. Note that this is not what TFA states, it is a much broader screed against open source in general.
The problem is that if Microsoft wanted to launch a rational attack on Linux's security they would also be attacking their own products. I'm not even talking about the differences between open and closed source here, I'm talking about the ways that Linux and Windows both are susceptible to security issues. Right now most default Linux distributions put out kernels and user-space utilities in a system that assumes every piece of software has to be perfect to ensure security! (especially anything running as root) Windows is basically the same way. Once a hole gets found, it is easily possible to hijack and entire system.
Now, at this point the arguments between Linux and Windows invariably devolve along the lines of: Linux gives you the source code so you can find the bugs yourself or Windows runs too many services and that's why its not secure. On the windows side we get arguments about how you 'can't trust unsigned open-source code!' (which actually does have some merit if you don't check source signatures you grab from some random mirror, but does not really speak to the OSS development model). The problem is that these arguments are more about which system is easier to band-aid than which system is innately more secure.
Let's really look at default Linux vs. Windows. Both have admin and user accounts, both follow a similar model of discretionary access controls, both can be hacked remotely although windows tends to get hit more because it runs too many standardized services.
The point of this very long rant is that Linux does indeed have security problems that are not of a nature much different than Windows. I would say the better track record of Linux so far is NOT due to it being open-source; that does help finding bugs, but plenty of Windows bugs are found and fixed before the Windows boxes are hacked. Instead it's because Linux (with some exceptions) does not install a bunch of stuff by default, Linux systems are not as homogeneous as Windows systems (software monoculture time), and Linux admins have historically been better than Windows admins (this is definitely something that will be subject to change in the next few years).
So is there a solution? Well, nothing is ever going to be perfect, but systems like SELinux and GRSec are big improvements because instead of saying "the whole system is perfect" they instead say "components in this system will be compromised, how to we isolate and protect it?"
There's a problem though, these systems require old-time Linux users to deal with new restrictions they might not want to deal with. I promise you that SELinux policies that work great on a production webserver would drive you insane on a development box, but you need to protect both machines, a hacker will target both.
I'll save my rant on Microsoft's security for when this story gets duped, it's another mess entirely. Just MS is foobarred should not be an excuse for not looking to find and fix problems in Linux.
AntiFA: An abbreviation for Anti First Amendment.
Its as if some hotshot in his BMW 745i got a Yugo to tow him because some snow was on the ground.
:'o(
[Fuck Beta]
o0t!
I like the related articles at the bottom of the page.
RELATED ARTICLES
* Microsoft to axe Windows 2000 security upgrades
* Microsoft enhances SQL 2005 security
* Viruses plague half of UK Windows users
* Linux fights off hackers
* Busy day for Linux administrators
* Industry giants offer Linux consumer boost
* Windows open to critical vulnerabilities
You're on the right track, but that still wouldn't cut it, due to the crackability of this kind of solution, setuid has no effect on scripts, you'd have to write a small c program to do it, or use sudo, which is much better all round.
HTH
David
Ask 8 slackers a question, get 10 awnsers (a citation, but I can't remember from who)
1. Accountability means you can point your finger at me and I'll say "yep, my bad."
2. Responsibility means I then have to fix it.
3. Liability means that you then get to take my wallet.
$0.02,
ptd
I'm an animal lover -- they're delicious!
A lot of things have changed since 2001, yes? It's 2005 now, correct? Qmail is in the process of overtaking Sendmail, and for good reason.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Set-uid works by changing the user ID of the program to that of its' owner; thus a program like passwd (which must have root privledges to write to the password/shadow file) has suid. Scripts which use suid have a few particular security concerns; since they inherit the PATH environment variable (and a few other particulars) from their calling user, you want to ALWAYS use the full path to commands. Thus, your script should look like:
and:since a user adding a malicious insmod or rmmod to their path could gain privledges. (There are other, more subtle, security issues with suid, but this is the easiest to understand.)Nevertheless, having a suid script is far preferable to idiots logging in as root for ordinary work!Do you like Japanese imports?
I hate to burst his bubble about single sign on, but on my network we have single sign on to every service on the domain that you have permission to access once you have authenticated to the domain at your workstation, whether your workstation is windows or linux. Services are provided by windows, 4-5 different linux distros, and aix servers and are things like ftp, ssh, file sharing, concurrent versioning systems (not just cvs) and the like. This is accomplished with samba, ldap, nss, kerberos, sasl, ssh, proftpd, winbind, and possibly a few other pieces I'm forgetting at this moment. Unfortunately this was a pain to get it all working on both the windows and unix sides but it does work flawlessly. Well almost flawlessly - the windows boxes don't have ssh servers running. I don't know what he means by single development environment but if he means an ide he can keep his little tools like the visual studio hack. Unix annd unix-like systems give you the ability to use your whole operating system as your development environment.
So essentially Microsoft is back to taking the approach that if they close their eyes tight enough, everything will be OK?
'Super-Linux' Cluster Declared Third-Fastest Computer On Earth
fastest computer system in the US
NCSA Linux Cluster Among Fastest Computers in the World
Two Linux clusters on Top 10 list of fastest computers
If someone says he and his monkey have nothing to hide, they almost certainly do.
"Who is accountable for the security of the Linux kernel?"
I challenge this guy to put his money where his mouth is and identify someone who is accountable for the security of the MS kernel.
In general, I believe that Linux developers are much more accountable for security than MS developers. In the case of an OSS weakness, wirtually anyone can determine who introduced the problem, why it happened and how it was addressed. OSS programmers "own" their code and willl move heaven and earth to fix problems when identified. MS usually refuses to admit there is is a problem and, where they can, will actually conceal it. It is usually difficult or impossible to determine who (if anyone) is responsible, why it happened or how it was addressed. Between the above and the fact that the EULA specifically absolves MS of all responsibility, I cannot see any way in which MS is even nearly as accountable for their projects as the OSS community voluntarily makes themselves.
But reading the EULA, MS clearly states that they are not responsilble. I expect WindowsUpdate to change my system through patches, but I don't expect upgrades. I'm still running Win2kPro on my tri-boot system (Debian and Gentoo.) I KNOW that I will not get my UPGRADE to XP. I also hated hearing MS discuss XP SP2, and calling it an "upgrade." Also, I am CONFIDANT that MS would not take responsibility for data loss. ~ FUD
so it is hundreds of hundreds, then?
My guess is that only a "handful" of MS employees work on windows' micro-kernel as well. Though it might be true that there are more developers writing for the MS platform, this is because it is the world's most widely used OS. He's done a bait-and-swtich almost... Discussing the kernel development and relating it to the wide base of application software?
He uses the word "myth" quite often here. So let us look at a few select definitions of the noun:
* a traditional story accepted as history; serves to explain the world view of a people
* A popular belief or story that has become associated with a person, institution, or occurrence, especially one considered to illustrate a cultural ideal
So a myth doesn't necessarily mean make-believe. We could interpret his quote to have meant this : "The world-view and cultural IDEALS of Linux have made themselves a concrete REALITY over the past year!"
Well, uh... DUH! If you expect more out of something, that something will be more challenged to perform. Water is wet. The Pope is Catholic. If I expect my automobile to drive 200 mph, the manufacturer will have a bigger challenge designing it. Go figure.
OK, I'll admit, I'm not a software guy. But aren't these unrelated statements? ie, What does a development environment have to do with mission-critical computing??
The Linux Desktop (and kernel?) may have certain things missing, that's a given. That doesn't mean that it isn't ready for SOME mission critical computing. I'd be more inclined to use a kernel/OS that allows inspection of it's source for any mission-critical apps. Ask NASA why the Mars rovers are using Linux instead of Windows.
FUD FUD FUD, is all I got out of the article.
Please explain where I'm incorrect here. I admit that I'm not as knowledgable on some of these points as many of you, and would prefer to know why/how I might be incorrect.
I seriously doubt anybody actually uses it. In fact, it wouldn't surprise me if it doesn't even work anymore. But then again, merely having it as an option doesn't hurt anything, so it's just ignored rather than removed. (And even if it were removed, anybody could re-implement it as a kernel module.)
It's all about what OTHER PEOPLE should do to make YOUR life easier.
Looking up a name in a list is TOO HARD for YOU!
There should be a link on kernel.org so YOU can send something to some OTHER PERSON who will spend the time and effort to determine what it is and who's responsible for that and then make sure it gets to that person.Not obvious? It's where you go to get the source for the latest kernel.
I can't write patches for the kernel and even I can find it.Right. It's all about how to make YOUR life easier by having OTHER PEOPLE do it for you.
Rather than you spending 20 seconds to find the email addresses, you expect someone else to be able to read the patches, find out who maintains that subsystem and get the patches to that person.No. The fact is that many hundreds of people manage to get patches submitted in the current structure.
Yet there was one example of one person who couldn't understand that structure...
So the whole structure is wrong and has to be replaced.
Rather, it seems that that one person has a problem and your "solution" would only make MORE work for someone(s) who had to be the single point of failure (do you know that term) for processing patches.
The current system has so many ways to get a patch submitted that even the dumbest individual will eventually stumble across one. As was shown with your example.
Why switch from such a distributed, de-centralized system to one with a single point of failure?
Just to make life easier for the dumb people? I don't think so.
The article mentions single sign on as being an issue under Linux.
Single sign on is the ability to have a user log on to the network fron a centralizaed authentication server and not prompt them for credentials when they access applications servers.
In Windows speak, that's not Passport, that's AD and AD aware apps.
In Linux, it's pam_krb5 when you log on, and kerberized apps.
* Evolution / Dovecot
* Firefox / Apache HTTPd
* CVS (client and server)
* SVN (client and server)
etc.
This meme refuses to die. It sounds credible that more usage would lead to a more attractive target for malware but ignores other factors like:
An excellent article refuting this meme, which doesn't even mention ActiveX, can be found here:
http://www.theregister.co.uk/2003/10/06/linux_vs_Here's my opinion, with references to support it.
Only a criminal monopoly(1), with no consideration of their customer's interests, could embed into their web browser "application" (2) the security sink-hole of ActiveX vulnerabilities(3) to achieve vendor lock-in(4). This has resulted in the mess that is "security" in Microsoft(R) Windows(R) today.
References:
Transmitting energy without a license.
In general, I agree with him on this (I have not RTFA yet). Nor is Windows, of course, but that's taken for granted. Of course, it depends how critical your mission is. "Mission-Critical" is one of these phrases which is bandied around, but let's consider what it means....
"The mission depends on this system".
That still does not define the extent to which the mission depends on it - 80%? 90%? 100%? Nobody offers 100% availability, if that's what you're referring to.
The phrase also ignores the mission involved. For NASA, the Mission might be to send a man to Mars and back, but what if my "mission" is to run a website which expects to get 3 hits a month with a 60% expectation of success? An Atari could cope with that - my mobile phone could probably cope with that!
Taking the phrase in the way it's normally meant (running systems which are responsible for a significant amount of the user's business, and the failure of which would cause significant disruption of the business process and/or profit), then the whole discussion still depends entirely on the "mission" involved.
What tradeoffs is the mission prepared to make for uptime, for example? Serving read-only webpages, I care little for data integrity (I've been serving the same data for years, I've got it on tape, CD, DVD, onsite and offsite), and only care about uptime.
If I'm running a database which is updated many times a minute, then uptime still matters to me, but I also need to know which transactions have been fully processed, and which have failed (given Failure Scenario N, which may or may not have been predictable). That is much more difficult.
Author, Shell Scripting : Expert Re
Technical brilliance doesn't sell software. (see VHS vs Beta). Marketing sells software.
He is talking to the people out there who are buying MS software, or who have already bought MS software. These statements are about selling software.
These comments are not directed at technical people, their accuracy is irrelevant.
The first rule of marketing: ***its all marketing***. Everything you do and say and deliver is focused on getting s/w out the door and revenue in the door. Everything else is secondary, and that includes quality, truth, bugs.
If the customers want security, give something to make them think they have it. Which is why MS have never really needed security till now (and maybe not even now). And they still dont, not *really*. If MS *really really* needed security or they would lose market share - you can bet they would have darn good security.
I suggest you ready "Crossing the Chasm" or "Inside the Tornado". Get the early adopters on board, the move product as fast as you can and ignore the customer.