Microsoft Claims Linux Security a Myth

black hole sun writes "Microsoft bigwig Nick McGrath claims that Linux security is highly exaggerated, and that the open source development model is 'fundamentally flawed.' The gist of his argument appears to be his claim of lack of accountability among distributors, coupled with generic statements short on facts. 'Who is accountable for the security of the Linux kernel? Does Red Hat, for example, take responsibility? It cannot, as it does not produce the Linux kernel. It produces one distribution of Linux.' He goes on to say that 'Linux is not ready for mission-critical computing. There are fundamental things missing,' pointing out the lack of a development environment and no single 'sign-on system' giving reference to Microsoft's foundering .Net passport program." I guess Linux can only aspire to the greatness of Windows when it has such secure applications as Outlook and Internet Explorer. Historically those have been proven to be of a caliber all their own.

Linux Security vs Microsoft AntiSecurity

[michelcultivo]

From Bruce Schneier "Recent data from our honeynet sensor grid reveals that the average life expectancy to compromise for an unpatched Linux system has increased from 72 hours to 3 months. This means that a unpatched Linux system with commonly used configurations (such as server builds of RedHat 9.0 or Suse 6.2) have an online mean life expectancy of 3 months before being successfully compromised." I think the term is not "more secure" but "less vulnerable".

Re:Linux Security vs Microsoft AntiSecurity

[AdrianG]

There's another important point that I haven't seen anyone mention: There's an important difference between exploitable design flaws and exploitable implementation flaws. When implementation flaws are exploited, those flaws can usually be fixed without removing essential functionality upon which legitimate users may have come to depend. When design flaws are exploited, the design must be changed to correct those flaws, and to do this, is often necessary to frustrate the legitimate expectations of real customers.

I've seen a number of people repeat the naive argument that when there are more Linux users, we will have the same problems with viruses that Windows users have. This argument only makes sense if we ignore MicroSoft's irresponsibility in the design of their software. MicroSoft has knowingly and repeatedly committed to designs that are fundamentally flawed. These design flaws include things like adding powerful, general purpose programming languages and macro languages for applications like word processors, and then adding automatic processing of these files in Mail User Agents. Keep in mind that during the '80s, MicroSoft, along with the rest of the computer industry, faced repeated hoaxes of email viruses, and had to offer again and again to customers the explanation that email could not carry viruses because it did not carry executable content. When MicroSoft made the decision to add automatic handling of executable content to their email systems, they could not have been ignorant of the fact that easy proliferation of viruses would be a consequence of their decision.

MicroSoft has generally been reluctant to fix the design flaws in their software, because they are committed to some level of backward compatibility. Of course, responsible designs, up front, might have made this commitment less problematic. The result has been a florishing industry for anti-virus software. We now go to third party vendors to make up for the poor quality of MicroSoft software and for their unwillingness to take responsibility for their own mistakes.

My experience with widely used Linux software is that the stuff that becomes popular is usually designed much more thoughtfully that is typical of MicroSoft's products. Serious security design flaws are denounced quickly, and perhaps more rudely than is really required. While the vetting process for Linux based software is far from perfect, it has clearly been much more successful than MicroSoft's persistent irresponsibility. I regularly follow email lists about security flaws in Unix/Linux systems, and the vast majority of those flaws are implementation flaws rather than design flaws. The flaws for Linux in particular are quickly address, and patches are released. While I'm aware of virus scanners that run on Unix and Linux systems, to me they seem focussed on scanning email and files for Windows viruses. There are Unix and Linux based because Unix/Linux machines are often file servers and email gateways for Windows systems, and not because there is any problem with viruses that attack Unix/Linux systems.

Finally, Linux developers have not been required to cover for their perjury in the courts and have not been nearly so tempted to violate that maxim of software development that every Computer Science student learns in school: Software should be modular. It should be divided into separate modules, where each module does its job. The interfaces between modules should be clean and simple. Applications should not ever be integrated into the core of operating system. A consequence of rational design in the Unix/Linux world is that software upgrades are far less problematic. I routinely tell my Linux systems to go grab all the relevent updates at SuSE's web site and apply them automatically, and while I have face occasional, minor problems, I have never once had a serious problem with any such update. Every Windows administrator knows that each new update carries with it a substantial risk of rendering his systems inoperab

Excellent marketing

[vijayiyer]

This is another example of Microsoft's marketing prowess. They know that IT managers want to hear about vendor accountability, single source solutions, etc. Those who still are using only Windows are probably not technically competent enough to see through the FUD. The truth is irrelevant here.

This totally makes sense.

[bennomatic]

Microsoft isn't a software company. They're a marketing company. They do what it takes to sell whatever they've got. I used to say that MS could pipe all their employee toilets into a packaging facility and sell Microsoft Excrement at a profit. With their marketing muscle, they could find an audience for just about any product.

Unfortunately, part of marketing, especially when your product is getting negative publicity, is pointing out perceived flaws in competing products. I believe the term often used is FUD, and it's nothing new or unique to MS. Heck, it's pretty much how GWB won a second term.

When it comes to this sort of thing, they have a wide lattitude of opinions they can express, especially when there is no Linux, Inc. to sue them for slander. The Linux community, however, has been quite good at spreading the word about MS badness; they're just trying to do the reverse because their feelings are hurt.

Re:Let's keep the bias out of the submission..

[Jerf]

I'm not meaning to troll or to be 'flamebait' here, just to point out a disturbing trend I've noticed in biased story submissions.

I tend to agree that there is a trend problem, though it isn't the mere presence of editorializing; that's always been there. It's the breathtaking inanity of the editorials of late, both from submitters and the editors. One good way of measuring the information value of a piece of information is the extent to which it is a surprise; I see a surprising editorial comment about once a week now (like "this wasn't really Microsoft's fault, you have to blame the user for giving his password out to a stranger"), the rest are total Slash-think that can and have had Perl scripts written to replace them. ("Go away, or I shall replace you with a very small shell script.")

The only thing maintaining Slashdot's reputation is Slashdot's reputation, and that's a formula for a dangerous and sudden collapse. Were I economically dependant on Slashdot, that would concern me.

But this particular editorial does have the virtue of being almost empirically true. Microsoft, as the current owner of the least secure software in common use, just isn't in a position to be criticizing others about security. Evidentally, whatever things they are trumpeting about themselves must not be important, because they are clearly not being reflected in actual results. Something that, if provided, most IT managers will prefer even over the ever-popular empty platitudes, and most IT managers are hardly able to ignore the results of Microsoft security.

Microsoft Argument == Creationism

[JGski]

Microsoft is using pretty much the same arguments that creationists use against evolution.

As we all know, Open Source Software development is structurally similar to the scientific method and evolution in terms of how "new things" are created by the these systems. Similarly, what Microsoft is claiming is that software can't be created well "at random" through emergent means (we know that's a crock) but needs "the Hand of an intelligent Creator" to control everything (Microsoft == God, apparently). Ergo: Microsoft is claiming that only "Creationist Software" is good software - "Evolutionary Software" is evil software.

I think this could be useful angle of attack against Microsoft FUD: they are advocating creationism and faith-based solutions to computer science.

Why I spit on M$ programming skills

[A+nonymous+Coward]

I am generally a UNIX programmer, but I have also used custom operating systems. Only twice have I had to use M$ tools. Both times I have found obnoxious stupidities that led me to the conclusion that M$ does not use their own tools in any reasonable fashion.

Around 1989, I had to use whatever Visual Studio was called then. In the debugger, while stepping thru some C code, I accidentally stepped into strcmp or some other function for which the source code was not available. It dropped into assembler mode, quite fine, just a matter of stepping until it exited back to C code. Except it then displayed the C debug screen without first clearing the assembler debug screen. Lots of pieces left over, register displays, hex codes for instructions, etc. Almost unreadable. It gradually cleared itself up as I continued to use it.

Around 2002, I had to use Visual Studio for some small project. You can click on an API and it automatically adds skeleton code to source files. It leaves those windows open, and I did not want so many windows open at once, so I tried to close them. Nothing under any menu I could see, but the X in the corner worked. Next time I used the skeleton code inserter, it complained that the file had been modified by an external program.

Now I suppose I was doing things the non-M$ way. There is probably some perfectly normal way of getting rid of excess windows. Maybe I should have iconized them instead, but that clutters up the task bar. I found two other similar bugs within the first half hour of using the beast.

These are the kind of bugs that anyone using the program would stumble across very quickly. How can the M$ deveopers take any pride in releasing such buggy code? How can they stand to even use such crap software? Is it so crappy that they don't use it themselves?

I have no respect for M$ programming skills.

Really?

[abulafia]

The MS tools are far superior to anything else in the world at the moment. They are more robust and easier to use.

I've heard this from several corners. Sometimes, even from people I trust a bit. I still don't get it. I don't live in the MS world, so I don't have much of a reason to experiment, but I am honestly interested in what makes them so great.

I hear about the "tool tip" style reference checking, auto-library chain analysis, etc. The first would annoy the shit out of me, and the second I get from my make file (or ant, depending on what I'm building).

C# seems to be a slight step up over Java, but nowhere near enough to incur the cost of switching platforms. (I say this as someone who develops and maintains production apps in Java, and hates the language.)

As a sysadmin-cum-developer-cum-business-guy, I do everything in vi, make/ant, cscope, and custom tools using primitives like sed, awk, grep, perl, svn, RT, image-magick, [custom mailing list manager], etc (yeah, perl can replace sed and awk. I mean to, some day...). I think I have everything I need, but I'd love to hear about how it could be done better.

So, please, do tell- what makes MS dev tools so great? I'm really curious.

In business, this is a legitimate question

[karlandtanya]

CYA is the name of the game.

In making a business decision, it's unlikely for anyone to take responsibility. The larger the business, the smaller the likelyhood. It's not an issue of cowardice; the risks simply don't outweigh the rewards.

So, the question "who do you blame" is a legitimate question. System fails, Clients sue company, company pays clients, insurance company pays company; insurance company sues vendor.

In business, those who take chances are the people who create the great successes and the great failures. These people exist. They are not the norm.

"Nobody ever got fired for buying IBM." The point is not that this is true. The point is that people say (or said) this. They're saying that if you're working for someone and you want to keep your job, you make the safe decision.

Re:Indeed

[hunterx11]

Actually, this is an excellent analogy, just not in the way the grandparent intended. As a producer of bottled water, Evian is held to lower standards than communities are for providing tap water. Tap water may not be free, but it's sure cheaper than bottled water, and the bottled water companies exist only because they convince people that their product is better, when in many cases it is objectively not.

Re:Profitable Insecurity

[einhverfr]

Because the way they do it at MS, they're raking in about $40B:y. Good security would cost them more money than just talking about it. They're smart enough to know how to turn insecurity into a marketing triumph, without paying the cost.

I think that this is present in the minds of program managers at Microsoft to some extent and has been an issue that has needed to be dealt with. But it is not the only one, nor is it the most glaring.

Microsoft suffers from an inferiority complex when it comes to performance and computing. So often the design compromises which occur in the name of performance are more damaging than the ones which happen in the name of cutting costs and making release schedules. This is speaking as a former insider.

For example, early NT systems (through 3.x) used a microkernel architecture with the drivers running in ring 1 on Intel and ring 0 on alpha. GDI.exe was a user-mode program.

Well, it was decided that NT 3.x did not perform well enough, so when NT4 was designed, the essential elements of the microkernel architecture were abandoned in favor of a system where the drivers and GDI ran in ring 0. In other words, the though that stability and security were not marketable but performance was and so chose performance over the other two.

Then the TUX webserver came out, I looked at the architecture, and my first thought was "I am NOT running network services as part of my kernel! I don't want those l33t h4x0rz exploiting Ring 0!" I even pointed this out in several discussions regarding the competitive landscape at Microsoft. In general the technicians, support managers, etc. all agreed with me. But not the program managers whose job it was to steer Windows development, because parts of IIS6 run in kernel mode. Again, compromising security and stability for performance (just as TUX does). Again this decision was made to counter Linux publicity re: performance rather than to try to offer a compelling alternative.

In other words, Microsoft still is not really driven by making secure software. Or at least it wasn't when I worked there (up until shortly after Server 2003 launched). Instead, they have a whach-a-mole marketing attitude where their new products must beat their competitors' in terms of publicity based on whatever market fad is happenig at the time.

So these words are a threat but seem to indicate that they are really worried about Linux and all the free publicity that they are getting.

But when was the last time anyone trusted Microsoft re: security anyway?

Re:Profitable Insecurity

[einhverfr]

so why did you leave?

Aside from the politics which were eay over the top in my opinion, I had a few family issues that could not be adequately addressed while I worked there. Now that my year has passed and I am no longer bound by any non-compete clauses, I can be a little freer with who I am and what I am doing now.

BTW, for those that do work at Microsoft, I was deeply involved in competitive discussions which lead to:

1) Pop3 server bundled with Windows Server 2003 (so that the SMTP/POP3 server combination can compete with Sendmail).

2) The decision to take Services for UNIX to Linuxworld was based on my suggestion though I had no power or leverage to make it happen (and others carried the torch).

3) I was the first to my knowledge to suggest the bundling of SFU with Windows Server. I made many other suggestions but I feel that it would be unwise to mention any which have not been announced either way due to NDA's.

After I left Microsoft, I began to develop a set of software tools designed to help complete the Linux software stack (and just simple utilities to make my life easier). I began a software consulting business which helps people make the most of Linux and Windows.

To tell you the truth, there are pieces missing from the Linux software stack. ANyone who tells you otherwise does not deal with the range of customers necessary to see it but it si there and includes a lot of vertically targetted software for small businesses and line of business software. Most of the software in these markets is not very mature and will take time to develop. So Linux is not for everyone in every capacity but it is getting there.

On the other hand, Windows security is a horrible myth. Windows will never be as securable as Linux is. There are fundamental problems in its design and I have no problem saying this.

Now I did not say that Windows is less secure than Linux, only that it is less securable. If you really want to, you can configure your Linux system to be less secure than Windows 95. It is not that easy to do but it can be done. On the other hand, it will be next to impossible to achieve the same securability on Windows that you have on Linux without breaking a lot of important crap.