UK Gov't Experts Say Linux is Secure, Windows Not

Sara Chan writes "An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available. CESG is the sister organisation of the GCHQ (Government Communications Headquarters), which is roughly the British equivalent of the American NSA (National Security Agency). There is also a warning against "a competing commercial product with hidden source code." For details, see the ZDNet UK story."

Linux security, Windows NT scurity...

[wojtek+jakobczyk]

The Brits would always do something opposite to the Americans - not even a month ago did NT passed C2 certification in network operations (and that's from NSA, guys). I wonder, did someone forced NSA do give this certification to Windows? Or maybe the procedures they used in evaluating Windows were different from those used in evaluating Linux? For those of you who use Attrition's defaced mail list, take a look on the stats. Judging by the fact that Windows NT is becoming even more and more popular as a web server (and most of these servers are administered by idiots, which is a totally different song), there is no significant difference between defacements made on NT and on on other operating systems. We use W2k from the very beginning of it;s history. Our wbeservers have uptimes of 3000 and more hours. No one could break in. Wanna try? Please do: http://nt.security.net.pl Regards - Wojtek

Re:Hee Haw

[lydikitty]

I find the spokeswoman's quote to be interesting, and misleading. She never said Windows 2000 was more secure than Linux or any other OS for that matter. She said that it's just the most secure operating system MS has shipped, which isn't saying much. From what she said, she really didn't seem like she knew much about win2000. Those MS PR people are full of bs and fud.

Re:Open Sourced Windows

[DunLurkin]

If anything they will just use Double$peak. They could release source only for the same code they document now for developers and hype their "New Open Source Windows 2002!!!" while key aspects of security and interoperability features are quietly kept closed.
I wouldn't bet on any right to make your own mods, either - there will probably be the usual unilateral license "agreement" that you invoke by just looking at the code.

Re:Source is the key.

[Malcontent]

But computers are being used to run battleships. I guess it could be argued that a shipboard network is not tied to the outside world but most networks are hacked from within by lower grade users. It would be hard to bribe a sysadmin but probably you could bribe a cook to gain access to a network, hack admin, and download secrets.

Re:I don't trust Windows because...

[Quarters]

Microsoft doesn't need to put any sort of nefarious back doors into the products. They have their shrinkwrap licenses to fall back on if need be.

They lose the anti-trust case and BAM! they just revoke every license the DOJ has for a Microsoft product. This in turn makes another law suit happen and Microsoft get's another few years of unhindered profit growth.

The upside would be that the world would finally get a definitive ruling on whether or not shrinkwrap licenses are legal.

Re:New project, anyone?

[Nermal]

There is one. KhA0s Linux. Despite the silly name (53k00r1733 /\/\4k35 U 3r337) it looks like it will be pretty cool if it ever flies and is definitely being built with security in mind. Crypto filesystem and other nifties are on their list of features. They are looking for help, too.
Lemme see if I can find a url...


Ah. Here it is.

Enjoy!

Re:Trust the Source..

[ben_]

The MS spokeswoman may be asserting the truth. Win2000 may be the most secure OS that MS have released, but that's measured relative to the security of their previous efforts, which has been nothing special. She's opposing an absolute with a relative; obviously those debating society classes came in useful for her...

Re:Microsoft seems to have a strange idea of secur

[Anonymous+Cowpoop]

My school recently recieved some computers from a company called ZapMe! They are completely locked down WinNT boxes that atuomatically log themselves on (so you cant guess at the admin password). All keyboard shortcuts are disabeled (including ctrl-alt-del) so you cant get anywhere. The only way to do anything is to take out the BIOS battery (BIOS is password protected), change the boot order to A:,C: and pop in a boot disk. A simple locking case could stop you from doing all that. So, yes, a Windows box can be made secure.

Re:Nicely Put

[msaavedra]

Begs the question: Who is Slash, and why does he have so many "dotters" in the first place?

Slash was the guitarist in Guns 'n Roses. Rock guitarists always seem to have groupies hanging all over them, so it wouldn't surprise me if he had lots of daughters spread around the country. Oh, you said dotters. Nevermind.

Networking...

[sheldon]

His comment... "Windows was built for a single computer and then the network was added on as an afterthought."

is kind of interesting.

Unix was built for a single computer and then the network was added on as an afterthought as well.

So I assume he's speaking of just Linux, right?

But then which Windows is he speaking of? Sure Windows 3.1 didn't have networking built in to begin with.

But Windows NT was designed with the network in mind.


I find it interesting how blindly Linux advocates jump onto bandwagons. The quotes from this individual show about as much thought as your typical marketing droid.

Re:Networking...

[BluSkreen]

But Windows NT was designed with the network in mind.

But there are several shortcomings to NT in this regard. The most prevelent, is the fact that ANY user can execute code to potentially damage the system. That's the primary reason that viri and trojans such as Melissa are able to be readily spread among users.

If one were to look at the initial C2 rating afforded to NT, it was rated when it was NOT connected to the network. Pretty poor for what at the time was bragged by MS to be the most secure, capable NOS.

FWIW, the majority of corp desktops (according to IDG) are running Win 9x of some sort, not NT. As such, they don't have the granularity of permissions that NT offers with NTFS.

I'll leave the NT domain structure and lack of directory services for another time. Those are issues of poor design, and not necessarily related to security.

Linux isn't perfect, either, no OS is. But the security and flexibility of NT is often overstated by MS, when compared to other NOS'es.

Dave

Re:CORE operating system flaws

[mpe]

See, the problem isn't JUST that Microsoft is slow to fix problems like that (they are), but that in all too many instances, the "fixes" are totally half-assed - they don't actually fix the root problem, they just band-aid it. If Microsoft would learn to fix their bugs the RIGHT way.

Another problem is that you can end up jumping through hoops to get a Microsoft fix, e.g. the msnp32.dll update.

Re:Um...

[mpe]

I also think it's great that "security through obscurity" is being attacked so dead-on, especally in ZDNet. The more people who know and realize that Windows cannot be secure because of its license, the better.

Part of the problem is that what is obscure cannot be relied upon to stay obscure. There is also the problem of "monoculture" where all the parts of a system are provided as unmodifiable binaries

Re:secure systems...sure!

[evilphish]

AMEN, I Agree totaly. Sure our as/400 is secure. But doesn't have as many uses linux/bsd I use linux because thats what i'm good at.
Gentleman, you can't fight in here, this is the war room..

Re:the increase in script kiddies

[evilphish]

not realy. Seenings as the NT boxes were replaced by linux.
Gentleman, you can't fight in here, this is the war room..

NT never really designed by MS

[HydroCarbon10]

NT started out as OS/2, jointly developed between IBM and MS. They split, MS took thier share of the code, IBM took thiers. I think (though I may be wrong) that OS/2 was intended as an end user desktop type thing with the option of being a server. So, NT was an accident and was originally intended as a dual purpose operating system. I'm not sure what this comment accomplished.

Re:Microsoft seems to have a strange idea of secur

[Imperator]

Recompiling login would be insufficient; however, there's no reason you can't remove all accounts with UID 0 from the passwd file.

Gotta have faith

[MrPlab]

And my faith in the U.S Government goes up a notch. Interesting article isn't it? Too bad I'm Canadian and can't claim the good words to come from my own Government.

With citizenship issues,
Matthew
_____________________________________

Re:Gotta have faith

[fornix]

Not only am I happy to be Canadian, but also happy to have paid health coverage, and the chance at a good life in Canada. In the US, however, fear accompanies sickness because of the bills that will follow the treatment. Pretty sad if you ask me.

Ah, the healthcare angle again. It seems that the stereotype of the US is alive and well as we can all see.

In my personal experience as a doc in the US, I've had a lot of opportunities to discuss the US and Canadian systems with Canadian physicians and nurses that come here for training or work. While it is true that everyone in Canada has "insurance", the system is underfunded and there are huge problems with getting timely care. If you have an emergency condition, you will be treated promptly. But if you have nagging gallstone pain or near constant pain from a herniated disc, expect to wait quite a bit longer for treatment in Canada! Tired of waiting around for your public Canadian Orthopedic surgeon to fix that knee? You could try going to someone "out of the system" to get it done faster, but it is impossible because there is no private practice in Canada (by law)! Your choices are way too limited. A homeless bum in the U.S. could get his fixed faster than you as a charity case if he seeks care. At least in the UK patients have a choice between the "public" service and private practice.

The multitiered healthcare system in the U.S. is a paid for by an overly complex system of cost shifting that needs some simplification. But the U.S. system is nowhere near as bad as you seem to imply.

In Canada, public healthcare providers can, and do, go on strike (except for emergencies)! This is not an indictment of the Canadian health care providers since they are as good as any, but the system has serious undeniable problems and should not be held up as a shining example for everyone else in the world to strive for.

"Not for profit" hospitals in the U.S. get a tax break in return for committing to a certain amount of charity care. Any university hospital will take care of patients without any insurance. Of course the U.S system isn't without need for improvement, but the myth of a vast population of people in the US who have no access to medical care is way overblown. In fact, it isn't uncommon at all for Canadians who are tired of waiting around for care to fly down to the U.S. for treatment. The Mayo Clinic sees a lot of this, and even I, a relative pion, have taken care of some neglected Canadians.

I appreciate Canada for its safer cities, Rush, SCTV, hockey, scenic vistas, Vancouver, etc., but am not too fond of its tax policies, french successionist movement, cold temperatures, Celine Dion (sp?), or its healthcare system.

Re:Gotta have faith

[elfbabe]

Umm, this is from the UK government. Not the US government.

Marissa

Re:Gotta have faith

[MrPlab]

Whoops. I meant UK.. honestly :-)

With keyboard issues,
Matthew
_____________________________________

Re:Gotta have faith

[SoftwareJanitor]

Not only am I happy to be Canadian, but also happy to have paid health coverage,

Strange, I am a U.S. citizen, and I've got medical insurance, most of which is paid by my employer. The small part I pay is paid before taxes. Around here, just about all employers provide access to cheap medical insurance. Given that unemployment is under 3%, nobody who is even half way competent at anything should think they have to work for an employer who doesn't.

and the chance at a good life in Canada.

And what makes you think it is that different than the US? Or that you wouldm't have a chance for a good life down here? As many Canadians as have moved down here to work under NAFTA, it makes me wonder where the 'good life' is. I've got nothing against Canada, but I am sick and tired of the whining about the lack of socialist medicine in the US. That is a good thing if you ask me.

In the US, however, fear accompanies sickness because of the bills that will follow the treatment.

I have the choice of four different health plans where I work. All of them cover just about everything. I'd rather pay a little in insurance premiums than a lot in taxes. I'm glad I don't have to deal with rationed health care and government control. I've actually heard a fair number of Canadians complaining that access to healthcare in Canada isn't what some people would have you believe. It is interesting too, that northern US health care centers like the Mayo Clinic (Rochester, MN) get a fair number of Canadians coming down because they would prefer to pay for their care than deal with the government, or because they don't like to wait.

Pretty sad if you ask me.

Its pretty sad you are so uninformed at how things really are down here.

Re:Gotta have faith

[Lando]

Ummm,
Check the article it's a British gov thing, not a US Gov thing.

Lano

Re:Gotta have faith

[b10m]

Since Canadian people always
envy the US people, I can see
your point regarding the US
government.

I do wonder what it is you don't
like about the UK government
(I even wonder if you know where
the UK is ! ;-)

--
B10m

Re:Gotta have faith

[2sheds]

Oh, grow up and get a sense of humour.

james

Re:Gotta have faith

[LarsWestergren]

Strange, I am a U.S. citizen, and I've got medical insurance, most of which is paid by my employer.

Oh, a Slashdot reader has insurance, that's surprising (I mean, so few of us are young, privileged, western, middle-class-or-better white males). Lots of people don't have jobs, lot's of people don't have any choice but working for an employer who doesn't provide insurance. Your comments about current unemployment is irrelevant, as the situation have been worse before and likely will be again. The wealth of a society should not be measured by how the top 10% live, it should be measured by how the bottom 10% live.

I am sick and tired of the whining about the lack of socialist medicine in the US.

Socialist is a loaded word. If caring about people is socialist, I guess I am a socialist. And your callousness makes me sick and tired.

************************************************ ***

Re:Gotta have faith

[SoftwareJanitor]

The wealth of a society should not be measured by how the top 10% live, it should be measured by how the bottom 10% live.

I'm what would be considered middle to lower middle class where I live. I am hardly part of the "top 10%". I was never 'priviliged'. My dad was a 40 year middle-level civil servant. I never had anything handed to me on a silver platter. I've got what I do because I have worked for it. I've worked since I was a teenager and I will probably be working until I am an old geezer. As for being young, I am in my mid 30s. Welfare should only be for those who have a legitimate medical reason they can't work. I've got no time for the lazy -- and nobody would have time for me if I was.

From what I've seen, the top 10% will be what they are, and bottom 10% are going to be SOL no matter what. At any rate, if the bottom 10% were doing so badly in the US, then I can't figure out why so many people from outside clamor to get in here.

What it comes down to is I am tired of hearing people from other countries who have socialist medicine telling us over here we need it. If we wanted it, we'd have it. We don't.

Perhaps I am callous, so be it.

Re:Gotta have faith

[LarsWestergren]

At any rate, if the bottom 10% were doing so badly in the US, then I can't figure out why so many people from outside clamor to get in here.

I have news for you - people are clamoring to get into all western countries, including Canada and Europe. That's because we western nations fuck their countries every day, for instance by keeping them permanently in debt, and paying them peanuts to dump our trash there.

Welfare should only be for those who have a legitimate medical reason they can't work. . I've got no time for the lazy -- and nobody would have time for me if I was.

Strawman alert. No one said welfare was for the lazy. It is you who assumed people in trouble are lazy.

What it comes down to is I am tired of hearing people from other countries who have socialist medicine telling us over here we need it.

Please read my previous post, and the one you answered before. You said you thought your way was better, we said we though our way was better. We didn't try to force you to do anything.

From what I've seen, the top 10% will be what they are, and bottom 10% are going to be SOL no matter what.

I'm afraid I don't know what SOL means. "Stupid or lazy"?


Perhaps I am callous, so be it.

Oh good, we agree on something! Now you can call me a naive, bleeding heart communist and then we are even. ;-)


Ok this thread is getting really offtopic. Sorry if I caused any offence, I didn't mean to flame.

Cheers,
Lars

************************************************ ***

Re:Gotta have faith

[AndrewHowe]

That falls into the class of comments that are so offensive they simply shouldn't be made - even in jest.
I tried to imagine being enough of a cretin to post such a remark, but failed.
You, sir, are an idiot.

Re:Gotta have faith

[MrPlab]

Since Canadian people always envy the US people, I can see your point regarding the US government.

That's a blind statement, to say the least, about all Canadians envying the US government. Not only am I happy to be Canadian, but also happy to have paid health coverage, and the chance at a good life in Canada. In the US, however, fear accompanies sickness because of the bills that will follow the treatment. Pretty sad if you ask me.

I do wonder what it is you don't like about the UK government (I even wonder if you know where the UK is ! ;-)

Isn't it that big mass of land across the ocean who has a Queen with a (now fixed) broken hip and who still has a major say in what Canada does? Yea, I think I know them.. they want that .eu domain don't they. Well, it's pretty bad to say that Canadians do not know where the UK is, after all, we've had British rule here for quite some time, and we're quite patriotic to them.

I don't blame you though for saying these things, the stereotype of Canada is alive and well as we can all see.

Speaking of stereotypes, anyone know how to keep a fire going in an igloo without melting your home? Comments appreciated.

With heat issues,
Matthew
_____________________________________

Re:Gotta have faith

[SoftwareJanitor]

I have news for you - people are clamoring to get into all western countries, including Canada and Europe.

That doesn't seem to support your point though. If people were clamoring to get into Canada and Europe and not the US, then you'd have a point that socialized medicine was preferred by recent immigrants, but that doesn't appear to be the case.

Strawman alert. No one said welfare was for the lazy. It is you who assumed people in trouble are lazy.

People in trouble? Oh please. I live in a marginal neighborhood. I see all the 'people in trouble'. I'm sorry, but I have trouble feeling sorry for people who spend their welfare checks on lottery tickets, cigarettes, booze, drugs and junk food while their children live in filth and squalor. Welfare, at least the way it is implemented here just doesn't work.

That's because we western nations fuck their countries every day, for instance by keeping them permanently in debt,

The US gives all sorts of foreign aid to other countries, both by the government (generally of course that has political strings attached) but also from charities. I've got nothing against charities, if people give willingly, that is their business. I don't like some of the charities' methodology of course (sob stories and guilt trips). As for keeping foreign countries in debt, I would prefer that we cut off governmental foreign aid to the third world. Unfortunately, we can't really control what the big corporations do overseas, and they are probably worse than anything that governments do.

and paying them peanuts to dump our trash there.

And what examples can you give of the US dumping trash in foreign countries? I've heard of european countries sending huge barges of trash to third world countries, but I have yet to hear of the US doing that. Frankly, it is probably because of the fact that shipping costs would make it unattractive more than anything else, but I don't see how you are going to make me feel guilty over that one.

Please read my previous post, and the one you answered before. You said you thought your way was better, we said we though our way was better. We didn't try to force you to do anything.

I just reread the original Canadian fellow's post. It appears that you are wrong. He was the one who was critical of the US's non-socialized health care system. I said I was happy with the way things are here.

I'm afraid I don't know what SOL means. "Stupid or lazy"?

That is actually kinda funny. It really stands for 'shit out of luck', however. What I meant by that is no matter what, the bottom 10% will always be the bottom 10%. The fact that most of them are either stupid or lazy or both is of course a contributory factor. Unfortunately, what is really the problem is the fact that most of them are uneducated, and the system encourages them to be dependant rather than forcing them to make an effort. At any rate, you can come to where I live and watch the bottom 10% with sattelite dishes wired to multiple TV's in dumpy old 14x70 mobile homes. They of course are the ones wearing $40 Tommy Hilfiger shirts, 14 karat gold chains around their necks, toting a cell phone and a beeper and driving a car up to the mini-mart to buy a 40 oz of Olde English 800. Now what was it about the bottom 10% in the US having it so bad? Oh -- and get this -- they do get free health care. It's called Title XXI, medicaid or other welfare programs. That and the country hospital system. Sure, they aren't quite as good as the private hospitals, but they are free for the people who qualify.

Oh good, we agree on something! Now you can call me a naive, bleeding heart communist and then we are even. ;-)

I'll leave the name calling to you, thanks.

Re:Gotta have faith

[LarsWestergren]

Oh -- and get this -- they do get free health care. It's called Title XXI, medicaid or other welfare programs. That and the country hospital system. Sure, they aren't quite as good as the private hospitals, but they are free for the people who qualify.

Oh, so now you DO have socialized health care? I'm glad to hear that.

Now what was it about the bottom 10% in the US having it so bad?

Even if people in your area have it so well, I doubt you have seen how all people in the US have it. For instance, isn't something like 10% of young black men in jail? Don't they count? Also I believe the US rates quite low if you compare global numbers on literacy, vote participation, crime rates, infant mortality rates, pollution, number of psychopaths per capita, teen pregnancy, etc etc.

I'll leave the name calling to you, thanks.

Ok, then I guess I'll just have to leave the high horses and snide innuendos to you...

************************************************ ***

Re:Gotta have faith

[SoftwareJanitor]

Oh, so now you DO have socialized health care? I'm glad to hear that.

Not really. I don't have to deal with any of that system because there is a private system for most people. The point is that you can have a 'safety net' type welfare system without having to socialize the whole health care system as some politicians here have been trying to do. The good thing for me is I can choose which doctor I go to, which hospital I go to and I don't have to deal with government waiting lists like I hear about in some places that have socialized health care.

Even if people in your area have it so well,

I don't live in a particularly prosperous part of the country. The area I live in is notable mostly for its averageness. Things aren't really that much different anywhere else in the US for that matter.

I doubt you have seen how all people in the US have it.

No more than you can say you've seen how all people in Sweden have it. That being said, I have traveled around the US enough (I've been in at least 17 of the 50 states within the past year) to feel comfortable saying that I have a fair knowledge of what is going on around the country. I've visited Europe as well, but I wouldn't say I know it with the level of detail that I do the US. I get bombarded with news from around the country, but generally only major news items from outside the country make the news here. I suspect (and having perused the news coverage when I was in Europe it seems to hold true) that the same things hold true in reverse.

For instance, isn't something like 10% of young black men in jail? Don't they count?

You'll be happy to know that prisoners get free health care. And of course they don't count, felons can't vote. As for the number of minorities in jail it is largely because those people choose a lifestyle (gangs, drugs) that leads to incarceration. I know many black people who are hardworking decent people that don't choose to buy into the 'gangsta' lifestyle. It is a choice, it is not something that is forced on them. It is kind of ironic that you bring up problems of racial diversity when you don't have to deal with that issue nearly as much in most European countries.

Also I believe the US rates quite low if you compare global numbers on literacy, vote participation, crime rates, infant mortality rates, pollution, number of psychopaths per capita, teen pregnancy, etc etc.

Some of those things may be true, but yet people still bang on the doors to get in here? Why is that? I don't think you've given me much evidence that in things that those people care about that the bottom 10% seem to think that they are treated that badly in the US. Until you've been here and seen how the bottom 10% really live, you are just operating on hearsay evidence.

Ok, then I guess I'll just have to leave the high horses and snide innuendos to you...

Whatever. Like you have a lot of room to talk there either. I never claimed to be a nice person, did I?

Re:Gotta have faith

[koh]

Please don't flame away just coz you don't like the United States... Actually I really don't like America's way of life, but what, I don't live there, so I cannot know for sure... and I sure cannot speak since I don't know ;)

Re:The US Navy sure learned their lesson.

[Caspuh]

Perhaps in your experience. My installs have always been stable.

no arguments but trust

[Arleo]

I thought this person, Througton, as a representative of the government would give us an objective comparison of technical security issues between Linux and whatever. But he doesn't. When he says:

"Windows was built for a single computer and then the network was added on as an afterthought. Also it's closed source, and I would never ever trust someone else completely with security."

he's not convincing with technical arguments. What he says is just a matter of trust, because he cannot see the source code. But trust doesn't tell me whether or not an OS is secure. Technical facts do. Is Novell insecure because I cannot see the source code? And what about the commercial Unix-flavours? Banyan Vines? What about all the software embedded in our network hardware?

This article doesn't tell me anything new. I hoped that someone from a government, someone independent, could give me some objective arguments. But this article is just another bash in the pro/contra MS fight.

Arleo

Re:Finally they open their eyes

[Zurk]

hmm..cant you run Horizon under WINE ??
Also, The NT4SP3 security thing is basically bullshit. Download the DLL cache posion attack from l0pht or bugtraq and you can rootkit an NT4SP3 system in seconds.
BTW, it also works against NT4SP4 and it can make the Guest account Administrator (oops).

Nicely Put

[Kid+Zero]

I prefer something I can look at. I mean, I really don't trust an engine I can't work on. Why should I trust an OS I can't pull up the code and read with a cup of Coke?

Besides, if there's a bug, about 300 Slashdotter's will point it out. Best system in the world.

(Slashdotters... sounds like we are all Icelandic.)

Re:Nicely Put

[Foogle]

Begs the question: Who is Slash, and why does he have so many "dotters" in the first place?

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:Nicely Put

[thal]

> read with a cup of Coke?

How could you possibly drink a closed-source beverage! You can't trust that they haven't put insecure flavoring in it!

Re:Applications count too.

[muffel]

I agree 100%. The problem is that there are basically no applications for Linux...

Um... is this meant as pure flamebait, or are you just being ignorant?
My Linux distribution came on 6 CDs, and that wasn't just all kernels...

Mmm.. Secure.

[Yakman]

Windows 2000 is the most secure operating system Microsoft has ever shipped.

Is this REALLY that difficult? :) WinNT is, how many, 4 or 5 years old and yet still there are severe security flaws coming out in the CORE operating system. Sure Linux has had a few security holes here and there but they've been patched pretty much 'instantly' and most of them weren't in the kernel (ie. the core OS) but in tools like Sendmail and whatever.

Maybe I just don't know what I'm talking about (well, probably ;)) but I don't see how people can even consider running some of the things they run on NT.

On an unrelated note, i'm just rambling because it's Christmas Eve (well, 3:30pm) and I want to go home but I have to wait for some lame-arse Y2K update to post on the Intranet before I go.. [sigh]

Trust the Source..

[Wah]

..
(An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available.

.and.

He says, "Windows was built for a single computer and then the network was added on as an afterthought. Also it's closed source, and I would never ever trust someone else completely with security.")

vs.

A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever.

Marketing vs. Reality isn't a fair fight...

Re:Off=topic.

[vectro]

The real question, is what a non-geek is doing posting to slashdot.

Hrm

[ransom]

Hooray and rejoice, we reinforce the fact that Linux is better than Windows. But this is a double edged blade, and for this reason: with the antitrust suit against MS going on, what happens when someone judges that there is fair competition again Microsoft? The whole trial could go down the shitter just because we won the ego war. I say, wait till the trial is over and done with before proving what great competition Linux is.

If you think you know what the hell is going on you're probably full of shit.

Re:Hrm

[gustar]

Games driving the market, I really don't think so! The primary catalyst behind computer development has been and will continue to be buisness systems developed to perform information processing for a useful purpose. Take a look at the dollars spent on IT systems, data centers etc. and then compare that amount to the dollar amount invested in the whole gaming industry (including console systems as well as PC based games) and you'll find that money involved in the gaming industry is very small potatos when looked at side by side with the IT world.

Re:Hrm

[Lando]

Your statement is FUD. The FOF is dealing with Microsoft as a monopoly and the unfair business practices they used. This is past tense and deals with a specific period of time.

Even if Microsoft's monopoly is challenged now or in the future, not that I am saying it will be, Microsoft still has to answer to the charges that have been brought against it.

In other words, if you go out and kill someone and later you go to trial an effective defense would not be that you are not currently murdering someone.

Lando

Re:Hrm

[reflector]

I say, wait till the trial is over and done with before proving what great competition Linux is.

Don't think so, man. We have a world to take over, no time to wait just so that the micros~1 has-beens get what they deserve. Just leave them in the dust...

Re:Hrm

[PiMan]

Remember that the antitrust is more than just being monopoly, it's also monopolistic practices (ie, buying out, stealing source, browser packaging, etc). Between this and the finding of fact that's happened, I doubt we'll see anything change.

Hee Haw

[Pike]

A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever. "Windows 2000 is the most secure operating system Microsoft has ever shipped," she says. "Among other things, entire development teams were focused solely on searching out security issues within the beta code; Microsoft posted a public Internet beta test site for customers to test the security of the system, and new development processes were put in place to ensure that the system was built from the ground up with security as a key objective."

Yep. Everyone remembers that public test website.

There is no way an OS the size of W2K can not have security issues and still be hidden from peer review.

Also, "among other things, entire development teams were focused solely on searchng out security issues..." How can you be focused "solely" on security, "among other things" ?? "Watcha up to, alan?" "Well, I am focused solely on security, among other things."

Finally, I don't believe they built the system from the ground up, either.

Re:Hee Haw

[Imperator]

Actually, "among other things" refers to what Microsoft has done to make W2K its most secure product ever. In Marketroid Standard English, that's acceptable usage.

Re:Security, damn lies, and Microsoft

[spectecjr]

It won't be available to the public until Feb.

Er, yes it is actually - to anyone who has an MSDN Universal subscription, or who is part of the Microsoft Select plan. And that's a LOT of people.

Simon

Re:Microsoft seems to have a strange idea of secur

[spectecjr]

but, please lay off of using FUD as an all-purpose word for mis-information. it's a specific case of malicious mis-information, and does not apply in this case.

It's used to mean disinformation. If you don't like that, then tough - it's the same thing that happened with the word hacker (I don't like that, but that's tough too).

Simon

Re:Microsoft seems to have a strange idea of secur

WTS is also (in my experience) usually *faster*

Get an x protocol compressor such as dxpc.

Re:contraction

[Dougie]

Pointless post.

But I thought it was rather ammusing my self.

Sorry, but Troughton lacked credibility

[Zico]

First of all, this wasn't some organization promoting this view -- it was just an individual. Now, he's called an expert, but it's silly not to look at that with some perspective. Such as all the "military experts" telling us that Operation Desert Storm better bring a lot of body bags because the Iraqi Republican Guard was so brutal. We all know how this turned out. Or, the "societal experts" telling us how welfare reform in the U.S. would destroy the lower classes. Again, this didn't happen. In both cases, the experts' position was often affected by personal biases: people against the Persian Gulf war in the former case, and big-government proponents in the latter. When you look at what Mr. Troughton says, I think it's pretty clear that he's a GNU/Linux advocate through and through, and that it's likely that his Linux endorsement stems from that.

The most blatent evidence of his bias was the quote, "Linux is as secure as you can make a computer." Honestly now, do even Linux advocates here believe that? Even if you think that Linux is the best OS out there (because of a combination of its various strengths), I don't think any rational person would even try to put forth that argument. This is the main reason why I think he's a Linux fan who's trying to promote it by saying that it's the most secure OS, as opposed to someone who became a Linux fan because he found it to be the most secure OS.

Secondly, he made other quotes that made him sound like your good ol'-fashioned OS advocate. Namely, that Alan Cox is the best programmer on Earth, and "I've heard he writes code like Richard Stallman." I'm not saying that Mr. Cox is or isn't the best, but these statements sound less like they came from a dispassionate seeker of the most secure OS and more like your garden variety GNU/Linux-advocating name-dropper. Basically, the only thing that was missing was to hear him say, "Linus r00lz."

In other words, I'd take Mr. Troughton's words with an extremely large grain of salt.

Cheers,
ZicoKnows@hotmail.com

Re:Sorry, but Troughton lacked credibility

[mce]

The most blatent evidence of his bias was the quote, "Linux is as secure as you can make a computer."

It's sad, but I have to agree with that. I liked most of the article and don't mind the Alan Cox quote even though I can see why others would, but the above quote diminishes its value a lot as far as I'm concered.

--

Re:Sorry, but Troughton lacked credibility

[348]

but these statements sound less like they came from a dispassionate seeker of the most secure OS and more like your garden variety GNU/Linux-advocating name-dropper.

This alone was the flavor I couldn't shake while reading it. It made the whole commentary seem very shaded. I thought the Troughton was pouring on more of an "ad campain" than anything else.

Re:The US Navy sure learned their lesson.

[Tony-A]

We normally have NT uptimes of several months. The servers are overpowered and underworked. The servers do not have Exchange, screen savers or Microsoft Office. Stable? Only as long as no one rocks the boat. Whenever a system is a bit strange, reboot. If it looks like it has lost its marbles, hit the power switch. Security? Enough to prevent most users from installing applications, on a par with locks that can be opened with a penknife or credit card. For us it is more than enough, but we do not assume it meets any reasonable criteria of secure.

When Linux users are quoting uptimes, you can reasonably assume that that box has been subjected to some degree of abuse without having deteriorated the base system. Push NT and best plan on rebooting very soon. Do anything remotely complicated in Microsoft office and plan on rebooting.

Sorry about the ramble, but I am trying to point out that NT _can_ be used effectively, and with long uptimes. I agree with your remark about NT's stability. You just have to walk _very_ carefully. Is this the way systems should be? H*** No!

If you've got a lemon, make lemonaide.

Thank You.

[Tony-A]

Completely in line with Microsoft's use of the word innovate.

Re:Microsoft seems to have a strange idea of secur

[TummyX]

don't be such a total dickhead.

geee, anyone who designs a pencil that has no eraser should be charged with criminal negligence.

OSs come in many forms, and for many purposes. I suppose you wnat your washing machine to have security too.

Perhaps you should try to sue apple for making an OS with no security as well? At least Microsoft have NT, which has MUCH MUCH higher security granuality than Linux (security on just about every object).

experts, plural.

[Tony-A]

That is coming from someone in a bureaucracy. Bureaucrats do _not_ speak publicy as a single lone voice.

People determine security not the OS.

[Chokai]

When will these people realize that the software is only as secure as the knowledge of the person who set it up permits it to be. Sure I can setup one hell of a secure NT or Linux installation. But what about my the partner in my dad's firm who is defacto sys-admin for the firm? He isn't going to understand alot about configuring Linux. He will be able to understand the totally point and click/wizard environment of Windows NT. I would be willing to bet that with the time he has available a NT server he sets up will be more secure than a Linux one. (if he had one to setup.) (Note I am not talking about the default setup, I'm talking about him taking some time to customize it to his needs.) Wizards as obnoxious as they are can be quite useful to establish a base setup which you can then customize, or leave alone if you don't understand it.

Studies like this have always meant and will continue to mean very little IMO. Just like the NT C2 certification means very little this means very little to Linux. We shouldn't get our heads inflated over stuff like this and go around pretending like we are all high and mighty because we use Linux and are "secure".

Re:People determine security not the OS.

[BluSkreen]

He will be able to understand the totally point and click/wizard environment of Windows NT.

Concepts of secure networks and computers span far beyond the graphic interface of a "wizard". An administrator has to be able to know what to do, and what might be ramifications of particular choices. It's about knowledge of systems security, not point and click.

Dave

Re:People determine security not the OS.

[swordgeek]

@software is only as secure as the knowledge of the person who set it up permits it to be."

Maybe it's more accurate to say, "given equal playing fields, software is only as secure as the knowledge of the person who set it up permits it to be." Certainly, an out-of-the-box installation of linux isn't going to be much more secure (if at all) than NT, and maybe it's easier to achieve a modicum of security with NT for the casual administrator.

However, the crux of the article is this: You cannot make an NT system as secure as I can make a linux (or most Unix variants for that matter) box. The ceiling for NT's 'best security' is substantially lower than that for linux. That's all there is to it. Furthermore, the 'security by obscurity' philosophy means that the ceiling is actually even lower, but you just can't see it. (until you run into it)

Re:Finally they open their eyes

[demon]

But you miss my point - NT 4 was evaluated (just in the past month or 2) for C2 Orange Book - it was NOT certified, only evaluated. And really, NT itself wasn't what was being evaluated - it was a _particular_ installation, on a particular system, and a certification would ONLY apply to that configuration, not any other(s). Also, in the US, C2 Orange Book is the bottom rung for security evaluation/certification. It's not exactly "high-security" stuff.

So as I said before, don't get the wrong impression of what a C2 certification (or even the UK's equivalent) really means.

Active Logic

[Tony-A]

A Microsoft spokeswoman, however, disputes these perspectives [Microsoft security vs Linux security], claiming that Microsoft's closed-source software is more secure than ever [W2K vs NT4, or with vs without the latest security patches].
I'm a bit rusty with logic, but this seems to be the fallacy of equivocation.

Re:The US Navy sure learned their lesson.

[Caspuh]

My Linux box currently has 218 day uptime on it and not a twinge of instability!

hmm...so does my NT box....what does our bragging prove? nothing, so why do we bother making these comments?

Specific architectural security flaw

[Tony-A]

with Windows 2000.
Microsoft.
'nuff said.

Re:Microsoft seems to have a strange idea of secur

[Caspuh]

It works the other way around too! Most administrators, when asked if their network is secure, reply "of course, we're behind a firewall." There's almost always a way to get code executed on a system, even if you cant do it directly. Once that happens, your firewall is useless.

Re:Microsoft seems to have a strange idea of secur

[Silverlock]

First of all, I am a linux geek and I honestly don't know much about Windows security. However, if it works as well as everything else in Windows then it's a wonder your average 2yo can't take over an NT domain.

That said, this is my personal experience with Windows' granular security. I work graveyards at a national ISP in the network operations center. In the daytime my computer (running NT) is used by an admin. Of course a peon like me can't have full access to an admin's machine, so it has been locked down in my profile. As it stands, I can't use corporate mail because I can't log in to the exchange server. I can't install anything. I can't use AIM because I don't have access to my own buddy lists. I can't use ICQ because I can't install it. I can put files on my desktop but then I can't delete them unless I drop into a dos shell. Etc, etc, etc.

Perhaps this is all due to the incompetence of the admin. However, when I look at how easy permissions are to set up in Linux, I have to think that either NT permissions are crap or I am being actively sabotaged by the admin. The admin is a pretty nice guy, so... :P

silver

PS - The CEO made the decision to put NT in the NOC, not the admins. They all have Linux or BeOS as well.

Re:Fire in an igloo

[Tony-A]

IANAE (I am not as eskimo), but I seem to recall from somewhere that with skins or blankets on the floor and walls, an inside temperature of about 55 degrees Farenheit is normal with oil lamps inside and outside winds and temperatures around -55 degrees Farenheit. Not cozy but better than dixie on a frosy morning.

Re:secure systems...sure!

[Caspuh]

actually i believe getadmin.exe is a local exploit.

Re:Fire in an igloo

[Tony-A]

make that _frosty_ morning. Sorry about that.

Re:Finally they open their eyes

[Shirotae]

Microsoft Windows NT 4.0 SP3 was certified in March 1999 at assurance level E3 and functionality class F-C2 under the UK ITSEC scheme - see the UK ITSEC scheme site for details. This is essentially C2 functionality, but with a higher assurance level (ITSEC E2/F-C2 is approximately TCSEC C2). I have not found any version of Linux certified under any scheme.

The UK ITSEC scheme is jointly managed by CESG and DTI, and is based in Cheltenham - which is also where you will find CESG and GCHQ. So we have NT passing ITSEC at the same level as conventional versions of Unix (i.e. the ones without MLS) under a scheme managed by CESG, and an expert from CESG reported as saying that Linux is more secure because the source is open to scrutiny. Note that the article does not say in what forum the remarks were made, so we are dependent on a journalist reporting accurately here.

There are various things you can take from this. One is that ITSEC E3/F-C2 (and also TCSEC C2) is not much of a hurdle to jump in terms of real security - Linux could probably jump that hurdle, but has not been put to the test. The second is that CESG has at least one person who is aware of the value of openness - but is reported as having the strange view that "Linux is as secure as you can make a computer," and also "Unix [on which Linux is based] is the paradigm that the computer is the network".

Linux as available today is certainly not as secure as a computer could be made. It could be made very secure, and the openness means that anyone can have a go at verifying and improving the security, but that is not the only option. I would expect SCO CMW+ (certified at E3/F-B1) to be more secure than the average Linux without the benefit of open source.

The important thing is for designers and implementers who really care about security, and who have enough experience to know what they are doing, to have real input into the process.

Re:Microsoft seems to have a strange idea of secur

[Anonymous+Cowpoop]

One probelm, how am i gonna get it on the computer. I cant download to the computer (almost everything is proxied out), i cant put it on a floppy can copy it (no access to Explorer), i cant boot off a disk (boot order is set to C:,Network,A: and BIOS is password protected). Thanks for the help anyway :)

Re:I can vouch for that...

[BluSkreen]

NT doesn't get owned, it just gets crashed.

That's not true at all. There have been several documented incidents of compromised NT servers. BO2k is just a small example.

Dave

Re:Security, damn lies, and Microsoft

[BluSkreen]

It won't be available to the public until Feb.

Dave

Re:Um...

[nevets]

Although I am a strong Linux advocate, my first thought was about Open BSD as well. But to quote the article exactly:

Linux along with the open source model for software development as the most secure computer architecture available.

I took it as saying that Linux AND the open source model. So isn't Open BSD open sourced. Although I know there are differences in the license. So Linux is what stands out most in the view of the public. I believe that Linux is a stepping stone to the others (*BSD). Linux is more user friendly IMO.

So I believe this is more of comparing open source to closed source. So you *BSD people don't get alarmed. The more exposure that Linux receives, the more exposure the *BSDs do to. In fact, I never heared of the *BSDs (besides the original) before I started using Linux. Now I recommend Open BSD for those that need a tight secure system.

Steven Rostedt

Win2k is not yet shipping

[fcw]

'Shipping to manufacturing' is not the same as 'shipping to customers'. I don't consider any product as 'shipping' unless ordinary customers can receive it. Note that this precludes unsupported betas, release candidates to the select few, et cetera.

MS is just trying to pretend they kept their promise to ship before the end of 1999, which they have not, because Win2k will not be shipping to customers before Feb 2000 at the earliest.

Re:I don't trust Windows because...

[Yakko]

What you are describing sounds alot like Ken Thompsons C hack to let him log in to any Unix system.

According to Ken himself (sorry, I've forgotten the link into dejanews), it never left USG/AT&T research... and that one started as a trojan, IIRC

--

Foolish laughter? :-P

Purely due to the fact that Linux is open source says that it is NOT secure.

Well, it is, actually, because a properly updated system will keep the script kiddies at bay. You see:

• Bad Hacker finds new security hole and takes advantage of it
• Good Hacker finds said hole, patches it and reports it
• Script Kiddies who only get their stuff from security sites won't be able to crack an updated system

or:

• Good Hacker finds security hole, patches it and reports it
• Bad Hacker can't get in, unless he finds a new one
• Script Kiddie can't get in at all

Either way it's *almost* a win-win situation, except the Bad Hacker could do some damage, but then, he would do the same on, say Windows NT. The good thing is that damage is limited to the unlucky admin who got his system compromised. Everyone else laughs in joy, though.

It is the easiest thing in the worl for X employee to come along, not knowing totally about how to use it, and screw things up in a few minutes.

Not with Linux, where you have different accounts for each user. No one works as superuser (root) - this account is only for system administration. I think you are too used to playing around with Windows 9x, where this, indeed, is a potential problem.

Linux takes an intrusively longer period of time to secure and keep updated

That depends. If you have a server running, it should be dedicated, running as few other services as possible, at least in a Government situation. Since the box is running very few things, updating the single demon running won't be that hard.

In essence, the UK Govt should stick to NT or whatever else they run for now, learn how to use computers and above all, keep updated and learn how to patch.

The UK Govt should stick to a secure OS, like Linux or *BSD. The reason is simple: Security holes are found and patched quickly. If an NT security hole is uncovered, MS will take their sweet time to fix it, compromising your data.

You aren't laughing anymore, are you?

Oh, and Merry Christmas to you, even though you did pull out a last attempt at FUD tactics ;-)

Re:Um...

[Yakko]

(I'm talking about DEFAULT setups here)

It's generally required to alter a default config, tho... and I would expect it, actually. Sure, OpenBSD is secure out of the box, but it may not fit user X as shipped... but it's generally accepted that "OpenBSD is more secure than Linux."

"Secure" is a rather subjective term amongst all OSs anyway... depends on who set it up, what other stuff they installed, etc... etc...

--

Re:Microsoft seems to have a strange idea of secur

[RedGuard]

But once you know the password for an nt user
with permission to run user manager and alter
privileges (and are in a permission to login)
then you can do whatever you like too. For
example you assign yourself the backup
privilege which allows you to access any file
on the disk.

Re:Source is the key.

[GypC]

I think a BSD based system is the best bet for any government. They have the source and are not obligated to share any enhancements they make to the OS.

If they use a modified linux internally and are distributing binaries they are under no obligation to publish their modifications.

OpenBSD would probably be more secure though.

WTS vs X over slow links

[samorris]

Also, telnet server and Windows Terminal Server allow you to execute as much code as you care to remotely. WTS is also (in my experience) usually *faster* than an equivalent X-windows session over a 28.8k modem. You probably wouldn't want to run Photoshop on it - but Visual C++ 6.0 runs quite happily on it.

This matches my experience with WTS compared to X, presuming you're not running X with lbxproxy (supposedly with lbxproxy, their performance can be comparable, but I've haven't personally tried it). With a terminal server session forwarded through ssh, it is smooth enough to remotely administer nt fairly painlessly from my home, which is typucally 20-25 hops away from the university where I work.

As for other methods of remote shells, (for the non-w2k or nt4tse fortunate people) it should be pointed out that NT4 did come with telnetd on the reskit, although the inf that came with it required a minor rewrite before you could use it to install it. The reskit also included rconsole and rcmd, and then are a couple ports of sshd to run on nt (although the couple I've looked at were built ontop of cygwin32... the idea of a security-conscious package being built ontop of cygwin32 is kind of amusing). And then of course win2k comes with a kerborized telnet daemon.

Back to terminal server, a disadvantage with nt4tse was you had to buy licenses for the number of concurrent client connections, even if you were just using it for remote administration and not as an application server. This is improved somewhat with win2k -- you can have a limited number of admins connect via terminal server without a license, but they have to be administrators.

-- Scott

Re:WTS vs X over slow links

[LocalYokel]

FWIW, you can't do jack with NT from the CLI. You can change your password, but cannot perform any other kind of user managment. You can connect to shares on the network, but you can't create any. If you want to do anything more advanced than that, forget about it.

Why are NT admins skinnier than UNIX admins? The UNIX guys don't spend all day running from machine to machine!
--

Re:Source is the key.

[GypC]

I think a BSD based system is the best bet for any government. They have the source and are not obligated to share any enhancements they make to the OS.

If they use a modified linux internally and are not distributing binaries they are under no obligation to publish their modifications.

OpenBSD would probably be more secure though.

Re:Um...

[Vryl]

booracrats?

Oops! Read the other one.

[GypC]

=)

Re:Sickness

[fReNeTiK]

The security of a system depends alot more on the knowledge and skill of the admin than the system used. If you put me in control of the OpenBSD box and confront me to a skilled NT admin, I wouldn't stand a chance of securing the box as well as the skilled NT guy (ot: does such a person actually exist?), because I have no experience at all with computer security.

Linux, *BSD, NT, VMS, it doesn't matter all that much as long as you take the time to learn the stuff you need to secure your system... The right tool for the job.

BTW: I'm learning ;)

Re:Microsoft seems to have a strange idea of secur

[samorris]

Yes, but the System account on a non-domain controller has no network access. Therefore, you might own a machine by 'getting System' but are unable to use that machine to probe or attack other machines.

It may not be able to open smb connections to domain resources and have those connections transparently authenticated (which is what ms means in the docs by "no network access"), it does have *complete* control over the local system, meaning if it is compromised, there are ways to get access to domain resources.

For example, by default lsass caches the password hashes of every domain user that has logged onto the local system so that it can still allow users to logon even if it can't contact a domain controller. Since ntlm (the default authentication method between nt4 boxes) does a challenge-response based on that hash, the system account of a local machine has everything it needs to gain access to domain resources as any user that has logged onto the local machine (assuming the user has not changed their password since they logged onto that particular mchine).

Now granted, most script kiddies don't have the knowledge of nt to attempt this, but if I remember correctly the rootkit Greg Hoglund and those guys were working on included a tool that did something like this.

Even if a hostile didn't want to go to that much trouble, they can still run *anything* they want on the local machine, packet sniffers, port scanners, whatever.

Having a system account compromise is effectively no different than having a root compromise -- just like an individual machine's root account, which may not directly have unlimited access to other machines on the network, it still has the means to launch attacks, and in most environments, the means to get priviledged access on other machines.

-- Scott

l0phtcrack?

[Vryl]

www.l0pht.com ???

we bought a second hand server with a full windows NT still installed on the hardisk. (twin p90, two scsi hard disks and a 4gb tape drive, bargain!)

l0pht crack got the admin password in seconds and brute forced all the other user passwords in 14 hours.

Re:Security, damn lies, and Microsoft

[pb]

Yo.

The public == In stores == Read my post next time

Later.
---
pb Reply or e-mail rather than vaguely moderate.

contraction

[reflector]

The title of the slashdot article,

"UK Gov't Experts Say Linux is Secure, Windows Not"

can be made shorter:

"UK Gov't Experts Say Linux is Secure, WindowsN'T"

That's what Windows NT means, isn't it?

Re:contraction

[cheese63]

What the hell does NT stand for anyway? By the way, I'm using Opera 3.6 for windows, and it's really really fast at rendering pages, it's awsome.

Re:contraction

[Relforn]

Actually the title should be "UK expert " and singular. It should not be 'blown up' into a claim that the entire agency has weighed in on the matter. I noticed that right away in the story summary, that it sounded like a "snowball effect" endorcement. One 'expert' issues an 'endorsement' and suddenly an entire government agency is behind what he claims.

Re:contraction

[Greg+Merchan]

I think it is supposed to mean 'New Technology'.
Which is kind of funny becuase IIRC its based on VMS.

Re:contraction

[Greg+Merchan]

s/its/it's/
I must be going blind, this is my second follow-up to my own previewed post.

Re:contraction

[Marcio+Silva]

New Technology

Re:contraction

[VAXman]

Which part of VMS do you consider to not be "new technology"? It is about nine years younger than Unix (which Linux is based on), and several features are still unmatched in todays operating systems. Most Unix and Windows users continue to lust after VMS's clustering technology, for example.

Re:contraction

[connah]

Null Technology
Connah

Re:contraction

[TPx]

Again.

Resorting to name calling... such a mature attitude...

And you wonder why the general public see this people as weird.

Re:Finally they open their eyes

[arivanov]

The problem with the standards you quote are that they have long gone jurassic. They assume single hostile attack not a hostile world.

For example:

SCO passes certifications higher than C2 but it can be r00ted in seconds. And actually could have been r00ted in seconds for a long time... See BUGTRAQ for references.

In btw the xploits currently posted about SCO have been known since 1996. Seen it, been there, been r00ted, replaced SCO with Linux...

The situation with most other commercial Unices is similar.

For example a certified B1 DGUX (4.0 releases) in its unpatched form could have been r00ted with 4 commands issued from the shell prompt... (The dump core along symlinks f... up).

This does not mean that having a proper audit trail under linux would not be nice.

Anyway Linux is reasonably secure (at least as secure as commercial Unices). What it is missing for certification and acceptance is the capability to report its security... And of course a certain glimpce of sanity in the standards will also be nice...

Re:Security, damn lies, and Microsoft

[spectecjr]

The public == In stores == Read my post next time

I guess Linux was only available to the public from 1998 onwards (or so) then?

Simon

flexibility -> complexity -> insecurity

[samorris]

nt's security paradigm definitely does allow much more granularity the unix's model does -- the security for virtually every type of object is managed uniformly, ranging from devices, files, registry keys, active directory objects, services, you name it, and each type of object has very specific rights that can each separately be allowed and auditted.

This is in stark contrast contrast to the unix model, where you have a a limited security mechanism on ipc primitives and anythiing that can be treated as a file, but you only have three kinds of access, and for most other objects there's no way to give someone who's not the owner, root, or sudoer any access.

It can be useful to be able to set the security descriptor on a service, or an arbitrary process, to allow a certain group of users to kill it without having to give them an equivlanet to "sudo kill". Or for a file, to be able to give someone only append accesss. Or to be able to give a running instance of a daemon (not the user it is running as) special access to a particular object.

But while this additional flexibility may be a blessing for a relatively small set of situations, it does make the task of writing security-aware applications for nt a much more involved process than it already is for any architecture, and makes the jobs of auditting a particular system a nightmare.

I personally like the additional functionality alot of the pieces of nt offers over the other architectures I've worked with, but it's definitely not clear to me that its security paradigm is "better" simply because it can do more. Security is something most organizations have to be aware of these days, therefore it should be made as simple as possible. Especially for an os like nt where the vast majority of admins are inexperienced when compared to the admins you find administering other architectures.

What made this even worse was even though nt had this very rich security framework, it comes out of the box with absolutely horrible initial permissions on the two most visible portions, the filesystem, and the registry. Before the security configuration editor appeared with ussp4, coming up with the scripts to secure an out-of-the-box nt install was a an extremely difficult and time consuming process that the vast majority of the sites out there never even attempted.

Microsoft is beginning to come around with the security configuration editor that appeared in ussp4, which brings the ability securing of an nt box to a semi-sane state to within reach of most admins, but we're talking about bringing the initial security up from being (sad to say) not much better than win95, to where it is now perhaps comparable to redhat. It's definitely a *huge* improvement, but there's still some very glaring holes in the permissions applied via the templates, to say nothing of exploits against the underlying system. With win2k, microsoft appears to have made another leap forward in terms of the security of the initial configuration, but imho, it's too early to tell.

But even say microsoft is able to bring win2k up on par with the competitors, that is only a fraction of the effort that will be required to audit it to the level that projects like openbsd have been auditted. Auditting the complete source tree of an entire os like openbsd, even if it is a simple bsd derivative, must have been an absolutely monstrous task. To audit the complete tree of a system as complex as win2k (or even solaris, which atleast was done by a company that allows their people to sleep and go home on weekends) isn't something I believe is possible by any of today's software vendors.

I personally really like nt and would like to see it succede. But with the persasive featurism comes complexity, and complexity is not ones friend when trying to implement a secure system.

-- Scott

Finally they open their eyes

[heatseeka]

And all it took was X (fill in your number here) number of years for them to admit it. According to the "wonderful" people at the US government (who like nice checks from M$) Windows NT has been extremely secure and even C2 secure for years. Great. I could go on and waste everyone's time, but why bother? Good job UK. Maybe US should learn from other countries when it comes to things like this and not rely on their MS-enhanced congressmen.

But thats just my $0.02

-----------------------------

"Its not illegal if you don't get caught."

Re:Finally they open their eyes

[weave]

Microsoft Windows NT 4.0 SP3 was certified in March 1999 at assurance level E3 and functionality class F-C2 under the UK ITSEC scheme - see the UK ITSEC scheme site for details. This is essentially C2 functionality, but with a higher assurance level (ITSEC E2/F-C2 is approximately TCSEC C2).

These security classifications are useless in real world situations. I am an IS manager in charge of a thousand computers in student labs at a college. What I want is a desktop computer that I can deploy that stops students from flock()ing with it which requires expensive tech time to rebuild.

Windows NT Workstation should have been the answer, but it wasn't. Everything is marketing and everything is never as good as Microsoft promises.

Some examples:

• Desktop security. Impossible to implement as soon as you load any type of application. They all want write access to various system files and directories. If you ACL %systemroot% down, everything fails. Microsoft Office is the worse offender. It even wants the ROOT of C: to be writable by all. Can you imagine / and /bin in UNIX being 1777 perms? Did the security evaluations evaluate the box doing anything useful? Or just sitting there?
• ZAK: Zero Administration Kit. I bought into this hype and it's been hell trying to implement it ever since. Allegedly you're supposed to be able to lock down policies and roll out workstations and applications using unattended installations. It's not easy. Even many of Microsoft's own products don't support Unattended Installations. I've been beating my head against the wall this week trying to get Visual Basic 6 to install unattended. (See my notes on ZAK and efforts to get it all working at www.dtcc.edu/cs/admin/nt/)
• IEAK: Internet Explorer Administration Kit. I had a problem. I needed to deploy a hundred browsing stations in public-access libraries around our various campuses. IEAK seemed to be a dream come true and when I first started with it, I was greatly impressed. I could lock down every setting, remove menu entries, even disable right-click context menus. Everything seemed cherry -- until -- I typed C:\ into the browser location bar. Bingo, all restrictions disappear and I'm now browsing C: with context menus on, other menus on, etc. I can still ACL most of the config down, but not it all (See first bitch point above). Absolutely useless. (I had convinced the library staff to let me install Linux desktops in the library and all was about to go well until I was told that they also had to run Ameritech's Horizon library catalog program -- which does not work under Linux...)
• Sysprep: Saw some video about deploying Windows 2000 in the enterprise and the video went on and on about imaging hard drives (Ghost basically, which sucks if you have dozens of different hardware configs and software configs). The video made it sound like sysprep was going to make my administrative duties a snap (more promises). We grabbed a copy and it turned out all it did was make a random string to define as your Netbios station name (yack) and requires DHCP to obtain the IP address -- and it sets the SID to be unique. Why am I not surprised.

So please, stop the hype. Real people are trying to implement real world solutions using NT and actually want it to live up to the hype.

I'm tired of Microsoft hype. If I kept lying, exaggerating, and making excuses to my wife, she'd throw my ass out and trade me in for a better model. I guess IT people are just masochists or something... :(

Re:Finally they open their eyes

[Shirotae]

Does anyone ever read old stuff here? Here is some more anyway.

Evaluations against TCSEC, ITSEC and Common Criteria may well be working to an obsolete model of the environment, but if anyone can point to something better I would be glad to see it.

I just searched BUGTRAQ for SCO CMW+ - the one I mentioned - and it said "No matching vulnerability found." There were vulnerabilities for other SCO offerings.

I also just checked the TCSEC EPL as well as ITSEC and I can't find any DGUX rated B1 or equivalent (highest is C2).

On the subject of 'xploits' it is not until B2 that "The TCB shall be found relatively resistant to penetration", and B3 that "The TCB shall be found resistant to penetration".

One side effect of the search was that I found that NT4 (with SP6a and C2 update) is "... rated C2 by NSA ...[read the caveat for yourself]..." dated November 1999.

Re:Finally they open their eyes

[SemperFi_FAST]

Not C2 until patched properly.

Re:Finally they open their eyes

[El+Volio]

C2 security is a question of policies, not implementation. Getting a C2 certification basically means implementing certain ACL policies and logging certain events. There's not any consideration of how well it's implemented...

Re:Finally they open their eyes

[demon]

Uhh. First of all, a C2 certification is only for one configuration - and C2 is (pretty much) the lowest security rating that the government can/will bestow. Also, NT only fits into C2 orange book (i.e., no network, no removable media) standards.

But I'll agree, it's pretty ridiculous that NT even made C2 security. (NT 4.0 with all the patches still hasn't been C2 certified - just tested.) Just don't get the wrong idea of what a C2 rating entails...

Um...

[BJH]

I'm glad to see the free software/open source concept being recognized like this, but I think it would have been nice if these experts had taken the time to look at other alternatives. I mean, sure Linux is probably more secure than NT, but OpenBSD is way more secure than most Linux distributions (I'm talking about DEFAULT setups here), so declaring Linux to be the most secure open system available is a bit of a crock.

Re:Um...

[kvajk]

Yeah, they definitely should have mentioned OpenBSD. I never cease to be amazed at how proactive those guys are about auditing code.

Not that I necessarily recommend OpenBSD to everyone, since security is only one of many features you need to consider when choosing the right tool for the job. But that isn't the point, here, is it?

Anyhow, it's nice to see the security benefits of free software getting some mainstream press for once. People who work on computer security have known this for years.

Re:Um...

[StarFace]

That may be true for default settings, but who actually uses those? (Other than clueless newbies). Nobody just installs RedHat or some other arbitrary distribution, and then plops it down as a page spitter with the default configs.

So then, the question is which is more capable of security once tuned since everybody is going to be tuning it. Also, importantly, how easy is it to tune?

That is something that goes out of my depths because I have no experience with OpenBSD. I do know that simply declaring Linux insecure based on default settings is a bit unfair.

Re:Um...

[BJH]

This is OT, but does the "k" in kvajk stand for Kevin?

Re:Um...

[Epi-man]

I'm glad to see the free software/open source concept being recognized like this, but I think it would have been nice if these experts had taken the time to look at other alternatives.

Well, we have to remember, we are probably talking about beaurocrats here, and therefore quick to jump on the buzzwords (Linux). Sure they are the experts, but they are still the government experts, which probably means they are your standard beaurocrats becuase I would bet the private sector would be able to offer a lot more for their expertice...but of course, I could be wrong, wouldn't be the first time, definitely won't be the last time for that!

Re:Um...

[BeerBaron]

Having recently dived into the waters of OpenBSD, let me assure everyone that it is great, but not airtight as one might think (Although my opinion may be slighted due to the rather bug ridden 2.6, my first distro).

And I will make relative my statement in that I am comparing to the 7 disk Debian install, which gets an OS onto the machine and that's it.

For OBSD
I used the single disk, 5 package base install, hoping for something as simple as Debian that is tight and gets me started, but isn't open to the world at boot. While this is mainly true with OBSD, I was surprised to see that sendmail runs by default, and you have no clue by what configuration until you're up.

If you follow the FAQ to the letter in configuring the box, please ignore the following sentence:
"Configurations usually start letting everything come and go, and then apply the necessary rules to block offending packets."

AH, but what you can do *after* installtion is what makes OBSD shine. Very few suid programs, forwarding and NAT in the kernel for performance. Read only file systems *by partition*, not just mount. Imagine locking the system down read-only and *nothing* can change that aside from raw reading/writing to the device itself. Certainly lowers/eliminates the damage possible should someone actually get on.

So, to people thinking about the plunge, I will agree with almost every admin in "use the right tool for the job". I have OpenBSD for my firewall, FreeBSD for my programming workstation (needed SMP and USB) and Linux for my game box (HA! ever hear *that*? I need only Quake and Civilization. Own both. I'm satisfied.

The BeerBaron

Re:Um...

[warmenhoven]

I agree that OpenBSD is (by default) way more secure than Linux, and the article should have mentioned it. But, I think they were more promoting the OSS method, and just happened to pick Linux as the most prominent OSS OS to say "this is secure". If *BSD had as much press about it during the past few months that Linux has had, they probably would have picked that OS as the name to drop.

I also think it's great that "security through obscurity" is being attacked so dead-on, especally in ZDNet. The more people who know and realize that Windows cannot be secure because of its license, the better. (Not that they should necessarily switch to *nix because of this - security isn't #1 to everyone.) OSS will prevail, but advocacy that is as public and as direct as this is helps greatly. (Note that I didn't say "Linux will beat Windows", rather "everything will eventually be OSS, maybe even Windows".)

-----

Re:Um...

[KillKenny]

You can bet there are a lot of happy monkeys out there.

Re:Microsoft seems to have a strange idea of secur

[samorris]

A better comparison is the system account -- it is equivalent to root in that it is the context most of the daemons run in, and has complete control over the local machine.

And like the root user of a central, trusted unix host in a unix shop, the system account of the domain controllers' has complete access on every machine in the domain.

CORE operating system flaws

[roystgnr]

It's not that Linux didn't have some of the same fundamental security bugs that Windows did way back when; Linux was just better about fixing them.

When the string of bogus IP attacks against Windows came out two years ago (teardrop & kin) Linux was vulnerable to the first of them too... but the Linux patch was out within a day or two, whereas Windows was vulnerable for months. To boot, the Linux patch fixed all the similar TCP/IP stack problems, whereas Windows ended up being vulnerable to syndrop, newtear, and a sequence of nearly identical attacks.

Re:CORE operating system flaws

[demon]

Yes, because of the way the Linux camp fixed the problem versus how Microsoft did - the Linux people actually fixed the handling of the overlapping IP fragment problem. OTOH, Microsoft just tossed in some code to look for the _exact_ signature produced by teardrop and just ignore said packets - leaving it open to further similar exploits.

See, the problem isn't JUST that Microsoft is slow to fix problems like that (they are), but that in all too many instances, the "fixes" are totally half-assed - they don't actually fix the root problem, they just band-aid it. If Microsoft would learn to fix their bugs the RIGHT way, i.e. to fix the CAUSE of the problem, not the symptom, and be more prompt with their fixes, that'd give their customers one less complaint. (Okay, this particular complaint is just a proverbial drop in the bucket...)

Re:Microsoft seems to have a strange idea of secur

[MikeBabcock]

I think you missed the point -- remote execution of software is not an inherent ability of Windows NT 3.51 or 4.0 (both of which I've used extensively).

Period.

Yes, there is add-on software, but always an almost exact copy of the way Unix / X does it ... making the Unix / X way secure because of imitation?

View from a conspiracy theorist

[cpeikert]

Let's say, for the sake of argument, that the NSA made this announcement. The inevitable response?

"The NSA must have found some huge security flaws in Linux! They're trying to get us to run it so they can packet-sniff our diffs! Then they can have the newest kernel releases before the Slashdot effect bogs down kernel.org! Conspiracy! (Run BSD instead!)"

I'll quit while I'm ahead, now that I've pissed off just about every special-interest group here...

Re:View from a conspiracy theorist

[technos]

The only people with that response:

1. would be wearing tinfoil berets
2. would promptly go back to complaining about the swarms of black helicopters
or
3. work for Microsoft Covert Marketing.

Believing in #3 is not crazy!

Oh, BTW

[LarsWestergren]

I just noticed...

"I was never 'priviliged'

Hey, thanks, spelling flames against someone writing in a foreign language. That's brave.

************************************************ ***

Re:Oh, BTW

[SoftwareJanitor]

Hey, thanks, spelling flames against someone writing in a foreign language. That's brave.

Eh? Now you are accusing me of spelling flames? Frankly, I could care less. My spelling is bad, and I don't really care.
At any rate, when I start posting in Swedish on a site hosted in Sweden, then maybe you have a point.

Re:Oh, BTW

[LarsWestergren]

Eh? Now you are accusing me of spelling flames?

Well, I wrote "privliged" instead of "priveleged" in my first post. And in your answering post, you wrote "I have never been 'priviliged'". Hence, I thought you were mocking my spelling, see?

At any rate, when I start posting in Swedish on a site hosted in Sweden, then maybe you have a point.

Actually, wouldn't the exact moment when you started posting in Swedish be the moment when I WOULDN'T have a point? Because then we would be "even"?

************************************************ ***

Microsoft seems to have a strange idea of security

[Imperator]

Microsoft doesn't sell security through obscurity so much as security through impossiblity. A Windows box has almost no security against users that can execute code on the system. The functionality to remotely execute code (e.g. telnet) isn't there unless you add it. I can walk up to a Windows box and do whatever I want; still, by restricting functionality (and denying me physical access to the box) the sysadmin can make it impossible (or very difficult) for me to execute code on the system. However, once I can execute code on your Windows box, I can do just about whatever I please. Microsoft is so complacent about their security that they can't let you execute any code remotely yet, with IE and the like it's easy.

MS didn't even contest that Linux was more secure.

[solar]

Microsoft only stated that Windows 2000 is the most secure operating system Microsoft has ever shipped. No claims about being the most secure OS; just that W2K is the most secure Microsoft OS.

Gotta love that spin...

Re:MS didn't even contest that Linux was more secu

[Imperator]

This is getting ridiculous. What do you expect Microsoft to do? Would you expect their spokesperson to say, "He's right; Linux is secure and Windows 2000 isn't."? Microsoft is accountable to their shareholders, so they need to say something positive about their product when confronted, even if it's irrelevant. Actually, the MS spokesperson has the moral high ground wrt spin; she mentioned only the positive aspects of her company's product, whereas Troughton gave exaggerated (and mainly unsupported) claims about Linux being the world's most secure OS and attacked Windows. Troughton actually deserved an Uninsightful moderation and the spokesperson deserved an Offtopic moderation.

Criticizing Microsoft is so easy that you should take the time to do it right. :)

Re:Microsoft seems to have a strange idea of secur

[Relforn]

On the other hand, Linux, and all Unices, have "security through a single valuable secret." Once a single key secret (the root password) is known to someone penetrating the system, the entire resources of the system is at that individual's disposal. On a Unix system once a hacker has the command prompt, there isn't a thing s/he can't do. There isn't a single additional layer of security. There's no granularity at all. This isn't necessarily a good thing.

The final paragraph is worth the ticket price

[dsplat]

A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever.

Well, let's see. DOS had no security. It assumed that if you could find the power switch and the keyboard, the data was yours. From there the only way to get less security would be to actively broadcast private data.

"Windows 2000 is the most secure operating system Microsoft has ever shipped," she says.

I don't doubt that it is more secure that any of their prior OSs. My house is more secure with the doors closed (but unlocked) than with them open. Then it is safe from children too small to turn the doorknob. That doesn't make it secure on an absolute scale. And maybe in all the hype over the holidays I missed the announcement. When did Windows 2000 ship?

Among other things, entire development teams were focused solely on searching out security issues within the beta code

I applaud Microsoft for doing a right thing here. Internal review is important.

Microsoft posted a public Internet beta test site for customers to test the security of the system

What was the total uptime on that site?

and new development processes were put in place to ensure that the system was built from the ground up with security as a key objective.

This would seem to imply that all of the code in which they knew there where security flaws has been rewritten from scratch using new development processes. I doubt that. If not, then we have the old flawed code developed under the old flawed process.

My point here is not that any particular criticism proves that Windows 2000 is insecure. Rather, my assertions that it isn't are as meaningful as those assertions that it is. Neither this spokeswoman nor I have offered any proof. If you want proof of the security of free software, read the source, or better still pay a team of security experts to read the source.

Oh yeah?

[True+Dork]

My NT box is plenty secure. All I had to to was add all the patches, take the network card out, remove the power cable, seal it in an airtight lead box, bury it under my house, and guard it with a gun! Beat that!

Sickness

[jbarnett]

I got this sick fanasty, I would like to see openBSD and Linux pited against each other in a Internet "crack this box" contest. Put them up against each other and have all the script kiddies bash and beat the hell out of them. It would be a long and painfull fight, but it is alike a car wreck, for some sick reason I can't look away...

Watch them get tore up and watch them start to bleed from all this script kiddies doing

while (1)
do
ping $linuxbox
ping $openbsdbox
done

It might be fun to throw a couple of Windows 95/98 boxes and maybe an NT box so that the crackers could get the "smell of blood" into there brains. : ) give them a little taste of blood to get them a little crazy before they are turned loose on the Linux and openBSD boxes...

Applications count too.

I would never give 100% support for any OS' security. However, I would tend to agree with most of the reasons on why Linux has a better security model. One thing that will keep Windows 2000 from ever meeting the security of UNIX or Linux is the security holes in applications. Most application developers still work on the basis that one person will be using the software. I can't stand sharing history, cache, etc.. with other users. Word seems to keep some settings global and others are specific to the user. However, I've seen several errors that just should not work that way. Plus, Microsoft seems to dumbify to the point of dangerousness. Filling in password forms for you! Absolutely stupid. Microsoft still has alot of work ahead to change how Windows developers program.

Re:Applications count too.

[TPx]

I agree 100%. The problem is that there are basically no applications for Linux...

Re:MS didn't even contest that Linux was more secu

[Greg+Merchan]

What I want to know is why don't the journalists ask the obvious questions? Instead of just printing the spin, they should follow up with, "But how secure is it compared to non-MS operating systems?" If the spokesman from MS refuses to answer or permit further questions, then the journalsist should say so and go ahead and state the obvious.

Or to be more spiteful, they could say that MS refused to answer the question; which they did by adding the qualifier 'Microsoft has ever shipped'. If this practice became commonplace, people might start answering properly since it would be bad to be perceived as saying 'no comment'.

And this should hold up in court in a libel case.
Marketroid: "But I did answer the question!?!"
Judge: "Sorry, post hoc ergo propter hoc non curat lex."

Re:MS didn't even contest that Linux was more secu

[Greg+Merchan]

Oh, I forgot to say 'IANAL".

IANAL

Re:MS didn't even contest that Linux was more secu

[technos]

We can't apply the /. moderation system to reality.

I can't just walk up to my boss, ask her about the lan outage and scream '-1 Offtopic! Watch it, Barb, you're approaching Troll" when she complains about her coffee.

I can't get in my nephews face and yell "Flamebait! -1, you're below my threshold now, Nathan" when he starts chanting the childish stuff I often see in first posts.

Well, I can, but I will surely be addressing my next message, unemployed, from the Clinton Valley Mental Rehabilitation Facility.

Nobody has pointed this out yet...

[Sylvestre]

Microsoft says this is the most secure OS *MICROSOFT* has ever released. Well, DUH.

No more MS!

[BMIComp]

More people, or organizations, are moving away from the big Windows NT, and to more secure things, such as linux, unix, and Macs. This is similar as when the Army said they were using MacOs instead of WinNT.

Re:Microsoft seems to have a strange idea of secur

[Imperator]

Perhaps I'm mistaken, but on an NT box, the Administrator account has full control over the system, either immediately or by taking ownership of whatever it needs. And on any other MS OSs, any user has full control over the system, because there is essentially only one user.

Re:Off=topic.

[Epi-man]

All I can say is my karma has gone up from moderation, not from posted comments since I am usually way late to threads (after the moderators have come through). I think the system is working, or at least a step in the proper direction.

Re:MS didn't even contest that Linux was more secu

[Imperator]

Yes, I realized that. Anyway, there's no "Uninsightful" category. :)

Re:secure systems...sure!

[True+Dork]

What do you mean you cant gain root access remotely? Remember getadmin.exe? Of course you can be root remotely. In fact, there are a LOT of useful administration tools that work remotely for domains as root (well, administrator, but that's besides the point).

I don't trust Windows because...

[Greyfox]

I don't know for certain that MS and the NSA don't have some cozy little deal going on in the back rooms. If you recall the incident reported by the guys who were scanning the entire internet a few months back, someone with a VERY intimate knowledge of the inner workings of NT compromised the NT box that one of their people was sshing in from and lifted their ssh password (Then ran a 6 second vulnerability scan on the linux box, found a hole in KDE, installed a root kit and installed a kernel mod so that tripwire wouldn't report the modified checksums.)

Microsoft could have put all sorts of nasties in their code for all we know. The ones they've been caught at have been bad enough. We don't know, for instance, that Bill Gates COULDN'T shut down every Windows box in the DOJ if they piss him off badly enough. Hell, if I owned the huge chunk of the desktop market that he does and didn't have to worry about people looking at my source, I'd think like that.

Re:I don't trust Windows because...

[roomfull+of+blues]

What you are describing sounds alot like Ken Thompsons C hack to let him log in to any Unix system.

But if there are intentional security holes in Windows (there probably are some), and they come to light, poeple will become distrustfull of Microsofts monopoly and stop buying their products. Perhaps that is the reason that Microsoft keeps such strict control of their code?

Damn, this is starting to sound like a conspiracy theory or The X Files :).
Dilbert: I have become one with my computer. It is a feeling of ecstacy... the blend of logic and emotion. I have reached...

Re:I don't trust Windows because...

[koh]

> And before you flame NT, don't forget most old
> time Unix password mechanisms are in clear
> text ;)

Yea, like telnet or ftp. But at least we _know_ that passwds are send in clear. NT and similar OS should give up telling you your data is secure when actually it's not. Even remotely.

Security, damn lies, and Microsoft

[pb]

First, Windows 2000 *is* the most secure OS that Microsoft has ever shipped. This is a true statement, because they haven't shipped it yet. (Seen it in stores, lately? Didn't think so...)

Second, NT *might* be C2 secure if set up properly, and not hooked up to a network. Otherwise, all bets are off.

In closing, Windows is horribly insecure and badly designed. A secure NT machine is probably running in VMWare under Linux, with all patches installed for both OSes, not connected to the network, in a locked box, and under 1,000 feet of water. A machine is only as secure as it is configured to be...
---
pb Reply or e-mail rather than vaguely moderate.

Re:Security, damn lies, and Microsoft

[spectecjr]

First, Windows 2000 *is* the most secure OS that Microsoft has ever shipped. This is a true statement, because they haven't shipped it yet. (Seen it in stores, lately? Didn't think so...)

Oh yes they have shipped it - it shipped last Wednesday, IIRC. It's already available for download from the MSDN Subscriber site, and is currently being pressed onto CD.

I believe this was covered on Slashdot.

Simon

Re:Microsoft seems to have a strange idea of secur

[richj]

On the other hand, Linux, and all Unices, have "security through a single valuable secret." Once a
single key secret (the root password) is known to someone penetrating the system, the entire resources
of the system is at that individual's disposal. On a Unix system once a hacker has the command prompt,
there isn't a thing s/he can't do. There isn't a single additional layer of security. There's no granularity at
all. This isn't necessarily a good thing.

What if I know the "Administrative" password to an NT domain, and I have physical access to a machine on that domain...same deal, you're toast.

Claiming Windows is more secure (which you didn't, I'm making a point) because it lacks functionality is like saying a Yugo is harder to steal than a Corvette, because when stolen the theif can elude the police better with the Vette.

There's add-ons to each OS, from S-Key to SecurID, to provide that additional layer of security. Personally I'd rather use a UNIX as a framework for this...

Linux secure?!?!?

[John+Whorfin]

Now, really, this isn't meant as flamebait but c'mon, is Open Source really that secure?

You ever notice how many exploits are written for (x86) Linux first with disclaimers on how to adapt them to other OS's/Arch's?

Don't get me wrong, Open Source is great, but keep in mind that the Bad Guys can read that source too, and often do until they find a hole.

Sure you can audit the source yourself, and that's a Good Thing, but how many of us really do that? (how many of us know how?)

Now, in Open Source's favor is the fact the the holes one found are usually patched quickly, but the damage was probably already done.

Just my $.02

True...BUT

[CrAlt]

Yes the bad guys can read the source...but so can the good guys. One more hole found in Linux today is just one less hole that will be there tomorow. And I would tend to think most damage is done by script kiddies that just troll rootshell and sites like that for exploit's rather then auditing the source themselfs

Sure some damage is done..this happens with open source AND closed. The big diffrence is that with closed you have to wait on the big slow company that put out the OS to come up with a patch, and wile you wait even more damage gets done. You are 100% at their mercy.

the increase in script kiddies

[evilphish]

is proof enough. Just go to any leet hack0rz website and look. Almsot all of the programs on there are for windows security holes. I'm surprised that Microsoft even have a share in the server market. The company I work for is pretty much 50% as/400 39% RH linux and the rest is nt.(which is slowly being moved over to linux as well) my experiance is proof enough for me that NT should never be used for anything mission critical.
Gentleman, you can't fight in here, this is the war room..

Re:MS didn't even contest that Linux was more secu

[Epi-man]

It is implied in the article that yes, Macrohard did contest that claim:

A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever.

These perspectives M$ is disputing would be that Linux is more secure than any M$ offering. Now, whether the author was putting a spin that Macrohard didn't mean, I can't say, but do you really think Macrohard didn't want everyone to think that was what they were saying???

Linux secure.

[GeorgeH]

Like you say, the Bad Guys can read that source too, and often do until they find a hole, which is true. But this also means that you've got all those exploit writers auditing open source code, looking for any chink in the armor. Once one is found, an exploit is usually published because the crackers are typically looking for recognition in their skill. 8-16 hours later there is usually a fix, and the program is now secure against that attack.

Now lets contrast that with the closed source model of security. No one (in the public) has the source, so it will taker a more skilled cracker to find exploitable bugs. What this translates to is the cracker who finds holes in the system will be more dedicated than the open source cracker. Dedication means that they are less likely to share their new found secret, and the hole is less likely to be patched.

If you don't like the sociological argument, how about the mathmatical one? Assume you have equal numbers of people looking for security holes on a closed source system and an open source system. Since its easier to audit a system that you have the code to (and almost impossible to audit one you don't), even if one cracker doesn't publish a found bug, another will most likely run across it. So you will have more found bugs, but also a higher reported bug/found bug ratio.
--

Moderators-->FLAIMBATE.

[gimpboy]

Thanks


john

Re:Open Sourced Windows

[Mr.+Gus]

It'll be a cold day in hell when Microsoft honestly hands over the source of any version of the main line of Windows products (9x, NT). In spite of this, I would agree that Microsoft will open-source something. Just not Windows.

Microsoft did not get where they were by ignoring reality or their competitors. This doesn't mean that they take a "if you can't beat 'em, join 'em" outlook. It means that they take whatever they feel will be useful to them, and then do whatever they can to kick ass and take names.

Logically, Microsoft's reaction (depending on how current events pan out) will be to claim to suddenly have "invented" the great new concept of opening their source, and then either limit their open-sourcing to trivial products, or find some other lame way to basically remain the same closed-source company they've always been (whilst claiming the opposite).

Re:PROOF LINUX IS UNHACKABLE.

[Listen+Up]

Actually, right out of the box Linux is definitely not the most secure OS in the world. Software such as OpenBSD, Solaris, AIX, FreeBSD, etc. are a far better choice when it comes to security. But, Linux is not too bad when it is made to do something very specific, mostly with code shared from other OS's.

Source is the key.

[Malcontent]

I don't understand how any governmental institution could trust their top secrets to an operating system they don't have the source code to. Even countries that are allies spy on each other (US and Israel for example). How can the British government be sure that some code did not lurk in there that could be used to reveal secrets. How can our own government be sure that some spy did not infiltrate M$ and is planting back doors to be used against us.

When lives of soldiers are at stake it is imperitive to be 100% sure.

I think a BSD based system is the best bet for any government. They have the source and are not obligated to share any enhancements they make to the OS.

Re:Source is the key.

[the+eric+conspiracy]

I don't understand how any governmental institution could trust their top secrets to an operating system

They don't trust top secrets to ANY operating system. Computers that contain REAL secrets are not put on open networks, PERIOD.

The name of the game is physical security.

Re:secure systems...sure!

[evilphish]

no its because you don't know what your talking about. A linux server can perform only as well as the admin configures it for. The same is true of pretty much any os..... well other then nt
Gentleman, you can't fight in here, this is the war room..

Re:PROOF LINUX IS UNHACKABLE.

[Imperator]

Actually, every operating system is secure right out of the box. (Unless you have a robotic device controlled by an insecure OS nearby, but even so the most it could do is physically hack up the CD.)

Securing Linux

[GeorgeH]

Check out LIDS - the Linux Intrusion Detetion System. You can lock everyone (including root) out of doing certain things, like killing certain processes, inserting/removing modules, changing files, modifying firewall rules, and a lot of other stuff. Plus it's a lot easier for people to write stuff like this when the kernel is publicly available.

BTW, once a cracker has a command prompt on a unix system, that's all they've got. They'll be running as the UID of whatever daemon they comprimised, but they still won't have root (unless the daemon was (stupidly) running as root). Any sysadmin without massive head trauma will not allow a normal user to do root-things. Then again, with some of the setuid root binaries I've seen, I wonder if the head wounds interfere with typing :). But that's stupidity, which won't ever be preventable. All that can be done is enabling and encouraging intelligence.

As for fine tuned granularity, groups work fine for most people, but if they aren't your style, there are Access Control List patches available. Check out this one. It's all about choices.
--

Oh No! They cracked Open Source!

[/]

This means they cracked the open-source model. Think for a second: do you really think the government would grant approval to something they haven't already cracked and compromised?

I know I'm not the only one who is thinking this, 'cause I sure gots lots of good slashdot friends to back me up on this one. And if you question their logic, they might pour grits down your pants.

Be wary of "Secure" systems

[majere]

I would be more carefull than to simply assume
something is "secure". your machine may be as
secure as you know how to make it, but to think of it as secure
is just tempting fate. security is an ongoing matter,
especially if your machine is actually meant to be doing
something, like handling mail, acting as a web server, etc.
I have faith that next month, or the month after,
or the month after that another remote linux exploit is going to be found.
This exploit quite likely will not be initially posted to bugtraq
and may be exploited in the wild for some time before it is found
and fixed. Apart from that, your security violation
is more likely to be from an employee, than from an outside attacker.
A completely secure machine is a nice idea, but it is not
reality.

(Sorry for the rambling post, this is just a collection of brain farts)

Closed Source can never be secure

[kristau]

You are putting faith in another party that may have written faulty code, or may have inserted "back door" code without your knowledge. With Open Source, you have the source code in your hands and on your system. You can modify the source to suit your needs and, more importantly, audit the source for back door code and other security compromises.

Granted, it is easier to for the average company or user to trust that Closed Source solutions are secure - or at least that the owner of the source will alert it's users to security breeches and provide timely patches. Auditing source code takes many well-trained man hours (read: is extremely expensive) but for matters of national security, this is a neccessity! Just imagine DoD computers infected with Back Orifice or another remote-control back door and the importance of source-auditing becomes self-evident -- regardless of the OS.

As the stakes get higher in the corporate world, the realization that true security can't be trusted to a Closed Source solution will sink in and Open Source will become the gold standard for securing their boxes.

later,
kristau

OpenBSD. Nuff said.

[E-TiE]

They really should have been checking out OpenBSD instead. Linux is nice and all, but when it comes down to solid security, consider OpenBSD. --e!
-------------------------------------------- ---

The granularity is there...

[roystgnr]

It just is fairly new, and isn't used as well as it should be.

I'm referring in particular to capabilities support (in the latest kernels) and ACL support (in beta testing on top of ext2; I hope it gets into the final ext3!)

Look at the past. Linux (and every OS out there, but that's beside the point) has its security undermined fairly regularly by buffer overflows, etc. discovered in various daemons and suid programs. Rough estimate, it seems like there's a remote root exploit every year or two, and more than one local root exploit each year.

Yes, the patches come within hours or days of the exploits, and yes, anyone who can type "rpm -F" can keep their system up to date with those patches. But there's still that window of vulnerability out there, and there's still the (millions of?) Linux systems out there without root users experienced enough to stay up to date with security patches.

Security will hopefully be much improved in the future will be the use of capabilities in priviledged Linux programs and ACLs in Linux distributions to drop all unrequired permissions. Right now, if a program just needs to open a trusted (http://www.millenniumproductsllc.com/sjp/

Re:Windows is just as secure....

[roomfull+of+blues]

Microsoft ad:

Windows 2000 Powered Off (PO) Edition!!

Now enjoy the usability of Windows and the security of a rock!
All you have to do is 1) put the disk in the computer and 2) turn it off! Its THAT SIMPLE!!

Why use a complex and insecure, let alone cheap, operating system alternative such as Linux when you can have 100% security and incredible usability?

Full system (single user license): $500
Upgrade (single user licesne): $450

:)

Dilbert: I have become one with my computer. It is a feeling of ecstacy... the blend of logic and emotion. I have reached...

Re:Microsoft seems to have a strange idea of secur

[Blue+Lang]

On the other hand, Linux, and all Unices, have "security through a single valuable secret." Once a
single key secret (the root password) is known to someone penetrating the system, the entire
resources of the system is at that individual's disposal. On a Unix system once a hacker has the
command prompt, there isn't a thing s/he can't do. There isn't a single additional layer of security.
There's no granularity at all. This isn't necessarily a good thing.

Jeeze, settle down a little bit. Did you forget already that the person running the Linux hack-this-box-and-keep-it contest gave out the root password? Also, ever heard of ACL's? And, as someone else pointed out, it's not like NT is any better.

And, actually, now that I'm thinking about it, you could also make a big-ass 'sudo' file, give all root commands out to certain users, and recompile login to not allow root - so the only way anyone could get root access would be by booting into single-user mode.

Shrug, there's a great deal of granularity there - as much as you want, _if you have the source code_.

--
Blue

The granularity is there...[fix]

[roystgnr]

It just is fairly new, and isn't used as well as it should be.

I'm referring in particular to capabilities support (in the latest kernels) and ACL support (in beta testing on top of ext2; I hope it gets into the final ext3!)

Look at the past. Linux (and every OS out there, but that's beside the point) has its security undermined fairly regularly by buffer overflows, etc. discovered in various daemons and suid programs. Rough estimate, it seems like there's a remote root exploit every year or two, and more than one local root exploit each year.

Yes, the patches come within hours or days of the exploits, and yes, anyone who can type "rpm -F" can keep their system up to date with those patches. But there's still that window of vulnerability out there, and there's still the (millions of?) Linux systems out there without root users experienced enough to stay up to date with security patches.

Security will hopefully be much improved in the future will be the use of capabilities in priviledged Linux programs and ACLs in Linux distributions to drop all unrequired permissions. Right now, if a program just needs to open a trusted (< 1024) TCP port, or read files with strict permissions, or have raw access to video hardware... then that program gets run as root, with the full array of root permissions.

And then if that program has a security flaw, then anyone in a position to exploit it has root.

With capabilities, a program (or a wrapper program) can be run as root, but can permanently or temporarily drop selected root capabilities. In other words, if a capabilities-aware suid root program just needs to listen at a low port, but it can be tricked by the user into opening arbitrary files... well, then it still won't be able to spit out /etc/shadow to the evil cracker because it'll have wisely dropped it's file access priviledges and switched to a non-priviledged uid immediately upon execution, a feat now possible because it can use the capabilities support to retain the low port opening privileges with the new uid.

Well, that was a mangled description, but you get the idea. There are links to discussions of the subject by people who know what they're talking about at http://www.millenniumproductsllc.com/sjp/

Open Sourced Windows

[bons]

My prediction is that the next version of Windows (after 2000) will be Open Sourced.
Microsoft did not get where they were by ignoring reality or their competitors. The very look of Windows shows that they saw a threat from Apple or at least innovation from Apple and they responded to it.
With both Brazil and England wanting Open Source operating systems and with the possible results of the current legal actions in the United States it may be in Microsoft's best interest to change their stance.
By fulling opening their operating system they can continue to compete in those markets that are starting to deny them. They can sucessfully deny any legal claims that their software behave in any suspicious or malicious pattern. They can (with the current patent system) clean up at the patent office and sucessfully block competitors from using procedures that appear in thier publicly released code.
In short, they can clean up.
Besides, just picture the following thought in Bill Gates mind: "If my customers have a problem instead of calling tech support they pay their own people to fix it and then I get the fix for free?"
Any bets? Anyone?

Re:secure systems...sure!

[evilphish]

ya I here ya there actualy out of the box os/400 is more secure then freebsd :)
Gentleman, you can't fight in here, this is the war room..

the obvious ?!

[serialk]

why havent others said this since it is obviously
true ?

corporatism !?

jon katz write an article about it now :)

Re:Microsoft seems to have a strange idea of secur

[spectecjr]

Microsoft doesn't sell security through obscurity so much as security through impossiblity. A Windows box has almost no security against users that can execute code on the system. The functionality to remotely execute code (e.g. telnet) isn't there unless you add it. I can walk up to a Windows box and do whatever I want; still, by restricting functionality (and denying me physical access to the box) the sysadmin can make it impossible (or very difficult) for me to execute code on the system. However, once I can execute code on your Windows box, I can do just about whatever I please. Microsoft is so complacent about their security that they can't let you execute any code remotely yet, with IE and the like it's easy.

FUD! FUD FUD FUD!

You can very easily lock down a Windows system so that different users can do different things. In fact, access control can be given at incredibly high granularity to:

• Local or remote files or directories on an NTFS file system
• 
  Mailslots
• 
  Named and anonymous pipes
• 
  Processes and threads
• 
  File-mapping objects
• 
  Access tokens
• 
  Window-management objects (window stations and desktops)
• 
  Registry keys
• 
  Local or remote Windows NT services
• 
  Local or remote printers
• 
  Windows NT network shares
• 
  Interprocess synchronization objects (semaphores, events, mutexes, and waitable timers)
• 
  Job objects

Each object defines specific and generic access rights. Hmmm... looks like Windows is a lot more secure than you claim.

Also, telnet server and Windows Terminal Server allow you to execute as much code as you care to remotely. WTS is also (in my experience) usually *faster* than an equivalent X-windows session over a 28.8k modem. You probably wouldn't want to run Photoshop on it - but Visual C++ 6.0 runs quite happily on it.

In future, try doing some research before happily spreading the FUD.

Simon

A peek at the real world

[CrAlt]

http://attrition.org/mirror/attrition/

I know its just a small slice of the pie...but based on that list what would you want your servers to run? Hint: Li=linux and NT=WindowsNT

New project, anyone?

[Brian+Knotts]

Debian's not *too* bad security-wise, but why not start a Linux distribution based on security? Look at the good work the Secure-Linux and Bastille Linux people have done. Perhaps we could reuse some of it and build on that for a complete, relatively easy to install, secure distribution.

Doing a distribution isn't probably my cup of tea, but I suppose it could be an interesting project to work on. Or, am I mistaken, and is there already such a project?

Re:Off=topic.

[koh]

Boring us, that it ;)

Re:PROOF LINUX IS UNHACKABLE.

[the+eric+conspiracy]

Actually, right out of the box Linux is definitely not the most secure OS in the world.

I am sure that the most secure OS in the world is NOT a UNIX or UNIX clone. Any OS with network services is less secure than one with network services.

It also seems that people are making a lot of comments about how secure xyz is compared to Linux that are off-base.

The problem is that Linux is not a monolithic system. There is a Linux distribution that is going through source review much like OpenBSD. This distro is in fact getting to be pretty damn tight. There are modified RedHat distros that are run a few months behind in the dev cycle that are far more secure than RedHat itself because of the simple expedience of code lefe cycle management.

I am sure that some of these are better than most of the OS's that were listed above; it would not surprise me if the day came when some Linux distros are right up there with OpenBSD as far as security.

It shipped Wednesday last week actually

[spectecjr]

Slashdot covered it - were you sleeping?

Windows 2000 Goes Gold

Re:Microsoft seems to have a strange idea of secur

[mosch]

Your comment is true, but it's not even remotely correct for 'all unices'. Take a look at the trusted unices sometime. ACLs and the ability to lock pieces of the system from the administrator aren't Microsoft 'innovations'. IMNSHO, the biggest security problem with NT has nothing to do with it's security model and everything to do with the implementation. I agree, the model itself is conceptually fine. As somebody's .sig notes 'the difference between theory and reality is that in theory there is no difference between theory and reality.'