Slashdot Mirror
UK Gov't Experts Say Linux is Secure, Windows Not
Sara Chan writes "An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available. CESG is the sister organisation of the GCHQ (Government Communications Headquarters), which is roughly the British equivalent of the American NSA (National Security Agency). There is also a warning against "a competing commercial product with hidden source code." For details, see the
ZDNet UK story."
Is this REALLY that difficult? :) WinNT is, how many, 4 or 5 years old and yet still there are severe security flaws coming out in the CORE operating system. Sure Linux has had a few security holes here and there but they've been patched pretty much 'instantly' and most of them weren't in the kernel (ie. the core OS) but in tools like Sendmail and whatever.
Maybe I just don't know what I'm talking about (well, probably ;)) but I don't see how people can even consider running some of the things they run on NT.
On an unrelated note, i'm just rambling because it's Christmas Eve (well, 3:30pm) and I want to go home but I have to wait for some lame-arse Y2K update to post on the Intranet before I go.. [sigh]
..
(An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available.
.and.
He says, "Windows was built for a single computer and then the network was added on as an afterthought. Also it's closed source, and I would never ever trust someone else completely with security.")
vs.
A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever.
Marketing vs. Reality isn't a fair fight...
+&x
A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever. "Windows 2000 is the most secure operating system Microsoft has ever shipped," she says. "Among other things, entire development teams were focused solely on searching out security issues within the beta code; Microsoft posted a public Internet beta test site for customers to test the security of the system, and new development processes were put in place to ensure that the system was built from the ground up with security as a key objective."
Yep. Everyone remembers that public test website.
There is no way an OS the size of W2K can not have security issues and still be hidden from peer review.
Also, "among other things, entire development teams were focused solely on searchng out security issues..." How can you be focused "solely" on security, "among other things" ?? "Watcha up to, alan?" "Well, I am focused solely on security, among other things."
Finally, I don't believe they built the system from the ground up, either.
First of all, this wasn't some organization promoting this view -- it was just an individual. Now, he's called an expert, but it's silly not to look at that with some perspective. Such as all the "military experts" telling us that Operation Desert Storm better bring a lot of body bags because the Iraqi Republican Guard was so brutal. We all know how this turned out. Or, the "societal experts" telling us how welfare reform in the U.S. would destroy the lower classes. Again, this didn't happen. In both cases, the experts' position was often affected by personal biases: people against the Persian Gulf war in the former case, and big-government proponents in the latter. When you look at what Mr. Troughton says, I think it's pretty clear that he's a GNU/Linux advocate through and through, and that it's likely that his Linux endorsement stems from that.
The most blatent evidence of his bias was the quote, "Linux is as secure as you can make a computer." Honestly now, do even Linux advocates here believe that? Even if you think that Linux is the best OS out there (because of a combination of its various strengths), I don't think any rational person would even try to put forth that argument. This is the main reason why I think he's a Linux fan who's trying to promote it by saying that it's the most secure OS, as opposed to someone who became a Linux fan because he found it to be the most secure OS.
Secondly, he made other quotes that made him sound like your good ol'-fashioned OS advocate. Namely, that Alan Cox is the best programmer on Earth, and "I've heard he writes code like Richard Stallman." I'm not saying that Mr. Cox is or isn't the best, but these statements sound less like they came from a dispassionate seeker of the most secure OS and more like your garden variety GNU/Linux-advocating name-dropper. Basically, the only thing that was missing was to hear him say, "Linus r00lz."
In other words, I'd take Mr. Troughton's words with an extremely large grain of salt.
Cheers,
ZicoKnows@hotmail.com
I'm glad to see the free software/open source concept being recognized like this, but I think it would have been nice if these experts had taken the time to look at other alternatives. I mean, sure Linux is probably more secure than NT, but OpenBSD is way more secure than most Linux distributions (I'm talking about DEFAULT setups here), so declaring Linux to be the most secure open system available is a bit of a crock.
It's not that Linux didn't have some of the same fundamental security bugs that Windows did way back when; Linux was just better about fixing them.
When the string of bogus IP attacks against Windows came out two years ago (teardrop & kin) Linux was vulnerable to the first of them too... but the Linux patch was out within a day or two, whereas Windows was vulnerable for months. To boot, the Linux patch fixed all the similar TCP/IP stack problems, whereas Windows ended up being vulnerable to syndrop, newtear, and a sequence of nearly identical attacks.
Microsoft doesn't sell security through obscurity so much as security through impossiblity. A Windows box has almost no security against users that can execute code on the system. The functionality to remotely execute code (e.g. telnet) isn't there unless you add it. I can walk up to a Windows box and do whatever I want; still, by restricting functionality (and denying me physical access to the box) the sysadmin can make it impossible (or very difficult) for me to execute code on the system. However, once I can execute code on your Windows box, I can do just about whatever I please. Microsoft is so complacent about their security that they can't let you execute any code remotely yet, with IE and the like it's easy.
Gates' Law: Every 18 months, the speed of software halves.
Well, let's see. DOS had no security. It assumed that if you could find the power switch and the keyboard, the data was yours. From there the only way to get less security would be to actively broadcast private data.
I don't doubt that it is more secure that any of their prior OSs. My house is more secure with the doors closed (but unlocked) than with them open. Then it is safe from children too small to turn the doorknob. That doesn't make it secure on an absolute scale. And maybe in all the hype over the holidays I missed the announcement. When did Windows 2000 ship?
I applaud Microsoft for doing a right thing here. Internal review is important.
What was the total uptime on that site?
This would seem to imply that all of the code in which they knew there where security flaws has been rewritten from scratch using new development processes. I doubt that. If not, then we have the old flawed code developed under the old flawed process.
My point here is not that any particular criticism proves that Windows 2000 is insecure. Rather, my assertions that it isn't are as meaningful as those assertions that it is. Neither this spokeswoman nor I have offered any proof. If you want proof of the security of free software, read the source, or better still pay a team of security experts to read the source.
The net will not be what we demand, but what we make it. Build it well.
> read with a cup of Coke?
How could you possibly drink a closed-source beverage! You can't trust that they haven't put insecure flavoring in it!
It just is fairly new, and isn't used as well as it should be.
/etc/shadow to the evil cracker because it'll have wisely dropped it's file access priviledges and switched to a non-priviledged uid immediately upon execution, a feat now possible because it can use the capabilities support to retain the low port opening privileges with the new uid.
I'm referring in particular to capabilities support (in the latest kernels) and ACL support (in beta testing on top of ext2; I hope it gets into the final ext3!)
Look at the past. Linux (and every OS out there, but that's beside the point) has its security undermined fairly regularly by buffer overflows, etc. discovered in various daemons and suid programs. Rough estimate, it seems like there's a remote root exploit every year or two, and more than one local root exploit each year.
Yes, the patches come within hours or days of the exploits, and yes, anyone who can type "rpm -F" can keep their system up to date with those patches. But there's still that window of vulnerability out there, and there's still the (millions of?) Linux systems out there without root users experienced enough to stay up to date with security patches.
Security will hopefully be much improved in the future will be the use of capabilities in priviledged Linux programs and ACLs in Linux distributions to drop all unrequired permissions. Right now, if a program just needs to open a trusted (< 1024) TCP port, or read files with strict permissions, or have raw access to video hardware... then that program gets run as root, with the full array of root permissions.
And then if that program has a security flaw, then anyone in a position to exploit it has root.
With capabilities, a program (or a wrapper program) can be run as root, but can permanently or temporarily drop selected root capabilities. In other words, if a capabilities-aware suid root program just needs to listen at a low port, but it can be tricked by the user into opening arbitrary files... well, then it still won't be able to spit out
Well, that was a mangled description, but you get the idea. There are links to discussions of the subject by people who know what they're talking about at http://www.millenniumproductsllc.com/sjp/
FUD! FUD FUD FUD!
You can very easily lock down a Windows system so that different users can do different things. In fact, access control can be given at incredibly high granularity to:
Mailslots
Named and anonymous pipes
Processes and threads
File-mapping objects
Access tokens
Window-management objects (window stations and desktops)
Registry keys
Local or remote Windows NT services
Local or remote printers
Windows NT network shares
Interprocess synchronization objects (semaphores, events, mutexes, and waitable timers)
Job objects
Each object defines specific and generic access rights. Hmmm... looks like Windows is a lot more secure than you claim.
Also, telnet server and Windows Terminal Server allow you to execute as much code as you care to remotely. WTS is also (in my experience) usually *faster* than an equivalent X-windows session over a 28.8k modem. You probably wouldn't want to run Photoshop on it - but Visual C++ 6.0 runs quite happily on it.
In future, try doing some research before happily spreading the FUD.
Simon
Coming soon - pyrogyra