walt6

If my memory serves me right, hackers were devastating UNIX long before Bill Gates could spell Windows.

Corona688

Indeed. But UNIX is hardly a monoculture, and besides, we were talking about viruses, not hackers. I haven't heard of any UNIX virus since the Morrison worm.

Happy Wonderer

Unix is pretty much a monoculture, there are not that many major providers of UNIX and Linux is pretty much taking over in the Unix world in terms of volume. Heck, why do we say Unix(TM)? 'Cause AT&T wanted it that way....

If you haven't heard of Unix exploits since Morrison then you haven't been listening very hard. There were a large number of exploits after the Morrison worm, and exploits continue to be found in various popular UNIX systems such as Solaris (Sun). A system administrators life is not an easy one (sung to the tune of Gilbert & Sullivan.) A very quick search shows a Linux root vunerability found this January. (No I won't post a link because I don't believe in making hacker's life easier.)

I consider the very basic problem to be that both Unix, Linux and much of Microsoft were written in C/C++ which has no boundary checking on arrays. Unchecked array bounds are a major area of exploits and it requires a great deal of care on the programmer's part to avoid making such a hole. Some C runtime library functions don't even let you pass the size of the array that they fill as an argument, meaning that you were automatically open to a buffer overrun. In the early C days stuff didn't work well enough that it was even an interesting exercise to try to crash programs.

I say this as an expert C/C++ programmer who has worked with (and liked) those languages for well over a decade.

hw

Farren

If more programs are written in platform-independent languages and technologies like Java and SOAP, and even multi-platform compilable code like Kylix/Delphi, a wider spectrum of OSs would be possible (and, I think, beneficial).

If my memory serves me correctly the most unhackable Web server in the world is as a bottom-up web server. Its a Web server OS rather than a Web server on Linux or a Web server on Windoze. So theres a case to be made for more specialised operating systems. More widespread use and support of platform-independent technologies would encourage this, I think.

Also, PC's have reached the point where sandboxing is more feasable. A number of my associates, for instance, run security-risk tasks such as internet activities in sandbox environments like VMWare. If the sandbox environment is sufficiently well coded to prevent things like buffer overruns, even high-risk programs with such bugs can't "see" resources outside of the sandbox or affect them.

GodLessWarrior

Boundary checking for arrays in C++ is not inherent but it's also not difficult to implement. I definetly agree with the argument though, that the responsibility really is on the shoulders of the programmer.

I love C++

~ToM

Corona688

It is pretty difficult to call Linux a monoculture. You could call redhat a monoculture, maybye, but not Linux in total. The operating system kernel itself can be radically different from machine to machine - different versions, memory managers, schedulers, filesystems, modules, security features, etc etc etc. It's like the operating-system equivalent of lego. Indeed. And security explots have been found for Linux too. The difference is that a great many of these exploits were found and fixed *BEFORE* they were used. And pardon me if I don't consider Solaris representative of UNIX in general. What should they write them in? I know of no other high-level language that you can write an operating-system in. D has some promise, but it requires an external library to run. I'd say it requires thoroughness.. that's what I dislike about C++ sometimes. It has so many layers and does so much for you that it's easy to forget there's things that haven't been considered. Then don't use those functions. Buffer-limited equivalents exist for nearly everything. There was some seriously bad programming happening in the early C days. I was experimenting with zmodem awhile back, and got my hands on a bit of code from an early 80's mainframe. It was scary, scary stuff.

Heard of inline assembler? This stuff had inline pascal.

INLINE PASCAL!

I'm serious, 75% of the code was inline pascal, and not even GOOD pascal. Whoever wrote that code, or the compiler that accepted that code, should be taken out and shot. Or at least pied repeatedly.

That obviously wasn't C's fault, it was the programmers that abused it.

Corona688

I'd call C/C++ pretty platform independent, at least in source compatibility. The same code can be compiled and run under radically different architectures and operating systems, whereas Java needs the same virtual machine wherever you go...

ZouPrime

Most information security professional believe that Linux will suffer security problems similar to Windows as its market share grows. The open source nature of Linux will not necessarely help it in this field, as long as serious auditing is not systematicly done on the code (the way OpenBDS does it).

As for the "it's the role of programers to ensure security in their code", I personnaly don't believe it's a realistic solution. For 95% of the projects out there, it's much more efficient to simply move development to programming languages supporting array boundaries checking.

fishbulb

Open source doesn't reduce the number of bugs that get introduced into code, but it does seem to decrease the time between discovery of a bug and patching of the bug. Also, when a new bug is found and fixed in a particular open source project, other projects can check their own code for similar problems and fixes in a way that isn't possible if the developers can't see the code in which the bug was first discovered. The F/OSS community as a whole has a vested interest in making all open source software secure, wheras a proprietary vendor has a vested interest in making its software more secure (or, just as good, appear to be more secure) than its competitors' software.

Linux will probably never reach the level of insecurity that Windows has reached, regardless of its popularity. Windows will probably never again be as insecure as it has been in recent years because the threat of some semblance of competition has finally forced Redmond to treat security as more than just a public relations problem. We have probably seen the worst of insecure design in operating systems, though the actual frequency of attempts to exploit these flaws, and the damage done by exploiting security flaws could easily be higher than anything we've seen to date, especially as long as untrained users remain a major source of insecurity. But the basic design philosophy of Unix insulates it from a lot of the sources of insecurity that plagues Windows. A lot of the problems with Windows are related to intentional operating system features that are being used in the way they were intended, but for malicious purposes. (For example, a lot of worms propagate using a feature of Windows and Outlook. No one intended for the feature to be used for the purpose of spreading a worm, but the feature is being used the way it was designed to work; there's no buffer overflow or heap corruption or other bugs being exploited.) In principle, you could make Linux behave that way, but you would really have to work at it. It's not something the operating system was designed to do out of the box. Even Microsoft is starting to take this tack with new versions of Windows: potentially exploitable features that were once turned on by default (like IIS) are now disabled by default and must be explicitly turned on by the end user.

It is dead simple to write bad, insecure code in any programming language you care to name. Some languages are designed to make it easier to write solid, secure code, if that's what you want to do, but you still have to put the effort into doing it that way; no programming language will make your program secure if you don't design it that way. A lot of security and stability problems stem from simple laziness or lack of thoroughness: doing things like assuming that certain functions always succeed when they could fail and should be checked for error conditions, assuming that user-supplied input will always be valid or will fall into a narrow range of what is theoretically possible, or ignoring possible race conditions. That isn't the fault of C or C++, it is the fault of the programmer (or the programmer's manager) who doesn't want to spend the time designing clean algorithms and checking for all possible anomalies, edge cases, deliberate attempts to break the code, and error conditions.

beowulf_king

Both Windows any any other operating system you can put on your system has it's source code in plain view, you just have to know how to read it in binary format. So having open source or not will not affect the security of the OS (but may make hacking easier). I don't think having open source decreases the reparing time any. Microsoft usually spends a few months before a patch is released, but during this time, they look at the flawed code, patch that, and look for new flaws that were created. But Microsoft is now taking on a new approach, one for secuirty in their new Longhorn version of Windows.

Why would someone who is writing a virus want to attack a unpopular OS? They want to go for the popularity, and Windows is currently the popular target. Once Linux becomes more and more popular, they will be targeted and exploits will be found. There will probably never be a time when there is any secure OS, since the possibilities of flaws and the time required (for both open and closed source) to patch these flaws is too great.

Most viruses and worms today do not actually perform any intrusion on a remote machine. Most machines today have OS built-in firewalls or third-party software. Viruses spread because people don't do the OS updates or they download the virus themselves(e-mail attachments or file downloads). And today they are becoming even more sneaky because they are more desgned to spread than to do any damage...but this may change in the near future.

One of the biggest problems faced is the buffer overflow, which allows malicious data to be inserted into memory that may cause security leaks. As I stated before, it's impossible to design any secure program. In order for a computer system to be 100% secure, every portion of the program must be 100% secure, and this requires having every piece of code that runs on that machine checked for flaws and compatability with the rest of the machine. One single line of flawed code can result in a malicious attack opening a connection to your computer and modifying any other piece of code. The way I see making secure computers is not in spending the time to design secure software (because it is mostly secure), but to provide a public awareness system to warn users of attacks and how to protect themselves. This may involve updating your virus scanner or implementing an advanced firewall, or just telling the person not to download the coolPic.jpg.exe file in their e-mail.