Farren

Both Windows any any other operating system you can put on your system has it's source code in plain view, you just have to know how to read it in binary format. So having open source or not will not affect the security of the OS (but may make hacking easier). I don't think having open source decreases the reparing time any. Microsoft usually spends a few months before a patch is released, but during this time, they look at the flawed code, patch that, and look for new flaws that were created. But Microsoft is now taking on a new approach, one for secuirty in their new Longhorn version of Windows.


In the "Halloween" strategy memos that were floated on the Internet and later acknowledged as the real thing by Microsoft, a top MS manager stated that Linux is a major threat because, among other things, problems are identified and rectified very quickly.

Read all about it here.

It stands to reason. The open source community is way, way bigger than Microsoft's pool of developers and is likely to be that way for the forseeable future, simply because a commercial company can't employ an equivalent number of developers without breaking the bank.

The speed of Window's development was in large part responsible for a lot of vulnerability. To stay ahead of the game and keep selling boxes, MS has consistently rushed stuff to the market, effectively getting their customers to beta-test products . But if they slow down their product development cycle, their business model becomes increasingly unsustainable, which is why they've become more creative with their licensing models and attempted to create chains of dependency with other chargeable products.


Why would someone who is writing a virus want to attack a unpopular OS? They want to go for the popularity, and Windows is currently the popular target. Once Linux becomes more and more popular, they will be targeted and exploits will be found. There will probably never be a time when there is any secure OS, since the possibilities of flaws and the time required (for both open and closed source) to patch these flaws is too great.


Fair enough. I think at least some worms/virii are ideologically motivated. i.e. They are specific attacks on MS credibility.

ZouPrime

This is basically the "many eyes" claimed advantage of open source development. But the problem is that in the real world, only a handful of users really take a look at the actual source code of the software they use. And worst, most do because they want to add a specific feature, not for code auditing purpose.

The state of open source security is similar to the UI design and documentation problems prevalent to free softwares: because most developers don't care about it, it is generally done as an afterthought. Success such as OpenBDS are the exception, not the norm.



On a design standpoint, Windows is ahead in security than Linux. Security on Unix has been an afterthought, not a original feature. Windows security problems mainly come from programming errors, not design problems.

Linux is full of holesŸ. The only reason we don't see many worms for it is because their still way more Windows machines deployed.

I was specifically talking about the issue of buffer overflow, which may represent the number one reason of security bugs in today's softwares. Obviously a bad programmer can always make mistakes, but I don't think it is realistic to ask programmers to write hundreds of lines of code without any single error. It's much simpler to just make them code in a language that help them not make these errors.

Corona688

User-specific hacks almost never get added to the actual codebase, however. Another advantage of open-source that you have overlooked is tools like valgrind to help search for holes, and the ability to actually debug the software you are using. With the modification of one file and the execution of one command, I can recompile my whole system with maximum debugging information, right down to variables and line numbers. You can't do that with closed source, ever. You have GOT to be joking. Windows originated as a single-user unprotected mess, and only managed to get a bit of real security by borrowing a whole lot from OS/2. Which OS/2 borrowed from, you guessed it, UNIX. Pull the other leg, why don't you. Security in UNIX is fundamental, EVERYTHING from files to devices to software constructs like semaphores is protected with user, group, and world access levels. The windows "design", if you can call it that, was a windowing system with NO security restrictions, or for that matter, completely lacking in the concept of multiple users. Security literally WAS an afterthought; they added it much much later, when they made Windows NT. Why WOULDN'T a cracker write a linux worm if it's as easy as you say? These UNIX machines may not be as numerous, but they are often critical things like file, database, and web servers, whereas your typical windows workstation is pretty much a replaceable commodity. Such languages indeed exist, but it's a moot point since you can't write an operating system in one. Languages that do a lot for the programmer inevitably depend on external libraries to function; whereas C with a little assembly is self-sufficient.

ZouPrime

I understand that the possibility is there. But the problem is that in the actual real world, this possibility is not exploited. There's no use in open sourcing code if nobody actually look at it.

No, I'm not joking, and yes, I expected this kind of answer. You need to read the actual Windows NT design documents to see it. The security is sound, it's just that revision after revision, the code got bloated and bad implementation decisions were made. But the actual ACL model of Windows and the NTSF file system is sound and doesn't have many design problems.

Try to read a bit about UNIX history. The original UNIX goal was to create a multi-user, OPEN OS. Not a "secure" one. I say it again, security was an afterthought in the UNIX world. I can dig the source of my claim if you want.

I'm not saying that right now, I consider Windows to be more secure than Unix. I'm just saying that on a design standpoint, Microsoft made a lot of sound decisions. I know it's not politicaly correct to say it, but contrairy to popular beliefs, Microsoft programmers aren't specially dumb or bad.

Finaly, the number one reason why Windows don't have a clean multi-user interface �_ la Unix is that Microsoft knows that their leading OS is mainly used by single person, rarely in a multi-users environments. This tendancy is changing (look at how XP handle multiple users), but from an user interface perspective I can understand Microsoft to keep it very simple.

If you think that Linux is free from security vulnerabilities, just read bugtraq. As for the worms, I don't know, but I suspect there's not enough Linux deployments out there for a worm to succefully propagate. My (educated) guess is that the first mass-worms affecting linux systems will be windows/linux hybrids. It's just a question of time.

Yes, I agree that today, for OSes, you probably can't get away of C and C++. But I don't know if this situation will be forever (I'm a strong believer that speed is generaly overated when considering different programming languages). Keep also in mind that some OSes also try to protect themselves against buffer overflow exploits through low-level means (I know that OpenBSD does it, as well as a future version of Windows).

Corona688

It's not just individual people that are using open source, though. Large corporations also use open source programs, and they obviously have a vested interest in security. There are actually corporations that are hired to pore over source code and find/fix vulnerabilities, and they have been hired by corporations to work on programs such as sendmail. The comparison of the first design of UNIX to ever exist with Microsoft's third revision window manager strikes me as rather unfair. Apples and oranges again. Just because it wasn't designed with security as the primary consideration doesn't mean that the design IS less secure. When did I ever make any appeal to popular opinion, or say that microsoft programmers are dumb and bad? And the argument that Windows is more secure from a "design standpoint" doesn't hold much water with me, since crackers don't break into designs, but implementations. I never once said that Linux was free from security vulnerabilities. Please don't put words in my mouth again. I count 32 in this room alone. There WAS one hybrid linux/windows worm that was built as a proof-of-concept. It will not run on any modern version of Linux. Nor will it run on anything but 80386-compatible processors running in protected-mode 32 bit. Ever programmed in Intercal?

Farren

Originally posted by ZouPrime
I understand that the possibility is there. But the problem is that in the actual real world, this possibility is not exploited. There's no use in open sourcing code if nobody actually look at it.


Zou, I have to disagree. Half my childhood friends are Internet security gurus, some of whom set up the country's largest ISP. They do modify holes when they find them and they share the fruits of their labour. MS clients have to wait around for MS to send them a patch.

My own brother is a networking guru who ended up Technical Director: Western Europe for a medium sized UK company providing top-flight security systems. There are a LOT more of the kind of people I'm describing than MS engineers. My evidence is anecdotal but its anecdotes from the heart of the industry, from the people that eat, sleep and shit this stuff. I'm sorry, I must disagree with you outright.


Try to read a bit about UNIX history. The original UNIX goal was to create a multi-user, OPEN OS. Not a "secure" one. I say it again, security was an afterthought in the UNIX world. I can dig the source of my claim if you want.


The point is, UNIX was old when Windows was new and lots of stuff had been thought of already. When I first looked at Linux (XWindows shells were nowhere to be seen), the inherent security was self-evidently way, way way beyond the inherent security of the DOS platform Windows still relied on. I mean everything had security privileges by individual, group and public access. If you typed "ls" at the prompt you got a whole lot of gobbledygook next to each file specifying security privileges. "Dir" in dos gave you filename and date. DOS didn't come close.

I'm no Linux guru (haven't looked at it for four years) but its evident that Windows was hopelessly insecure when Linux security was already relatively mature.


I'm not saying that right now, I consider Windows to be more secure than Unix. I'm just saying that on a design standpoint, Microsoft made a lot of sound decisions. I know it's not politicaly correct to say it, but contrairy to popular beliefs, Microsoft programmers aren't specially dumb or bad.


Fair enough. I don't think MS programmers are responsible for MS's business practice of rushing products out as fast as possible and basically beta-testing on customers.

MS only really started paying attention to sound architecture, though, from NT onwards, after they'd secured a huge market share and a secure financial future by basically favouring marketing over quality until that point.

ZouPrime

Ok, I read back some of the posts and my owns, and I'll put some water in my wine. I think I got stucked up on the "design" point when, like Corona688 said, implementation is generaly the security "weakest link" and not the design.

I would also say that the guy administring the actual box is also probably more important than the implementation, i.e. it's better to have an excellent Windows sysop over a moronic Linux admin.

I checked around the office (I actually work for a computer security company, and we have a few people specialized in intrusion detection) and for what I could gather, they all seems to agree that open source have definitively its advantages on a security standpoint. I'm not a proponent of security throught obscurity crap. But on the other hand (and this refers back to the OP), they also all agree that Linux WILL suffer from more worm outbreaks if its market share grows significantly. As for if it will be worst of better than the current situation with Windows... personally, my feeling is that Linux will suffer a similar fate.

I also asked about Linux worms, and it seems they exist, but most of them target specific distro (Redhat).

Farren

The thing is, the existence of different distributions goes back to the OP. The cheetahs population is extremely vulnerable to virii et al because their low genetic diversity ensures that a most of them will be affected equally severely by the same virus. Siamese cats, on the other hand aren't nearly as vulnerable

A lot of the holes I've heard of are fairly high level, like in the GUI. Now with Linux you have all of these GUI flavours. With Windows you have ... Windows.

So Windows is a lot like the cheetah and Linux a bit more like siamese cats in terms of vulnerability.

BTW Thanks for being gracious

Corona688

Absolutely. Except when Microsoft does silly things like enable file-sharing by default ala Blaster. Current estimated number of Linux users: Eighteen Million and rising. Personally, I don't think Linux is at risk of any worm outbreaks any time in the near future, and certainly never of the scale that Windows seems to invite. Linux comes with it's own full box of free programming tools running the full spectrum from assembler to perl and beyond, and the kernel's source code is 100% available for everyone to see; why aren't we in trouble already? Ah, you answer my question for me: These redhat worms can(briefly) succeed because all installations of, say, Redhat 7.0 are all the same, down to the binary level; but Linux in general is not a monoculture. My system, for instance, was compiled 100% from scratch. (OK, 99.5% from scratch... I use binary versions of grub and firefox.)

Linux can run on many different architectures(ARM, x86, amd64, sparc, etc, etc, etc), so tiny machine-code virii are out of the question...

There are tons of different kernel versions, so any exploits depending on the kernel will likely fail on many machines.

Not to mention that every individual kernel is 100% customizable; exploits that work for one compile of kernel 2.4.1 might not even EXIST for someone who leaves out that particular driver or compiles it as a module.

fishbulb

Windows isn't a design document; it's an operating system. I am sure that the design document is beautiful; on paper, NT is just an enhanced version of VMS, designed by a very respected computer scientist.

But I can't run applications off of a design document. The real Windows NT, like all of the Windows that came before and after, is a horrible mess of design compromises, unclear direction, and incredible complexity. A lot of stuff that should run in user space gets run in privileged space in order to improve the end user experience. A lot of processes that shouldn't be able to talk to each other do talk to each other, in the name of convenience. These may not have been part of the original idea behind NT, but they are part of the design and they are part of the operating system.

ACLs and NTFS are only two parts of NT. And they are problematic because the security model is extremely complex; it is often very difficult to know what a particular user does and doesn't have access to, and it is way too easy to accidentally give way too many permissions when trying to get access to a particular file or service. The ACL/NTFS permission scheme is not suitable for most server applications and is definitiely not suitable for any kind of desktop environment or any other situation where the person operating the machine is not a trained administrator. By contrast, Unix security is transparent makes it easy to set appropriate permissions without accidentally giving away the keys to the kingdom, and its owner/group/everyone read/write/execute/setuid permission scheme manages to incoroporate a lot of flexibility despite its simplicity. For most applications, Unix group-level permissions are all that is needed. Anything more is needles complexity, and complexity breeds insecurity.

That is not to say that NTFS and ACLs are useless in all situations, but they are overkill in most cases and therefore worse than useless. Moreover, the rest of the system works hard to defeat these basic security measures by introducing easy-to-abuse features that make them irrelevant. Unlike Unix, which is not married to a particular interface, few people would consider Windows to be Windows without the win32 API and GUI. It is not realistic to strip away the whole top half of the system and then claim that Windows is secure; the insecure top end is required for anything resembling normal Windows operation.

That is not true. The first part is true, but this is where Unix derives its security from in the first place. Windows evolved in a single user environment where it was assumed that one user had more or less exclusive access to the machine. Unix was designed to be a time sharing system, where many people would share the same resources. Unix built in security in order to protect users from each other's prying eyes, malicious intent and, most importantly, mistakes and programming bugs. The concept of preventing people from doing things they aren't supposed to do if they might affect someone else's stuff is built right into the system, and it scales remarkably well to a hostile networked environment. One of the reasons Unix is more easily secured than Windows is that its security is built right into the system rather than being bolted on to the outside as a sort of wall that assumes everyone on the outside is bad and everyone on the inside is to be trusted under all circumstances.

In fact, Microsoft has a lot of very clever programmers working for it. But Microsoft is in business to sell as many operating systems as possible. Bill Gates' vision has always been a computer on every desk and Microsoft on every computer; it doesn't matter to Microsoft why people buy Windows, so long as they do. Unix wasn't designed for this purpose, and Linux isn't either. One of the reasons Windows is so insecure is that Microsoft puts its programmers to work building features that will sell software, not features that make the software more stable and secure. Sometimes, the two happen to be one and the same but, more often, they are not.

Plus, they want every user to have their own computer with their own licensed copy of Windows. But that's not the reason. Windows was designed as a single user operating system, and all of its multi-user capabilities have been retrofitted. Microsoft never had a concept of one computer serving multiple users; its notion of a multiuser system is many users each with their own computer, sharing resources among them. Windows probably can't be made into a functional multi-user system without a thorough redesign.