EBAY and AMAZON

Dave Hart davehart at gmail.com
Wed Jun 13 18:20:16 UTC 2012


On Wed, Jun 13, 2012 at 5:36 PM, Barry Shein <bzs at world.std.com> wrote:
>  > On Tue, Jun 12, 2012 at 11:44:44AM +0000, Jamie Bowden wrote:
>  > > While MS may be a favorite whipping boy, let's not pretend that if the dominant OS were Apple or some flavor of *nix, things would be any better.
>
> That assumes the security architectures of all these OS's is similar
> which is simply not true.

You're right.  Windows has an architecture that's easier to secure,
with auditing, ACLs, and capabilities ("privileges") part of every
NT-derived release.  This means everything interesting doesn't have to
be "root", for which there is no equivalent in Windows -- no magic
user which bypasses access checks.

> There have been security flaws in Microsoft OS's which led to the
> spread of malware which would have been almost impossible on any
> unix-like operating system.
>
> One of the biggest problems was creating the first and often only user
> on MS systems with administrator privileges allowing any piece of
> software they ran to do anything on the system.

Is it not common to install unix-like operating systems similarly,
with setup completed after a root password is chosen but before any
human-named accounts are created?

I'm not impartial, I once worked for the architect of NT's security.
Discount my opinion appropriately.  My opinion is 20 years of
hardening have likely made Windows a tougher nut to crack than other
mass-market OSes.  It could hardly be otherwise -- there have been
large piles of money fueling a free market in 0-day Windows exploits
for many years now.  Windows has grown over that time, of course, and
more code means more holes, but other OSes have been growing as well.
Meanwhile, the most security-sensitive parts of Windows have slower to
change and grow.

Yes, Windows evolved from an essentially security-ignorant single-user
environment.  Unix evolved from an essentially security-ignorant
multiuser environment.  The baseline of unix security with magic root,
setuid apps, and primitive access permissions are nonetheless inferior
to the baseline of NT-derived Windows.  There are varying degrees of
ACL support in some unix-like systems, and wide support for
capabilities that allow services to start as a non-root user, or "drop
root" after starting as such.  There is not, across the POSIX world, a
strong security infrastructure that can be relied on to be universal.
On the other hand, with the death in the wild of the Windows 9x/ME
house of cards, today Windows does provide that universal security
infrastructure.

Unix systems can be secured.  So can Windows systems.  No OS can
simultaneously provide lazy users with power tools and completely
protect those users from self-injury.  Security costs overhead for
too-often no perceived benefit until someone gets hurt.  When you are
forced to deal with it, it's nice to have the best in class
infrastructure under your feet.

Cheers,
Dave Hart




More information about the NANOG mailing list