mailing list archives
Counseling not to use Windows (was Re: Anonymoussurfing my ass\!)
From: full-disclosure () lists netsys com (David F. Skoll)
Date: Mon, 15 Jul 2002 16:24:50 -0400 (EDT)
On Mon, 15 Jul 2002, Schmehl, Paul L wrote:
That depends on how the admins configure things. :-) Here at UTD, for
example, it isn't possible to execute a VBS file unless you know what
Well, that's very good. How about .exe?
It's also possible to restrict the executables that a
user can run, using group policies.
Yes, it is. How much work is it to set all this up?
And you think they will do *better* at this in *nix? You've pinpointed
the problem, but missed the solution. The problem is the *users* who
are ignorant and chose to remain that way. The solution is for the
*conscientious* admins to understand that truth and find ways to defend
the enterprise *anyway*.
That's true. Nevertheless, I contend that it's easier for
conscientious admins to protect UNIX boxes from ignorant users
than to protect Windows boxes (period.)
In fact, UNIX boxes are extremely easy to protect from the truly
computer-ignorant, and they're not bad for experts. It's the people
in the middle who are dangerous on UNIX boxes. :-)
For example, my parents run Linux at home. They are complete
computer newbies. So I set everything up for them, locked down all
the permissions, and they're fine. An occasional VNC session over SSH
is all the help they need from me.
Some of the people I've worked with, however, know enough about UNIX to
be dangerous and often screw things up...
Your ignorance of Windows is showing. It is possible, under all
"modern" versions of Windows (not the 9x variety) to get as granular as
this (at the directory or file level):
I fully admit to ignorance of the details of Windows security, although I
believe I grasp the overall situation.
Traverse Folder / Execute File
List Folder /Read Data
Read Extend Attributes
Create Files / Write Data
Create Folders / Append Data
Write Extended Attributes
These are granular indeed, and confusing as hell. A good security model
should be simple; the Windows one is anything but. I can probably outline
the UNIX security model in 300 words. I challenge any Windows user to do
the same for Windows.
And complexity is the enemy of security. It can lead to misunderstanding,
incorrect implementation, and ambiguity.
It isn't the OS that's the problem.
I disagree. The design of the OS is a large part of the problem. (I
say "OS" here to include Microsoft applications like IE, which (after
all) Microsoft insists are part of the OS.)
It's the manufacturer's choices of
default settings and the ignorance of the users (and admins in many
cases.) Isn't this precisely the same problem on *nix? Give me an
ignorant user on a default install of *nix and I'll give you a hacked
box in a few minutes (except perhaps OpenBSD, which is one of the few
that ship "secure" out of the box.)
That may have been true 3 or 4 years ago, but (at least in the Linux and
*BSD worlds) is no longer. The default installation settings are
pretty good nowadays.
Please don't misunderstand - I am NOT saying Windows is a good as or as
secure as Unix. Given the choice, I'll take OpenBSD. But the *real*
problem isn't software, it's humans.
I'm not arguing with you on that point. But I think it's correct to
say that any organization interested in long-term security planning
should consider weaning itself away from proven-insecure software.
Microsoft's track record is really terrible, and I don't see any
indications that things are changing. How much benefit of the doubt
do vendors deserve, anyway?