[Gllug] just preaching to the converted !

Sat Oct 22 16:49:23 UTC 2005

On 22/10/05, Chris Hunter <chrisehunter at blueyonder.co.uk> wrote:
> No.  The underlying structure of Linux (and all the other Unix - based
> OSs) makes it an ideal OS for a hostile networked environment.  It was
> originally designed as a multi-user, secure OS, unlike any of the MS
> offerings, where these facilities were just tagged on later.

I'm not so sure about this. I think in the orginal design of Linux the
designer's (Linus) main concern was to get it working at all - not to
code with security at the front of his mind.

The threats that face Linux today (Internet attacks etc) weren't an
issue when Linux was orginally conceived.

I do agree that Linux has avoided the inherent security problems that
afflicted earlier versions of Windows but this may be because lessons
had been learned from seeing the problems that affected other OS's
(UNIX and Windows). I'm not saying that Linux is more secure *only*
for this reason but I wouldn't agree security was the main concern
from the starting point.

I also think the distributed nature of developing Linux (The operating
system as a whole, rather than just the kernel) has helped as no-one
has ever been able to do something as dumb as tie the browser into the
kernel :)

Operating systems such as OpenBSD are more secure as they had a full
code audit after a while and spent a lot of time fixing issues

http://www.openbsd.org/security.html (Scroll down to "The Rewards")

> The "security" structure of any version of Windows (including "Vista" or
> whatever it's called this week) is such that it is not possible to make
> it (in any way) secure.  Abusing any Windows box is trivial!

Hmmm, really? A fully patched and properly maintained Windows OS is
fairly secure with the latest versions. Not impossible to crack, and
certainly not as easy to look after with AV subscriptions and virus
definition files etc but it is secure.

A lot of the stereotypical "problems" with Windows don't apply so much anymore.

Namely:

* "Windows is an unstable piece of crap" Windows 2003 is very stable these days
* "Windows can be compromised by script kiddies very quickly" If you
bother to configure it securely and maintain it correctly it is fairly
secure

There are problems with Windows (as there are with Linux) but they
need to be properly defined

* Windows runs too many services by default. A typical installation
runs a lot of software that probably isn't required and the concept of
a true "minimal installation" isn't really there
* Windows is frustrating slow soon after boot. The concept of
presenting a logon screen to a user, logging on and then running like
a dog for 5 minutes whilst you start the rest of the system is one
thing I'm happy to avoid by not running XP
* Windows is a proprietary, closed system that encourages lock in and
stifles innovation.
* It's ugly

The main problems with Windows is the fact that too many idiots run it
without knowing or caring how to secure their systems and let
themselves becoming a breeding ground for viruses.

> The MS method of "development" is just to build on "their" previous OS,
> rather than do a ground-up design.  This is why there is still stolen
> TCP/IP code in the Windows kernel (I'm not sure if anyone at MS actually
> knows how it /should/ work!).

Last time I checked there was 2.4 code in the Linux 2.6 kernel. No
Operating System starts anew with each and every new version. This
argument doesn't really make sense.

The fascination with maintaing backwards compatibility with old
Windows protocols (LanManager and NTLMv1) is a problem with Windows
IMHO

--
~sm
Jabber: mozrat at gmail.com
www: http://beerandspeech.org
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug