[Sussex] Linux Security (Was: Open day outline)

[Steve Dobson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Desmond

Desmond Armstrong wrote:
> One should remember that a Windows system is essentially open for 
> malware and it is a matter of history that one has to, as a user, be 
> able to simply double click an executable and let it simply self 
> install, in other words no or very little security.

But that is what was demanded by most (uneducated) users.  Microsoft in
part got it's monopoly because it made it's system easy to use.  The
fact that they were also easy to compromised was a unfortunate oversight
on Microsoft's part.

> In contrast Unix is designed on 2 criteria:-
> 
> 1/ good security
> cannot install without a secure root password.

I've installed Linux, FreeBSD and Solaris system without a secure root
password.  Debian accepts "password" quite happy and so it should.  When
I install for a client in a secure environment I want to use a password
that is easy for us both to use.  As soon as I leave then that password
should be changed.

> 2/ networking.
> 
> Remember Bill Gates stood up in 1992 and declared that nobody would wish 
> to use the internet?

Not true.  Thompson, Richie started work on Unix in 1969 and the first
"release" was a year or two later.  As you can see from [1] this is the
time that Arpanet when on line.  As AT&T were shiping source code this
meant that academia where able to add networking to Unix earlier on in
its life the first network capable Unix wasn't really available until
1972 (same source).

> So fundamentally there has never been a 'virus in the wild' on a Unix or 
> Linux system ever.

Sorry, but this also is not true.  The Morris Worm [2] did the rounds in
1988 and I can remember reading a report about it early in the '90s -
before the company I then worked for was connected to the Internet.

>                  It is not a case of Linux is not popular so does not
> attract viruses it really is because it is fundamentally secure by 
> design. Of course one can have limited problems in groups of machines 
> where the security is minimal but that does not amount to a 'virus in 
> the wild'.

I don't disagree that Linux is secure by design, but I don't agree that
that is the cause of it's security.  Linux is secure because the system
has been broadly targeted at geeks that accept the configuration
overhead in exchange for getting a secure system.  As Linux gains more
popularity amongst the masses so some distro will take measures to make
the system "easier to use".  Wasn't it Lindows that ran everything as
root?  Any distro that does that I won't touch with a ten foot
bargepole, but how many people in the general population know that is a
bad thing?

How many people on this list know why it is a bad thing?  There are a
number of people that are on this list that I would class as "just
users".  People who just want a computer to make some tasks a little
easier.  I think it's great that Linux is reaching out beyond "geekdom"
and I welcome them.  But at the same time we geeks should not be false
promises about Linux.  Using any computer system comes with a certain
responsibility to use it responsibly in the same way that all car
drivers need to accept responsibility for being safe drivers.

The Morris Worm exploited vulnerabilities in sendmail, which at the time
ran with full root privileges so it could deliver peoples mails.  If a
distro runs everything as root then any vulnerabilities in a browser
could be exploited in the same way.

In another example in 4.2BSD all the terminals devices had full
read/write privileges.  This was so users' programs (these where the
days of Unix on multi-user minis with command line only) could write
their output back to the terminal the user was loged in at.  That
"feature" allowed us "knowledgeable" students to send fake operator
messages to other students that the system was going down for
maintenance shortly and to please save their work and log-off.  One
could get quite a performance boost to your own programs by reducing the
load (number of users logged in) on the system.

Over 30 years Unix has been modified considerably to make it more secure
in a ever most hostile world.  But up until now that Unix world mainly
had specialist users that were prepared to accept these changes because
of the problems they solved.  I'm am not convinced that the general
public are so accepting.

I've been quite impressed with what Microsoft has done security wise
with their new Windows Small Server 2007.  We (my client and I) where
unable to add a simple network route to the server because we didn't
have the correct privileges, even though we were logged in as the system
administrator.  In researching the problem I came across a number of
articles describing how to disable this new security feature.  But the
one that really impressed me was the one that lambasted this approach as
weakening the security, and sort of explained how to work with it.

I no longer blame Microsoft for the security issues in Windows.  I think
the bigger problem is that most Windows users (and this must include a
rather high percentage of Windows SysAdmins) just want an easy fix.
Well, my experience has taught me that, in the long run, there are so
such things.  What worries me is that as Linux gets more popular so this
kind of slap-dash, do it quickly approach will become move over into
Linux system administration.  It is up to use geeks to educate the new
type of Linux user into how to do the SysAdmin task properly.

Steve

[2] http://edutechwiki.unige.ch/en/Networking_history
[1] http://en.wikipedia.org/wiki/Internet_Worm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFKB+squ7HOw0Q66oERArDeAJ9120+Mw4Ad+8aoPjemU0kibCILfgCgpCiX
5a5m3x47KZlnVsfwvmCEoi4=
=s3Fu
-----END PGP SIGNATURE-----