Question regarding an article from Microsft Hellas's CEO

Thu Feb 5 20:49:18 UTC 2004

Joao Ribeiro da Silva wrote:

> The main problem with security on windows and other operating
> system is in their base.
> Unix like OSs are closed systems by default while Microsoft 
> Windows is a open system by default.

(How good that we don't talk about "open source" software, otherwise
this last sentence would really look strange ...)

> On Unix like OSs in order for a user to run anything you need
> first to give him necessary permissions to do so. Otherwise 
> not even a byte the user can read from whereever.
> On Windows you can do what so ever and then you starting 
> removing power to a user (closing the system to that user).

But that's exactly one root of the problems. The latter model might
be fine for a single-user standalone system (Dos and earlier Windows
versions), but transfering it to a networked and/or multi-user
system was a cardinal mistake. In principle it was clear from the
beginning that this couldn't work (so they had plenty of time to
rewrite it from scratch if they cared), now we're seeing the
effects.

Another basic problem which you didn't mention is the tendency to
blur the distinction between executable code and data. AFAIK this
tendency has even increased in Windows in the last years (MS-Word
macro viruses, various "active" components all over the place and
many more things, even the mangling of file name suffixes, so
viruses could use double suffixes to "disguise" which is so
ridiculous, etc.). For the average Windows user it's quite hard to
tell whether they're viewing some data (image, text, ...) which is
harmless unless it can exploit a bug in the viewer program, or
executing some code which is always dangerous if it comes from
unknown sources.

I suppose they're doing it in the sake of "comfort" -- and for the
most part I don't even see that point. Most users don't regularly
receive executable programs by email or execute them from random web
sites. I suppose even the average Windows user is aware of the
difference between installing a program (intentionally) and viewing
a picture. And if web sites weren't so overloaded with various
scripting garbage, this might even benefit users, when web authors
would have to learn to write proper HTML for a start (e.g., not
using JavaScript for things that simple HTML forms can do just as
well, which can be very annoying). But I'm digressing ...

But even if there was some "comfort" to it, it now clearly shows
that the security implications are unmanageable. So if they care for
security at all, they have to realize it was a wrong decision and
undo it until it's too late (well, until it's even more too late
than it already is ...). But as long as "opening" an email or web
site can mean executing arbitrary code it contains, there's not a
chance of hope for security.

BTW, this might apply just as well to Unix applications. I don't
usually use this kind of programs, so I don't know how far the usual
suspects have gone already (whether also for a strange sense of
comfort, or just to imitate the Windows "experience"). I'd just say,
beware ...

> Try to map a network drive or even access to your CD-ROM it
> will tell you that only the system administrator can do that 
> and because on Unix nobody works as system administrator then 
> the system core never has a virus. In the worst case scenario 
> only the files created by the user can be deleted or damaged 
> not the files from other users so even if we had virus on 
> Unix the impact over the system would be very small (to the 
> user level only).

I've heard this argument, but I don't think it's a very strong
point. On most machines the user data are more valuable than the
system files. A system can easily be reinstalled, but user data may
take a lot of time to recreate, or even cause financial loss. (Oh
yeah, backups. Sure. Most people don't do them unless they've been
*seriously* hit once or twice. I know professional programmers who
don't do good backups ...)

It's true that a virus can hide in system programs and covertly
spread more damage over time, but on Unix systems, they can do
almost the same by manipulating the user's aliases, PATH, etc.

Both points are especially true of single-user machines, but that's
what most potential victims are.

> On Unix, as soon a user logs out from the system all
> applications running with that user permissions are forcelly 
> terminated by the OS itself.

Not at all.

Frank

-- 
Frank Heckenbach, frank at g-n-u.de
http://fjf.gnu.de/
GnuPG and PGP keys: http://fjf.gnu.de/plan (7977168E)