[maemo-users] Unix vs Windows security (was Re: Nokia device usage)

From: Mark wolfmane at gmail.com
Date: Thu Mar 12 18:15:51 EET 2009
On Wed, Mar 11, 2009 at 11:24 PM, Farrell J. McGovern
<farrell.mcgovern at gmail.com> wrote:
> ScottW wrote:
>> The Mac and *nix world needs to stop gloating about their clean record so far and keep an eye out for what is to come.  Dues to the learning curve of the OS, the users were more "enlightened" than the common computer user, but now these are  more wide spread and the common user will be using them.  The conspiracy theory people say that Antivirus companies are the ones making most of the viruses so that they have a product to sell, well there is a market out there just waiting to be tapped.  Norton AV for Mac is on the shelves even though there is only really 1 documented virus, and people buy it.
>> The good ole saying: "The devil's greatest accomplishment was to convince everyone he does not exist"... well the Linux virus does not exist.
> You are, of course, making the classic mistake of not understanding
> security on computer operating systems. Popularity has little to do with
> how vulnerable a system is.

Yeah, tell that to celebrities. I'm sure they just *love* the stalkers
and paparazzi. When's the last time *you* were surrounded by dozens of
photographers documenting the worst moments of your life?

Anyway, it's not about "popularity", it's about payoff. Any time
there's something to gain (Windows boxes), people will keep trying.
When there's nothing to gain (Linux boxes), there's no motivation.

More attacks=more vulnerability. The law of averages says that the
more attacks there are, the more likely that sooner or later one will
be successful.

Someone who has their home Windows machine set to autologin and no
firewall or antivirus software but uses a gateway, never uses Outlook
or IE and never opens messages (never mind attachments) from someone
they don't know is much less vulnerable than someone who has every
possible security aspect in place on their laptop (any OS) that is
exposed to open networks and/or leaves their computer unattended for a
few moments. Everything is relative.

*You* are the one who clearly does not understand computer security.

> Fact: Windows XP is about 12 years old, Vista/Windows 7  maybe 5. Unix
> is 40+ years old.

Fact: Windows is 30+ years old, and what you're calling Unix is every
bit as much a progression/assortment of different OSs/kernels as
Windows. Your assertion is totally invalid.

> Face: Unix was designed for a mult-user, multi-processing environment,
> Windows was designed for a single user, single application  at a time
> environment, it has  had multi-user and multi-processing added on to it.

Once again, your assertions are totally incorrect. Unix started with
single-user mainframes, long before the Internet or any kind of remote
networking or simultaneous multi-user environment. Even once they went
mult-user, local multi-user setups with tightly controlled physical
access are a very different thing from the worldwide network of today
(~1995 and on, only the last 15 years). As for multi-user and
multi-processing, the former is only incidentally related to network
security, and the latter not at all.

> Thus, most everything that can affect Windows today was probably seen
> and corrected on the architectural level decades ago in Unix.

Totally untrue. The issues of concern are mostly related to network
access, not multiple logins. See above.

> Even the
> simplest thing of making the user work in a non-privileged workspace is
> one of the basic things that Unix has done for decades, while it is a
> relatively new idea in Windows.  Thus, if you compromise the workspace,
> you don't compromise the system.

Unix was not designed for personal computers, it was designed for
room- and building-filling mainframes and minicomputers for
governments, universities and large security-minded businesses. You
are comparing apples to oranges. While Linux is "Unix-like", it is NOT
Unix and has to be much more user-friendly, which Unix is very much
not. The owner of a Linux box has to also be the administrator, while
a Unix user seldom has to deal with the administration side of it. Any
time you design an OS for the masses, there is no escaping the
necessity of compromising security for usability and flexibility.

> Next, you have the fact that to make things really fast in Windows, you
> have graphics primitives in the kernel. This means that to compromise
> the entire system, all you need to do is compromise a graphics
> routine...and as almost everything is graphical in Windows...compromise
> the Browser, you can own the system...compromise the mail reader, you
> can own the system...compromise  an editor you can own the
> system...compromise an ERROR MESSAGE, and you can own the system.

You're talking theory, and making it sound much easier than it
actually is. In reality, such attacks seldom actually work, and they
require far more preparation and work than you are willing to admit.

> With Unix, very few things can access the kernel. If you compromise the
> Browser, you may compromise the user's workspace, but the system remains
> compromised.

Again, Linux is *NOT* Unix. Regardless, since no one is putting
serious effort into developing viruses and such for it (there's
exactly zero payoff), you're comparing apples to oranges. I think you
left the "un" off the last word there, but again that's theory, not
reality. According to the fanboys, Linux doesn't crash, but I see it
happen all the time. Not just applications; the whole machine crashes
and has to be rebooted.

> Generally, in Windows  it's a single  set to compromise the entire
> system...on Unix, it takes usually two more more steps, first you must
> compromise the userspace, then you must compromise the kernel.

...and you make it sound so easy to compromise Windows, and so hard to
compromise *Linux* (you keep saying Unix when what you really mean is
Linux...). The reality is somewhat different, and the ease of security
breach is directly related to the operator/owner's actions and
settings rather than the OS. I've been running Windows without
firewall or antivirus software for many years (the cure is worse than
the disease) and no one has successfully attacked me yet. In spite of
some empty threats and futile attempts...

> Ultimately, it takes a lot more work to compromise a Unix system than a
> Windows system.

Only because of all the freely available software out there that
specifically targets Windows, as opposed to practically nothing for
*nix. The "security tools" for *nix don't count, since the same people
who are writing those are also patching the holes. That's about as
trustworthy as those Windoze firewall apps that fake attacks ("we just
intecepted xxx attacks"... yeah, right!) to dupe gullible consumers
into buying the pay version.

> And that makes Unix and systems derived from Unix
> inherently more secure than Windows.

Unix, and Linux as well, come from a very different place than
Windows. *nix comes from a scientific, high-security background, while
Windows (and DOS before it) from the start was aimed at usability for
consumers and the less technically savvy. Bearing that in mind, the
difference in inherent security is remarkably small.


More information about the maemo-users mailing list