[maemo-users] Unix vs Windows security (was Re: Nokia device usage)

From: Samer Azmy samer.azmy at gmail.com
Date: Thu Mar 12 21:17:02 EET 2009

root user is not the absolute power any more, please dont forget SELINUX and
the MLS "Multi Level Seurity"
you can


On Thu, Mar 12, 2009 at 6:15 PM, Mark <wolfmane at gmail.com> wrote:

> On Wed, Mar 11, 2009 at 11:24 PM, Farrell J. McGovern
> <farrell.mcgovern at gmail.com> wrote:
> > ScottW wrote:
> >> The Mac and *nix world needs to stop gloating about their clean record
> so far and keep an eye out for what is to come.  Dues to the learning curve
> of the OS, the users were more "enlightened" than the common computer user,
> but now these are  more wide spread and the common user will be using them.
>  The conspiracy theory people say that Antivirus companies are the ones
> making most of the viruses so that they have a product to sell, well there
> is a market out there just waiting to be tapped.  Norton AV for Mac is on
> the shelves even though there is only really 1 documented virus, and people
> buy it.
> >>
> >> The good ole saying: "The devil's greatest accomplishment was to
> convince everyone he does not exist"... well the Linux virus does not exist.
> >>
> > You are, of course, making the classic mistake of not understanding
> > security on computer operating systems. Popularity has little to do with
> > how vulnerable a system is.
> Yeah, tell that to celebrities. I'm sure they just *love* the stalkers
> and paparazzi. When's the last time *you* were surrounded by dozens of
> photographers documenting the worst moments of your life?
> Anyway, it's not about "popularity", it's about payoff. Any time
> there's something to gain (Windows boxes), people will keep trying.
> When there's nothing to gain (Linux boxes), there's no motivation.
> More attacks=more vulnerability. The law of averages says that the
> more attacks there are, the more likely that sooner or later one will
> be successful.
> Someone who has their home Windows machine set to autologin and no
> firewall or antivirus software but uses a gateway, never uses Outlook
> or IE and never opens messages (never mind attachments) from someone
> they don't know is much less vulnerable than someone who has every
> possible security aspect in place on their laptop (any OS) that is
> exposed to open networks and/or leaves their computer unattended for a
> few moments. Everything is relative.
> *You* are the one who clearly does not understand computer security.
> >
> > Fact: Windows XP is about 12 years old, Vista/Windows 7  maybe 5. Unix
> > is 40+ years old.
> >
> Fact: Windows is 30+ years old, and what you're calling Unix is every
> bit as much a progression/assortment of different OSs/kernels as
> Windows. Your assertion is totally invalid.
> > Face: Unix was designed for a mult-user, multi-processing environment,
> > Windows was designed for a single user, single application  at a time
> > environment, it has  had multi-user and multi-processing added on to it.
> >
> Once again, your assertions are totally incorrect. Unix started with
> single-user mainframes, long before the Internet or any kind of remote
> networking or simultaneous multi-user environment. Even once they went
> mult-user, local multi-user setups with tightly controlled physical
> access are a very different thing from the worldwide network of today
> (~1995 and on, only the last 15 years). As for multi-user and
> multi-processing, the former is only incidentally related to network
> security, and the latter not at all.
> > Thus, most everything that can affect Windows today was probably seen
> > and corrected on the architectural level decades ago in Unix.
> Totally untrue. The issues of concern are mostly related to network
> access, not multiple logins. See above.
> > Even the
> > simplest thing of making the user work in a non-privileged workspace is
> > one of the basic things that Unix has done for decades, while it is a
> > relatively new idea in Windows.  Thus, if you compromise the workspace,
> > you don't compromise the system.
> >
> Unix was not designed for personal computers, it was designed for
> room- and building-filling mainframes and minicomputers for
> governments, universities and large security-minded businesses. You
> are comparing apples to oranges. While Linux is "Unix-like", it is NOT
> Unix and has to be much more user-friendly, which Unix is very much
> not. The owner of a Linux box has to also be the administrator, while
> a Unix user seldom has to deal with the administration side of it. Any
> time you design an OS for the masses, there is no escaping the
> necessity of compromising security for usability and flexibility.
> >
> > Next, you have the fact that to make things really fast in Windows, you
> > have graphics primitives in the kernel. This means that to compromise
> > the entire system, all you need to do is compromise a graphics
> > routine...and as almost everything is graphical in Windows...compromise
> > the Browser, you can own the system...compromise the mail reader, you
> > can own the system...compromise  an editor you can own the
> > system...compromise an ERROR MESSAGE, and you can own the system.
> You're talking theory, and making it sound much easier than it
> actually is. In reality, such attacks seldom actually work, and they
> require far more preparation and work than you are willing to admit.
> >
> > With Unix, very few things can access the kernel. If you compromise the
> > Browser, you may compromise the user's workspace, but the system remains
> > compromised.
> >
> Again, Linux is *NOT* Unix. Regardless, since no one is putting
> serious effort into developing viruses and such for it (there's
> exactly zero payoff), you're comparing apples to oranges. I think you
> left the "un" off the last word there, but again that's theory, not
> reality. According to the fanboys, Linux doesn't crash, but I see it
> happen all the time. Not just applications; the whole machine crashes
> and has to be rebooted.
> > Generally, in Windows  it's a single  set to compromise the entire
> > system...on Unix, it takes usually two more more steps, first you must
> > compromise the userspace, then you must compromise the kernel.
> >
> ...and you make it sound so easy to compromise Windows, and so hard to
> compromise *Linux* (you keep saying Unix when what you really mean is
> Linux...). The reality is somewhat different, and the ease of security
> breach is directly related to the operator/owner's actions and
> settings rather than the OS. I've been running Windows without
> firewall or antivirus software for many years (the cure is worse than
> the disease) and no one has successfully attacked me yet. In spite of
> some empty threats and futile attempts...
> > Ultimately, it takes a lot more work to compromise a Unix system than a
> > Windows system.
> Only because of all the freely available software out there that
> specifically targets Windows, as opposed to practically nothing for
> *nix. The "security tools" for *nix don't count, since the same people
> who are writing those are also patching the holes. That's about as
> trustworthy as those Windoze firewall apps that fake attacks ("we just
> intecepted xxx attacks"... yeah, right!) to dupe gullible consumers
> into buying the pay version.
> > And that makes Unix and systems derived from Unix
> > inherently more secure than Windows.
> Unix, and Linux as well, come from a very different place than
> Windows. *nix comes from a scientific, high-security background, while
> Windows (and DOS before it) from the start was aimed at usability for
> consumers and the less technically savvy. Bearing that in mind, the
> difference in inherent security is remarkably small.
> Mark
> _______________________________________________
> maemo-users mailing list
> maemo-users at maemo.org
> https://lists.maemo.org/mailman/listinfo/maemo-users

- You pick the level of your suffering yourself - Budha-
- There is nothing noble in being superior to some other man.  The true
nobility is in being superior to your previous self.-- Hindu proverb
- "Nearly all men can stand adversity, but if you want to test a man's
character, give him power."-Abraham Lincoln
- Live Free or Die-Kernel The Canine-
- Without music, life would be a mistake.- Nietzsche
- He who reigns within himself and rules his passions, desires, and fears is
more than a king.-- John Milton
- The best portion of a good man's life is the little, nameless,unremembered
acts of kindness and love.-- William Wordsworth (1770-1850) English poet --
- The higher type of man clings to virtue, the lower type of man clings to
material comfort.  The higher type of man cherishes justice, the lower type
of man cherishes the hope of favors to  be received.-- Confucius (551-479
BC) Chinese Philosopher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.maemo.org/pipermail/maemo-users/attachments/20090312/90315a0d/attachment.htm 
More information about the maemo-users mailing list