[maemo-users] Unix vs Windows security (was Re: Nokia device usage)

From: James Knott james.knott at rogers.com
Date: Fri Mar 13 03:50:13 EET 2009
Mark wrote:
> On Wed, Mar 11, 2009 at 11:24 PM, Farrell J. McGovern
> <farrell.mcgovern at gmail.com> wrote:
>> ScottW wrote:
>>> The Mac and *nix world needs to stop gloating about their clean record so far and keep an eye out for what is to come.  Dues to the learning curve of the OS, the users were more "enlightened" than the common computer user, but now these are  more wide spread and the common user will be using them.  The conspiracy theory people say that Antivirus companies are the ones making most of the viruses so that they have a product to sell, well there is a market out there just waiting to be tapped.  Norton AV for Mac is on the shelves even though there is only really 1 documented virus, and people buy it.
>>> The good ole saying: "The devil's greatest accomplishment was to convince everyone he does not exist"... well the Linux virus does not exist.
>> You are, of course, making the classic mistake of not understanding
>> security on computer operating systems. Popularity has little to do with
>> how vulnerable a system is.
> Yeah, tell that to celebrities. I'm sure they just *love* the stalkers
> and paparazzi. When's the last time *you* were surrounded by dozens of
> photographers documenting the worst moments of your life?
> Anyway, it's not about "popularity", it's about payoff. Any time
> there's something to gain (Windows boxes), people will keep trying.
> When there's nothing to gain (Linux boxes), there's no motivation.
> More attacks=more vulnerability. The law of averages says that the
> more attacks there are, the more likely that sooner or later one will
> be successful.
> Someone who has their home Windows machine set to autologin and no
> firewall or antivirus software but uses a gateway, never uses Outlook
> or IE and never opens messages (never mind attachments) from someone
> they don't know is much less vulnerable than someone who has every
> possible security aspect in place on their laptop (any OS) that is
> exposed to open networks and/or leaves their computer unattended for a
> few moments. Everything is relative.
> *You* are the one who clearly does not understand computer security.
>> Fact: Windows XP is about 12 years old, Vista/Windows 7  maybe 5. Unix
>> is 40+ years old.
> Fact: Windows is 30+ years old, and what you're calling Unix is every
> bit as much a progression/assortment of different OSs/kernels as
> Windows. Your assertion is totally invalid.

Ummm...  Given that "DOS" didn't appear until 1981, there's no way
Windows could have been around 30+ years ago.  That would have been the
days of CP/M and Apple II.
>> Face: Unix was designed for a mult-user, multi-processing environment,
>> Windows was designed for a single user, single application  at a time
>> environment, it has  had multi-user and multi-processing added on to it.
>> Once again, your assertions are totally incorrect. Unix started with
>> single-user mainframes, long before the Internet or any kind of remote
>> networking or simultaneous multi-user environment. Even once they went
>> mult-user, local multi-user setups with tightly controlled physical
>> access are a very different thing from the worldwide network of today
>> (~1995 and on, only the last 15 years). As for multi-user and
>> multi-processing, the former is only incidentally related to network
>> security, and the latter not at all.
Back in the days when Unix was created, virtually all computers were
multiuser, because they were too expensive for a single user.  The whole
idea of multiuser was to get the most use out of that very expensive
hardware.  It wasn't until personal computers, such as the Altair 8800,
IMSAI 8080, Apple II etc. appeared, in the mid '70s that "single user"
computers became affordable.

>> Thus, most everything that can affect Windows today was probably seen
>> and corrected on the architectural level decades ago in Unix.
> Totally untrue. The issues of concern are mostly related to network
> access, not multiple logins. See above.

Take a look at the history of Windows, to when it was just a graphical
shell on top of DOS.  And how it then migrated to a better system, but
still single user.  Can you, even now, multi-task several users on a
Windows box, without using something like Citrix?  Then take a look at
how Microsoft integrated IE into the OS, to make a point after the
Netscape vs Microsoft trial.  You'll find that one thing alone, which is
in violation of good software engineering, ensured Windows would be a
security sieve.

>> Even the
>> simplest thing of making the user work in a non-privileged workspace is
>> one of the basic things that Unix has done for decades, while it is a
>> relatively new idea in Windows.  Thus, if you compromise the workspace,
>> you don't compromise the system.
> Unix was not designed for personal computers, it was designed for
> room- and building-filling mainframes and minicomputers for
> governments, universities and large security-minded businesses. You
> are comparing apples to oranges. While Linux is "Unix-like", it is NOT
> Unix and has to be much more user-friendly, which Unix is very much
> not. The owner of a Linux box has to also be the administrator, while
> a Unix user seldom has to deal with the administration side of it. Any
> time you design an OS for the masses, there is no escaping the
> necessity of compromising security for usability and flexibility.
Have you actually run either Linux or Unix?  Very much of what applies
to one applies to the other.  While some of the details differ, they are
fundamentally the same to use.
>> Next, you have the fact that to make things really fast in Windows, you
>> have graphics primitives in the kernel. This means that to compromise
>> the entire system, all you need to do is compromise a graphics
>> routine...and as almost everything is graphical in Windows...compromise
>> the Browser, you can own the system...compromise the mail reader, you
>> can own the system...compromise  an editor you can own the
>> system...compromise an ERROR MESSAGE, and you can own the system.
> You're talking theory, and making it sound much easier than it
> actually is. In reality, such attacks seldom actually work, and they
> require far more preparation and work than you are willing to admit.

Read about what I mentioned re IE and Netscape vs Microsoft.
>> With Unix, very few things can access the kernel. If you compromise the
>> Browser, you may compromise the user's workspace, but the system remains
>> compromised.
> Again, Linux is *NOT* Unix. Regardless, since no one is putting
> serious effort into developing viruses and such for it (there's
> exactly zero payoff), you're comparing apples to oranges. I think you
> left the "un" off the last word there, but again that's theory, not
> reality. According to the fanboys, Linux doesn't crash, but I see it
> happen all the time. Not just applications; the whole machine crashes
> and has to be rebooted.
There's a lot more in common than different.  You can generally take
source code and compile it to run on either.
>> Generally, in Windows  it's a single  set to compromise the entire
>> system...on Unix, it takes usually two more more steps, first you must
>> compromise the userspace, then you must compromise the kernel.
> ...and you make it sound so easy to compromise Windows, and so hard to
> compromise *Linux* (you keep saying Unix when what you really mean is
> Linux...). The reality is somewhat different, and the ease of security
> breach is directly related to the operator/owner's actions and
> settings rather than the OS. I've been running Windows without
> firewall or antivirus software for many years (the cure is worse than
> the disease) and no one has successfully attacked me yet. In spite of
> some empty threats and futile attempts...

A decent firewall helps.  Curious thing is that many of them run on
Linux or some flavour of Unix.  Two of the three I own, other than the
one I built using Linux, run on Linux.  One is from ASUS and the other
from Linksys.  The 3rd is from D-Link, but I have no idea what it runs.

>> Ultimately, it takes a lot more work to compromise a Unix system than a
>> Windows system.
> Only because of all the freely available software out there that
> specifically targets Windows, as opposed to practically nothing for
> *nix. The "security tools" for *nix don't count, since the same people
> who are writing those are also patching the holes. That's about as
> trustworthy as those Windoze firewall apps that fake attacks ("we just
> intecepted xxx attacks"... yeah, right!) to dupe gullible consumers
> into buying the pay version.
>> And that makes Unix and systems derived from Unix
>> inherently more secure than Windows.
> Unix, and Linux as well, come from a very different place than
> Windows. *nix comes from a scientific, high-security background, while
> Windows (and DOS before it) from the start was aimed at usability for
> consumers and the less technically savvy. Bearing that in mind, the
> difference in inherent security is remarkably small.
> Mark
> _______________________________________________
> maemo-users mailing list
> maemo-users at maemo.org
> https://lists.maemo.org/mailman/listinfo/maemo-users

Use OpenOffice.org <http://www.openoffice.org>

More information about the maemo-users mailing list