[maemo-users] Unix vs Windows security (was Re: Nokia device usage)

From: Mark Haury wolfmane at gmail.com
Date: Fri Mar 13 06:15:40 EET 2009
James Knott wrote:
> Ummm...  Given that "DOS" didn't appear until 1981, there's no way
> Windows could have been around 30+ years ago.  That would have been the
> days of CP/M and Apple II.

Sorry, that should have been 20+... 24 to be more precise. Momentary lapse in 
brain function.

> Back in the days when Unix was created, virtually all computers were
> multiuser, because they were too expensive for a single user.  The whole
> idea of multiuser was to get the most use out of that very expensive
> hardware.  It wasn't until personal computers, such as the Altair 8800,
> IMSAI 8080, Apple II etc. appeared, in the mid '70s that "single user"
> computers became affordable.

If by multiuser you mean different people could use the same machine at 
different times, but *not* simultaneously. It wasn't until the '70s that Unix 
could support simultaneous users, and at first it was limited to two at any 
given time. It was *not* simultaneously multiuser from the very start.

>>> Thus, most everything that can affect Windows today was probably seen
>>> and corrected on the architectural level decades ago in Unix.
>> Totally untrue. The issues of concern are mostly related to network
>> access, not multiple logins. See above.
> Take a look at the history of Windows, to when it was just a graphical
> shell on top of DOS.  And how it then migrated to a better system, but
> still single user.  Can you, even now, multi-task several users on a
> Windows box, without using something like Citrix?  Then take a look at
> how Microsoft integrated IE into the OS, to make a point after the
> Netscape vs Microsoft trial.  You'll find that one thing alone, which is
> in violation of good software engineering, ensured Windows would be a
> security sieve.

Windows doesn't need (never has, and never will) to have the capability for 
simultaneous users. What would be the point? As PCs continue to shrink in size 
as they increase in power, it makes a lot more sense for everybody to have their 
own separate computer and not share someone else's. Home networking is a 
no-brainer if they want or need to share anything.

>>> Even the
>>> simplest thing of making the user work in a non-privileged workspace is
>>> one of the basic things that Unix has done for decades, while it is a
>>> relatively new idea in Windows.  Thus, if you compromise the workspace,
>>> you don't compromise the system.
>> Unix was not designed for personal computers, it was designed for
>> room- and building-filling mainframes and minicomputers for
>> governments, universities and large security-minded businesses. You
>> are comparing apples to oranges. While Linux is "Unix-like", it is NOT
>> Unix and has to be much more user-friendly, which Unix is very much
>> not. The owner of a Linux box has to also be the administrator, while
>> a Unix user seldom has to deal with the administration side of it. Any
>> time you design an OS for the masses, there is no escaping the
>> necessity of compromising security for usability and flexibility.
> Have you actually run either Linux or Unix?  Very much of what applies
> to one applies to the other.  While some of the details differ, they are
> fundamentally the same to use.

I first learned Fortran programming in 1982 on a DEC PDP-10, and have worked on 
Unix systems much more recently than that. I've used Linux at home off and on 
for 10 years, and almost exclusively used kubuntu on my personal machines for 
the last 2 years. So yes, I know exactly what I'm talking about, and Unix is a 
*very* different experience from Linux. As time goes on, the gap widens.

>>> Next, you have the fact that to make things really fast in Windows, you
>>> have graphics primitives in the kernel. This means that to compromise
>>> the entire system, all you need to do is compromise a graphics
>>> routine...and as almost everything is graphical in Windows...compromise
>>> the Browser, you can own the system...compromise the mail reader, you
>>> can own the system...compromise  an editor you can own the
>>> system...compromise an ERROR MESSAGE, and you can own the system.
>> You're talking theory, and making it sound much easier than it
>> actually is. In reality, such attacks seldom actually work, and they
>> require far more preparation and work than you are willing to admit.
> Read about what I mentioned re IE and Netscape vs Microsoft.

The fact remains that in spite of theories and claims, actual unaided attacks on 
Windows boxes that are successful are actually quite rare. The ones that are 
successful are usually because of the gaping security hole between the keyboard 
and the chair. The so-called holes are exploited in contrived circumstances 
which are much more difficult to find in the wild.

>>> With Unix, very few things can access the kernel. If you compromise the
>>> Browser, you may compromise the user's workspace, but the system remains
>>> compromised.
>> Again, Linux is *NOT* Unix. Regardless, since no one is putting
>> serious effort into developing viruses and such for it (there's
>> exactly zero payoff), you're comparing apples to oranges. I think you
>> left the "un" off the last word there, but again that's theory, not
>> reality. According to the fanboys, Linux doesn't crash, but I see it
>> happen all the time. Not just applications; the whole machine crashes
>> and has to be rebooted.
> There's a lot more in common than different.  You can generally take
> source code and compile it to run on either.

As time goes on, Linux becomes more like Windows than like Unix as far as the 
user experience. There are very compelling reasons for that.

>>> Generally, in Windows  it's a single  set to compromise the entire
>>> system...on Unix, it takes usually two more more steps, first you must
>>> compromise the userspace, then you must compromise the kernel.
>> ...and you make it sound so easy to compromise Windows, and so hard to
>> compromise *Linux* (you keep saying Unix when what you really mean is
>> Linux...). The reality is somewhat different, and the ease of security
>> breach is directly related to the operator/owner's actions and
>> settings rather than the OS. I've been running Windows without
>> firewall or antivirus software for many years (the cure is worse than
>> the disease) and no one has successfully attacked me yet. In spite of
>> some empty threats and futile attempts...
> A decent firewall helps.  Curious thing is that many of them run on
> Linux or some flavour of Unix.  Two of the three I own, other than the
> one I built using Linux, run on Linux.  One is from ASUS and the other
> from Linksys.  The 3rd is from D-Link, but I have no idea what it runs.

There's no denying the fact that Linux is much more scalable than Windows, for 
reasons previously discussed. Also, since it's *free* it's very attractive to 
many manufacturers. Some do run Windows CE, though, and still others run 
proprietary OSs.

I hate Micro$oft and Windows as much as anybody (as much because they've trained 
society to accept bugs as "normal" than anything else), but I hate even more the 
fact that I *still* have to waste a significant amount of space on my hard 
drives for dual-booting into Windows to do the things that Linux can't do. The 
fact remains that the reason Linux hasn't taken over the world is because it 
just doesn't meet the needs of most users, especially the less techie ones.

Tuesday my new Asus Eee PC 1000HE arrived, with WinXP Home installed. The first 
thing I did was to install kubuntu with the special Eee PC kernel in a dual boot 
config. So far so good...


More information about the maemo-users mailing list