Journal NixLuver's Journal: Teknopolitically Correct 18
The bit of FUD that I'm speaking of is the tendency to assume that Linux/BSD/OSX/BeOS/<insert operating system here> would be "just as bad" security-wise as the prevailing desktop and sometime server from Redmond.
The reasoning goes like this: Windows is the predominant desktop and as such has the most instances in cyberspace; thus virus/trojan/hack/toolkit writers target Windows specifically. In addition, nowadays it seems to be assumed that most 'hackers' (crackers and malware authors, not "real" hackers) use *nix (which may or may not be true - it seems counter intuitive if the malware is to run on Windows, no?).
These two concepts give rise to the assertion that if the attention of these 'black hats' were focussed on some other OS, the results would be similar to those experienced in our Windows-centric technoscape currently.
Well, I say POPPYCOCK and HORSESHIT. Before the flamethrowers kick into overdrive, let me disclaim a bit: I think that, were another OS in Window's market position, more of that platform's security/stability issues might be exposed than are now; my point is to address the 'just as bad' mindset.
This worldview is the result of certain assumptions that are based on faulty reasoning. The first failure is the assumption that all design philosophies are security-neutral. Now, almost any programmer and most techies of any sort will realize that this is not true; a little bit of thought should expose for you the fact that this is an underlying assumption of the "just as bad" school of thought.
Now, the second failure is the assumption that all programmers are equivalent. This one is not as obvious as the last, but it's equally incorrect and even more insidious, becaues it's not necessarily intuitively false. We tend to think of programmers/developers in a stochastic sense, and assume that we're comparing apples and apples, when in fact, I think there is little overlap between opensource development and the Redmond mentality - and here's the kicker - even if the developer/programmer in question works on both types of product... Yes, I'm saying what it sounds like I'm saying. I think a programmer that works on both commercial, closed source 'enterprise' development, on the whole, will write better code on his own opensource/FS project than on the project he is paid to develop. I believe that every individual will do better work when they're doing it because they love to do it than when they are doing it because they're being paid to do it - no matter what their work ethic.
Finally, one may certainly express an opinion (as I have done and am doing) about one's preferred platform, but assertions such as the "JAB" (just as bad) assertion are *just that*, opinions, not some enlightened view of the universe. JAB has not been tested or verified in any meaningful manner - it's an assumption made to assuage the consciences of those who choose Redmond because 'no one has ever been fired for doing so'. Until and unless <alternative OS X> becomes as ubiquitous as Windows, such assertions remain just that - unfounded assertions designed to mislead people who haven't considered the real issues and implications of JAB.
In addition, let me point out that anyone who runs a firewall and logs into #linux or #linuxhelp or #hackerz or "..." on IRC will see that his/her box comes under attack from script kiddies and crackers within seconds, usually probing for poor security decisions and software not kept up to date by the user/administrator. I think that many malware authors write their devious little trinkets for reasons of pride - or at least, used to; now it's pretty much because it's so easy and spammers need the help. Imagine what a coup for the Redmond crowd if someone were to come up with a really solid virus or trojan for *nix? Say, in perl, which is extremely cross-platform, increasing the possible target systems to include most of the *nix universe - along with devices like '~/' eliminating many of the path inconsistencies. People like to assert that the lack of such is because of the relative obscurity of *nix; I say it's not been done because it's fscking hard to do.
Regardless, here's my assertion, based on my opinion that the design philosophy of *nix is qualitatively and quantitatively better from a security and stability standpoint than the Redmond offerings, and my opinion that authors who write code because they love it write better code than those who do it because they get paid to (I think that applies to most endeavors, actually): Were *nix as ubiquitous as Windows is now, we would not face anything even approaching the global interference caused by trojans, virii, and crackers who attack Windows. In other words:
No, Virginia, it's not 'just as bad'
.
Steve
"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." --Bertrand Russell
Somewhat agree (Score:3, Interesting)
The big problem lies outside of the Kernel. Microsoft does have architecture problems, but it's not the architecture of the OS kernel itself, but rather the architecture all the userland stuff that's needed to turn a bare kernel into a usable operating system. Microsoft applications use a design philosophy that emphesizes usability and interoperability over security. While NT might have a really incredible security model, the benefit of this is negated by having 3/4 of all the userland processes running with administrator rights, and by having 30 unneeded services turned on by default also running with administrator rights.
Ultimately security comes down to the sysadmin. A windows system run by a competant and knowledgable sysadmin is as secure as a unix system run by a competant and knowledgable sysadmin. The problem is that there are a lot more incompetant windows administrators. The clueful/clueless ratio is a lot lower among Windows sysadmins than among Unix sysadmins, although this may change as Unix becomes more mainstream and moves into the desktop and SOHO markets. To a large extent, security is inversely proportionate to ease of use, and it is (perceived) ease of use that is one of Window's main selling points.
Re:Somewhat agree (Score:1)
However, I'm interested in what it is that makes you think that NT has a better security architecture than *nix (including linux, OpenBSD, MacOSX, and trad unix)? What defines this 'much more advanced security architecture'? Are we simply referring to the ACLs that NTFS supports? Or is there something specific to the NT kernel that makes it a 'more advanced security architecture'?
Re:Somewhat agree (Score:2)
Re:Somewhat agree (Score:1)
If NT is a microkernel, it's a severely brain damaged one. I've never seen anything that specifically claimed that, but I'll take your word for it for the sake of discussion. Regardless, OS X is a microkernel (mach) architecture, and one that works. Ba
Re:Somewhat agree (Score:1)
I haven't tried OS X yet, and probably won't anytime soon because of Apple's predatory pricing model. As sweet as they may be, Macs can't compete with commodity x86 hardware on a bang-for-the-buc
Re:Somewhat agree (Score:2)
Have you tried RH9 with Ximian D2? I haven't seen that it was that much of a PITA, although I may have been using it (Linux) so long that the PITA parts have dropped below my radar.
H
Apple pricing (Score:2)
I'm on my day off so you'll have to drop by my site to get all the links (I'm done HREFing for the day) but you'll find that you can get a used G3 beige from, say, MacResQ for under two hundred bucks. Add a USB/firewire card (about forty bucks) and some RAM and you will be able to run OSX just fine.
A while back I bought a Mac of the same
Hard to tell (Score:3, Interesting)
Pride comes before a fall. I'd hate to see the Linux community repeat the mistakes that the MS community made in moving to a new environment. Since Unix is new to the desktop we have the chance to make sure that the known weaknesses of Windows on the desktop are not transfered into Unix on the desktop.
Apache (Score:2, Insightful)
The obvious counterpoint to the JAB argument is Apache vs. IIS. It's one case where the Free Software solution is the dominant player in the market but it hasn't had the same kind of security problems that the biggest proprietary competitor has. It's fairly clear why, too; Apache has always concentrated on being secure and correct first and being fast and easy to use second. IIS has tended to focus on performance and ease of use, with consequent problems with its security.
Not Just as Bad (Score:2)
Re:Not Just as Bad (Score:1)
The security-neutral and worldwide view is very correct in this context. Some organizations, NSA, have the highest focus on security.
What the hell, programmers have different skill levels? I would say that only a few, 1000 worldwide, maybe, have the raw talent and
Not just as bad but much worse than now (Score:2)
While you mention programmers and admins not being apples to apples, you forget users. I have run windows and linux boxes for a while and have never been owned or had real issues with either. I have had a windows server get owned but that was do more to my own stupidity, than anything else. (Running a popular gameserver without ANY type of firewall on 2k server and leaving some other stuff up was just dumb)
But where a LOT of the biggest problems we have
Re:Not just as bad but much worse than now (Score:1)
Users will always be a problem for administrators, but by default, on a *nix system, the users don't have the necessary privileges to do the kind of damage a user in Windows 9x