You are correct Leon. So much so, that CERT came into being over a hacked
UNIX environment - not hacked Microsoft environments. Virus', worms, trojan
horses, etc. were all very real threats in the UNIX world. One of the
problem with open source environments like UNIX is that it is indeed easy to
create malicious code. Apple has already seen the attention of the hacker
community as well. Not to the degree that Microsoft has, but for all of the
reasons you've listed.
But if you go back 20 some odd years ago when Unix boxes still
outnumbered machines on the internet running microsoftware, what
was the percentage of each that was compromised at any give time?
Despite the fact that the Unix machines were more lucrative targets,
having faster connections and greater bandwidth, as well as
Microsoft PCs, wasn't the percentage of infected PCs much, much,
It certainly jumped when Microsoft released its first OS/ email
client combination that allowed a sender to install software onto
the recipient's computer without notifying the recipient. That
upswing was pretty much entirely a product of the technical aspects
of the microsoftware and had almost nothing to do with it's
I believe that Unix would be just as insecure if it was as commercially
successful as Windows. I think Unix is secure because it has remained in
the hands of informed and educated administrators and developers,
Big commercial success means lots of uninformed users who would demand
whiz-bang applications like games. Programmers who crank out that stuff
aren't particularly concerned with security -- they're concerned with
getting the code out the door by the Christmas sales season and making
pretty pictures, so they take hardware and software shortcuts.
Granted, Unix has architectural features that make it more difficult to
access the privileged areas, but it isn't impossible. I used to be a VAX
developer and administrator. That OS was well designed for security, but
we had regular patches to fix security issues, and that was before the
Internet was developed.
Granted a bit of a simplistic overview, but IMO, the point being missed in
many of the arguments being bantered about, and using the word "security",
is the distinction therein between the "hacking" (for lack of a better term)
or breaching of a system/network; and the act of spreading viri/malicious
code by _exploiting_ sloppy programming.
Both fit nicely under the umbrella of "security" and are often used in
conjunction to compromise a system/network.
The fact that MSFT operating systems, whether for server platforms or
workstations, have historically shipped with defaults set to 'ease of use'
instead of 'security against breach' has been a big problem with the first
part above. Add to the mix the fact that sloppy coding inherent in a
rush-to-market mentality (notably manifested in the infamous "buffer
overruns") has been responsible for most of the known virus/malicious code
exploits with MSFT products.
Now add those two, ALONG with their _ubiquity_, which you correctly mention,
and you get the deadly combination we are currently in with regard to
"security" as users of MSFT products.
I'm not a MSFT detractor, but in the realm of security they indeed shot
themselves, as well as their users, in the foot in their headlong rush for
market share, with "security" arguably not even entering into their thoughts
until forced to do so by the obvious.
That MSFT still does not have their act together in this regard is amply
illustrated by the number of "security updates" in yours and my "Windows
Update" logs ... ... not to mention that this particular genie is VERY
difficult to get back into the code base bottle. ;)
As far as the ease of effecting the "security" of a system/network with
tools, knowledge, and an inherent, built-in capacity to do so, Larry
Blanchard put it very succinctly in another post.
I'm not sure I understand the question ... do you mean the OS taking
advantage of processor functionality, like NX, to prevent stack overflows,
or their .net/xml content management/code/data separation?
Several years ago, round about when W2k came out a
person whose expertise I respect pointed out that Windows
stored data and code interspersed in memory so that an
overflow in the data could overwrite elements of a program,
or maybe even the OS. Sounds to me like he was explaining
the infamous 'buffer overflow exploits' as well as why Windows
crashed so much.
That type of problem was solved by pretty much everyone
BUT Microsoft decades earlier by segregating data and
programming in memory--Code Data Separation (CDS).
I remember CDS as a compiler option for our HP a-900
(I think it was a 900) circa 1987.
So, which of those was I talking about?
Some of this isn't an OS issue. It's a processor architectural issue.
The x86 processors use a von Nuemon (sp?) architecture, where both data
and instructions are transmitted on the same bus and stored in the same
memory. The PIC, for example, uses a Harvard architecture where data and
instructions are kept seperate.
There are x86 options now (like the NX bit) to try to solve some of the
problems, but it will take a LONG LONG time to get everyone switched
over. It took 10 years to get everyone switched over from the DOS-based
9x kernals to the superior NT kernal.
Oh, and don't underestimate the resourcefulness of crackers. If they
post "please send me teh codez" enough, someone's bound to do it! (Just
adding a bit of humour.) :-)
You can only do so much with caulk, cardboard, and duct tape.
To email me directly, send a message to puckdropper (at) fastmail.fm
There is currently a security hole in Windows 2000 and XP.
You get two attachments a *.doc and a *.mdb (or *.asd) file.
If you open the *.doc file, you get infected with a virus.
You forgot to mention the versions of XP home that required the
user to connect to MS over the internet and without any firewall or
other protections in order to complete the installation. The
was that many, if not most, installations of XP on home computers
with high speed internet access were compromised with zombies
use to propagate spam, viruses, and DDOS attacks during their
Note XP was targeted JUST because it was common. XP
was targeted because the Microsoft installation process REQUIRED
that it be left open for abuse.
Thus demonstrating Heinlein's observation that there are degrees
of incompetence or stupidity so extreme as to be indistinguishable
I had the same problem with Linux years ago. It was a new install,
and while downloading hte latest patches, it was compromised.
To be honest - both Vista and Linux systems have improved.
Some just take longer than others...
Microsoft has a big problem - with a zillion users, you can't make
people change their behavior without being flooded with complaints.
On Thu, 03 Apr 2008 17:24:58 +0000, Colin B. wrote:
And me, for much the same reasons. But explaining that to a non-techie is
a lost cause. With a great deal of persuasion you might get them to use
There are applications that don't run under anything but Windows so I have
it on my machine. But most of the time, and all the time I'm online, I
use Linux. When I get the time I'm going to try WINE (Windows emulator)
and see if the apps I use will run under it.
Try vmware server on linux. Any windows apps you need will run with no
problems. You can install windows and any windows apps that you might
need. When your windows virtual machine gets hacked, just delete and
reinstall. Your linux machine will be the none the worse for wear.
I have it on my linux box running win2K, winXP and Solaris 10, all at
the same time and with no performance issues. Memory is your friend -
on a desktop with 2.5GB, I still don't have any paging issues.
Fortunately, the only windows apps I need are things like Taxcut and
cutlist. So far, my virtual windows machines haven't been hacked,
probably because of infrequent use and a good linux based
firewall/nat/dns/dhcp linksys wireless router running the dd-wrt linux
based firmware as well as the full suite of AVG protection tools.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.