Re: Worms, Air Gaps and Responsibility

[Adam Shostack <adam () homeport org>]

On Fri, May 07, 2004 at 10:51:22AM -0400, Melson, Paul wrote:
| > -----Original Message-----
| > The Windows v. Linux security debate isn't about inhernet 
| > security issues, its about total attack surface. The per 
| > capita attack surface on Windows OSs continues to decrease 
| > while the Linux systems seem to stay about the same.  But 
| > the aggregate attack surface for Windows systems is much
| > higher because of their market penetration. I do expect
| > the market penetration for Linux systems to increase in
| > the next 5-10 years where its aggregate attack surface
| > will be much larger than Microsoft's . 

| The issue, simply put, is that Microsoft products make use of a large
| amount of shared code both at build time and at run time.  Microsoft has
| used this model to streamline the user interface and the result has been
| products that appeal to end users and businesses for their flexibility
| and ease of use.  Microsoft is not alone in this, and it is not an
| inherently "bad" model of software development.  However, while it can
| yield better performance and interoperability, historically, it has also
| been linked to both stability and security problems.
[...]
| But what I do know is the end result appears to be that the shared code
| paradigm used by Microsoft results in a vuln-to-vector ratio that is
| geometrically greater than that of the compartmental development
| paradigm.  We have seen first-hand over the past year how a single flaw

I don't think this analysis goes far enough.  I think the core problem
is that Microsoft tends towards high network exposure in ways that are
very hard to fix.  The number of things that run over 137/139 is way
too high.  You turn on IIS, you get FTP and gopher.  Your email
program is a web browser.  So's your word processor.  Your spreadsheet
contains a networked first person flyer.

(Ok, so I exaggerate slightly for effect.)

The point is that Microsoft systems have, historically, had a much,
much broader attack surface, which is less configurable than UNIX
systems.  And this makes them easier to attack. 

The shared code base is a mixed blessing:  on the one hand, if they
could get a web browser right, doing that once is cheaper than doing
it 4 times.  But getting web browsers "right" seems to be a hard
problem, and the open source community hasn't done it either.

Adam
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards