Counseling not to use Windows (was Re: Anonymoussurfing my ass\!)

[full-disclosure () lists netsys com (David F. Skoll)]

On Mon, 15 Jul 2002, Schmehl, Paul L wrote:

> That depends on how the admins configure things. :-)  Here at UTD, for
> example, it isn't possible to execute a VBS file unless you know what
> you're doing.

Well, that's very good.  How about .exe?

> It's also possible to restrict the executables that a
> user can run, using group policies.

Yes, it is.  How much work is it to set all this up?

[...]

> And you think they will do *better* at this in *nix?  You've pinpointed
> the problem, but missed the solution.  The problem is the *users* who
> are ignorant and chose to remain that way.  The solution is for the
> *conscientious* admins to understand that truth and find ways to defend
> the enterprise *anyway*.

That's true.  Nevertheless, I contend that it's easier for
conscientious admins to protect UNIX boxes from ignorant users
than to protect Windows boxes (period.)

In fact, UNIX boxes are extremely easy to protect from the truly
computer-ignorant, and they're not bad for experts.  It's the people
in the middle who are dangerous on UNIX boxes. :-)

For example, my parents run Linux at home.  They are complete
computer newbies.  So I set everything up for them, locked down all
the permissions, and they're fine.  An occasional VNC session over SSH
is all the help they need from me.

Some of the people I've worked with, however, know enough about UNIX to
be dangerous and often screw things up...

> Your ignorance of Windows is showing.  It is possible, under all
> "modern" versions of Windows (not the 9x variety) to get as granular as
> this (at the directory or file level):

I fully admit to ignorance of the details of Windows security, although I
believe I grasp the overall situation.

> Full Control
> Traverse Folder / Execute File
> List Folder /Read Data
> Read Attributes
> Read Extend Attributes
> Create Files / Write Data
> Create Folders / Append Data
> Write Attributes
> Write Extended Attributes
> Delete
> Read
> Change
> Take Ownership

These are granular indeed, and confusing as hell.  A good security model
should be simple; the Windows one is anything but.  I can probably outline
the UNIX security model in 300 words.  I challenge any Windows user to do
the same for Windows.

And complexity is the enemy of security.  It can lead to misunderstanding,
incorrect implementation, and ambiguity.

> It isn't the OS that's the problem.

I disagree.  The design of the OS is a large part of the problem.  (I
say "OS" here to include Microsoft applications like IE, which (after
all) Microsoft insists are part of the OS.)

> It's the manufacturer's choices of
> default settings and the ignorance of the users (and admins in many
> cases.)  Isn't this precisely the same problem on *nix?  Give me an
> ignorant user on a default install of *nix and I'll give you a hacked
> box in a few minutes (except perhaps OpenBSD, which is one of the few
> that ship "secure" out of the box.)

That may have been true 3 or 4 years ago, but (at least in the Linux and
*BSD worlds) is no longer.  The default installation settings are
pretty good nowadays.

> Please don't misunderstand - I am NOT saying Windows is a good as or as
> secure as Unix.  Given the choice, I'll take OpenBSD.  But the *real*
> problem isn't software, it's humans.

I'm not arguing with you on that point.  But I think it's correct to
say that any organization interested in long-term security planning
should consider weaning itself away from proven-insecure software.
Microsoft's track record is really terrible, and I don't see any
indications that things are changing.  How much benefit of the doubt
do vendors deserve, anyway?

--
David.