Full Disclosure mailing list archives
Re: Re: January 15 is Personal Firewall Day, help the cause
From: jan.muenther () nruns com
Date: Sat, 17 Jan 2004 01:49:25 +0100
Howdy,
It can actually drive me mad to see how many Linux users entirely trust in their assumption that they're more secure by default simply because they don't run a Windows system.A Linux user running a default installation of a modern Linux distribution *IS* more secure by default than someone running a default installation of Windows XP.
Read again - I didn't actually say it wasn't. My point is rather the blind trust in that, assuming a certain invincibility due to the fact they're running something else.
Modern Linux distros don't run many (or even any) services by default, and they usually implement packet-filtering firewall rules. WinXP does not.
Yeah, I agree, but that was also a pretty steep learning curve and a lesson that e.g. Redhat had to learn the hard way. I believe in 2001 Redhat 6.2 had more severe security alerts that w2k. Microsoft seem to learn this lesson too, only it takes a lot longer and they appear not to see why things like DCERPC are generally bad. However, when you look at w2k3, you see things like a (yeah, canary based) stack execution protection and in terms of services, they've sort of turned away from their "just switch it all on by default" policy.
With Windows, you have no choice but to do that, because there's very little open-source software available for Windows.
You're right. But again, I wasn't claiming anything else, I was just shrugging at the fact that a lot of Linux folks do the exact same thing without even the faintest second thought, *despite* having the ability to do better, technically.
ELF infectors do exist, and just because it's not quite so common, doesn't mean it doesn't happen.But unless you run as root, it's not possible to infect system binaries (without also exploiting a local root hole.) The barrier to entry is simply higher in *NIX than Windows.
Erm, have to disagree here. Of course you can't manipulate system binaries without root privileges, but there's a lot of things you can do as a normal unprivileged user already. Plus - now I'm just throwing in my biased opinion derived from pen test practice - once you're a local user on a Linux system, you very often somehow manage to escalate privileges.
Also - wild theory - I'd say that people are less likely to notice a malware infected Linux box than a Win32 one, simply because of blind trust.I strongly disagree. People expect Windows boxes to be slow, cantankerous and crash-prone.
Haha, I knew this would provoke somebody :) Oh, and yes, they are slow, cantankerous and crash-prone.
When a Linux box starts acting wonky, people notice immediately. One of my servers started going nuts the other day, and I noticed very quickly. (It was a bad hard drive, not an attack, but still...)
The point is, if you start fiddling around with Win32 in Ring 0, you're very likely to fuck the system up for good, since it's really flakey. With Linux (or a lot of other given Unices), kernel interfaces are better documented and easier accessible, ironically leading to more stable rootkits and backdoors, so your box won't behave flakey (unless you're the dumb kid that ran suckit on the Debian boxen).
I didn't say that. I said that if our colocation server got compromised, it wouldn't compromise our work machines (which are on another network.)
Well yeah, but that's a question of reasonable network design, not OS choice.
It's what you do with it, how you handle it, and how much you assume.Look, I'm sorry, there are fundamental flaws with Windows that make it practically un-securable.
Can we get a bit more specific here? Off the top of my head, I can think of two things: - Shatter attacks - named pipe impersonation The other usual attack vectors (which I agree are plenty) can be fixed if you have a clue about Windows, which unfortunately a lot of Windows people *don't*. That, to me, is the biggest problem: People run it without even having the slightest clue about the risks and attack vectors they're exposed to, not even mentioning the lack of knowledge of how to fix them. This problem is definitely more present in the Windows world, since people tend not to know their systems as well as the usually more enthusiastic and in-depth technical Unix folks.
Linux has its bugs, but they are *bugs*, not *design flaws*. So-called "security experts" who don't admit that are doing a disservice to everyone.
Oh well. Actually neither Linux nor Windows were built to be secure operating systems. One could even go so far and name the concept of SUID binaries and root's omnipotency a design flaw. You can implement RBAC through SELinux or whatever, but still, I wouldn't qualify Linux as such as a highly secure OS. Neither Windows, naturally. Let me sum up quickly what I originally trying to state: Linux/Unix people often seem to have a false sense of security simply due to the fact that they're running something else than Windows, which even my mum knows has problems with ubiquituous malware. The sheer fact you're running something else than a Microsoft operating system doesn't make you secure. Basta la pasta. I've written a lot more than I wanted. Sorry. I don't want these mails on the list, so please reply in private if you want to :) EOT, J. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: January 15 is Personal Firewall Day, help the cause, (continued)
- Re: Re: January 15 is Personal Firewall Day, help the cause Michal Zalewski (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Michal Zalewski (Jan 19)
- Re: linux noexec (Re: January 15 is Personal Firewall Day) Martin Mačok (Jan 20)
- Re: Re: January 15 is Personal Firewall Day, help the cause Mary Landesman (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause jan . muenther (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause Bill Royds (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause Erik van Straten (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause jan . muenther (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause William Warren (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 20)
- Re: Re: January 15 is Personal Firewall Day, help the cause Alvaro Gomes Sobral Barcellos (Jan 23)
- Re: Re: January 15 is Personal Firewall Day, help the cause David Luyer (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Tobias Weisserth (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause Exibar (Jan 16)