Microsoft dominance poses security risk

Quote:

---

Lastly... aeallison, do you really feel that the ad hominems are needed?

---

Not really catch, it is just a common use of terms here on AO.

Quote:

---

Don't confuse lazy admins and a completely unhardened default configuration for "insecure."

---

This is one of my points I was trying to make, I have known many admins that will start with the default settings of their system of choice and only patch holes as needed. Usually only after the "attack" has been noticed by them or other users. I myself was repremanded for working extra hours to secure a win2k server network that was being pounded by crackers. I was working 75 to 80 hours a week. They brought in a high paid M$ engineer to evaluate the problem and all he did was wipe the servers and install defalt settings. The system fatally crashed in less than 24 hours after he left. The results... I quit!

Quote:

---

We are seeing a user base that doesn't want to look behind the GUI and simply want it to work.

---

MsMittens has it here in a nutshell. This is one of the reasons that I think an exclusive OS is our best security for our governments computers. With custom engineered apps, and intensive training regiments to insure security. I am probably spouting off an impossible solution here. It does seem that the majority of people either don't see the whole picture or are just lazy in their assumptions of our national security. From an admins point of view this is a nightmare, either work your ass off 16 to 18 hours a day, or just wait and hope that nothing happens that you can't fix with a patch or some obscure script. There needs to be a change, either in thinking, or in new software. Neccesity is the mother of invention....

we all *should* know that one can spin numbers to justify ones opinion.

i think tiger_shark made one of the best points...if the table was turned and another OS had the dominance that Windows enjoys. we'd be having the same discussions about that OS.

the other, actual *number 1* point one should keep in mind is this....does the admin know their OS??? unfortunately, i find to many of my clients have what i call a *blessed* admin. someone that knew more than the next guy, so they get to play admin. i'll admit this is MUCH harder if not impossible with *nix distros, although, that is changing as some vendors try to make their OS just as easy to use as Windows.

aeallison - being a former DoD contractor, I assure you that there is a COMPLETELY seperate network for secure vs. non-secure information. so you can sleep well at night, i know i do.


anyway, that's my .02

ol' jeb, hypothetically speaking, if I were to call in some report of terrorist activity, possibly like I have seen something or heard something that if given to the wrong person could comprimise homeland security. Does this information go onto an office computer workstation first before being evaluated as a security risk, then being transfered to the more "secure" independent network? Also, are you saying that they do not transfer information via the internet anymore?

<edit>BTW, I was going to give you a positive feedback on your post but when I click the link to assign you points nothing happens, It works ok on everyone elses posts. So for now I will just have to give you a big thanks for your input on this topic. :D</edit>

Quote:

---

Originally posted here by maxim_86ualb2
but I can tell u this most if not all the people who use
Linux... Unix... and other Varients..... R the people who know the most about the PC world
coz to be able u use a OS like that u must know every aspect of ur PC..... so... they tend to be most tendened to have SEcure... software.....

---

That's true somewhat... But that seems to be changing. That was one of my points. Major distros are trying to make it easier so you don't have to know about the PC or OS in any detail. Heck, Knoppix is a prime example. I can run an OS just by popping in the CD and away I go. I suspect that this will get worse before it gets better.

Look at many of the posts that end up on AO or even other sites. People don't want to take the time to search for things. They don't want to research. I have students who think it's my job to tell them the answers (and boy, do they get a shock when I tell them it will cost them for an answer -- students in my classes run pseudo businesses and any question is worth $$ from their business budget).

Granted that Microsoft and Apple started this idea by creating OSes that would allow the masses access to a PC and allow them convenience and ease of use. If they didn't we probably wouldn't be where we are today (this is a reality, IMHO). Should we be shocked when they try to continue this? Yes and no. Again, yes, because the user demands and wants things to remain easy for them. No, because realistically the growth of the Internet (largely due to highspeed cheap lines) and the growth of PC usage (thanks to games and such) means that there is a larger base accessing computers.

What is truly missing from the report is the "what-to-do?" solution. I don't know if switching outright to *nix (pick a flavour) is any better as you may end up with admins and such who will not be prepared, able to or ready to deal with a new mindset.

I mean, seriously. What is the solution? (viable, cost-effective)

Quote:

---

What is the solution? (viable, cost-effective)

---

There isn't one. You either pay the price... or you pay the price.

aeallison - well, i can't speak on a terrorist call such as that becuase i contracted with the Army.

as for the secure network and transferring files, they use a point-to-point connection so its secure.

ol' jeb, ok I suppose I can rest a bit better now. Thanks for your reply.

I still can't assign you antipoints, has anyone else mentioned this to you? You might try a post in the Oops! a bug forum.

Has anyone reading this tried to assign antipoints to ol' jeb yet?

It's a known bug. Has to do with the ' he has I suspect. There is a workaround in the Addicts area I believe (somewhere..) I'll PM you, AE, with the link as soon as I find it in that mess.. :)

Quote:

---

This is one of my points I was trying to make, I have known many admins that will start with the default settings of their system of choice and only patch holes as needed. Usually only after the "attack" has been noticed by them or other users. I myself was repremanded for working extra hours to secure a win2k server network that was being pounded by crackers. I was working 75 to 80 hours a week. They brought in a high paid M$ engineer to evaluate the problem and all he did was wipe the servers and install defalt settings. The system fatally crashed in less than 24 hours after he left. The results... I quit!

---

Surely you agree this is an organizational problem and not an OS problem.

Quote:

---

Linux... Unix... and other Varients..... R the people who know the most about the PC world coz to be able u use a OS like that u must know every aspect of ur PC

---

I disagree with this statement. UN*X/Linux users fail to understand basic security principals of transitive rights or basic OS design fundementals like the advantages of the microkernel. They tend to have little concept of appropraite audit trails the dangers of library attacks and why chroot is not good enough. These users tend to have a whole uneducated vatange on computer security and tend to be ignorant of very basic concepts like the Bell-LaPadula model, the Biba model, the Harrison, Ruzzo, Ullman model, and the Graham-Denning model. How do I know that UN*X and especially Linux users are ignorant of these things? Their OS of choice conveys it clearly enough. While the average UN*X/Linux user may know more than Grandma with er AOL account on a WinME system, you're average UN*X/Linux user is by no means a security expert and it has been my experience that hte standard path for students of security is: UN*X, NT, TOS. (Although more advanced UN*Xlike systems eg AIX are more secure than UN*X and feature more advanced designs of microkernel architecture they tend to run on hardware out of reach for most people so they are not included)

The Department of Homeland security selected Windows because it is a COTS system that meets their security requirements (ISO 15408 CAPP/EAL2), is more cost effective than other similarly rated systems and offers superior central management as well as the most cost effective hardware of similarly rated systems. (Linux for example was rated EAL2)

catch

catch, my point in my paragraph you quoted was more just these two sentences here:

Quote:

---

They brought in a high paid M$ engineer to evaluate the problem and all he did was wipe the servers and install defalt settings. The system fatally crashed in less than 24 hours after he left.

---

I guess what I am trying to say that the engineer did nothing but re-install the OS and patched with the default values ONLY. this was the configuration that I started with that was obviously insecure. I put many hours into it and they either figured that I was "milking" them for hours, or that I was unable to administer their system correctly. The engineer tried to make me look like an idiot in front of my superiors, only to have his install fail completely.

I agree there was a definate problem in management, but I was trying to focus on the results that a M$ engineer had on the same system I spent almost a year perfecting. I couldn't seem to get it through to management that their computers needed to be monitered constantly, or at the very least regularly. The system was cracked and virtually destroyed while I was at home asleep in bed. I got a call that the system was down, I went in and simply laughed as I turned and went to my office and packed my stuff. The business was an ISP and they had their doors closed and boarded in less than a month.

I know now I am giving too much information off topic. Bottom line is I am running another ISP right now using M$, Solaris, UNIX. The M$ boxes give me the most trouble and have to be bounced on a regular basis.