|
-
July 9th, 2004, 03:21 PM
#11
You may be on to something gore, that's most interesting...
Ok, I'm hardly the one qualified to be making crazy ideas, but this popped in my head -- DOS, in following gore's theory, is very secure, but the downside is only one user can be on at a time. Current OS's are less secure, but the upside is you can have mutliple users. Sooo...Could you set up a DOS machine to filter traffic for the network, and have the other multi-user OS's running behind it? That way, you'd have to get past the DOS machine before getting to the less secure ones?
I dunno, I may be way off track, but it's my humble effort to contribute something. 
-
July 9th, 2004, 03:26 PM
#12
Although I completely agree with this thread. And I agree that DOS (in theory) could be a very very secure OS. I do have a question or thought, why? Why would you want to cripple yourself. If you are going to restict yourself that much simply do not hook your computer up to the internet it is that simple.
I agree with Gore that the new OS's can definately take a few pointers from the old school stuff. I would like to see a M$ app that can run for a year with no reboot. Wow! that would be awesome. I know you are all linux lovers but there is very little use in my company for linux boxes (not that I don't use them) but I would like a good windows platform.
- MilitantEidolon
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
-
July 9th, 2004, 03:32 PM
#13
Same here. The place I work for is all Windows, no place for a Linux to live. I'm still a Windows guy anyway, at least until I really start to get comfortable with Linux. But anyway, that's what I was trying to somewhat resolve in my previous post -- theoretically, you would have the advantages of both with the weaknesses of neither that way? I dunno...
-
July 9th, 2004, 04:03 PM
#14
On older windows versions such as Win98, if you have direct access to the machine you can break-in(so to speak) regardless if the user has a password. Basicly allowing you to have admins rights.-ms-dos is not truely an OS but a command line. As novell lets you to log on to <or another> user when you are logged on an an user,at least at my former high school> maybe DOS has the same problem. or you could make a batch file that spits explorer.exe at you, so y0u don't have to log in.<this worked on win98 with novell until the permissions changed>
-
July 9th, 2004, 04:08 PM
#15
you have to remember that dos is the prime example for those who use the "less is more" security rhetoric...
furthermore - you are all thinking about dos using your "windows" minds when you are thinking about the BBS -- YES, dos only supported 1 user at a time, but that was the operating system itself, if you ran a BBS or a Web Page on dos, you would have to run a server and those servers supported more than one user at a time -- please keep in mind that DOS was pre-active directory so the users for the BBS/ftp servers were not integrated into the operating system, but rather were setup in the program itself...
for example (modern example)
i run bulletproof FTP server, i setup 25 users and they all connect... i am running this on windows xp... they are all able to connect even though there is a 10 user connection limit on windows... why? because the program/server is handling the users and the connections, NOT the operating system
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo  [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
-
July 9th, 2004, 05:48 PM
#16
even though MS DOS has absolutely no file access restrictions in it.
Why need file restriction's on something that only allow's one-user access to it? Like many have said gore, this is a pretty well thought out, well rounded theory. I can't think of much wrong with it other than the obvious but it seem's pretty correct to me.
-
July 9th, 2004, 06:22 PM
#17
IBM DOS is not any more superior to MS- DOS than say ARC-DOS or Caldera DOS (For those of you who remember when there were several floating around). They are just other peoples implementation of the same thing.When you say DOS is single user it doesnt mean only one person can access it,nor does it make it more secure. Being a single user OS means that DOS does not seperate any privileges or processes and assumes that whoever is using it can do whatever they like as though it were theirs, because all processes are run as the ONLY user (aka Admin) thus the only way to impose restrictions would be through additional software which will be trivial to defeat because the OS itself is NOT secure. DOS has NO kind of file security, DOS has NO kind of hardware security. DOS allows direct access to the memory and all the hardware in a machine via the interupts because it assumes anyone using it is THE user. This is in NO way secure and means that no real kind of security is possible because the operating system does not support any separation of privileges.
-Maestr0
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
July 9th, 2004, 06:49 PM
#18
Actually, the whole point of security is being able to restrict a user from doing something you don't want them to. Given this, the lot of you have missed the blatant points that make DOS an insecure operating system:
1. You are incorrect in stating that DOS can only do one thing at a time. Once a thread is executed, it itself may create multiple threads (the point of background processing). There were several apps designed and released prior to Windows that allowed executing multiple shells (DesqView was one that I used to use frequently). This means any exploitable service can still spawn a shell and do harm.
2. Server vulnerabilities will still be exploitable, "single user" or not. Single user OS does not mean single thread, or single task. It would still be possible to exploit a server and run commands via the shell. In this instance, there is only one user, therefore every application would have complete unabated or secured access to all hardware. In this configuration, why not just simply boot linux as root only and run everything as root, with no other user accounts, then get rid of ALL the tools (basically just use kernel, glibc, and the servers you want running).
3. Vendor support is nonexistant. Should there be kernel vulnerabilities, there will be no patches.
I find it hilarious and utterly amusing that a lot of the posters are saying this is well thought out. It may have taken gore some time to come up with it, but don't confuse hilarious idiocy with a good idea.
PS: DOS has permissions, though utterly rudimentary an ineffective, they are there. Learn about attrib if you don't believe me.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
July 9th, 2004, 06:55 PM
#19
3. Vendor support is nonexistant. Should there be kernel vulnerabilities, there will be no patches.
Hrmm, very true and I didn't think of that. If a vulnerability should surface there would be patches since support has been pulled (for quite some time too). Excellent point, chsh. By the way, I just want to point out to you chsh that there's a difference between an idea and a theory. So you know 
-
July 9th, 2004, 07:19 PM
#20
I too used Desqview and while on the subject, todays generic operating systems are not multitasking either. There is only ONE processor in most cases, and even dual processing servers aren't really multitasking in a lot of cases. That's not to say multitasking does not exist, most people here at AO may actually use it if they operate a large web farm. Windows doesn't natively multitask either, and neither does linux unless you process two streams with two seperate processors or specialized processors with dual I/O. Multithreaded is not doing two things at once, and as stated DOS could do multithreading through applications such as Desqview. The speed of input/output, reduced instruction technology and processing power make it seem like multiple items are all processing at the same time. DOS is only secure if there is only one user ever, and he or she never leaves the room and software is never added or upgraded, no external I/O is ever allowed, and a team of people watch what is typed, almost like a calculator. It might even be embeded dos in that calculator, who knows. Even so, there exists the possiblilty that since the user has root access, he will accidently do something to destroy data. Then one must bring in external tools, destroying the only mechanism that makes it secure - isolation.
//edit I remember attrib, but in the context of old school MS-DOS and not later Widows Versions of it, it was not very effective because the user had access to it and could un-attrib anything. It was also limited to just 4 functions read only, archive, hidden and system. Even if one hide it, the user could unhide it even if the name was not known. But it is correct, dos did have some attributes that could be set but no restrictions. You can still access a read only file or a hidden file. Then you could modify them by setting the attrib command to let you. No lockout exists.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
