I've come to a conclusion on M$ security

[cacosapo]

Originally posted here by gore
[B]NT is cool but one thing about it is that Microsoft used to have a thing on their web page saying that NT should be rebooted at least once a month to deal with memory leaks.

Urban legend. I use to had nt servers up for months without reboot. I had Checkpoint fw at on nt box that stay there for 9 months (until reboot due to a checkpoint fw patch). I had windows nt servers running lotus notes and we use to reboot them 4 times at years due to a lotus notes administration problem, not a NT problem. Most of the problem that had caused NT reboots (most memory leak) were related to IIS and Exchange - Although IIS come with windows, i dont consider it as a part of windows core. in fact, on those computers that ive mencioned ive never use them.

Please dont take this as a statement of "windows is fabulous" but instead as "windows is good".

[cgkanchi]

EDIT: On re-reading catch's post, it seems that he's approached this from the server administrator angle, while I'm looking at the home user. I completely agree with his argument if he's talking about a server.

Why do you want a secure default install? The default configuration of a system should be the most functional possible, not the most secure. Security should be applied on a case by case basis with the help of the trusted facilities manual, not with sweeping broad strokes laid down by the vendor with no regard for the specific implementation.

Ah..., I don't agree there. I feel that the default installation should be secure rather than maximally functional. I'm not saying that it should be completely locked down, but rather that there should be a good balance between security and functionality. For example, does a typical XP user really need NetBIOS enabled by default? Does he/she really need UPnP? Does he/she really need the Messenger (a.k.a. net send) service enabled? How many home users do you know that run an UPS that can communicate with the computer? And yet, the UPS service is enabled. And that's a sample of the kind of stuff that is not required to be enabled on a default install.
Now, you notice that I'm not arguing with the auto-startup of services like Windows Time because, quite frankly, it's a nice feature to have, but rather against the auto-startup of services such as NetBIOS, which, IMO, was one of Microsoft's biggest security goof-ups.

Cheers,
cgkanchi

[catch]

Nah, I approach this from the perspecticve of an OS designer (and process security consultant).

The average home user wants a system that will do everything... home users have accepted that viruses and hackers exist, what they have not accepted is computers that don't just do what you want them to out of the box. This is why Windows has 90% of the home market. They require virtually no configuration for things like installing printers, setting up simple home networks and yes, even a UPS. (the most basic ones I've seen at Fry's for like $39 will talk to a Windows system)

The fact is, Windows has among the highest level of security availile from a COTS OS and higher than any functional open source OS I can think of. Secure out of the box is a way that people who really don't know security discuss security. (Nessus found 23 things this time, that means it is less secure than this other system that had only 4... problem is all of those 23 can be isolated to the disclosure of unclassified information while each of the 4 can be leveraged into a full system compromise because the access controls are too weak.) See my point?

Conversations of default security are pointless, security capabilities is the only worthy topic as everything else is too useless/impractical.

catch

[sec_ware]

Two comments to this old, but still interesting topic...

Originally posted here by Vorlin
1: linux is open source and has a much greater development staff than any closed-source development. You don't have to wait forever for developers to fix problems that the users find or report. Open source rules this way, in the same manner that it's more vulnerable to exploits since you CAN see the source code (see Firefox/Thunderbird/Mozilla).

In a closed-source approach, not patching a system is a strategy as well - as controversial as
it might be. Usually, only a few (or one) exploit is around, (often) available to a few
"professional" people only. As soon as Microsoft publishes a patch, exploits drop from heaven
as it rains in a tropical environment due to an obvious reason - with all malicious impacts.
However, it's strange, that the release of patches by Microsoft seems so randomly timed...

Originally posted here by MilitantEidolon
We have debated this topic long and hard on which is the best OS and lost of people have always commented. What is comes down to is one thing.

THE ADMINISTRATOR!!

Of course you are right. However, it should be in the responsibility of the OS not to allow
for certain "things" to happen - as crashing the whole OS by one thread, owning a box
by exploiting a vulnerability in a process, that need not to run privileged and many others.
An OS should be designed correspondingly to nip this in the bud. Up to my knowledge,
not many OS offer such a thing, and none of them is widely distributed.

[cgkanchi]

The fact is, Windows has among the highest level of security availile from a COTS OS and higher than any functional open source OS I can think of. Secure out of the box is a way that people who really don't know security discuss security. (Nessus found 23 things this time, that means it is less secure than this other system that had only 4... problem is all of those 23 can be isolated to the disclosure of unclassified information while each of the 4 can be leveraged into a full system compromise because the access controls are too weak.) See my point?

I'm not denying this. When you're looking at security holes, you also look at the criticality (is that a word?) of the hole. For example, a popular magazine here listed ssh running by default on SuSe being a major problem, which I don't think it is, provided a strong password has been set on all accounts especially root.

Another factor you have to look at is how long that particular version of software has aged. For example, saying that Windows XP SP2 has less advisories than say, Slackware 9 is stupid, since there's been more time for the holes to be found/exploited.

One feature of the Windows NT code base that I really like, is NTFS. It's possible to take the system to such restrictive permissions that the user can't do anything outside of what the admin allows him to do. For example, if I were to restrict access to the JPEG viewer in XP, the impact of the JPEG exploit might have been minimized (but not eliminated, since it *could* still be opened elsewhere).

Secure out of the box is a way that people who really don't know security discuss security.

Exactly. How many home users do you know who know security .

Cheers,
cgkanchi

[catch]

Even criticality (I don't know or care if it is real, I like it as well) is not the issue nor is age... I believe the only useful measure when comparing system security is the same as used by DOD-5200.28-STD and ISO-15408... system capabilities and then assurances.

If I made and OS that could be completely compromised by telneting to any port and typing "OWN" in its default configuration... but with some careful following the TCM could be configured to be theoretically secure... is this operating system more or less secure than say... FreeBSD?

Sure a given box may be more secure or less secure, we are not talking about a given box, we are talking about the operating system. Application level exploits are meaningless... now if Windows had a flaw that allowed an attacker to bypass the security policy... then you'd have a real problem... too low of assurances (though the security model is still good enough) in Linux on the other hand, you basic protection model is weak, much weaker than windows anyhow.

This is my point when comparing systems, you are not looking at a given configuration... you are looking at the OS as a whole.

Exactly. How many home users do you know who know security.

I suppose it is a good thing then that home users don't determine Microsoft's product security strategy.

catch

[mohaughn]

Criticality-

1: The quality, state, or degree of being of the highest importance: “The challenge of our future food supply is approaching criticality” (New York Times).

2:Physics. The point at which a nuclear reaction is self-sustaining.

[MrLinus]

mohaughn, these might be better definitions, particularly the 2nd from the bottom and 3rd from the bottom:

an evaluation of how important a capability (e.g., use case path) is to the client or user estimated in terms of the impact that an associated defect or failure will have on the development or operation of an application.

a state of critical urgency

[lucktsm]

If I may add my two cents...

This is really one of those very emotional toppics. However, I thought it would be good to point out that Windows code, has been moved along from a very insecure operating system called DOS and the first versions of Windows were very insecure. Windows has come a long way, I still would rather run *NIX because I can control it.

Kudos to MS for working to make it more secure. I am more concerned with all the logging and spying on me it does.

Plus they say guns don't kill people, people kill people... (I am not a gun advocate) but stupid users are just that. They are virus and malware magnets. I bet if all the really stupid Windows users used Linux it would be much less safe as well. Everyone would be using their little chat programs as root etc...

[Tiger Shark]

I still would rather run *NIX because I can control it.

I would rather run Windows because I can control _it_......

So the whole argument is, as usual, moot....

Next subject.....