on Wed, Oct 01, 2003 at 07:43:51PM -0400, Dan Anderson (dan@mathjunkies.com) wrote: > > Please share this knowledge. What executables are you awaree of > > affecting non-Microsoft systems which are in general circulation and > > which auto-execute on receipt by arbitrary systems in stock > > configuration? > > > > Although I would agree that most flavors of *nix are much less prone to > exploits then Windoze, I would like to point out that security loopholes > for Linux programs do exist and anyone stupid enough to leave a > configuration as is out of the box could have a problem. Few if any of these are self-propogating. Code Red is one of the few widely spread exploits in recent memory affecting GNU/Linux systems, and it was specific to Apache. While I agree that there is a _theoretical_ vulnerability of 'Nix systems to self-propogating worms a' la Microsoft, the current vulnerability is nil, and the likely future vulnerability is very, very, very low. The reasons are well summarized in the recently released CyberInsecurity white paper: Tight integration, whether of applications with operating systems or just applications with each other, violates the core teaching of software engineering, namely that loosely- coupled interfaces make maintenance easier and life-cycle costs lower. Academic and commercial studies supporting this principle are numerous and long-standing. Microsoft well knows this; Microsoft was an early and aggressive promoter of modular programming practices within its own development efforts. What it does, however, is to expressly curtail modular programming and loose-coupling in the interfaces it offers to others. For whatever reason, Microsoft has put aside its otherwise good practices wherever doing so makes individual modules hard to replace. This explains the rancor over Prof. Ed Feltens Internet Explorer removal gadget just as it explains Microsofts recent decision to embed the IE browser so far into their operating system that they are dropping support for IE on the Macintosh platform. Integration of this sort is about lock-ins through integration too tight to easily reverse buttressed by network effects that effectively discourage even trying to resist. "CyberInsecurity: The Cost of Monopoly", Dan Geer, Rebecca Bace, Peter Gutmann, et al., p 13. > That said, when they announced the OpenSSH exploits (or was it OpenSSL) > I never heard of anything coming of it. Perhaps because the *nix > community is generally smart enough to subscribe to security > announcement lists and never get hit. Both OpenSSH and OpenSSL have had vulnerabilities in the past year. There are several factors at play. - Atomicity of updates for GNU/Linux systems. It's possible to install/update just the single vulnerable system, contrasted with the competition, which ties updates into "service pack" bundles, and even confounds its more disaggregated updates. - Modular systems. Neither OpenSSH nor OpenSSL are required systems for a GNU/Linux box. Standalone deskotps need have neither. OpenSSH can be installed without services enabled. The reduces the scope of vulnerable systems, and makes exploit propogation a slower process. - Licensing uniformity. It's _very_ seldom that an update changes licensing terms (Python and Perl come to mind), and less often that the changes have significance to the end user. Distributions such as Debian with its DFSG and Red Hat with its less formalized, but still significant, focus on free software solutions, assure users that terms will continue to be OSI or DFSG compliant. Of course, the GNU GPL does more than that. - Live updates. Distros such as Debian allow for package or even major updates to occur without requiring a system boot (or even dropping to single-user). This makes update-application windows broader -- there are few situations in which it's not feasible to update a GNU/Linux system. Legacy MS Windows, by contrast almost always needs one or more reboots. - Secure / sane by default. While this isn't true in all cases, it's becoming more so over time. 'Nix systems are designed for a hostile environment, and are getting more so all the time. Recent RH builds offer very few external services. All of these contribute to a security profile for 'Nix systems that far exceeds that of Microsoft. While raw counts of exploits might produce comperable or even higher numbers of vulnerabilities (after all, Debian now comprises over 13,500 packages, more than there are *files* in a stock Microsoft rollout), the total effective vulnerability is still lower. > Although the GNU site was hacked a couple months ago so I guess > nobody's immune. Via a local root exploit. In other words: a user with access privileges hacked the system. Insider jobs will always be a leading cause of system compromise, particularly targeted compromises as in the case of the GNU Project. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? What doesn't kill you makes you stranger. -- Karsten M. Self, misreading as usual, San Marcos Pass Rd., 1988
Attachment:
signature.asc
Description: Digital signature