on Wed, Oct 01, 2003 at 07:43:51PM -0400, Dan Anderson (dan@mathjunkies.com) wrote:
> > Please share this knowledge. What executables are you awaree of
> > affecting non-Microsoft systems which are in general circulation and
> > which auto-execute on receipt by arbitrary systems in stock
> > configuration?
> >
>
> Although I would agree that most flavors of *nix are much less prone to
> exploits then Windoze, I would like to point out that security loopholes
> for Linux programs do exist and anyone stupid enough to leave a
> configuration as is out of the box could have a problem.
Few if any of these are self-propogating. Code Red is one of the few
widely spread exploits in recent memory affecting GNU/Linux systems, and
it was specific to Apache.
While I agree that there is a _theoretical_ vulnerability of 'Nix
systems to self-propogating worms a' la Microsoft, the current
vulnerability is nil, and the likely future vulnerability is very, very,
very low.
The reasons are well summarized in the recently released CyberInsecurity
white paper:
Tight integration, whether of applications with operating systems or
just applications with each other, violates the core teaching of
software engineering, namely that loosely- coupled interfaces make
maintenance easier and life-cycle costs lower. Academic and
commercial studies supporting this principle are numerous and
long-standing. Microsoft well knows this; Microsoft was an early
and aggressive promoter of modular programming practices within its
own development efforts. What it does, however, is to expressly
curtail modular programming and loose-coupling in the interfaces it
offers to others. For whatever reason, Microsoft has put aside its
otherwise good practices wherever doing so makes individual modules
hard to replace. This explains the rancor over Prof. Ed Feltens
Internet Explorer removal gadget just as it explains Microsofts
recent decision to embed the IE browser so far into their operating
system that they are dropping support for IE on the Macintosh
platform. Integration of this sort is about lock-ins through
integration too tight to easily reverse buttressed by network
effects that effectively discourage even trying to resist.
"CyberInsecurity: The Cost of Monopoly", Dan Geer, Rebecca Bace,
Peter Gutmann, et al., p 13.
> That said, when they announced the OpenSSH exploits (or was it OpenSSL)
> I never heard of anything coming of it. Perhaps because the *nix
> community is generally smart enough to subscribe to security
> announcement lists and never get hit.
Both OpenSSH and OpenSSL have had vulnerabilities in the past year.
There are several factors at play.
- Atomicity of updates for GNU/Linux systems. It's possible to
install/update just the single vulnerable system, contrasted with
the competition, which ties updates into "service pack" bundles, and
even confounds its more disaggregated updates.
- Modular systems. Neither OpenSSH nor OpenSSL are required systems
for a GNU/Linux box. Standalone deskotps need have neither.
OpenSSH can be installed without services enabled. The reduces the
scope of vulnerable systems, and makes exploit propogation a slower
process.
- Licensing uniformity. It's _very_ seldom that an update changes
licensing terms (Python and Perl come to mind), and less often that
the changes have significance to the end user. Distributions such
as Debian with its DFSG and Red Hat with its less formalized, but
still significant, focus on free software solutions, assure users
that terms will continue to be OSI or DFSG compliant. Of course,
the GNU GPL does more than that.
- Live updates. Distros such as Debian allow for package or even
major updates to occur without requiring a system boot (or even
dropping to single-user). This makes update-application windows
broader -- there are few situations in which it's not feasible to
update a GNU/Linux system. Legacy MS Windows, by contrast almost
always needs one or more reboots.
- Secure / sane by default. While this isn't true in all cases, it's
becoming more so over time. 'Nix systems are designed for a hostile
environment, and are getting more so all the time. Recent RH builds
offer very few external services.
All of these contribute to a security profile for 'Nix systems that far
exceeds that of Microsoft. While raw counts of exploits might produce
comperable or even higher numbers of vulnerabilities (after all, Debian
now comprises over 13,500 packages, more than there are *files* in a
stock Microsoft rollout), the total effective vulnerability is still
lower.
> Although the GNU site was hacked a couple months ago so I guess
> nobody's immune.
Via a local root exploit. In other words: a user with access
privileges hacked the system. Insider jobs will always be a leading
cause of system compromise, particularly targeted compromises as in the
case of the GNU Project.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
What doesn't kill you makes you stranger.
-- Karsten M. Self, misreading as usual, San Marcos Pass Rd., 1988
Attachment:
signature.asc
Description: Digital signature