On Wed, Jun 13, 2012 at 5:36 PM, Barry Shein <bzs@world.std.com> wrote:
> On Tue, Jun 12, 2012 at 11:44:44AM +0000, Jamie Bowden wrote: > > While MS may be a favorite whipping boy, let's not pretend that if the dominant OS were Apple or some flavor of *nix, things would be any better.
That assumes the security architectures of all these OS's is similar which is simply not true.
You're right. Windows has an architecture that's easier to secure, with auditing, ACLs, and capabilities ("privileges") part of every NT-derived release. This means everything interesting doesn't have to be "root", for which there is no equivalent in Windows -- no magic user which bypasses access checks.
There have been security flaws in Microsoft OS's which led to the spread of malware which would have been almost impossible on any unix-like operating system.
One of the biggest problems was creating the first and often only user on MS systems with administrator privileges allowing any piece of software they ran to do anything on the system.
Is it not common to install unix-like operating systems similarly, with setup completed after a root password is chosen but before any human-named accounts are created? I'm not impartial, I once worked for the architect of NT's security. Discount my opinion appropriately. My opinion is 20 years of hardening have likely made Windows a tougher nut to crack than other mass-market OSes. It could hardly be otherwise -- there have been large piles of money fueling a free market in 0-day Windows exploits for many years now. Windows has grown over that time, of course, and more code means more holes, but other OSes have been growing as well. Meanwhile, the most security-sensitive parts of Windows have slower to change and grow. Yes, Windows evolved from an essentially security-ignorant single-user environment. Unix evolved from an essentially security-ignorant multiuser environment. The baseline of unix security with magic root, setuid apps, and primitive access permissions are nonetheless inferior to the baseline of NT-derived Windows. There are varying degrees of ACL support in some unix-like systems, and wide support for capabilities that allow services to start as a non-root user, or "drop root" after starting as such. There is not, across the POSIX world, a strong security infrastructure that can be relied on to be universal. On the other hand, with the death in the wild of the Windows 9x/ME house of cards, today Windows does provide that universal security infrastructure. Unix systems can be secured. So can Windows systems. No OS can simultaneously provide lazy users with power tools and completely protect those users from self-injury. Security costs overhead for too-often no perceived benefit until someone gets hurt. When you are forced to deal with it, it's nice to have the best in class infrastructure under your feet. Cheers, Dave Hart