On Wednesday, January 29, 2003, at 02:32 AM, Sean Donelan wrote:
On Tue, 28 Jan 2003, Steven M. Bellovin wrote:
They do have a lousy track record. I'm convinced, though, that they're sincere about wanting to improve, and they're really trying very hard. In fact, I hope that some other vendors follow their lead.
Lest we forget, Microsoft did not originally design Windows for the Internet, nor for a lot of what it does today.
Of course we need to be honest with ourselves and recognize this has been going on for a long time before Microsoft was even a glimmer in Bill Gates eye.
Multics security. Bell Labs answer: Unix. Who needs all that "extra" security junk in Multics. We don't need to protect /etc/passwd because we use DES crypt and users always choose strong passwords. We'll make the passwd file world readable so we can translate uid's to usernames. Multi-level security? Naw, its simplier just to make everything Superuser.
FORTRAN/COBOL array bounds checking. Bell Labs answer: C. Who wants the computer to check array lengths or pointers. Programmers know what they are doing, and don't need to be "constrained" by the programming language. Everyone knows programmers are better at arithmatic than computers. A programmer would never make an off-by-one error. The standard C run-time library. gets(char *buffer), strcpy(char *dest, char *src), what were they thinking?
Unix and C where also not designed for the Internet. More ramble ... but a point will emerge ...
My big worry isn't the micro-issues like buffer overflows -- it's the meta-issue of an overall too-complex architecture. I don't think they have a handle on that yet.
The Internet magnifies relatively harmless conveniences into major problems. Network access and "crack" made the world readable /etc/password into a major security hole. "C" is a vast improvement over assembly and evolved into the language of choice for developers over other languages. So we have a few buffer overflows now and then. The formative Internet did a lot to spread C source code. Unix was the primary platform for the Internet before ISPs spread the network to small businesses and home computers. Some of us remember down loading C code from ftp sites in the era before the web page when you could count off the major source code archives on your fingers.
The strange thing about complexity is its much harder to design a "simple" system than a Rube Goldberg contraption.
The complexity of Windows ... indeed all our modern OSes has evolved as they adapt themselves to network environments, complex graphics, multi media applications, complex user interfaces. Microsoft has tended to absorb applications into the core OS and, perhaps more than any other, softened the line between kernel and application to a point where security suffers. Unix systems have the same problem when root privileges are given to given to code ... often because it is less complex to give a process privilege than to craft a secure sandbox. I was just starting to use the Internet when the Morris worm chewed its way through the net. The Morris worm was the first taste of what a harmless back door and lapses in security could do on the Internet. It has been almost 15 years since that incident and look at how far we have come. Common code and lack of review contributed to that one. Internet worms and viruses have a far greater impact when we all use the same code, the same operating system, the same stack. If you plant one genetic strain of corn you risk famine come the blight. Having BSD*, Linux, OS X, and Microsoft in the mix helps prevent mono culture blights. Having Juniper, Cisco, and others in the core is good for our networks. Competition, variety and some level of complexity do act as safeguards against the the catastrophic failures exhibited by "mono culture" systems. IMHO competition and diversity are necessary for healthy systems, corporation, economies and societies. Any complex set of structures that becomes dominated by a single technology, OS, ideology or genotype becomes the ideal growth media for disease. This is why, IMHO, mono-anythings are bad, no matter how benign or well designed. -- Joseph T. Klein The benefits of Democracy, Republic, and IETF is that we do not speak with a single voice.