At 9:22 AM +0200 13/8/01, Auer, Karl James wrote:
>I'm no Windows apologist, but I don't think it's *inherently* less
>secure than other operating systems. Its authors just don't pay much
>attention to security issues.
If the authors don't pay attention to security issues then it is
inevitable that the final product is *inherently* insecure.
You don't get a secure product by having 10,000 monkeys bashing away at
a keyboard then just before release turn off all the network services
and macros.
You get a secure product by engineering the network services and macros
(and indeed the whole system) so that they are robust and inherently
secure.
One method of doing this is to compartmentalise the software so that a
security breach in one area does not allow access to other areas of the
system. With Windows, once the system has been breached in one area
the security of the entire system is breached. Look at the CRII worm --
a security flaw in the indexing library allowed write access to the CGI
scripts directory and the system applications.
Under Unix, a breach generally only allows a user to trash their own
userland data, not interfere with other users' data or the system
itself. Unless it's a root-level program that's exploited, but that's a
fairly rare occurrence these days.
Thus Unix is an inherently secure environment, while Windows is not.
>- delivered their product with functional packet filtering
If your product is secure you don't need to worry about packet filtering.
...Richard.
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:04 EST