Security is not like parmesan cheese

You can't get a can of the stuff and shake it on top to make your meal complete.

[Security is more like "kosher" - it's something that you have to include in every ingredient, or the final dish won't qualify.]

Whenever I talk to the religious platform adherents - and because of the sphere in which I work, they're always Linux adherents - I have to ask them what the Linux developers are doing, that Microsoft isn't.

Security obviously cannot be granted by merely labeling something as Linux, nor even by releasing the source code (I would argue that Microsoft, with its various source code licences, may have more people devoted to passing eyeballs over their code than Open Source does!) - so if Linux / OS X / Unix is more truly secure, it must be because something is done differently when developing the code, or reviewing it before including it in the source base.

Anything that happens after the build - testing, code inspection, user behaviour - is going to affect the released code in no way whatsoever. It may provide reason to re-visit the code and change a few things for the next build, but it can't make the existing code more secure - and judging from the people who complain about Windows 98 reaching "end of life", existing code spends a long time in active use before being retired to pasture!

I will readily admit that Unix users are ahead of the game in one respect - they are more accustomed to thinking in terms of "root" versus "non-root". Give them an application program that only runs as root, or which requires permissive sharing of executable directories, and they are (on aggregate) just as meek in accepting it.

But again, that's something that's applied after the build is released, and therefore cannot be something that demonstrates how Linux itself is inherently more secure. If the merry marching morons that are often depicted as the majority of Windows' users were to follow the advice of the religious adherents, and switched to Linux tomorrow, they'd bring all their stupid "must be administrator all the time" application vendors with them, and they'd cause just as much damage to themselves on Linux.

Do any of you see a process that I'm missing, that gets applied prior to a Linux build being released, that makes it more secure, and that isn't currently being done by Microsoft?

Published Tue, Jul 11 2006 19:41 by Alun Jones
Filed under: ,

Comments

# re: Security is not like parmesan cheese

Only that the great and wise Linus T. sprinkles his holy parmesan cheese on top of all Linux code.  Thereby making it more secure and efficient than Windows and granting it's users a narcotic-like sense of invincibility.  Too bad he's not as good at GUIs....

Wednesday, July 12, 2006 9:50 AM by Terry Constable

# re: Security is not like parmesan cheese

... and what about the code he didn't write?

... and what makes Linux' development work securely when Linus gets hit by a bus?

I'm pretty sure you're being facetious (although it's really not that much over the top from much of what I hear from religious adherents), but the serious point is this - if it takes an irreplaceable person to make an OS secure, then the OS is fragile. If it takes a documented process to make the OS secure, and the process can be followed by anyone with a modicum of training, then the OS is not fragile.

Wednesday, July 12, 2006 10:03 AM by Alun Jones

# re: Security is not like parmesan cheese

... modularity ...

Alun - I think you've got to give them that one.  I know the Windows Server team is coming around, but the Linux distros do generally have the ability to install a more minimal build.

That's not a panacea of course.  Less crappy code can (and does) have more vulnerabilities than more quality code.  But, the modularity is good.  If they'd do an SDL-like process on top of it, they're starting from a good place.

Thursday, July 13, 2006 12:05 PM by Jeff Jones

# Apples, Oranges and Vulnerability Metrics




NOTE:  I am not asserting that my vulnerability analysis demonstrates that Windows is more...

Friday, July 14, 2006 3:12 PM by Think Security - Jeff Jones Security Blog

# One other area where Unix is ahead

... is that an arbitrary file is not executable by default. Which gives another level of defence. Not perfect, I know. But far better than allowing any downloaded file to be run as a program by clicking on it, and much easier to secure than try to add warnings to all the ways that the file can appear on a system.

Wednesday, August 02, 2006 12:07 PM by Andrew Yeomans

# re: Security is not like parmesan cheese

Security is only as good as the worst mistake an Administrator makes.

Tuesday, October 10, 2006 3:00 AM by root ;)

# re: Security is not like parmesan cheese

It starts with the design of Unix as a multi-user platform. And it's the design of the Linux kernel, its system related design, which makes it more secure. I don't know Windows code at all, but with the experience I had, Windows IS designed differently with other targets and a much different design to start with. Putting security on top of a crapy kernel and core system is like putting cheese on top of a Mac burger...it's not kosher (e.g. not secure). No matter how much cheese you put there (until you don't see the burger) doesn't makes it kosher. Never. You wrote: I would argue that Microsoft, with its various source code licences, may have more people devoted to passing eyeballs over their code than Open Source does Really? Can I read the code? If I'd have a problem, can I check to see what the program is really doing by reading the source? Can I write test cases? Change pieces of code? Are there multiple companies, reading, writing and contributing code to the Windows kernel? C'mon....

Thursday, October 12, 2006 6:54 AM by Eddy Nigg

# re: Security is not like parmesan cheese

The Windows NT core was designed as a multi-user platform from the start, by the same guy (Dave Cutler) responsible for VMS' design, which has long been envied for its security.

The Windows 9x core, on the other hand, was definitely not much of a multi-user system, since everyone was a de-facto administrator, and the base file system was FAT, where everyone's an owner with full control.

And I am most definitely serious about the "more eyeballs" comment. Who reads open source?  Generally the developer, the guy approving the checkin (often the same guy) and if you're lucky, there are one or two interested parties who check on some small portion of the code. Outside of the guy who wrote it, do you really believe there are that many people actually tasked with poring over the code (and interested enough to do so)?

Can you read the code? Yes. Here's the web page that'll tell you how.

As you'll see from my comments in other articles, I don't necessarily think it's a great idea for random companies to be writing and contributing code to the Windows kernel, but yes, that goes on too. A lot of things that require direct kernel editing in Unix / Linux / etc are available through non-kernel means (for example, new network stacks or changes to the existing stack, through the use of Layered Service Providers).

As you say, you don't know Windows code - and that's half the problem in this argument, is that most people arguing on either side have spent zero time on the other side.

Thursday, October 12, 2006 10:15 AM by Alun Jones

# Re: Who reads open source?

At the time I used Windows OS's, there was no shared code or any other open code coming out from Redmond. Without getting into this more seriously, I guess there are multiple limitations on getting access to this shared code mentioned by you. But also what is the use of access to the Layered Service Providers if I want to access or change the kernel directly?

Quite obvious the Linux kernel is a very interesting piece of code and lots of developers indeed read, change and learn from it, in full or partly. Other software vendors do this for their own purpose (e.g. adding driver support, application support) and therefore indeed gets accessed quite a lot! And it's easily available to you, me and everybody. There are no limitations like at MS code.

Also some Linux distributions indeed go over the various pieces of code line by line...guess you are not familiar with the open source world and might miss some information on this subject. But let me give you a real world example, without all the arguments:
I personally administered Windows and Linux servers. The ratio was one in ten (1 Windows NT or 2K / 10 Linux), all of them serving web content. Guess which servers got cracked twice, even so being protected behind a firewall, anti virus and other anti's? Right, you know the answer! So even the logical chance would have been 1 in 10 for Linux to get compromised, it was the opposite way around. This is what counts at the end of the day...

So I just popped in by chance and left a message and didn't intend to start any flaming on this issue I'd like to finish with this statement: Linux is quite secure at the core...whereas the in Windows world there is some security put on top...I mean, applications should not protect the system (as seen so many times in Windows ("The application tried to access....allow?"), the system should protect the applications!

Cheers!

Thursday, October 12, 2006 12:18 PM by Eddy Nigg

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: