On the security of non-Windows op systems
andres at msu.edu
Thu Feb 12 21:21:34 GMT 2004
On Wednesday 11 February 2004 02:00 pm, Curt Freeland wrote:
> Ok, I'll play devils advocate for a minute....
> The "not paranoid enough" security types ask why should they have to
> run this silly A/V stuff on a box that HAS NEVER (to date) had a virus
> problem. To them, I ask: How many years ago did the Robert Morris Internet
> worm come out? What OS did it live on?
> The "paranoid" security types tend to think not in the "if this were to
> happen" reality space, but instead, in the "when this happens" reality
> space. They are quite often accused of "going overboard". Hence
> the requirement to run A/V code on a box that has not, TO DATE, had a virus
> What will happen IF, (or even less likely) when, Microsoft ships a secure
> OS? Are the rest of the OS's out there REALLY that much more secure, or do
> we just believe that to be true because we see so much wrong with Windows?
> Can we see into the future and state emphatically that there will NEVER be
> a *NIX virus/worm/hack that would infect us like the stuff we've seen
> propogating through Windows systems?
> Points to ponder...
No one in the non-Windows world should claim absolute
superiority in terms of security, but there are some systems
that significantly raise the bar for attacks, and while not 100%
fool proof are far more likely to resist attacks.
My favorite example of this and what I personally use is
OpenBSD. Their pro-active stance on code audits and protection
schemes makes it a more secure system.
Taking the "W^X" (write xor execute) scheme, Propolice and
the wholesale expunging of unsafe string functions like strcat(),
I think its safe to say that while "bad" things might still happen
in OpenBSD, it will be a lot harder to make them happen. Is it
perfect? No. But definitely on the cutting edge of protections
Not all non-Windows systems have such protections of course,
and the success rate of the other operating systems is going to
range all over the place. But at least there is choice, and given
the nature of open source code, its possible to *look* at the
code, and at least have the glimmer of a chance of being able
to understand what's going on under the hood.
OpenBSD's site: http://openbsd.org
OpenBSD security philosophy: http://openbsd.org/security.html
OpenBSD FAQ: http://openbsd.org/faq/index.html
More information about the unisog