Linux security myths talking to people using windows

If some system of DAC is implemented, the OS then has system and user levels. The system level requires authentication to modify. The user level does not.

In Mac OS X and most Linux distros, DAC is implemented via Unix permissions and ACLs. Users enter a username and password in the authentication prompt to access areas of the system restricted by DAC.

In Windows, DAC is implemented via ACLs. DAC is referred to as UAC in Windows and the UAC prompt is the GUI to authenticate prompts related to DAC.

nec207 said:

I thought windows MIC or sanbox is only for IE ? So things do not run out side the sanbox?

Click to expand...

All processes use MIC in Windows Vista/7.

MIC works via integrity levels. A process can modify anything (files or another process) with an equal or lesser integrity level.

So, functionally, only processes assigned a low integrity level are sandboxed in relation to other implementations of sandboxing, such as MAC used in OS X and Linux.

MIC is basically an extension of DAC. It is not a sandbox in the same sense as MAC (mandatory access control), which is used in OS X and Linux. This is because MIC functions via inherited permissions unlike MAC, which has defined rules per process.

Because MIC is an extension of DAC, MIC is disabled if UAC is disabled. This only applies to admin accounts because the ACLs apply differently to standard accounts. Disabling UAC in standard accounts only removes the ability to authenticate changes from that account; it does not remove the restrictions of the ACLs.

nec207 said:

So with good MIC or sanbox malware cannot get on the system but a weak MIC or sanbox , malware can bypass it and get on the system.

Click to expand...

Increasing the restrictions set by UAC increases the number of exploits required to get system level access.

If UAC is disabled, which also disables MIC, then potentially only one exploit is required to get system level access (same level of security as a Windows XP admin account).

nec207 said:

I thought if DAC is implemented it needs authentication for both system level and user levels?

Click to expand...

Nope.

nec207 said:

I thought Apple modified the DAC so only authentication is needed for system level?

Click to expand...

Nope.

nec207 said:

I thought Linux DAC is different and that is why you need authentication any thing out side your home directory.So in way both system level and user levels needs authentication in Linux.

Click to expand...

Do you have to authenticate to open a document, PDF, or video in Linux?

The levels are not defined by directories. A directory may have limited permissions but the directory itself does not define the permissions. Access is defined by Unix permissions and ACLs on a per item basis in both OS X and Linux.

I think your confusion comes from some directories being referred to as the root directory. A directory being referred to as the root directory is different than an item that is only modifiable with system level access or a process running as the root user.

nec207 said:

How does increasing the restrictions set by UAC makes more exploits ?

Click to expand...

To achieve system level access in Windows with UAC enabled requires at least two exploits instead of at least one.

One exploit to achieve remote code execution and another exploit to achieve local privilege escalation to bypass UAC. Typically exploits that bypass UAC will also bypass MIC if the exploit is accessible within the sandbox created by MIC. Many user-mode callbacks are available within the MIC sandbox due to the function of win32k.

http://mista.nu/research/mandt-win32k-paper.pdf

nec207 said:

Can you elaborate on Unix permissions and ACLs and Linux Unix permissions and ACLs vs OS X.

Click to expand...

Unix permissions are the same.

ACLs implementations vary across Linux distros so this is hard to compare.

For the most part, there is no difference. Especially for the typical user that does not modify these features from the default settings.

nec207 said:

What I'm confused is why windows and Linux ask for authentication so much and OS X does not ask for authentication that much.

Click to expand...

Once all the software the user wants to install from a Linux software repository is installed. Linux does not prompt for authentication any more than OS X.

Linux typically installs app binaries in the one of several /bin or /sbin folders. Modifying these folders requires authentication.

These folders exist in OS X as well. Many default binaries included in OS X are installed in these folders.

Mac OS X prompts less during installation of software by the user due to OS X using the app bundle architecture. The app bundle architecture maintains apps as self contained bundles with limited permissions. This allows apps to be more portable.

It is possible to install apps in Linux in the same manner as OS X but this method has not become popular in Linux.

It is also possible to install apps in this manner in Windows. Chrome is an example of an app installed at the user-level. Very few apps are installed at the user-level in Windows.

Installing apps at the user-level has security benefits because the user is less likely to install something malicious at the system-level if apps typically do not require modifying system-level files during installation. But, this does not really apply to Linux because software is typically installed from curated repositories.

Windows prompts for authentication more than OS X because Windows requires users to modify the system-level of the OS during typical usage more than other OSs. An example of this is installing software in Windows.

nec207 said:

So for the most part most apps are installed at the user-level with OS X but with Linux and windows are installed at the system-level.

Click to expand...

Yes.

nec207 said:

So the less you work at the system-level the better.

Click to expand...

Yes. But, this does not apply to installing software in Linux because of using curated repositories.

nec207 said:

Note so you can download ,install or remove apps with no authentication if it is in user-level only?

Click to expand...

Yes. But, the area of the user-level is defined by the permissions of the user's account type.

nec207 said:

You mean guest accounts ,standard accounts ,administrator accounts so on

Click to expand...

Unix permissions are used to define the access rights of the different user accounts.

The different account types have different levels of access based on the permissions given to the items within the filesystem.

This is a very basic description of Unix permissions. Unix permissions include rwx (read, write, execute) but are also defined in terms of owner, group, and other. A string of unix permissions looks like "rwxr-x---".

So, with system (owner), admin (group), and everyone (other) that string (rwxr-x---) means:

-system (rwx) can read, write (modify), and execute that item.

-admins (r-x) can read and execute that item

-everyone else (---) can not access that item.

nec207 said:

So a guest accounts or standard accounts will not be able to do that ?

Click to expand...

No, it is still able to do it.

More locations within the filesystem have restricted access but this has nothing to do with installing apps at the user-level. Sorry for being confusing.

nec207 said:

Why is it Linux and Windows do not work in user level ? You where saying one reason is app bundle architecture maintains apps as self contained why not windows or Linux do that too?

Click to expand...

It can be done but it has not become a part of the programming culture of those OSs to do so.

Windows has stated that it introduced UAC to get more developers to write software to work at the user-level like Google has done with Chrome.

Linux does not really need to do so because apps are installed from curated repositories where software is much less likely to be malware.

nec207 said:

When comes to things like change the date and time ,wallpaper ,screensaver ,mouse setting,trackpad setting how does this tie in with what we are talking about. Would all these be in user level?

Click to expand...

That could be different on each OS and across the different user account types.

Most of those settings, except for date and time, can be individualized in all account types in OS X.

Those changes do not really have any security implications.

nec207 said:

Not sure about Linux or OS X but I know in windows if you have a guest account or standard account you cannot download or install,remove or modify programs .

Click to expand...

True, guest accounts are locked down in all OSs. I forgot about that.

You can install Google Chrome in a standard account in Windows without authentication. At least, I am pretty sure you can. UAC did not prompt for authentication the last time I installed Chrome on a Windows machine.

Software installers execute from the user-level prior to installing the associated software.

nec207 said:

But is it not good if it does NOT ask for authentication ? Do to malware may try to make a changes? What kind of security is in place for malware here?

Click to expand...

Those setting do not have any security implications.

How does malware directly gather sensitive data via changing the screensaver?

That level of damage from malware is due to the Windows registry having greater leverage over associated items than the configuration files that store settings in OS X.

Some of that may be possible in OS X, such as changing the screensaver. But, much of it would not be possible.

Any malware that uses those methods relies on tricking users to actively give away their credit card number to get rid of the problem.

munkery said:

You do know that if you using an Admin account with UAC disabled that you have also disabled MIC (mandatory integrity control = Windows sandbox) such that only a single remote exploit is required to achieve system level access?

Click to expand...

I wish I cared.