Linux security myths talking to people using windows

Discussion in 'Community Discussion' started by nec207, Aug 7, 2011.

  1. nec207 macrumors 6502

    Joined:
    Mar 21, 2011
    #1
    The myths going around on the internet.

    1.Less than 1% use Linux and 10% use Mac Os X it is not that they are so much better but market share .The Malware makers are going windows where the market shares are.
    2.Windows have more security but most people don't use it.
    3.Mac OS X security is not that good , windows is better.
    4.windows it has more gradual permission level than a ON and OFF like Linux or Mac OS X
    5.Malware is growing with Linux and Mac OS X now.



    Here is my take on it.

    Windows ,Linux and Mac all have guest accounts ,standard accounts ,administrator accounts so on .So on security it is well the same here.

    What Linux and Mac have that windows does not other than windows vista and windows 7 for security is authentication for a password to system changes.But windows vista and windows 7 authentication is more security than Linux and Mac as you cannot download ,install or remove or even change the date and time or wallpaper with out clicking confirmation it not just critical system changes but any system change.You cannot even view stuff in control panel or system info !!!


    Where with Linux and Mac you can download ,install or remove or even change system setting it will only ask for authentication if it is effecting critical system changes .

    So in way windows as more security with the cancel and allow box but pops up like all the time.Where with Linux and Mac you can download ,install or remove or even change system setting with no pop up.


    Where Linux and Mac have more security is it does not support old software like windows .Why does supporting old software is bad ? It simple old software ran in full admin and had way way way I say again way way too much acess to the system .That was the dark days of software and OS's of the 90's as they ran as full admin and one user .


    More and more people are getting Mac computers now and there are more and more malware coming out now it is a growing problem for Mac computers now .Well windows still have most of the malware out there .The growth of malware is growing now do to more people are getting Mac computers.

    Windows 95/98/Me was base on DOS and ran as full admin only one user .It was horrible for security really horrible .Where windows 2000/XP/vista /7 and now windows 8 is base of NT that is many people using the computer with different read and write access and way better security thus guest accounts ,standard accounts ,administrator accounts and lot more of tweaking of what the person can have with different levels of read and write access .

    It best when one is surfing the internet to go on the internet as a guest accounts where the malware will not have read and write access .

    Microsoft did not really start to take security serious to windows vista and wibdows 7 came out with the cancel and allow box and ant-virus and anti-spyware and firewall that comes with windows vista and windows 7.


    That is my take on this
     
  2. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #2
    The following link is to a post that compares OS X to Linux.

    http://forums.macrumors.com/showpost.php?p=13013842&postcount=21

    The information to make this comparison with Linux is taken from the following source.

    https://wiki.ubuntu.com/Security/Features

    The following link is to a post that compares OS X to Windows 7.

    http://forums.macrumors.com/showpost.php?p=13013889&postcount=24

    Various examples disprove the marketshare argument.

    Linux has more examples of malware than OS X despite Linux having a smaller marketshare.

    IIS has more examples of malware than Apache despite Apache having a greater marketshare and Apache being released several years prior to IIS.

    Windows has disproportionately more examples of malware than other OSs in relation to the respective marketshares of the OSs.
     
  3. glossywhite macrumors 65816

    glossywhite

    Joined:
    Feb 28, 2008
    #3
    No offence, but I'm dubious about trusting the opnion of someone who spells & punctuates in the way that you just have.

    Linux is far more thoroughly tested and secure than OS X and Windows combined. It stands to reason, as it is FOSS, which means many many people get to see bugs and then fix them. This cannot ever happen with the closed-source nature of proprietary OS' such as Mac OS X and Windows. Impossible.

    The support for mainstream software is lesser, but the security is much higher, of that there can be no question.
     
  4. sk1wbw macrumors 68040

    sk1wbw

    Joined:
    May 28, 2011
    Location:
    Williamsburg, Virginia
    #4
    Tell that to all the Android users with malware.
     
  5. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #5
    You do realize that English isn't the posters first language.

    How so? Do you have a link to support this statement?

    Most of OS X is open source via using many of the same open source projects as Linux and BSD.

    http://www.apple.com/opensource/

    How so? Do you have a link to support this statement?
     
  6. villicodelirant macrumors 6502

    villicodelirant

    Joined:
    Aug 3, 2011
    Location:
    Italy
    #6

    Not that his style of punctuation would be acceptable in any indoeuropean language I know :p

    1.000.000 people having access to the source code > 1000 people.

    It's simple maths, and such a notion is familiar to everyone who has worked as a programmer or has a degree in CS.

    If you don't... you'll have to take our word for it.

    (or pay me to teach you Software Engineering 101 :p )


    "Security through obscurity" is a notion mostly favoured by managers.

    Actually, the whole debate is pointless anyway: apples (heh) and oranges.

    OS X (and Windows) are operating systems, Linux is a kernel - part of an operating system.

    It's like comparing an engine and two trucks.

    Distros can be RADICALLY different when it comes to installed packages and services running by default.

    I'm not sure why, but lately the vulnerabilities seem to apply to the closed source portions of the OS, especially in their .0 incarnations... :p

    See above.
     
  7. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #7
    Most of OS X is open source via using many of the same open source projects as Linux and BSD.

    http://www.apple.com/opensource/

    Seems like both provide equal access to me?

    Do you have a link to support this?

    If you are referring to Safari, Webkit is open source.

    http://www.webkit.org/
     
  8. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #8
    I really wouldn't go and say most of OSX is open source. Sure the base of it is, but most of the consumer facing layers is not. Some of the apps, like safari is open source. Apple uses open source when its in its best interest. They protect the source code when its a better business decision to do so.
     
  9. villicodelirant macrumors 6502

    villicodelirant

    Joined:
    Aug 3, 2011
    Location:
    Italy
    #9
    OSS parts of the OS (heh!), ESPECIALLY when used by / borrowed from other projects are inherently more secure due to extensive peer review.

    Other parts... who knows?
    They may be riddled with holes.

    Not all of OS X is OSS, and the default configuration matters anyway: even if you have the most secure code in the world, if the default install gives rwxrwxrwx to /etc/*, /var/* and /root/*, you're reasonably screwed.

    See: OpenBSD.
     
  10. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #10
    If both OSs use the same open source projects, then the amount of peer review is equivalent.

    Projects released as open source by Apple are used in Linux. For example, Avahi is a derivative of Bonjour.

    Links?

    Obviously, that is not the case in OS X.

    Mac OS X is based on FreeBSD.

    Also, OpenBSD has fewer vulns than Linux.

    http://cve.mitre.org/
     
  11. villicodelirant macrumors 6502

    villicodelirant

    Joined:
    Aug 3, 2011
    Location:
    Italy
    #11
    ...but only for said projects.

    Not applicable to proprietary parts.

    Exactly.

    (BTW, I'm still trying to figure out why on certain configurations - e.g. onboard SiS controller on Acer Aspire computers - avahi will randomly bring ethX down on Ubuntu 10.4 to 10.0)

    LINKS?
    You want me to post a link to prove that if you don't have access to the source code, you... er, don't have access to the source code?

    I don't think I can do that.

    Open Source isn't enough, anyway.

    Younger codebase is probably more vulnerable than two decades old code, even if the latter is proprietary.

    No, that's exactly my point.
    OpenBSD has an enormous share of userland in common with, say, Slackware and derivatives (please, there's no "Linux").
    Only, OpenBSD can - famously - claim "n remote holes in the default install" (with 0<n<10) because the default install has a small number of carefully tuned services running.
     
  12. nec207 thread starter macrumors 6502

    Joined:
    Mar 21, 2011
    #12
    The point of post was to give my opinion and get answer from the security experts here.

    I did not put disclaimer that my opinion is more a question of interpretation of what I read than opinion base of talking experience or knowledge.

    I just do not want my post to come of like I'm saying this is the way it is and that is how it works .My post is more like this is what I think it is like or this is what I thought it was like.
     
  13. munkery, Aug 10, 2011
    Last edited: Aug 10, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #13
    Most of the security sensitive components of OS X are open source.

    The kernel space of OS X consists of the XNU kernel and IOKit. Both of which are open source. Having a secure kernel space prevents the bypassing of DAC and MAC based sandbox.

    The proprietary parts of OS X are only within user space and do not have much security implications. For example, Webkit is open source and it is the foundation for Safari, Mail, iTunes, Dashboard, and more.

    Can you provide a link supporting the claim that the proprietary code in OS X is full of holes?

    I guess you are not aware of all the kernel-mode driver privilege escalation vulnerabilities that have been found in Windows since UAC was introduced to have DAC enabled in the default install of Windows.

    http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k

    http://m.prnewswire.com/news-releas...-vulnerability-in-microsoft-os-110606584.html

    It is the security paradigm of the vendor that makes the difference regardless of whether or not the code is open source or proprietary.

    Slackware is not a derivative of OpenBSD nor any other BSD distro. Slackware is a variant of GNU/Linux.

    Mac OS X is a derivative of BSD. More specifically, it is a derivative of FreeBSD.

    Also, both Mac OS X and Linux have similar port policies. The ports that are exposed in these systems are sandboxed.
     
  14. Tech198 macrumors G4

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #14
    Security

    Might I add this.

    UAC in Windows 7 is good, until the user turns it off.

    This can be done in this : Control Panel, User Account, Change User Account control setting.
    Users will do this when it's too annoying.

    Does't seem very smart to me.

    Mac OS X doesn't have such an option. Although, I guess you can get round it as running as root under Terminal. This is harder and not something everybody will do..
     
  15. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #15
    Do a lot of users do this? I know in the corporate environment this is not an option thanks to group policies. I run windows 7 and I keep UAC active.
     
  16. Tech198 macrumors G4

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #16
    security


    You tell me ... I'm not referring to corporate in specific as I know they would lock it down, and know what to do.

    Some less savvy home users are another matter. Comparison is basically useless, as Mac OSX would be secure, if people didn't randomly type their password in to install MacDefender.

    Hence, security is only as good as people make it.
     
  17. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #17
    UAC isn't very robust.

    It has been bypassed by malware in the wild.

    There is a high incidence rate of vulnerabilities that allow bypassing UAC.

    http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/ -> guide to develop exploits to bypass UAC by manipulating registry entries for kernel mode driver vulnerabilities.

    https://media.blackhat.com/bh-dc-11/Mandt/BlackHat_DC_2011_Mandt_kernelpool-wp.pdf -> more complete documentation about Windows kernel exploitation.

    http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k+ -> list of incidences of kernel mode driver vulnerabilities.

    http://threatpost.com/en_us/blogs/tdl4-rootkit-now-using-stuxnet-bug-120710 -> article about the TDL-4 botnet which uses a UAC bypass exploit when infecting Windows 7.
     
  18. nec207 thread starter macrumors 6502

    Joined:
    Mar 21, 2011
    #18
    Well the UAC I find is the most powerful thing ever invented to stop malware.Linux does not have UAC but what Linux have is you are a user with root privileges that need authentication.

    Mac have user space level and system level .Any time you try to do some thing in system level you need a authentication.In Linux any thing out side your home directory needs authentication.

    With Linux you use sudo and windows you use cancel and allow box but that can be change for password prompt too.

    Some Linux destro you can change it so you run has root all the time.
     
  19. nec207 thread starter macrumors 6502

    Joined:
    Mar 21, 2011
    #19
    Are you saying there are registry ,drivers and kernel exploits ?

    Why are there these exploits ? Is the way OS was built or just sloppy programming?
     
  20. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #20
    Discretionary access control in Mac OS X and Linux is robust.

    Discretionary access control in Windows (UAC) is not very robust.

    See my previous post for more info.
     
  21. munkery, Aug 12, 2011
    Last edited: Aug 12, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #21
    The registry can be manipulated to leverage vulnerabilities in kernel-mode drivers to exploit the kernel.

    These exploits allow you to bypass UAC.
     
  22. nec207 thread starter macrumors 6502

    Joined:
    Mar 21, 2011
    #22
    What is the difference of access control in Mac OS X and Linux than say UAC in windows ? How does the access control in Mac OS X and Linux work than say windows UAC?
     
  23. roadbloc macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #23
    I've turned it off. UAC is the only thing I cannot stand about windows and I'm glad Microsoft provide an option to switch it off.
     
  24. munkery, Aug 13, 2011
    Last edited: Aug 13, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #24
    The principle applied is similar. Obviously, the actual code used is different.

    Windows implementation of DAC is less robust. There appears to be three reasons for this:

    1) A high incidence rate of vulnerabilities related to Win32k.

    http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k

    2) Lack of runtime security mitigations applied to kernel-mode drivers.

    https://media.blackhat.com/bh-dc-11/Mandt/BlackHat_DC_2011_Mandt_kernelpool-wp.pdf

    3) Design implementation issues in relation to user-mode callbacks.

    http://mista.nu/research/mandt-win32k-paper.pdf

    You do know that if you using an Admin account with UAC disabled that you have also disabled MIC (mandatory integrity control = Windows sandbox) such that only a single remote exploit is required to achieve system level access?
     
  25. nec207 thread starter macrumors 6502

    Joined:
    Mar 21, 2011
    #25
    So just to clear this up OS X have user space level and system level and this is where DAC come in but is modified by Apple the DAC .Any time you try to do some thing in system level you need a authentication.In Linux any thing out side your home directory you need authentication and this where DAC come in .


    I thought windows MIC or sanbox is only for IE ? So things do not run out side the sanbox?

    So with good MIC or sanbox malware cannot get on the system but a weak MIC or sanbox , malware can bypass it and get on the system.
     

Share This Page