[Hidden-tech] Windows security (sic)

Andy Klapper andytk at charter.net
Mon May 30 20:19:20 EDT 2005


Dan,

There are a couple of points that are not correct;

1) A process running in a Windows operating system of NT or newer cannot
access memory outside of it's own process space.  (i.e. it cannot modify the
kernel's or another process's memory even if it is running as root).
2) Like *nix a process running in a Windows OS of NT or newer runs at the
privilege level of the user that asked the process to run.  You can set up
an account with very few privileges under Windows.

The problem isn't the security model of the underlying OS, but the fact that
most people run as root under Windows because it is easier to do so.
I would actually argue that Microsoft's security model is better and more
sophisticated than *nix.  They did after all steal a bunch of DEC engineers
to design it.  Take a look at the API if you do not believe me.  You can
control things at a level of detail that is impossible to do under *nix.
Unfortunately most programs pass a "Null" value for its security object,
which defaults to the privileges of the user, which unless the user did
something other than hit next while installing the software, happens to be
root.



Andy.

-----Original Message-----
From: hidden-discuss-bounces at lists.hidden-tech.net
[mailto:hidden-discuss-bounces at lists.hidden-tech.net]On Behalf Of Dan Fried
Sent: Monday, May 30, 2005 3:12 PM
To: Ben Liyanage
Cc: Mailing List
Subject: Re: [Hidden-tech] Windows security (sic)

   ** Be a Good Dobee and help the group
   ** Fill out the survey/skills inventory in the member's area.
   ** Remember you must be counted to post .

Ben,

Sorry, I reread my original response and it wasn't very well written, it
missed a big point...

Installing the software is only part of the problem, on Windows, there
is no user space in the process realm.  While you can restrict
installation of software, once it's running, the software has full
access to system functions and memory.  This is not true in a *nix
environment.  In *nix the processes themselves are subject to useage
restrictions.

In a *nix environment, those controls are built into the kernel and are
integral to the functioning of the OS.  On Windows, the memory security
that does exist is a layer of software over the kernel, once the
application runs in kernel space it has full access.  Windows API's
attempt to put controls into the system, but it's easy to exploit flaws
in the API's and have access to system functions.  On a *nix system,
exploiting a flaw in an API is not enough because the process itself is
still subject to role based useage restrictions.

It's true that setting up your system properly is the best way to
improve security on any system... but on a single user system your
suggestion of setting up different user accounts running services on
Windows is not an effective means of increasing security.

-Dan

Ben Liyanage wrote:

>I do not use my administrative account on my windows system.  I have
created
>a dummy account for myself.  Also, I believe one can run services with
>non-system level permissions... though you might have to log in with the
>seperate account for the service to start.
>
>I'm not completely sure how we got off the topic of desktop with virus
>scanners.  I imagine many people would agree that *nix systems are more
>stable and reliable than their windows conterparts.  Whether they are as
>user friendly is a different issue, but not relevent when you are talking
>about servers.  However, when using *nix machines as a desktop it is an
>issue... making *nix machines more user friendly I imagine would add
>additional security vulnerabilities.
>
>Any system that is properly set up and used will be less vulnerable to
>security breaches.  More or less this was my point from the begining--it's
>coincidental that my desktop runs windows.
>
>Ben Liyanage
>ben at smartankgroup.com
>410.336.2464
>
>-----Original Message-----
>From: Dan Fried [mailto:dan at creativeconstructs.com]
>Sent: Sunday, May 29, 2005 8:34 PM
>To: Ben Liyanage
>Cc: Mailing List
>Subject: Re: [Hidden-tech] Windows security (sic)
>
>
>Ben,
>
>This isn't quite right because "root" on Windows is fundamentally unlike
>root on *nix based systems like Linux and Mac OS X.  Some of these are
>rather fine points, but can be important nonetheless.
>
>The most prominent difference is usage based.  When you get a new
>Windows machine and create a new account, you do so with "admin"
>privileges by default.  Without these admin privileges you cannot do
>things like install software, which makes a non-admin based account
>pretty useless for many people.  Unfortunately, because you are always
>logged in as admin, any software that runs while you are logged in does
>so with full admin privileges and can install and modify system files.
>*nix systems, on the other hand, generally default to a user based
>system and root access is only used when installing something that
>requires it.  Mac OS X is kind of a hybrid system, but it still requires
>am explicit re-entering of admin priviledged password when installing a
>modification to a system file.
>
>Services are another, technical, way the approaches differ.  In Windows,
>services have to run as system processes.  This means that if your
>system service (say IIS, the web server) is comprimised through a flaw
>in the software, that process has full system access and the ability to
>modify system files.  On a *nix system, it is not required that running
>services (or daemons) run as root processes (equivelent to system
>processes in Windows).  A default installation of Apache (the open
>source web server) on a *nix system, will create a separate process
>account for Apache that will not have privileges to access anything
>else, so even if an exoloit for Apache is used, it will not have full
>root privileges (unless the default settings were ignored by whoever
>installed Apache).  This is part of the reason many of us laugh when
>Microsoft tries to point out the number of known exploits for Apache as
>being a sign that IIS is just as secure.
>
>This is not to say that *nix is perfect and unbreachable, but a properly
>set up system will require two exploits to get a root privileges in a
>*nix system, one for the user process and one to get root access once
>the process has been comprimised.  This brings us to the final security
>advantage of *nix systems; Diversity.  An attack that comprimises a
>particular version of Apache will then have to deal with one of about a
>dozen major distributions, running any one of about a dozen kernel
>versions (just counting recent releases), many of which will have been
>recompiled with different optimizations and patches by their
>administrators.  A single exploit could only affect a relative handful
>of machines making automated attacks (like viruses) very difficult.
>
>I'm not claiming that Windows is evil and everyone should switch to *nix
>systems, but there is a fundamental difference in the level of security
>available.
>
>If there were 100 operating systems in the world, all with about the
>same level of security as Windows, but each with equal market share, we
>would be much less vulnerable to viruses and spyware.  (Of course if all
>those systems had the security level of *nix, we would be even better
>off).  The biggest problem we have is that because there is such
>ubiquity in the computing world, viruses can run rampant and spread like
>wildfire... because virus writers know that a single new virus can
>affect more than 90% of the systems out there.
>
>-Dan
>
>Ben Liyanage wrote:
>
>
>
>>  ** Be a Good Dobee and help the group
>>  ** Fill out the survey/skills inventory in the member's area.
>>  ** Remember you must be counted to post .
>>
>>This is the way windows virii work as well.  You 'get root' by convincing
>>the user to run your application, thus infecting their computer.  To say
>>that linux machines do not get virus because they dominate the server
>>
>>
>market
>
>
>>is a little excessive as well.  If the average person did not use his
>>computer at all but instead left it running on his desk he would not get
>>virii either.
>>
>>I'd also say that most people that use linux for their desktop systems are
>>like me--people with a degree in computer science, and/or a divine
>>fascination with computers.  We are less likely to infect our computers
>>
>>
>with
>
>
>>virii.
>>
>>This brings to mind a blurb that was on one of my old professors door that
>>went something like this:
>>
>>If automobiles were built like a linux machine, the odometers,
spedometers,
>>or any other meter on the dash of the car would be replaced simply by a
red
>>exclamation mark that lit up when something went wrong--an experienced
>>
>>
>linux
>
>
>>administrator would already know what the problem was.
>>
>>-----Original Message-----
>>From: hidden-discuss-bounces at lists.hidden-tech.net
>>[mailto:hidden-discuss-bounces at lists.hidden-tech.net]On Behalf Of David
>>Mertz, Ph.D.
>>Sent: Saturday, May 28, 2005 9:46 PM
>>To: Mailing List
>>Subject: Re: [Hidden-tech] Windows security (sic)
>>
>>
>>  ** Be a Good Dobee and help the group
>>  ** Fill out the survey/skills inventory in the member's area.
>>  ** Remember you must be counted to post .
>>
>>On May 27, 2005, at 1:50 PM, Mark Bucciarelli wrote:
>>
>>
>>
>>
>>>It also doesn't hold up when you look at the virus counts and compare
>>>to desktop share:
>>>- there are about 60,000 viruses known for Windows, 40 or so for the
>>>Macintosh, and perhaps 40 for Linux.
>>>
>>>
>>>
>>>
>>Good points overall Mark.  But you vastly overstate the number of
>>"viruses" for Mac OSX and/or Linux.  It certainly comes nowhere close
>>to 40 for either (Mac Classic had a couple minor ones, it is true).
>>What gets called a virus on those unix-like systems is always a
>>"theoretical attack that might work if you can already 'get root', or
>>if the user cooperates to a high degree with the attack."
>>
>>The number of historical "live" viruses for either OSX or Linux is
>>exactly zero.  And the worst attack that could ever conceivably be
>>developed for either is far less serious than the sort of thing a
>>Windows machine gets infected with on a daily basis.
>>
>>Remember, friends don't let friends run Windows!
>>
>>-----------------------------------------------------------------------
>>mertz@ | The specter of free information is haunting the `Net!  All the
>>gnosis | powers of IP- and crypto-tyranny have entered into an unholy
>>.cx    | alliance...ideas have nothing to lose but their chains.  Unite
>>      | against "intellectual property" and anti-privacy regimes!
>>
>>_______________________________________________
>>Hidden-discuss mailing list - home page: http://www.hidden-tech.net
>>Hidden-discuss at lists.hidden-tech.net
>>
>>You are receiving this because you are on the Hidden-Tech Discussion list.
>>If you would like to change your list preferences, Go to the Members
>>page on the Hidden Tech Web site.
>>http://www.hidden-tech.net/members
>>
>>_______________________________________________
>>Hidden-discuss mailing list - home page: http://www.hidden-tech.net
>>Hidden-discuss at lists.hidden-tech.net
>>
>>You are receiving this because you are on the Hidden-Tech Discussion list.
>>If you would like to change your list preferences, Go to the Members
>>page on the Hidden Tech Web site.
>>http://www.hidden-tech.net/members
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>

_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members




Google

More information about the Hidden-discuss mailing list