Tue, 21 Mar 2006, by suse@tlinx.org:
Someone wrote:
Run a firewall like SuSEFirewall. THe default setup should protect you 10 times better than what you are protected on your Windows box.
I enable logdigest on my servers that are connected to the net and I configure it to mail me every hour, so I can see relatively quickly if something goes wrong.
---- The above says it all: instead of having an interactive tool that requires the interactive user's permission, most Linux users have to rely on a "log file" -- that _retrospectively_ will tell you what has happened on your box.
It doesn't allow you to permit/deny traffic in real time, nor does it allow real-time interactive firewall rule construction based on usage.
See, you don't need to if you have an OS which uses a well-defined, and controllable set of network connections, instead of an arbitrary amount of ports and protocols that nobody understands or wishes to know about. If I install a Linux then *I* decide which service listens to what, *not* the "inventor" of the OS or application as it's the case in Windows.
It isn't about the relative strengths of security but about real-time interactivity. Linux is poor in real-time, interactive controls and monitoring.
1st BS. Where is the 'tail -f' util in Windows? Where is the 'ifconfig eth0 down' command in Windows in case of an emergency? Where are the zillion other *nix monitoring applications, freely available on SF.net, for Windows?
I find the discussion about how the user should or shouldn't be doing things amusing -- i.e. "Dear ex-windows user: um, we don't have the features and abilities you want, so we want to educate you on what you think you should want and give you lots of reasons why what you want doesn't really protect you (which is what we wanted to tell you what you really wanted)." Bleh!
Well chosen argument.
*Differences of Win vs. Linux Security model*
There is a fundamental difference in the security model and tools available for windows and for linux. With Windows, you only have the concept of one active user at the desktop -- and that user usually "owns" the computer and usually has that computer to themselves.
Apart from all the others that also 'own' that box you mean.
Such a design isn't where Linux has come from. Linux is descended (in thought and design concept) from unix -- which was designed for multi-user computer sharing -- usually with no one at the console. It wasn't designed for attended monitoring 24x7, whereas Windows is
BS #2. "Attended monitoring" is something different than some poor luser looking at a screen 24/7. In *nix operators are way smarter than that, and have learned to rely on countless scripts to make life-with-*nix easier and more reliable. Something Windows users haven't learned yet in the 10 odd years their system exists.
designed from the point of the "single-user", who is usually in attendance when the computer is being used.
Yeah, "point, click, drooll, repeat"
In the Windows philosophy of _past_, nothing should happen on your computer unless you "instigate it". NOTE: there is a difference between the historic use of 1-windows user/computer and later editions of Windows used as a server. Even Windows as a server isn't designed as *nix has been. Multi-user *nix was the norm and it has been
Then why do you later on claim NT was derived from "mainframe OS principles"? The MS team was helped out by DEC VMS people, a mini-computer OS. NT itself of course, is nothing like VMS. That's BS #3
adapted for single-user use. With windows, it is the opposite -- it was designed for solo, non-networked use and has been adapted for network use.
"Very poorly" you should add.
Everything about Windows was designed for "interoperability" with other Windows computers in a "non-threat" environment. *nix was
Like in a bunker with 40" walls and absolutely no network anywhere near the place.
designed for separating users to allow multiple "academics" to share information, but still keep them separate. It heralds back to "Multics" that was designed with security in mind in the 1960's, but I digress.
And still you wonder why *nix has no need for "personal firewalls"..
Windows in its current incarnation (XP as version 5.1 of "NT") is similar in design to many current *nix implementations. NT was _supposedly_ descended from mainframe OS principles. Like *nix, NT supports multiple users. Like *nix NT supports levels of privileged
Uhm, it can serve files to multiple users, yes, but so can DOS. That is not the same thing as being a multi-user OS. Only Windows 2003 server can really give e.g. a remote desktop to more than one persons simultaneously.
code. NT has superior security features to many *nix implementations,
They managed to hide it well, good job there.
however, it's insecure by *configuration*.
When every damn configuration of the OS is unsafe to start with, it's very hard to see the safeness of the OS itself.
NT (as used for Windows XP sold for individual computers) is still configured for compatibility with the older, single-user Win9x systems. It is the default configuration for usability and compatibility that makes WinNT based systems less secure than their *nix counterparts.
Eventhough they've had, what, 10 years of experience, i.e. right from the start of Win95 (and even before), that "usability" and "compatibility" is basically an open door for malware. Smart people over there in Redmond.
Most NT applications require "root access" to install. Many NT applications install system drivers as part of their typical install. At least WinNT has the concept of 2 driver privilege levels: Ring 0 & Ring 1 (which is different from user processes that operate at Ring 3).
And what do the choose to do?: put all of the drivers that can do most of the harm in ring 0, and give every damn user full access via layers of mystic DLLs, explorer 'shortcuts' to the OS and graphics access calls.
Few, if any *nix systems use more than the 2-ring security model. Single process capabilities have been present in NT since it's 4.x days -- likely 3.x (though I had no experience w/such). Linux had process capabilities so screwed up that they were complete disabled in 2.2.16 (~2000) as a critical security flaw because the implementors and reviewers of capabilities in linux, /at the time/, had a fundamental lack of understanding of how they should work.
If you say so (but you've been giving so much BS already..), but even if it's true, it was solved so fast few people even knew about it. Know fact is: *nix security works, Windows's doesn't.
One of the worst offenders is *non-system software* -- _games_ in Windows. How many games try to install "copy-protection" into a user's computer by attempting direct access to the hardware and/or by installing specialized drivers? Such applications are uncommon in *nix. In historic *nix systems, users _couldn't_ install applications requiring direct-hardware access.
That was because the virtual layer in /dev was adequate to use all of the hardware that existed in those days, without messing with ports and interrupts like windows required.
I could go on for ever on the differences in design, but suffice it to say: if the linux desktop "shell" required constant "root access" to install and run hardware, and if it provided all of the "automatic" features of Win XP, it would be just as insecure (perhaps more so) as Windows.
We have a saying in Holland: "als m'n tante een pikkie had gehad was ze m'n oom geweest" And you are now just FUDding, to make your own point. *nis /doesn't/ do that, and that's _why_ it's much more secure. Looking for none existing reasons how *nix would also be unsecure is BS #4
Some claim it would be "possible to provide the same functionality in *nix". I challenge you to do so with the same constraints on easy of install and control for what ever user is using the desktop. It won't be easy:
So, nothing's lost, only for thse who whish to make another Windows out of *nix. [snip babeling about "zonealarm" functionality]
Note -- manual, human-based *logfile review* is _unacceptable_. It is _reactive_, time consuming and error prone. In the one-hour between being mailed "logs", a well qualified hacker could be in, plant a trojan and clean up the logs to remove a trace of their being there. If you have to sleep or go on a vacation for any number of days, you have even less responsiveness to intrusions.
Like I said before: *nix admins are smarter then their Windows counterparts; they know and use the powers of scripting to the full, and let the machine do the work of man. You remind me of "Lost", where in the 2nd season the people have an Apple computer, and for some reason (we're not that far yet in Holland), every 108 minutes someone has to type in a series of numbers to keep the damn thing happy. HELLO! they have a bloody computer there! How bloody hard is it to make the thing do that on its own. even on an Apple!? Windows admins I find, work in the same way, Laboriously doing the same thing over and over by hand, that what could much easier be done by their computer.
Sorry, but in my opinion, Linux is considerably more lacking in real-time, interactive security response tools that talk to the active user. In the absence of a real-time, at the console user, traffic is *blocked*. This is very *untrue* for the average *nix system, where systems are expected to run "unattended".
You think so, because you obviously have no real experience with administering a *nix system for any length of time, so you think with your Windows-half of your brain when you see a *nix box.
None of this should be taken to mean that Linux, as used today is less secure than Windows -- but it easily could be if it was _configured_ to be as easily interoperable as WinNP is (by requirement of legacy compatibility) to be.
"Interoperability" you claim, of an OS that knows only it's own tongue. - There's no recognition of other hardware filesystems than MS's - No recognition of network filesystems other than MS's - No compiler support for programming languages other than MS's chosen few - No support for other CPU architectures other than i386 Shall I go on? That's BS #5
It should be noted that the main hindrance to good security is _usability_. The less usable a security system is, the more likely users are to find a way to work around it.
As proved by NT's ACL system, that few people understand, and even less actually use. *nix file permission system may look (too) simple for you, but it is practical, easily understandable, and in 99% of the cases all that's needed.
The presence of an easy-to-use, interactive, graphical firewall configuration tool that allows real-time monitoring and feedback -- so a user can see that if an application wants web access, they get immediate prompting that tells them the application is attempting network access, informs them what application(s) are attempting what type of internet access. Post examination of log files doesn't provide that type of interactive training.
"training" to get really fed up with the 'n'th warning of that stupid thing, and either disabling the damn thing, or say "y" or "n" to every warning, whatever it takes to shut it up.
FYI -- I do have linux log files that show me blocked outgoing firewall traffic. It isn't uncommon to see applications (running on Windows through a linux proxy server) to simply and mysteriously "not work". It's only later, if I examine log files and remember what I was doing at the time, do i find that I couldn't watch some "video" because my firewall blocked outgoing ports by my "http-proxy" (squid) to some site. It is rare that I know why the application(s) failed at the time they fail -- there is
So, that's you being less-then-knowlegable about network protocols. Don't come here blaming Linux for your lack of experience.
no interactive message to tell me that a forbidden network traffic type is being automatically blocked. That is way less usable (and useful) than having a popup instantly tell me that my attempt to play some video is accessing some weird port, that isn't in the normal video port
If you need to run applications on Windows of which you don't know what they do, but you think they should "just work", then why the hell do you run a firewall in the first place? Just turn it off, because with a Windows "firewall" you would give permission to go out to the Internet under any circumstance anyway.
range. It's even less easy to "temporarily" allow one specific traffic request through. I.e. - on linux, I'd have to add some firewall rule, go back and run my app, then re-edit the firewall rule to remove the temporary access. **Very** inconvenient. That's not my idea of _usable_ security.
No, that's your idea of how *nix should work exactly like Windows. Well, news-flash, it doesn't! Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.