On Tue 03 Jun 03, 1:14 AM, Stanislav Malyshev <[EMAIL PROTECTED]> said: > GD>> with the RedHat 9), the Windows NT/2K/XP/2K3 has better security > GD>> and scheduling (Though performance is impressive) > > Windows security is a funny thing. It is so good almost no one > understands/uses it :) I mean, certainly, using it like it was intended. we need to make a distinction between system level security (the kernel and the services provided by the kernel) and application level security (processes like a window manager or a web server). we can make that distinction in non win95 type OS's since NT type OS's use a model similar to a unix.
but either way, i'm not sure i'd agree that windows <anything> has better security. since nt/2k/xp were specifically mentioned, i'll address kernel level security. steve balmer conceded earlier this year why certain parts of the win32 kernel can't be released, going as far to say that releasing some of the API implementations would be a united states security risk. he went on to explain that there are three vulnerabilities in the win32 code that are not fixable without breaking binary compatibility. release of certain portions of code will expose the vulnerabilities to the world (MS policy as well as security is based on security through obscurity). of course he didn't say what the vulnerabilities were, but he outlined which subsystems they belonged to. one of them is GUI IPC. you can send arbitary code to a window and have it execute with ring 0 permissions. the whole thing was slashdotted earlier this year. in other words, if some cracker ever learns how to do this, he can take down any microsoft system in the world which isn't suitably firewalled. say what you will about the dated design of xfree86, at least it has reasonable security model. X vulnerabilities tend to be distro configuration problems, not problems with the server itself. not to mention that microsoft announced a few months ago that NT and 2k, both still very actively deployed, won't be receiving the latest batch of security updates. compare that with the fact that debian potato STILL receives backported security patches. as another example, have you seen the "browse this page and die" vulnerability? an oversight in MSIE security model allows for one of my favorites security flaws. point IE to a webpage, and javascript code can use fdisk all your partitions or format your hard drive. there was a benign example page. the page instructs you to insert a floppy disk, and click a link. the floppy will be formatted (but that could've just as easily have been your hard drive). if anyone is interested, i can provide a link to the page if it's still up. this kind of thing simply can't happen even on the least security minded distros like redhat. > GD>> In short, the Win32API is impressive... but the OSs that use it > GD>> are *not*. (Again being polite and all) > > I heard from someone once working in MS that it suffers from the same > problem you just have outlined - bloat (a lot of unneeded things, > duplication, etc.) and clumsyness. I, not being MS Internals pro, can not > confirm or deny that, but I tend to believe. impressive in what sense? i'll say that the API is convenient (if not ugly), but i assume you're making the distinction between an API and an implementation of that API. the implementation is abysmal. proof: a user space process should _never_ be able to bring a system down. experimental kernel code? absolutely. faulty hardware? yes. an errant driver? perhaps. a user space proces? never! hate to sound like a zealot, but other than 1) legacy and 2) games, i can't see any reason why anyone in their right mind would choose microsoft over something like linux or *BSD. crikey. i didn't mean to write so much. sorry! pete -- GPG Instructions: http://www.dirac.org/linux/gpg GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
