The World's Most Secure OS (?) 180
Anonymous Coward writes "Titled The World's Most Secure OS, this article in The Standard talks about what is needed to be "Secure by Default"" Probably the best OpenBSD article I've read in recent months. Theo doesn't pull his punches (then again, he never does), in particular, discounting the "more eyes means better security" philosophy. Then again, he's probably right.
[ Update: noeld wrote in with a link to a similar article at rootprompt.org. Must be something in the water. ]
Secure? Well of course... (Score:1)
wrighty.
most secure os? (Score:2)
oh i feel so used now...
*burns all his clothes and jumps into the shower sobbing*
Re:Secure? Well of course... (Score:2)
oh *that* sensitive data...
I wonder... (Score:2)
Not to say that linux is insecure, but why can't they just configure linux to be secure right out of the box. Default installations shouldn't include freaky services and programs. Users should add the programs that they want by themselves.
Mmmmm....OpenBSD (Score:3)
For administration it's so nice to have SSH installed by default, so I don't have to worry about some kiddie on my LAN running a port sniffer on my telnet session. It's also kind of nice that it never crashes unless I do something particularly stupid (which I think I have thus far avoided, oh except for that time when I didn't have a swap partition.)
Theo is certainly a character. His work speaks for itself.
The mailing lists are just the way they should be; interesting, very technical, very easy to offend, and really amazingly helpful.
I've also been pleased with the fact that IPSec is built right on in there, so when the time comes for me to play with VPNs, I'm already 90% of the way there.
Now, whether or not I'd call OpenBSD user-friendly or easy to use, that's a different story. I guess I feel pretty good about having a Unix-y/BSD box around that makes me learn more CLI stuff every once in a while.
What a guy! (Score:1)
Every open-source project needs someone like this on the team, regardless of his/her other abilities.
- Derwen
Default password bloopers (Score:4)
There is a certain level of aquired knowledge and experience that I believe is necessary to work at the professional level; especially when it comes to the Internet and public software applications. One of the things that any admin knows (or at least should know!) is that you have a hard password and you change it often (I change mine on my server at home on a weekly basis).
My point is this: while an NT admin (or MCSE brat; whatever is at hand) might be able to get away with using a software with a default password, and then blame it on MS, a REAL admin knows his/her system and knows better than to not change a password. BSD is not only more secure because the default install is smart, it is more secure because the user is too.
BSD is secure because it is developed by security freaks that audit (and reaudit) the code looking for possible exploits and programming errors that could compromise a system. They have a zero tolerance stance when it comes to security, and I can do no more than commend them on this. Good job guys and gals, all of us BSDers are thankful and appreciative for all you hard work.
Rami
--
I have the most secure system (Score:2)
If you can hack it, you are truly a real guru.
Re:Mmmmm....OpenBSD (Score:1)
Well to install and configure I found it pretty easy (once I'd squashed the hardware bugs :) Admittedly I'm only using it as a firewall / NAT box, but it easy to configure and disable all external traffic. If in the future I need http or ftp access then this too will be easy to add and I'll know that the source had been scoured with a fine tooth comb.
wrighty.
Re:I wonder... (Score:1)
Linux distros could learn something (Score:3)
I use OpenBSD for my firewall/NAT box at home, and installation is dead-simple, quite painless, and only installs the bare basics - no need to sit through half an hour of clicking widgets to select packages.
I like Linux - None of the BSDs have the software base that Linux has, and it's a lot speedier. I don't need the security for my X box - after all, it's behind the OBSD firewall, and SSH tunneling is my friend when I need to access it from the outside.
What I'd like to see is a Linux distro which installed the bare basics - glibc, gcc, net-utils, bin-utils, file-utils, kernel, etc, X optional. Not something like Mandrake or Red Hat which has evil tendencies to put both GNOME and KDE on your box whether you want to or not.
The closest thing I've come to this is following Linux From Scratch [linuxfromscratch.org]'s excellent instructions and compile the entire system from source - this is admittedly a lot of work, but at least you _know_ what's on your box when you install it, and you don't have to worry about vendor-specific kernel modifications and all that crap... And I ended up with a distro of <250MB after installing the most important things, including the full kernel source unpacked. This as opposed to the 800+ I had cluttering my disk after I put Mandrake 7 on it.
So, distributors, are you listening? I think there would be quite a high demand for something like this, especially from power users... BareBones Linux, anyone?
--
*BSD are all good (Score:2)
The way I see it:
And what is so great about these three groups is that they steal code from each other. What is in one will eventually turn up in the other.
"Secure by Default" (Score:1)
Re:Default password bloopers (Score:2)
Still, the fact there is a concerted effort on the OS level makes it possible to be tackle the security concerns at the applications level...
I say good job to the openbsd peeps.
Cheers,
edward.
Re:I have the most secure system (Score:1)
Ph33R my 5ki11z!
Why don't other OSs profit from OpenBSD audits? (Score:5)
I'm not so paranoid to think that OpenBSD wants to keep their fixes to themselves, in order to stay "the most secure OS out there".
So what is it then? Do other OS's developers just don't look at the OpenBSD pages to see what's fixed?
If it's a public tool (e.g. GNU), do the OpenBSD people submit a patch back?
If the OpenBSD keep up the good work, I think everyone can profit from it and then Bugtraq will read "Thanks to OpenBSD, all OS's fixed this vulnerability 5 months ago"
Secure Linux (Score:1)
http://www.kha0s.org (thats a zero, not an "o") which tries aims to be secure by default.
I wonder if Redmond Linux will try and be as secure as windows (http://www.redmondlinux.org/)
--
dont Mark me up as informative
(Reverse physcology for those bastards who keep on moderating me down from 1 to zero)
Security (Score:1)
BSD is better or should I say it is easier to install the OS so that all the obviously compromising crap is turned off or not installed.
What I want to know is whether or not the more expensive Redhat secure server could stand up next to a properly configured standard issue BSD box?
Re:Default password bloopers (Score:1)
On passwords, how many people do you think look at the root password dialogue box on a Unix install and say 'I can't think of a good one, I'll just make it "password" for now, and change it later'? I'd guess it's a hell of a lot. That's why the whole MSSQL thing was blown out of proportion - a weak password is just as bad as not having one at all, and perhaps worse.
Finally, the next time
Most Secure Well Known OS perhaps... (Score:5)
Granted, these operating systems take a quite different approach to security (rather than requiring strict application audits as in OpenBSD they instead try to eliminate the need for such audits through strict kernel control manifested in a number of sneaky ways). These systems have been, and are currently widely used by military, intelligence, financial, and, increasingly, high end e-commerce systems. In an attempt to increase public awareness and popularity of PitBull Argus Systems Group has begun giving it away [argusrevolution.com] for non-commercial use. Anyone interested in high security servers is highly recommended to check it out. It's no holy grail, and by no means the right solution for every problem, but it is a very interesting take on the problem, and quite a different way of looking at system architecture and administration than most of us get exposed to on a regular basis.
None of this is intended to steal OpenBSD's thunder - it's a great accomplishment, and far closer to existing operating environments than it's B1 counterparts (which makes it more accessable, and more flexable). Often, a B1 system will be severe overkill (or just too much of a pain to configure and manage), where OpenBSD will just work. So I'm not saying that OpenBSD is no good, I'm just saying that choosing the "Most Secure OS" isn't quite so clear cut...
Oh, BTW, there is a Trusted BSD [trustedbsd.org] project, but it's fairly young and as I understand it building a trusted OS is quite time consuming. When it's ready I think it will likely kick ass, but it may yet be a long way off.
--
Re:Default password bloopers (Score:2)
This is offtopic, but obviously you missed the point of the MSSQL7 story. The same vulnerability existed in a RedHat distro, but was immediately fixed and resulted in no breakins. However it resulted in tons of bad press for RedHat. The MSSQL7 issue will not be fixed, even in MSSQL2000, has resulted in hundreds of thousands of breakins, yet received 0 press outside of /.
The story was about mainstream publications having bad technical accuracy and a microsoft bias, not an attempt to bash microsoft.
Security Evaluation (Score:1)
Time to kick-in with the BSD questions :-) (Score:2)
BTW, is a cut-down version of OpenBSD still OpenBSD?
Okay I have to admit I don't know shit about BSD, but I could see the point to have such a project... Even if it's just to say to your boss "look pops, it's OpenBSD booting a write-protected media, it's bound to be secure!"
---
Nexus (Score:3)
Re:Default password bloopers (Score:2)
But, lets face it: there is such a great saturation of windows users that there are so many bad NT admins out there that it is absolutly sickening. One of the reasons that the vast majority of *UNIX admins, that I have met, are factors more competant on the whole than NT admins is simply that there is a certain level of experience (and dare I say it, intelligence) to gain entrance. That is something that is not there with NT simply because any nitwit with a do-it-yourself itch can install a warezed copy of NT. On successful (more or less) installation, they think that they know enough to get a job as an admin.. THAT'S where the trouble begins.
This is bad. VERY VERY bad. While I do not necessarily condone a required level of education to run a computer (some days I do.. just not today.
I might also go so far as to require these additional measures:
Maybe not realistic for a home user, but even NT5 won't let me install with less than 6 characters; why does linux (or Corel and RedHat, havn't reinstalled SuSE or Slack recently: didn't need to.
Finally, I think that you are wrong about the MCSE competency thing: awhile back, my company was interviewing for NT admins and a quite a few of the interviewees that we had com in turned out to be kids straight out of some two week MCSE cram course. No exp, nothing.
I'm also seeing more and more NT admins out there that are completly foregoing the MCSEs and just doing their jobs. They know full well that the MCSE exams are a load of crap and marketing hype.
Yours,
Rami
--
Re:I wonder... (Score:5)
What makes OpenBSD so secure is not the lack of severs that are installed pointlessly. It's the very, very stringent auditing, the "we don't put it in unless we are 100% certain there are no buffer overflows in it" philosophy. And that philosophy is rather incompatible with the demands of your typical Distro's customer base that always wants all the newest gadgets and features to play around with.
Re:Default password bloopers (Score:2)
I guess we all take the daily news in a different light; parse accordingly.
Rami
--
What is security, anyway? (Score:1)
Secure?! (Score:1)
Re:Security Evaluation (Score:1)
He didn't "discount the 'more eyes ..' philosophy" (Score:4)
If anything, he discounted the idea that more Linux users makes Linux more secure than OpenBSD. He says that most of these people can't write programs over 300 lines, and that they're no real help to the security of the system.
But that doesn't discount the idea that, for a given system, more eyes make for better security. OpenBSD would be more secure if more people were doing the same thing that Theo does with it. Okay, there's a possibility of too many chefs spoiling the stew at some point,I guess, but in general I think that it's pretty clear that more eyes looking at a given system makes that system more secure than it would be with fewer eyes.
Anyone arging that any system Foo is more secure than any system Bar if more people are looking at Foo than at Bar has a problem with their logic. (And, granted, most people have a problem with logic.) Like one person posted, his system is pretty secure now that the power supply has failed...
Rather than say that he discounts the "many eyes" argument, I would say that he brings out how important a few well-trained eyes spending a lot of time on a set of code can be. That's easy to forget (or to never know if all you know about writing code comes from reading ESR...).
FWIW
--
Re:Linux distros could learn something (Score:1)
What did you waste so much space on? My laptop has a normal Debian 2.1 installtion in 180MB, and it also had at one point the full kernel source, *and* a minimal X windows system. Or did you keep around teh sources of everything (in which case 250MB are impressive).
Re:What is security, anyway? (Score:2)
This is a common misconception, promulgated by marketing droids. Operating systems are not given security classifications, particular hardware and software installations are.
To use NT as an example, 3.51 was given a C2 classification, provided it did not have a floppy drive or network card installed.
Re:Default password bloopers (Score:1)
this is pathetic microsoft bashing. Please prove the hundreds of thousands of breakings, before making such claims. I think the magnitude is at hundreds...
Anyway, they have a useless firewall, if they let connections from internet to sql server. Although microsoft doesn't make it easier by locating sql server in port 1433
Bad maintanance leads to breakings, but Microsoft has a done a nice job making good maintaning hard to achieve.
Re:What is security, anyway? (Score:1)
Re:Linux distros could learn something (Score:1)
With only a few tasks selected at install time, I got a ~60MB system, and I probably could have made it even smaller.
I had never achieved that with Mandrake before.
Re:Secure? Well of course... (Score:1)
(PS: This isn't flamebait - I don't use either Linux or BSD in anger...)
Do you have a citation for the 260 copies of OpenBSD used for "most sensitive data" BTW?
This story [cnn.com] details that the NSA (the people who dictate what platform is used for greater than Secret data) are progressing with Linux as a new secure platform. Though this doesn't mean BSD will not be considered, it's fairly indicative.
I've often thought that Linux versions should include more crypto/security as standard (e.g. SSH, GPG, EFS, IPSEC (or even PPTP!), secure file deletion etc etc).
Rgds, Sam
Re:Security (Score:2)
"The only truly secure system is one which is switched off, disconnected from all networks, buried in a bunker made of six foot thick concrete with armed guards posted outside. Even then I wouldn't stake my life on it being secure!"
I tend to think this is overkill. Like everything in life, security is a trade-off. The more secure the system, the less usable it is.
OpenBSD is pretty good if you need high security, but is overkill for home users (and office workers). For this reason OpenBSD will never have the same popularity as Linux or Windows.
It still has its place though, in ensuring that standards are maintained in these other OS's as I believe that it really sets the benchmark for what should be possible with any OS. BrendanB.
Small code base and experience ease maintainance (Score:1)
Re:I wonder... (Score:2)
results in incompatiblities is a function
of the skill of the person doing the rewriting
and of the original design of the software, it
has nothing to do with the license.
Re:What is security, anyway? (Score:2)
Also, last time I looked, Windows NT got C2 only under very specific circumstances that have nothing to do with any actual productive environment.
Re:Secure? Well of course... (Score:1)
Well it's mentioned in the article.
And it was posted on /. what more could you ask for? [slashdot.org]
wrighty.
Theo's model working doesn't mean Linux's doesn't. (Score:3)
The Linux model (and the generic Open Source model, at that), relies on a broad pool of users with code access reading and using it. A lot of bugs, many of them security-relat, will be found this way.
However, though security bugs will be found and fixed with the infinite-monkeys methodology, it does fall short on finding security issues proactively. You can find a lot of holes in that fashion, but to really ultra-secure and OS, you need people who are as freakish about security as Theo. The other side of that is that the users who seek out OpenBSD are also likely to be much smarter about security themselves.
Linux is a reasonably secure OS for the "average" user, and the methodologies are adequate for the end result. The companies distributing the OS need to be more proactive about looking for holes, though - there's a lot of ways to root a Linux box, and the consequences of allowing it to happen are sufficiently high that it's worth more work to find holes before they get into the distro.
Say what you will about Microsoft, but their Windows Update is a really nice mechanism for distributing patches and updates - none of the Linux vendors (even Mandrake) come close to that level of functionality. Most Slashdot readers will be fairly proactive about their boxes, but that doesn't mean all Linux users are like that. They need an easier way to patch and update their boxes when holes are found.
- -Josh Turiel
Re:Default password bloopers (Score:1)
Buffer Overflows (Score:2)
Correct me if I'm wrong, but a buffer overflow is _not_ overwhelming a machine with data packets. That sounds more like a DoS attack. A buffer overflow is more like declaring a static char a[20] then exploiting the 20-character limit, inserting malicious instructions in the "over-the-20-character-buffer" overflow to be executed. If the program is, say, a daemon or a program run as root, well the overflowed instructions are also executed as root, allowing one to create an account, open a port for himself, yadda yadda yadda...
Buffer overflows have plagued the software industry for years, and are obviously more apparent in OS's that are connected to the Net. I'm sure MS Office is just full of 'em, but they're not always easy to discover.
Re:most secure os? (Score:2)
No, he's right... he's just using the MS definition of "secure".
We need an MS jargon file. Secure, standard, reliable, compatible, innovate,
--
Re:Linux distros could learn something (Score:3)
Re:Linux distros could learn something (Score:1)
Maybe some of the packages just have grown bigger, or maybe I had some other source files lying around - I can't remember. At this point there's a lot of extras on it, so I'm not sure exactly what it was when I started...
At least kernel 2.2.16, XFree86 4.0.1, Perl, gcc 2.95.2, glibc 2.1.2, all the basic stuff like make/man/groff/m4/flex/libtool/ncurses/whatever, bash, c++, vim... I suspect Xfree of having grown quite a bit since release 3, but that probably doesn't cover all of the 70 megs I had extra compared to what you have :) Maybe the X headers/libraries? You said your X was minimal :)
Anyway, 250MB is still small enough for me.. And I don't mind having a lot of stuff installed - what I do mind is having no control over what's on my disk :)
--
Re:What is security, anyway? (Score:2)
Anyway, they seem to have C2 certification for NT4.
Re:Linux distros could learn something (Score:1)
--
Re:Linux distros could learn something (Score:1)
Far From It. (Score:4)
However, the notion that OpenBSD is the "most secure OS", or even the "most secure OS in common use", is absurd. Nor is it the most secure OS "out of the box". Rather, it is the leader in out-of-the-box security in a rather narrow set of popular, open-source, Unix-like operating systems.
There have been commercially-available mandatory access control Unix-based operating systems on the market for years. The "trusted" variants of the commercial Unices are great examples. These operating systems get their security from the compartmental design of the system, and are thus largely immune to (unavoidable) trivial programmer errors.
A great microcosm of this same competition exists in the free SMTP MTA's. Modern, secure mail transports are written in a compartmentalized fashion, so that a bug in one subsystem doesn't compromise the whole thing, or worse, the whole OS it runs on. Systems like Venema's Postfix and Dan Bernstein's qmail (which has never had a published security hole) are examples of this design.
Meanwhile, legacy MTA's like Sendmail and Exim remain popular, despite a history of insecurity. Sendmail's authors would happily claim that, after literally decades of audit, it is secure despite a monolithic design. Nobody that takes security seriously buys this argument anymore, though, because effective alternatives exist that are built on a more secure design. So what's the difference between Sendmail and OpenBSD? Well, OpenBSD is orders of magnitude more complex and has had less than 10% of the long-term attention that Sendmail has had.
Calling OpenBSD "secure" in light of competition from Argus Secure Solaris or even wrapper systems like SeOS is not much better pitting Sendmail against qmail.
It's definitely true that in practical terms, OpenBSD is a more trustworthy distribution of free Unix code than Red Hat Linux. However, with very few exceptions, OpenBSD's design remains stagnant and embraces an obviously-inferior security model. Who do you expect to implement compartmentalization and Mandatory Access Control first, OpenBSD or Linux?
My money is not on OpenBSD in the long run.
OpenBSD Bootable distro (Score:2)
The topic of an OpenBSD bootable business card (or simply a small CD-ROM installation) was raised on misc@openbsd.org recently. I believe there's an interest in the project, and one correspondant was going to contact one of the people who'd helped put together the LinuxCare BBC (a pimp-ass Linux-on-a-CD distro that's with me always). Sorry, forget names, but check the past couple of weeks of archives.
My suggestion was that such a distro would be a great admin/rescue/demo tool, particularly if it allowed someone to set up a firewall with the system. One plus of OpenBSD is its union mount method, which allows mouting nonwritable media ass if they were a writable filesystem (I've heard that this may be a feature of the 2.4 Linux kernel as well). This allows for both the security of having nonvolatile media, and the flexibility of a mutable fileystem. Pretty cool.
What part of "Gestalt" don't you understand?
Re:What is security, anyway? (Score:1)
Assume I was wrong about the floppy drive and network card. However when you state Anyway, they seem to have C2 certification for NT4. you compound the fallacy about certification being given to and OS per se. If you look at the MS site it actually states that a particular configuration of NT 4 was being used for evaluation. The quote is
Re:Linux distros could learn something (Score:2)
I dont know what version of RedHat you used but 6.2. has the option to just install, Kde OR Gnome or try a server install, you are not forced to install both.
If you want just the basics get one of the "Linux on a floppy" distributions, and add stuff form there. compiling your own kernel as shown on "Linux from scratch" would be overkill for what you seem to want.
"Seek and thou shalt find", if you had made an effort to search then you might have seen this:
Trustix
http://www.icewalk.com/softlib/app/app_01091.html
or Bastille linux [bastille-linux.org]
kha0s [kha0s.org]
i could go on, and on and on, and on but instead i suggest you Read this Article [linuxplanet.com] it lists various security focused linux distributions.www.kha0s.org
Distributors are listening, but they should not underestimate the importance of marketing and gaining mindshare (case in point is the success of micro$oft).
--
"Rumours of my death have been greatly exaggerated"
http://www.mozilla.org
Re:What is security, anyway? (Score:2)
I linked to a checklist of things you need to change to match their configuration, so I didn't intend to mean a default install of NT is compliant. I simply intended to show that NT4 can be made C2 compliant, and put an end to the 3.51/no floppy/no network anecdotes.
Re:Theo's model working doesn't mean Linux's doesn (Score:2)
Re:Linux distros could learn something (Score:2)
And you are right, for anyone that wants todo LFS right now it's a _wonderfull_ getting-to-know-and-learn-linux way and doing-it-my-way-from-the-ground-up instead of taking-a-distro-and-moldy-it-into-what-i-want.
We have started a subproject called ALFS, Automated LinuxFromScratch, which will automated the installation, there are several implementatoins allready done in bash, etc.
The design for ALFS is quite flexible though it's had a hard time taking off, mainly as developers have been busy, etc...but inside of a week everything should be running full 'till.
I know myself, Pual and Bryan are planning on making a small HOWTO on basic security procecudres one _should_ do to make a system secure.
Either way, i suggest everyone take a look, you can learn quite alot about linux in general and UNIX, The project has been around for a while yet wtill in heavy development, Gerard should be releasing version 2.4 which will replace the old 2.2 stable version, and it doesn't take too long, on a half-decent box you could do it in 5 hours (i've done it
Considering you have almost no daemons/clients/ or whatever installed it's allready more secure then almost everything out there... i'll tell ya, give this project a little time.
Anyways... just mumbling now *winks*
btw: too all those Debian ppl, this is a _full development system_, you should also make sure you strip all your binarys and libraries as it's saves _alot_ of room
-
Re:What is security, anyway? (Score:3)
Regards
NT4 *not* C2 certified (Score:5)
If you read the Microsoft NT C2 Configuration article [microsoft.com] closely, with comprehension, you'll find that it speaks of NT 4.0 being evaluated, but never certified, as being C2 compliant. This was addressed in this [neohapsis.com] BugTraq post. Believe you me, if NT 4.0 had been certified, Microsoft would be singing it to the heavens. But they don't want you to know that. You'll also note that "The C2 Administrator's and User's Security Guide" is itself a MS Windows executable (http://www.microsoft.c om/technet/security/exe/C2SecGuide.exe [microsoft.com]), hardly the most secure and safe way to transmit data around the Internet. Anyone got an open-standards version of this document?
They also don't want you to know about the man they killed after he first got WinNT 3.51 C2 certified, then told Microsoft that it would not be possible to get C2 certification for WinNT 4.0. Ed Curry [cryptome.org], military man, NSA-certified technician, and a former independent contractor for Microsoft first had his business, health, and ultimately life destroyed. I knew Ed only from online encounters in Nick Petreley's InfoWorld forums, but the man was a friend, willing and capable of sharing fascinating information. Ed Curry died in December of 1999 of a stress-induced stroke. He is survived by a wife and young daughter.
What part of "Gestalt" don't you understand?
Re:Most Secure Well Known OS perhaps... (Score:2)
I had to check the argusrevolution site out, and boy did I run away screaming. I'm really not sure who the target audience is (for the site anyway).
The site seemed to be designed for the im-so-cool-im-@-h@x04-fux0r-@11 people. So, the old boring me decides to try lynx. It definetely looked better [tec.puv.fi].
Oh well, the weekend is coming so maybe I'll try it when I'm wasted properly.
Re:Time to kick-in with the BSD questions :-) (Score:2)
Small and embedded FreeBSD (PicoBSD) [freebsd.org]
PicoBSD is a one floppy version of FreeBSD which in its different variations allows you to have secure dial-up access, small diskless router, or even a dial-in server. All of this on only one standard 1.44MB floppy disk. It runs on a minimum 386SX CPU with 8MB of RAM, and no hard drive is required!
C2 is NOT secure!!! (Score:2)
Besides, evaluation requires huge amounts of $$$ and documentation, and may not actually involve an exhaustive code audit. (C2 certainly does not.) Frankly, Theo is not impressed [sigmasoft.com] with TOS evaluations, and might have to wea ken [sigmasoft.com] OpenBSD's crypto to get such a rating.
It is much more reliable to just turn things off [sigmasoft.com] until you have time to audit them.
OTOH, Theo's decisions are not flawless. C2 would require ACLs, and Theo does n't want them [sigmasoft.com] in OpenBSD. I think he's correct, that they usually are a problem, but I think that an admin should have the option of using them.
Re:Windows Update (Score:2)
They also have an Office Update site as well that uses the same technology (a funky ActiveX control) to check for and patch Office 2000 code.
What Microsoft doesn't do is roll every single update into Windows Update - a lot of the security hole patches for servers are only accessible from the kbase article or the Security homepage. Windows Update is more focused on the consumer OS and apps.
- -Josh Turiel
Re:Why don't other OSs profit from OpenBSD audits? (Score:2)
b) Theo and company don't remove security bugs from software, they remove sloppy coding. Most other OS maintainers don't want the OpenBSD team to post 300 "this code was sloppy" comments to bugtraq. It's only after the fact that the sloppy code is determined to be a security flaw. Thus the frequent "we already fixed that" posts.
Busy Auditors (Score:2)
10 programmers, working every day for 18 months would have to audit over 65k of source per day to reach 350 megabytes. My guess that on average, 65k of source would end up being about 1800 lines of code.
I wonder (a) how much of that is in comments and (b) if perhaps some portions do not need to be audited.
Re:Linux distro security (Score:2)
More than one Theo (Score:2)
I greatly admire Theo's work. I just don't think you'd want two of him on the same project, maybe even the same planet.
--
Re:Linux distros could learn something (Score:2)
Having installed both, and as a current user of both, I feel free to comment. Debian dosen't compare in that it gives too much choice, and asks many more questions at install. I agree with the original poster: OpenBSD has an excellent default install. Not that many packages are installed, but everything that a unix system should have is there.
BSD? psha! MINIX: hands down the most secure. (Score:2)
if you don't have console access, you can't get into even the least secure minix box
Debian does not "come close" (Score:3)
Debian has apt, which has several advantages over Windows update:
1. Debian is mirrored on several zillion servers, so if one is slow or down, you can simply choose another. Route to MS gets messed up? Too bad for you...please hang up and try again.
2. You can update ALL of your packages, barring those you've had to compile from source, which, considering the sheer volume of Debian packages, =="not bloody many".
3. You can use it from the command line, which is a good idea if you're updating X-Windows
4. You don't have to do anything evil like run ActiveX controls to use apt-get.
5. Apt-get will let you upgrade the ENTIRE SYSTEM AT ONCE. Try using Windows update to move from NT 4.0 to Windows 2000 -- without even rebooting
Re:I have the most secure system (OT) (Score:2)
Just wanted to let you know that power or not, "they" can still get at you.
Actually, close to it. (Score:2)
Take a look at the BSD-derived OS shipped with the Sidewinder [securecomputing.com] firewall, which they call SecureOSTM. Secure Computing has compartmentalization implemented in what they call Type Enforcement [securecomputing.com].
Re:*BSD are all good (Score:2)
BSD Cannot take Linux GNU-licensed code
There is no GNU code in the BSD kernel, and any cool code that Linus comes up with and releases under the GNU license cannot be directly used in BSD.
In that respect, the BSD license slows development of the *BSDs, especially drivers for new hardware. This is not always a bad thing.
1 Genius 10,000 Journeymen (Score:2)
Yet no distribution of linux is as secure as OpenBSD. Your entire line of reasoning is specious, and you conclusion is unwarranted.
Theo is correct. Security analysis is difficult - even most experienced programmers have no idea how to properly apply security in their code. "More eyes" in this case are largely irrelevant and maybe even detrimental if they don't know what they are doing.
In any case, it doesn't appear that the linux community has mustered "more eyes" than the OpenBSD team, and your presumption with regards to this is largely naive.
The "fact" doesnt' exist. (Score:3)
It doesn't, because that fact doesn't exist.
Its been EVALUATED. Not certified.
And no, you can't have YOUR installation certified, either.
Additionally - the 3.5 (not 3.51) Certification - *was* without a network or a floppy drive.
I simply intended to show that NT4 can be made C2 compliant, and put an end to the 3.51/no floppy/no network anecdotes.
You were simply, wrong.
First - its 3.5. On 3 machines (2 x86, 1 Alpha) with a certain service pack. And no floppy, no network card. its not anecdotal. Go find the facts, and read them.
And the default of NT isn't complaint/certifiable. NT 4 has *never* been certified as C2 (Orange Book) secure.
And attempting to put an "end" to the factual complaints based on a badly flawed understanding is not a good idea.
Addison
Pleeeeeeaaaase.... (Score:3)
Most secure OS my @$$. OpenVMS right out of the box is literally orders of magnitude more secure than any *nix. NO buffer overflow exploits (never had 'em, never will). NO means of gaining priviledged access from a nonprived account. NO means of cracking passwords in SYSUAF (thanks to a strong one-way hash). Heck, you need a prived account just to look at SYSUAF! The amazingingly TINY handfull of security wholes which have occassionally cropped up in VMS over the last 23 years have been promptly corrected.
The only ways to break into a VMS system are:
- "Social hacking" -- tricking someone into telling you their password or guessing at sites with poor password policies,
- Packet sniffing at sites where SSH and other secure connection techniques are not used (again, a policy issue),
- Gaining physical access to the console and using documented procedures for by-passing password protection.
That is all. Period. There are NO other ways. Zero. The same cannot be said of ANY other OS.And don't hand me the "closed-source, proprietary OS, security through obscurity" arguements. The OS is better documented than any other in the world (most of it available on the web), including the system internals. Source listings are available for a fee for every part of the OS except those portions related to license handling (for obvious reasons).
Re:Why don't other OSs profit from OpenBSD audits? (Score:2)
As the article notes, security is a mindset. You have to be a certain type of person with a certain outlook on life. I've setup some routers/firewalls for some friends and some of them could careless whether telnet is secure or not. I know others, mostly system admins, who cringe at the thought of even typing 'telnet'.
Oh, I dunno but maybe licensing conflicts might screw up some people. BSD's pretty liberal about usage but you never know about how others take that.
Re:Debian does not "come close" (Score:2)
Re:"Secure by Default" (Score:2)
There should be a secure OS which can be used for a webserver (or similar) without any tweaking or installing additional software, which is secure out of the box.
Oh wait, there is, and it's called OpenBSD.
And I want security, and OpenBSD makes that possible with a default installation. This is why I downloaded and installed it in the first place. It was either that or FreeBSD (I was a linuxhead for a long time, used Slack, Redhat, and Debian) and security won. I do admin and analyst work for a living, I really don't want to come home and have to worry about if I got hax0r3d. I'd far and away prefer that some other people were going through code line by line for me. Hence, OpenBSD.
Re:Security (Score:2)
Sure, but the WOL feature doesn't wake up your system every time it sees a packet, or even every time it sees a packet which could conceivably be interpreted as belonging to it. If it did, no machine on a NetBIOS network would ever go to sleep, due to the dramatic quantity of broadcast traffic.
One of these days I need to look up what WOL DOES wake up on, and just what a "Magic Packet" entails.
Re:Why don't other OSs profit from OpenBSD audits? (Score:2)
is a boring, tedious task; it doesn't scratch anybody's itch except Theo and his team and thye're already fixated on BSD.
One or more of the commercial distributions probably ought to pay people to do the tedious auditing tasks, but a.t.m. they're all focused on front-end/user-friendliness issues, making Linux 'ready for the desktop' not making ready for Enterprise and Gov't applications. (Or, since Linux is really already doing both, I mean a broader range of enterprises and gov't applications, just to pre-empt any flames.)
--Parity
Re:Secure?! (Score:2)
I know this is flamebait-esque, but MacOS9 and below being secure is certainly an artifact of the OS just not doing that much.
UNIX has tended to run, as standard services, a much larger set of applications. Until recently Apples used only Appletalk to speak to one another, and TCP/IP to speak to the rest of the world (Or to NT boxen or Linux boxen which were willing to deal with them.) So there really wasn't any way to do anything to a Mac remotely.
MacOS is also a single-user operating system (Does that change in X?) with only a local login context. I'd guess there's a PC-Anywhere equivalent for it by now (Ah yes, VNC [att.com] seems to be in beta) so there's another potential source of vulnerability. ph34r me as I hax0r your mac from my Wince handheld.
Re:The "fact" doesnt' exist. (Score:2)
I understand that the 3.5 certification was without a network or floppy drive, but that isn't the only C2 rated NT product, which is what I was driving at.
I hate being put into a position where I feel like I'm defending Microsoft, but it's silly to play word games with these ratings. NT 4 has been evaluated at C2, and so it has a C2 rating.
This bores me now. Anyone that actually cares to know can jump around the TPEP site and draw their own conclusions.
Re:NT4 *not* C2 certified (Score:5)
NSA's computer security evaluation program hasn't been very popular. NSA also evaluates security equipment like padlocks and safes, and back in the '80s when they started evaluating computer systems, they thought much the same approach would work. Early on, evaluations were conducted by in-house NSA staff, under a "two-try" system; the system was evaluated once, and if it didn't pass but looked promising, the vendor was given hints on what to fix. The second try was pass/fail; no further tries were allowed. It wasn't considered the job of the evaluation team to debug the system.
The current scheme is much more vendor-friendly. Evaluation is usually done by outside contractors paid by the vendor. The vendor can keep trying to pass as long as they pay the vendor. NSA then reviews the evaluation. That's how NT 4 got through.
Even under the same criteria, the new approach is much easier to pass. Under the old scheme, vendors didn't go for evaluation until they were really confident of their ability to pass, since outright rejection was possible. Now, vendors can submit whatever they've got and keep debugging until they wear down the evaluation contractor. That's not good. Note that it took Microsoft years of trying to get NT 4 through.
C2 is a very low standard. Nothing below B2 is really serious. It's embarassing that NT can't make C2 out of the box.
The list is depressing. Little has been added in recent years. The security properties of commercial products are so weak today that it's embarassing. Yes, the criteria are dated, but that's not the big problem.
Re:Why don't other OSs profit from OpenBSD audits? (Score:2)
Therefore,they fix a lot of stuff which -could- be a vulnerability. The fix anything that looks remotely suspicious at all. This is a fairly paranoid view of the world.
Bugtraq, however, tends to only have proven exploits. It's hard enough for most developers to keep up with this much smaller set of problems. They don't have the time to fix all of the possibles, maybees, and coulds that the OpenBSD people fix.
On the other hand, I'm sure that if there was a very serious problem in a common GPLed tool, the BSD people would submit a fix if they were the ones to find it. However, OpenBSD, while it does include GPLed software, tries to avoid it, since the GPL has more restrictive terms than the BSD licence. So, they aren't playing around with a very large set of GPLed software.
I do remember reading that some major OSS group (Apache ?) uncovered a large number of serious buffer overflow exploits in the TCP/IP stack of nearly every OS out there, OSS or not. They submited patches to all of the open ones, but the closed OSes are still mostly vulnerable. Different open-source teams do contribute to one another, which is part of the strenght of open source.
It's for real (Score:5)
As for the current location of that online community, follow my
BTW a question you probably have right now is whether or not we can be believed. Well we both have sufficient credibility to be automatic +2's on this site, and in fact were among the first batch of moderators selected here. You could also do a Google [google.com] search for either of us. Or look for Ed Curry.
Yeah, what happened to him is pretty astounding. The lack of press reporting on it is pathetic. But I assure you that the basic story is true.
Regards,
Ben
Rated a failure (Score:2)
Regards,
Ben
OpenBSD is *not* "secure by default"... (Score:3)
The problem with buzzwords is that they so rarely mean what their obvious meaning is. When I see "secure by default", that tells me "I can install OpenBSD in its default install, throw Apache and my MTA-of-choice on it, and it'll still be safe". That's what secure by default suggests to me; that a clean install of the OS and the daemons you need to run your business will be secure, by default.
The problem with it is that this isn't anywhere near to the case. I've got lots of kudos for OpenBSD's large, distributed security audit. I think it's a brilliant idea, and I wouldn't mind seeing Linus say "okay, for the next six months all development is frozen and we're going to audit our codebase".
Unfortunately, security audits are not synonymous with security. (Trust me on this one.) Security is a process, not a product; it cannot be magically generated by anything, not even OpenBSD's vaunted audits. You run into Heisenberg's Catastrophe at some point--assuming that your auditing process was complete and accurate, your codebase is safe; but then you have to audit the audit process to make sure you didn't leave anything out... then you have to audit the audit of the audit... and so on.
These are the main problems with audits that I've found:
LIMITED MANPOWER. The scorn that Theo heaps on the Linux community is, in some sense, warranted. What Theo misses is that where Linux has a huge amount of manpower, mostly of limited skill, OpenBSD has a miniscule amount of manpower, mostly of fairly high skill.
The problem is that security audits are limited by manpower more than they are technical skill. A thousand coders of only amateur skill can go through code at a huge rate; it's not hard to spot unconstrained buffers (buffer overflows), pointers that never get free'd, etc. If they were only ten coders strong, it would not matter how much skill they had, they simply wouldn't have the manpower to do a thorough code review.
INCOMPLETE SECURITY AUDITS. OpenBSD's security audit means they have an extremely high-quality kernel and tools. When even ls has been audited, you know they're doing something. However, Apache, sendmail and other large programs have not been audited by the OpenBSD team. Putting an old, vulnerable version of Apache on an OpenBSD box exposes potential risk.
(Before the OpenBSD people accuse me of FUDding, let me emphasize potential. The root exploit against Apache/Linux might fail on Apache/OpenBSD, due to OpenBSD's security consciousness. The point here is not to say "Apache makes systems insecure"--it's to say that there are a lot of daemons running on modern boxen, and many of these daemons have not been audited.)
INCOMPETENT SYSTEM ADMINISTRATION. Most root exploits I've seen--regardless of operating system--have taken place due to incompetent system administrators. OpenBSD does some things right by shutting down all nonessential ports by default (as opposed to Red Hat, for instance), but these are just Band-Aid measures over the festering, necrotic wound of incompetent sysadmins.
INCONVENIENCE. One of the biggest motivations for people to bypass security precautions is that security is inconvenient. If a user bypasses a precaution, that's worse than if the precaution never existed in the first place. There's a difference between a sysadmin who says "all our passwords are secure, because we use shadow passwords and force our users to change them every month" and the sysadmin who says "I don't know if our passwords are secure, despite the precautions we take".
The former, more likely than not, has users who are so frustrated by the bondage-and-discipline security precautions that they leave their passwords on Post-It notes attached to their monitors. The latter probably has them, too, but at least isn't fooled into thinking he's safe.
OpenBSD has some very useful security precautions, yes--but the most useful precautions are those that are transparent to users (security audits, jailing daemons, etc). The more intrusive your security becomes, the greater the likelihood your own users are going to circumvent them.
LIMITED FEATURES. Remember that oftentimes security is enhanced by adding features. Adding ACLs, for instance, could be a boon to sysadmins everywhere and result in more secure boxen. Since OpenBSD's developers spend so much time auditing, though, they're significantly behind the pack when it comes to keeping current with other Unices.
... All that said, though, if I were setting up a network, all of my machines visible to the outside world (mailserver, webserver, etc.) would be running OpenBSD or Pit Bull or Trusted Solaris. Probably OpenBSD, due to the fact that I already know UNIX reasonably well and I don't need the bondage-and-discipline of Trusted Solaris (see "INCONVENIENCE" above).
It's not a lie or disinformation. (Score:4)
Regards,
Yet another "Ed Curry is real" post. (Score:3)
Re:Yet another "Ed Curry is real" post. (Score:3)
http://foundation.geneseo.edu/scholarships/scho
which points to a $500 scholarship established in his memory.
Most of the relevant Ed Curry posts occured in the old Infoworld Electric forums, which, unfortunately, aren't easily searchable any more.
250 Google results, none useful... (Score:2)
This is all kind of disheartening - 250 results, not a one really gives any information about what several people claim MS did to this man. And the only page that really mentioned his the cause of his death mentioned it because his lawsuit against MS was dropped because of it!
I was hoping that the IWETHEY users could give links to the archives, since I couldn't find anything after a fairly quick look - I concentrated more on the Google search. It's kind of sad that there doesn't seem to be anything on the web explaining what MS did - maybe someone should write something.
Re:Yet another "Ed Curry is real" post. (Score:3)
Re:250 Google results, none useful... (Score:2)
This points to the thread we're discussing about Ed right now - there are some transcripts of what he originally posted in the Infoworld Electric forum.
The main problem is since he never took legal action against Microsoft, most of his allegations don't have much documentation. But I can attest to reading his posts over a several year period as his finances slipped and fell apart due to the situation we've been talking about.
Ed was a Good Man.
Re:Linux distros could learn something (Score:2)
Actually, all of the BSDs have the software base that Linux has, through the emulation layer.
As for Linux being "a lot speedier", I think you're either exaggerating or not making a fair comparison. Most performance differentials can be eliminated with a little config file editing.
Re:Theo's model working doesn't mean Linux's doesn (Score:2)
Re:Rated a failure (Score:2)
They got a different certification (IIRC from England) that they called C2-equivalent. Well their opinion on the equivalence is irrelevant, it wasn't C2 which is what they tried to make it look like.
Lies? Microsoft? Whodathunkit?
Images not allowed here so visit our usual sign [idirect.com] elsewhere...
Cheers,
Ben
Re:OpenBSD is *not* "secure by default"... (Score:2)
These days, an audited version of Apache is included in the OpenBSD base. When you run httpd, that's Apache-1.12 (IIRC).
Same case with your MTA -- sendmail is included in the base install.
And, passwords -- OpenBSD has no default password policy. I don't even think that, at present, it has a mechanism for expiring passwords at all. They're not into preventing user/admin stupidity -- just code correctness/robustness.
But, of course, security is a process, and the worst thing you can do with an OpenBSD box is get overconfident. Audits aren't magic fairy dust.
VMS security? (Score:2)
The big VMS bug: DECnet.
While I love VMS, don't get me wrong, there are a lot of people out there with VMS boxen which have a DECnet daemon that has SYSPRV enabled.
This doesn't strike them as bad, until some user with NETMBX runs tell.com, runs authorize.exe through tell, and gets SETPRV. :)
That said, I'd rather run a webserver on VMS than any other OS. The ability to use ACLs to control access by CGIs to specific files is far too attractive; most *nix systems wind up having to grant world read/write access to things that CGIs generate, which is just dumb and bad.
Frankly, if you want security in VMS, you pretty much have to deny your users NETMBX and install individual applications with it. The problem is you have to install a lot of applications.