[LUAU] Its time to simply ban Windoze machines from the Internet
Tim Newsham
newsham at lava.net
Thu Oct 19 09:58:29 PDT 2006
It's apparent that this is quickly becoming religeous. It is not my
intention to start a religeous OS battle... Linux is great. I use it all
the time. FreeBSD is great. I use it all the time....
> Please. Windows is *full* of holes, and by default, it essentially runs as
> "root" (or the Windows equivalent).
As I stated earlier, most malware doesn't rely on software vulnerability.
It doesn't matter if there are holes when malware isn't using holes to
install itself (in essense the human behind the computer *is* the
vulnerability). It is true that most windows users are effectively
running as "root" and this gives malware some benefit (but remember,
malware can operate perfectly fine in a non-root role), but in fairness, a
large majority of linux users also run as "root" (albeit smaller fraction
than in the windows world).
The "root" argument isn't very compelling. There is a long history of
privilege escalation attacks on all operating systems and a large number
are being found regularly on ALL platforms, including windows, linux, *BSD
and OS X. The step from local user to local administrator is a much
smaller hop than from external attacker to local user. If I was a malware
author, though, I wouldn't even bother. You can get the job done just
fine from a non-administrator account.
> I've had linux machines on the wide-open net for years with nary an issue
> (save a RedHat machine in 1999 or so that got rooted when it was sitting in
> my home at the end of a T1 line.)
That's funny, in that same time period (I believe 2001) a study showed
that on average it took a few minutes for a fresh redhat 7 box to be
"owned" when it was put on the network. If anyone is interested I can
hunt down the study (it was part of the honeynet project). Linux security
has come a long way since (they werent even configuring packet filtering
in the default installs and were, by default, running a lot of unneeded
services) but so has the security of Windows.
> Go ahead, put your XP machine up on a raw, unfiltered IP connection. See how
> long it lasts.
Unfiltered as in not behind a firewall? People do it all the time. I do
it occasionally (though not regularly). XP comes with its own packet
filter installed and configured since XP SP2. In its normal configuration
there are no externally accessible ports. So unless an attacker is
hitting a vulnerability in the TCP/IP stack itself or in a service that
the user explicitely added to his system, there's no remote server
exposure. It's the client stuff you have to worry about since firewalls
don't protect connections that you initiate.
> jim
PS: re: Julian's message -- I'll buy the argument that a faster
patching cycle for Mozilla would be less advantageous for attackers.
It still wouldn't prevent malware, but it would reduce the effective
window of attacks that rely on a vulnerability.
Tim Newsham
http://www.thenewsh.com/~newsham/
More information about the LUAU
mailing list