[4361] in WWW Security List Archive
Re: UNIX less secure than Win95? (was Re: Sceptic about (Funds ...)
daemon@ATHENA.MIT.EDU (Matt Mosley)
Tue Feb 11 15:34:48 1997
Date: Tue, 11 Feb 1997 12:53:30 -0500 (EST)
From: Matt Mosley <mattm@sumac.digex.net>
To: jay@homecom.com
Cc: www-security@ns2.rutgers.edu
In-Reply-To: UNIX less secure than Win95? (was Re: Sceptic about (Funds ...) (Jay Heiser)
Errors-To: owner-www-security@ns2.rutgers.edu
References: <9702100025.AA26138@omsk.quadrix.com>
<32FF3A6F.76F7@HomeCom.com>
FCC: ~/Mail/sent-mail
On February 10, Jay Heiser wrote:
> Whoah! I hope I'm not quoting you out of context. Security issues
> rarely have
> a higher priority than business issues.
For vendors, yes. It's very unfortunate.
> Those two operating systems are
> way too
> useful to be thrown out. Its going to be impossible for those two
> operating
> environments to go away until sometime well after all necessary personal
> productivity apps have moved to a newer environment -- for better or
> worse, that
> looks like Win32 (your choice of flavors).
Actually, many of these apps (not all, but many) have already been
ported to UNIX systems of some kind (and where they haven't, other
ones are generally available.)
> Would you be happy with NT? Whatever its relative degree of
> 'secureness', I'm going
> to go out a limb and say that its easier for an inexperienced user to
> cause damage
> with UNIX than with NT. But even though its easier to use, NT still
> requires an understanding
> of computing that Win95 does not.
How is this so? In a secure UNIX environment, it's very difficult for
an inexperienced user to cause damage. It's also much easier to make
UNIX secure than it is to make NT/95 secure; source code is generally
available for most any UNIX application.
> I could easily run UNIX at home, but its a lousy personal productivity
> environment.
I disagree. I run it at home, and it's an excellent productivity
environment. In fact, I find it to be much more useful than anything
Microsoft has ever written.
> I couldn't easily run Quicken, MS-Word, my scanner, and my tax prep
> software. It
Maybe not those particular packages, no. But there are others
available.
> might be more secure than the Win95 I'm using now, but I couldn't do
> anything,
> so I might as well save my money and use my typewriter. ;-)
This sounds more like a personal problem. If you investigated enough,
you'd find that you could do all of these things - and more.
> Let's avoid religious wars about which operating system is 'best' (or
> even meaningless
> debate about whether Win95 is an operating system). No one can make
> that determination
> without doing requirements analysis up front. For most people, Win95 is
> still the
> best choice. Its easy for us on this list to prophesize about all
In one sentence, you say "let's avoid religious wars" and in the next
one "for most people, Win95 is still the best choice". Sounds like
you just don't feel able to respond to any intelligent argument, so
you want to try to voice your opinion and be done.
> BTW, which operating system is sucessfully attacked more often over the
> net,
> UNIX, NT or Win95? So far, its been UNIX, hasn't it? Couldn't we
> make a case
> that UNIX is less secure than Win95? Is there a 4th choice to consider?
No, we couldn't. It's a simple case of UNIX being around much longer,
and having much more public availability and scrutiny. NT is so new
that not enough people have analyzed it yet to find the holes (plus,
there's no source available for it so it's more difficult) and 95
isn't really even an operating system (and even if it was, it has no
default ability to accept incoming connections; if you turn off inetd
and all incoming connections on a Unix box, you'd achieve the same
thing as Win95).
-Matt
P.S. I don't speak for my employer on the above, just personal
opinion.
Matt Mosley DIGEX (Digital Express Group, Inc.)
mattm@digex.net 6800 Virginia Manor Road
Network Security Administrator Beltsville, MD 20705-4212 USA
