[4377] in WWW Security List Archive
Re: UNIX less secure than Win95? (was Re: Septic about (Funds ...)
daemon@ATHENA.MIT.EDU (Phillip M Hallam-Baker)
Wed Feb 12 02:56:29 1997
From: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>
To: "Matt Mosley" <mattm@sumac.digex.net>, <jay@homecom.com>
Cc: <www-security@ns2.rutgers.edu>
Date: Wed, 12 Feb 1997 00:43:12 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
> Actually, many of these apps (not all, but many) have already been
> ported to UNIX systems of some kind (and where they haven't, other
> ones are generally available.)
The problem with UNIX versions of PC applications is that they tend
to be poor quality or exorbitantly expensive. Last time I tried to get
a workstation wordprocessor I was asked more than the price of a
PC with Office loaded. If nothing else this leads me to believe that the
platform has little future.
> How is this so? In a secure UNIX environment, it's very difficult for
> an inexperienced user to cause damage. It's also much easier to make
> UNIX secure than it is to make NT/95 secure; source code is generally
> available for most any UNIX application.
Actually this is not the case. I've spent the past few months securing
a UNIX box somewhat beyond the normal range. Its unfortunate that many
of the facilities in UNIX are considerably more exposed to the network than
necessary. One example that shocked me was that the tape subsystem in
Digital Unix depends on the remote procedure call system.
There is a considerable advantage of not having the graphical interface
directly net accessible.
> > I could easily run UNIX at home, but its a lousy personal productivity
> > environment.
>
> I disagree. I run it at home, and it's an excellent productivity
> environment. In fact, I find it to be much more useful than anything
> Microsoft has ever written.
I've used every major operating system since MVS. UNIX comes in in front
of MVS and MSDOS but not much else. I've known other home brews that
were more useful.
> > I couldn't easily run Quicken, MS-Word, my scanner, and my tax prep
> > software. It
>
> Maybe not those particular packages, no. But there are others
> available.
At ten times the cost - unless there is a freeware version. Thats not
always
so though. I don't know of a good WYSYWIG editor or spreadsheet.
> No, we couldn't. It's a simple case of UNIX being around much longer,
> and having much more public availability and scrutiny.
Scrutiny is not as important as architecture. The problems of UNIX security
tend to be inadequate design. All the scrutiny in the world will never fix
sendmail.
> NT is so new
> that not enough people have analyzed it yet to find the holes (plus,
> there's no source available for it so it's more difficult) and 95
> isn't really even an operating system (and even if it was, it has no
> default ability to accept incoming connections; if you turn off inetd
> and all incoming connections on a Unix box, you'd achieve the same
> thing as Win95).
Actually not true. Not all the vulnerable systems run of inetd and some
potential security risks turn out to be depended on by other systems.
Phill
