[4387] in WWW Security List Archive
Re: UNIX less secure than Win95? (was Re: Septic about (Funds ...)
daemon@ATHENA.MIT.EDU (Charles Brian Hill)
Wed Feb 12 16:08:01 1997
Date: Wed, 12 Feb 1997 13:03:28 -0500 (EST)
From: Charles Brian Hill <hill@unr.net>
To: Phillip M Hallam-Baker <hallam@ai.mit.edu>
cc: Matt Mosley <mattm@sumac.digex.net>, jay@homecom.com,
www-security@ns2.rutgers.edu
In-Reply-To: <199702120548.AAA02575@life.ai.mit.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
On Wed, 12 Feb 1997, Phillip M Hallam-Baker wrote:
> > Actually, many of these apps (not all, but many) have already been
> > ported to UNIX systems of some kind (and where they haven't, other
> > ones are generally available.)
>
> The problem with UNIX versions of PC applications is that they tend
> to be poor quality or exorbitantly expensive. Last time I tried to get
> a workstation wordprocessor I was asked more than the price of a
> PC with Office loaded. If nothing else this leads me to believe that the
> platform has little future.
>
Hmmm....You might want to check your sources. I believe ApplixWare from
Red Hat is available for aroun $500, with a student version for $79. This
is comparable to Microsoft's Office Suite, whose student version costs
approximately twice as much.
As for the exorbitant cost of UNIX applications, keep in mind what comes
with the software. On the whole, UNIX applications are supported
indefinitely from the time of purchase. Take a look at SunOS (a brief and
oversimplified example, I apologize). Sun still supports the older SunOS
as well as continuing development on Solaris. Vendors tend to offer much
more long term support with UNIX applications.
When you argue that UNIX has little future, you should consider what is
currently being done with UNIX...at least 80% of servers on the internet,
as well as 80% of the research computing machines. There are many
applications which Windows 95 or Windows NT, for that matter, simply
cannot handle.
> > How is this so? In a secure UNIX environment, it's very difficult for
> > an inexperienced user to cause damage. It's also much easier to make
> > UNIX secure than it is to make NT/95 secure; source code is generally
> > available for most any UNIX application.
>
> Actually this is not the case. I've spent the past few months securing
> a UNIX box somewhat beyond the normal range. Its unfortunate that many
> of the facilities in UNIX are considerably more exposed to the network than
> necessary. One example that shocked me was that the tape subsystem in
> Digital Unix depends on the remote procedure call system.
>
Ah, months? I would assume you are not experienced in UNIX System
Administration. I, or any other thoroughly competent system administrator
would be able to implement any given level of security in one day or less.
Windows or UNIX, both can be made secure by not accepting connections of
any type over the internet. Case closed. However, the real security
differences appear when you want your server to actually be accessible on
the internet.
> There is a considerable advantage of not having the graphical interface
> directly net accessible.
>
Don't forget that, on UNIX, the GUI is accessible over the internet, but
only so far as you let it be. If you don't like this, TURN IT OFF.
(That's the general rule with UNIX.)
> > > I could easily run UNIX at home, but its a lousy personal productivity
> > > environment.
> >
> > I disagree. I run it at home, and it's an excellent productivity
> > environment. In fact, I find it to be much more useful than anything
> > Microsoft has ever written.
>
> I've used every major operating system since MVS. UNIX comes in in front
> of MVS and MSDOS but not much else. I've known other home brews that
> were more useful.
>
For your inexperienced, personal productivity, UNIX may as well be dead
last. You yourself are the limiting factor as to how productive you are
with UNIX. Realistically, UNIX cannot be compared with any of the
Microsoft so-called "operating systems." If you would like to get into a
technical discussion of the merits of various operating systems, I would
oblige. However, this discussion is tending more towards productivity and
usefulness, so I'll move on.
> > > I couldn't easily run Quicken, MS-Word, my scanner, and my tax prep
> > > software. It
> >
> > Maybe not those particular packages, no. But there are others
> > available.
>
> At ten times the cost - unless there is a freeware version. Thats not
> always
> so though. I don't know of a good WYSYWIG editor or spreadsheet.
See above. Red Hat Software's ApplixWare.
>
> Actually not true. Not all the vulnerable systems run of inetd and some
> potential security risks turn out to be depended on by other systems.
Like I said, if there is a feature of UNIX that has security holes that
you can't fix, just turn it off. You might be interested to know that you
can turn off more daemons than just inetd.
Microsoft's idea of how to compete with UNIX is to remove virtually all
the functionality from UNIX, in order to make it more secure (kind of like
burning your house down because you have a broken window) and then tout it
as the perfect internet or intranet solution. However, since all the
functionality is gone, no one with the requisite experience and/or
knowledge to properly run it will be able to be productive.
For you, I do not doubt that some sort of Microsoft operating system is
the perfect solution. You don't have to worry about anyone breaking in,
and you won't even notice the lack of functionality
--
Charles Brian Hill Florida State University
Work =904.385.0436 UNIX System Administrator
Pager=904.657.6772 Up & Running Computer Repair
