[4389] in WWW Security List Archive
Re: UNIX less secure than Win95? (was Re: Septic about (Funds ...)
daemon@ATHENA.MIT.EDU (Hallam-Baker)
Wed Feb 12 18:05:26 1997
From: Hallam-Baker <hallam@ai.mit.edu>
To: hill@unr.net (Charles Brian Hill)
Date: Wed, 12 Feb 1997 14:42:47 -0500 (EST)
Cc: hallam@ai.mit.edu, mattm@sumac.digex.net, jay@homecom.com,
www-security@ns2.rutgers.edu
In-Reply-To: <Pine.GSO.3.93.970212124205.16982A-100000@corona> from "Charles Brian Hill" at Feb 12, 97 01:03:28 pm
Errors-To: owner-www-security@ns2.rutgers.edu
> On Wed, 12 Feb 1997, Phillip M Hallam-Baker wrote:
> > The problem with UNIX versions of PC applications is that they tend
> > to be poor quality or exorbitantly expensive. Last time I tried to get
> > a workstation wordprocessor I was asked more than the price of a
> > PC with Office loaded. If nothing else this leads me to believe that the
> > platform has little future.
> >
>
> Hmmm....You might want to check your sources. I believe ApplixWare from
> Red Hat is available for aroun $500, with a student version for $79. This
> is comparable to Microsoft's Office Suite, whose student version costs
> approximately twice as much.
I suspect its too little too late. If red hat ported their stuff to the
other UNIX systems perhaps it would be viable. As it is I would have to be
really committed to UNIX to go down that route. I might just have been
that commtted to VMS but the problem was not enough others were.
There are questions as to whether the Mac is still a viable O/S with a
user base ten times that of UNIX. I would not be optimistic about either.
Its somewhat ironic that despite all the anti-Bill paranoia Microsoft
grew fat writing applications for the Mac when everyone else ignored it.
> As for the exorbitant cost of UNIX applications, keep in mind what comes
> with the software. On the whole, UNIX applications are supported
> indefinitely from the time of purchase.
Not my experience. I pay more for maintanance on my UNIX boxes than I
do for my PC software in total. The PC software is so cheap I barely
think about the upgrade costs. If we buy a PC we tend to buy office
and assorted other goddies as a matter of course.
> Take a look at SunOS (a brief and
> oversimplified example, I apologize). Sun still supports the older SunOS
> as well as continuing development on Solaris. Vendors tend to offer much
> more long term support with UNIX applications.
Sun supports sunos because many of the users still refuse to move to
Solaris becuase they claim its too buggy.
> When you argue that UNIX has little future, you should consider what is
> currently being done with UNIX...at least 80% of servers on the internet,
Nope, its considerably lower and shrinking. Last I followed the figures it
was under 60%.
> as well as 80% of the research computing machines. There are many
> applications which Windows 95 or Windows NT, for that matter, simply
> cannot handle.
Installed base is one thing. I'm less than impressed by several people in
this building who dismiss NT without having used it. I notice that there
has not been a Sun box delivered on this floor for over a year. There have
been 20 or more PCs of which about half run NT and half run Linux.
Having seen the last days of VMS I've long known the way things are
going. If we didn;t have free system support on UNIX systems I would
expect the changeover to be more rapid.
> Ah, months? I would assume you are not experienced in UNIX System
No, I have been using them for 15 years. I've recently been looking
into security for the type of site where security breakins are reported
on CNN. Its a somewhat higher level of game. Basically until recently
I have not had occasion to secure a machine of any type to the level
we have.
> Administration. I, or any other thoroughly competent system administrator
> would be able to implement any given level of security in one day or less.
Not if you have to invent the idea of what the security level means.
> > There is a considerable advantage of not having the graphical interface
> > directly net accessible.
> >
>
> Don't forget that, on UNIX, the GUI is accessible over the internet, but
> only so far as you let it be. If you don't like this, TURN IT OFF.
> (That's the general rule with UNIX.)
Easier said than done. The rest of the O/S tends to be tested with a
large set of facilities enabled. Its suprising what depends on what.
I did not expect turning off rpc to have the effect it did for a standalone
machine.
> For your inexperienced, personal productivity, UNIX may as well be dead
> last. You yourself are the limiting factor as to how productive you are
> with UNIX. Realistically, UNIX cannot be compared with any of the
> Microsoft so-called "operating systems." If you would like to get into a
> technical discussion of the merits of various operating systems, I would
> oblige. However, this discussion is tending more towards productivity and
> usefulness, so I'll move on.
I have fifteen years of systems level programming and was involved in the
design of one. Before calling me inexperienced look at the acknowledgements
section of the HTTP RFC.
> > Actually not true. Not all the vulnerable systems run of inetd and some
> > potential security risks turn out to be depended on by other systems.
>
> Like I said, if there is a feature of UNIX that has security holes that
> you can't fix, just turn it off. You might be interested to know that you
> can turn off more daemons than just inetd.
"Just turn it off" - thats the point. I'VE TRIED IT - not half as easy as it
sounds. Just compiling a list of all the undocumented features takes a
significant amount of time.
> Microsoft's idea of how to compete with UNIX is to remove virtually all
> the functionality from UNIX, in order to make it more secure (kind of like
> burning your house down because you have a broken window) and then tout it
> as the perfect internet or intranet solution. However, since all the
> functionality is gone, no one with the requisite experience and/or
> knowledge to properly run it will be able to be productive.
Actually the problem with Microsoft has nothing to do with their goddam
funtionality. There are more twiddle facilities than anyone could ever
need. Theoretically I can do far more than the UNIX box does. Only
problem is that the documentation is lousy, there is too damn much of
it and there is far too much overlap.
Phill
