Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature: Security
Desktop security: A contrarian view
Share
Print
CommentsBut they're not. They have no viruses and no trojans because I pay very close attention to all the files and processes on each. All software installs are "custom" if that option is provided. I watch the process list and kill anything that is not familiar until I've identified what program its associated with. The Windows registry entries for "Run" frequently turns up interesting tidbits. And all the really important or sensitive files are located on or backed up to a Linux server set up with Mandrake's "higher" setting.
When installing or re-installing Windows (a fairly regular occurrence) I delete Internet Explorer, Outlook Express, MSN, and MSN Messenger to the extent possible. Besides their well known vulnerabilities, they are none of them leaders in their product classes. At setup time I also ruthlessly prune background services. If there's something I want to do and it won't run properly, I'll turn the service on. However, most of them are entirely useless and I never miss them.
Rather than a perimeter defense around a trusted host, I keep tight control of the host itself, and make sure there is nothing worth stealing. I don't recommend this approach to others. It goes against best practices. It may be more lucky than effective. But it has two huge virtues. It's simple and I'm in control.
Everyone seems concerned about desktop security nowadays. There's a consensus that more end-user education is required, and Microsoft appears to be leaning toward compulsory automatic patching of end-user machines. Both of these approaches are dead wrong, and we in the Open Source community must resist them.
The "educate the end users" strategy will fail because it puts the blame for bad systems on the users themselves, as if they had any choice. Joe and Jane Average haven't the slightest interest in computer security. Why should they be? I don't care how my car's anti-lock brakes work. They just do. Those who do show an interest are saddled with stupid, expensive, bloated apps that take over their system and slow things to a crawl. The cure is worse than the disease for most people.
We have all heard many, many security warnings, yet few people have experienced significant problems. Human nature being what it is, people stop listening to the warnings. Some even become suspicious that the constant security warnings are designed not to help them, but to help the companies that profit from security fears.
The "auto-patch" strategy is worse. I cannot believe that seemingly responsible people in the Open Source community are supporting this approach. I'm sorry, but I won't stand for Microsoft or Apple or MandrakeSoft doing anything to my computer without my informed consent, and most users feel the same way. Erecting an auto-magic Maginot Line around every desktop out there is fundamentally wrong. It won't work. It stinks.
By far the worst option is Microsoft's Next Generation Secure Computing Base (NGSCB). This is the re-named Palladium and it appears MS will start rolling out software that supports it next year with XP SP2. With this initiative, Microsoft aims to solve the security problem by removing the weak link: us, the people who pay for and use computers. In typically Microsoftian double speak, "trusted computing" means that we, the users, are not to be trusted. We can't be relied upon to keep our machines secure, so for the greater good, Microsoft will do it for us.
This plan is distasteful and elitist, it too won't work. People haven't objected to digital rights management so far because they haven't encountered it. When they do, they will. More fundamentally, NGSCB is anti-democratic. We expect people to be sophisticated enough to make their own economic, social, and political choices. But when it comes to computers, they're all like children. They need to be told what to do. This is the height of arrogance. Anyone in the Open Source community that advocates such a thing should be ashamed. They, above all, should know the value of democratic principals applied to technology.
What we need is not "solutions," but alternatives. I like the Mandrake security setup. You choose from four clearly explained options, with the ability to tweak later if you want. I'd like to see a system like that for Windows. But we need to add to the existing options a low security setting. That's right, low, and it should be the default. The setting would impose a few restrictions, but give users lots of freedom and need no input. They wouldn't be allowed to send more than an average of one email message per minute over any 60-minute period. And there would be restrictions on outbound services. Too restrictive? Fine, go for a higher security setting. But the higher setting would require more user input.
The advantage of the low setting would be that the machine wouldn't be worth much to a spammer or hacker. Worms would find it easy to get in, but hard to get back out again. And if a machine is not capable of being used as a platform to damage others, is it any of our business how it is set up?
Security is going to be a critical problem for Open Source supporters in coming years. Elitist solutions are going to create as many problems as they solve. My ass-backwards security system may be dumb, but it works for me. Why can't everyone have a security system that works for them? Because we, the experts, have totally failed to deliver such a system. Only Apple has even tried. It's about time we did too.
Comments
on Desktop security: A contrarian viewNote: Comments are owned by the poster. We are not responsible for their content.
Re:When installing or re-installing Windows...
Posted by: Anonymous Coward on November 15, 2003 06:39 PMRe:When installing or re-installing Windows...
Posted by: Anonymous Coward on November 15, 2003 09:28 PMAutocad: Qcad
protel: pcb
SimCity4: Codeweavers? Transgaming?
Try looking for replacements
using google. And please save the "jerk"
comments for the folks who knowingly and
willingly use a virus-infested platform
whose sole purpose is to stupify people.
P.S. I'm not the parent poster but this particular comparison was too pathetic to pass up. My evalutation of QCad this summer was that it is good enough to replace pencil drawing on napkins. Downside of course is that you have to bring your laptop to the restaurant.
So does anyone ELSE have a good suggestion for a Linux CAD software that is close in features to AutoCad 2000 and sub $1,000? Extra credit for Architectural Desktop or Autodesk Building Systems replacement... and of course, DFX capability is a minimum.
You are correct. There are applications, such as Autocad, that are available for Windows, but not for Linux.
I would add that there are also applications, such as certain high-end Unix-based circuit design software, or some movie graphics software, that are available for Linux, but not for Windows.
> If you can point out technically comparable Unix/Linux apps I would be only too happy to wipe the BillyG scourge from my last HDD partition...
While there may not always be a match, as we agreed, this link might help:
<A HREF="http://linuxshop.ru/linuxbegin/win-lin-soft-en/table.shtml" TITLE="linuxshop.ru">Table of Equivalents of Windows Software in Linux</a linuxshop.ru>
As you can see, Linux has a growing list of applications to meet most needs. The percentage of Windows users who can't switch to Linux due to application requirements is getting smaller every day.
Re:When installing or re-installing Windows...
Posted by: Anonymous Coward on November 17, 2003 03:04 PM
But hey, should I call Y and tell them do something about it, or I will stop using X?
Nah, better keep paying the tax.
http://www.ea.com/
http://www.bisque.com/
http://www.autodesk.com/
http://www.altium.com/
I sincerely wish you all the best of luck.
Æthernaut
as far as any newer M$FT OS, like XP i wont touch it, i think it stinks to high heavin of M$FT's corruption and evil plot to take over and dominate people's computers, just wait till Longhorn comes out you will wish you lived in another country or another planet...
Re:When installing or re-installing Windows...
Posted by: Anonymous Coward on November 16, 2003 05:27 AMThus, a Windows user I will remain.
Re:When installing or re-installing Windows...
Posted by: Anonymous Coward on November 17, 2003 03:12 PMRe:When installing or re-installing Windows...
Posted by: Anonymous Coward on November 17, 2003 11:25 PMhe must have installed at least the latest blaster patch. if i do a:
$p0f -l -i ppp0|grep ":135"
i can see a blaster attack every few minutes.
maybe his isp is blocking everything directed at port 135...
If only that, it makes for a great introduction.
This is overall one of the worst articles i have ever read on newsforge. In particular his latest argument is one of the most STUPID one i have ever read :
"The advantage of the low setting would be that the machine wouldn't be worth much to a spammer or hacker. Worms would find it easy to get in, but hard to get back out again. And if a machine is not capable of being used as a platform to damage others, is it any of our business how it is set up?"
Oh because of course, once the cracker/spammer as EASILY taken control of the machine (Cf weak secutiry) he will NOT change any security settings<nobr> <wbr></nobr>...WILL HE ?!?!
So what that guys basically says is "just let your computers wide open, the bad guys won't change anything".
And this is JUST a small part of the article. too many stupid things to list them all<nobr> <wbr></nobr>..
Furthermore, who is John Sullivan ? What are his credentials ? What has he done in the security field ?
I REALLY hope the new contributors newsforge is looking for won't be as bad as that guy. On the other hand, it would be quite difficult.
Someone without the proper credentials isn't allowed to have an opinion on this subject. There is an orthodoxy that cannot be questioned, no matter how trivial the question. Like a million newbies are going to read this article and leave their machines wide open as a result.
You couldn't illustrate the problem any more clearly than you have done.
Any reliance on users to thwart spam, virii and all the rest is doomed to failure. People have better things to do with their time than staying current on network security.
Everyone who has a virus on their computer has it because someone else put it there.
expecting users to be completely blind to security is naive, and ignorant.
Do users need to be aware of network security ? Yes. Do they need to be watching every new post to bugtraq and be expected to know what each one means ? No. But that doesn't mean that they need to be 'sheltered' from security awareness.
It's not an either/or situation, and people who expect it to be so (including yourself) is destined to be frustrated.
User awareness of security issues will always go like this:
1. Bad people make viruses and put them on the Internet. Bad people try to break into my computer and read my files and steal important data.
2. Therefore, where can I buy smething that will make these problems go away?
I don't intend to disparage typical users. To the contrary, they're right: They ought to be able to use their computer and the Internet without worry.
But, the average computer user isn't to blame for viruses, spam, and all the rest. Turning every average user into a security guru won't put a dent in people who make illicit use of the net.
who is saying that that is the goal here ?
expecting that every average user should know zero about security is just as short-sighted and ignorant.
Yes, he pokes a hole in your argument, so call him an elitist! Brilliant!
1) your recommendations ARE stupid and show that you lack the BASIC knowledge about security. It is not because you have or don't have credentials. Even if you had been a security guru what you suggest is STUPID !
Another thing: is controversy for the sake of controversy useful ? You could also argue that people should have unprotected sex with multiple one-time partners. Doesn't mean that it is a good/intelligent idea !
Nothing to do whith who you are and everything to do with WHAT you said.
2)"Like a million newbies are going to read this article and leave their machines wide open as a result."
So you suggest something but expect people to do the opposite ?! What kind of argument is that ?
If you want to create a debate, stir things a little bit concerning security issues fine with me. However, CLEARLY state your purpose instead of saying something like that in a DEAD SERIOUS way. And, after somebody points how weak your argument is no need to blabber about how people are not going to do what you suggest !
Please Newsforge editors don't let people like that post<nobr> <wbr></nobr>...
"I don't recommend this approach to others. It goes against best practices. It may be more lucky than effective."
next time try reading the article before you start calling people stupid, Mr. caps-lock.
And since you seem to have a grudge against capitalized letters<nobr> <wbr></nobr>...why don't you just STFU ?
Thanks in advance
I whish there was a way to actually hurt people over the internet.
Eventual Gov't Regulation Is Almost Certain
Posted by: Anonymous Coward on November 15, 2003 10:55 PMGood for you, but that won't work for most people, because they won't be informed. As you said, most folks are no more interested in how their computer works than they are in how their car's ABS works. Frankly, that's how it should be.
You have been relatively free of virus attacks and security incidents because you have been acting as your own anti-virus agent. Few users will purchase a second computer for use as a firewall/backup/proxy. Even fewer, I suspect, will develop the skills and the patience to police their Windows machines as you do, much less install and re-install so frequently.
My fear of mandatory security updates rests on the possibility that a flawed or bogus update might do more damage than any single virus.
Personally, I expect an attempted solution to come via hardware and a redesign of the desktop PC. Indiviudal PC's might contain two distinct physical modules: the first acting as a hardware firewall/proxy, and a second that "talks" to the firewall module via a physical interface and filter. The firewall/proxy module would use only electronic storage, which would be automatically purged regularly and frequently.
An even more unattractive alternative -- but one that is almost certain --is eventual legislative-mandated changes to fundamental Internet regulating it in a fashion comparable to other parts of the communications industry. ISP's, router manufactuers, etc., will be required to block packets that do not contain a "watermark" indicating they originated at a facility using legally-mandated security measures. Of course, this will tantamount to licensing serving content. It will also mean that no one will be running personal web/mail/ftp/etc servers on otheir cable or DSL connection unless they meet the same requirements.
An ugly scenario, but the worse things get, the more likely it is to happen.
it is practicaly impossible to run your own mailserver these days without reverse DNS
this means you cannot send mail from your home computer and receive on some remote server
it means you no longer have the anonymity of choosing your from field as fits your needs
these measures are supposed to be a cure for spam (a grossly overrated problem IMO).
The tension between the Internet's inability to police itself and our growing dependence on it will inevitably lead to demands for government to step in and fix it.
They don't have anti-virus software installed[...]I've only had two viruses since 1988
And how do you know this? How do you know whether there is a virus on your box without any AV software? Don't give me this "I look through the process table" nonsense; entries there can be obfuscated, forged or completely removed without your knowing. Interesting/unaccounted network activity might be a possible route for r00ting, but as you don't have full firewalls you'd have to search through a lot of traffic manually. Much better to install an IDS (that's not an ex-Conservative party leader).
Anyway, whether or not it's possible to run a secure system without security software, it's definitely easier with that software. And as any BOFH knows, operating computers is all about doing stuff as easily as possible while making it look as hard as possible.
not when one has md5sums of every binary used to view the process table, and there are *many* tools to help with that (tripwire comes to mind). the fact is, you *can* know that you haven't been infected with a virus if your machine is set up properly, AV software or not. might not be easy for any 'regular' user, but it's very possible.
and as any real admin knows, the minute you start sentences with "And as any BOFH knows", you risk revealing that you're on the wrong track.
can you find out if you have a virus/rootkit/trojan without "AV" software ? YES. you want to argue that you can't ? then put up something substantial. otherwise zip it with the condescension.
So, how do we know we can trust the compiler? Do we compile from source? No, because if the compiler you use to compile the compiler has been trojanned, then you will get a screwy untrustable compiler which you then use to compile your 'trusted' binaries. Oh, and please don't tell me how unlikely it is to get a trojanned C compiler either: check the comp.security.unix archives for the time it happened to gcc.
The only way that you can genuinely ensure that your binaries are nice and trustworthy would be to audit the machine language yourself. Once you've done that, copy them to WORM media (using an audited copy program, of course) and then you may claim some form of safety.
it happened to gcc
*cough* not gcc, the UNIX cc (from when there was one UNIX. There have been gcc trojans, but not afaict discussed on csu. I swear the Preview button's broken on this machine...<nobr> <wbr></nobr>;)
The point that the following poster made that you have to use a trusted tool-chain, compiler etc. is not what I meant and I think can be regarded as a theoretical exercise.
<A HREF="http://www.phatvibez.net/commentary.php?ID=security" TITLE="phatvibez.net">
http://www.phatvibez.net/commentary.php?ID=securi<nobr>t<wbr></nobr> y
</a phatvibez.net>
If you'd run bussines you wouldn't even consider saying what you said. Because my work is mostly supporting agencies I know how terrible is when one of 40 computers (average of companies that I support) goes down or how terrible is when one of computers is infecting others.
You show lack of understanding that reinstalling Windows should not be considered A GOOD BUSSINES PRACTICE, This practice automatically brings downtime and delays.
Again, if your computer is still working it doesn't necessary means that you don't have virus. Neither is regular checking of process list sufficient to know that fact. Most of viruses I found in my life were detected trough network traffic scans where I saw which computer goes over average.
p.s. How the hell did this piece of s*it article became News on Newsforge??? I read the article that you're looking for writers, but I wasn't aware that desperation goes to that extent.
In this particular case, what happens if a trojan exploits a service you _have_ to keep running, and the trojan connects over an internet port? With the host 'secured', it'll still be compromisable until its patched. If you have perimeter security, the naughty packetst will just bounce away.
Similarly, if there's something which gets past a poorly configured perimeter fence, it may very well be bounced away by a properly secured host.
Only doing 'one' thing will always leave you open in some way - the more you can do (cost-effectively, obviously), the better.
As to the other stuff - most people really won't give a crap if M$ update their machines for them. For 95% of users, it will be a good thing (as long as the updating process itself is secure as one poster said).
Oh - and if the original article writer wants to post an IP address, I'm sure there'll be a couple of people who audit your security for free<nobr> <wbr></nobr>:)
This is not some idealogical "invasion of privacy" issue, this is a pragmatic choice to allow computers to fix themselves.
Pragmatizim has nothing to do with it. If your gonna drive a car and not check the oil every now and then it's your own stupidity for seizing up the engine because it ran out of oil.
I know that's not a very good analogy and I don't really care. See the 1st paragraph.
Too many times have I installed a security update only to find it causes more problems that it actually fixed, one of the Pre-SP4 updates & consequently SP4 itself comes to mind on this issue.
I set up automatic patching on linux servers every day! But on windows??? I think not, first microsoft can't write a stable patch if their lives depend on it. They often break more than they fix. Second, critical windows updates are generally what microsoft finds it to be critical you have. Not what is critical for security or stability (in fact it's often the oposite).
2) Why another Windows story on "The online newspaper for Linux and Open Source"?
3) If I want to to read about clueless Windows users I will go to zdnet or watch Tech-TV.
4) It's was fun, see you all round the net. I've really had enough of this place!
"Writers wanted
Friday November 14, 2003 - [ 05:17 PM GMT ]
Topics: Linux
By: Robin 'Roblimo' Miller
We're looking for a few new freelance writers -- and not just for NewsForge but also for IT Manager's Journal, DevChannel, and Linux.com...."
In the end, it is only a matter of time.
No, really ?
>But don't mistake the messenger for the message. The point is that our community has an opportunity to deal with this crisis now
This was NOT your message !
Actually there wasn't really a "message" in your article, just a bunch of vague and contradictory ideas about security
>That's right, low, and it should be the default. The setting would impose a few restrictions, but give users lots of freedom and need no input.
How is that situation different from the ACTUAL situation ? Windows messenger service anybody ?)
Your so-called article is so full of holes it is not even funny .
I suggest you just give us your IP adress so we can have some fun with your unpatched, not protected windows box. (which i really doubt is true).
And, to the editors of Newsforge :
How the hell did this piece of s*it article became News on Newsforge? I read that you're looking for writers, but I wasn't aware that desperation goes to that extent.
I promise not to say "my process list says I don't have a virus"... really, I do. I'll also give some real world corporate IDS and firewall security setup's if you're game.
Just give me a yay or nay if you'd like an instructive non-ignorant article. I'm here to serve.
Regards,
Thor
Have you ever considered actually installing anti-virus software and finding out if you have any virii rather than just assuming you don't?
"*Virii is still completely silly, so don't do that; otherwise, everyone will know you're just a blathering script kiddie."
http://www.perl.com/language/misc/virus.html
Have you ever tried to make a backup copy of a DVD? It's not easy, is it - DRM tries to prevent it. Yet people buy DVD players and willingly give up their freedom to make backup copies with VCR RECORDERS. People generally always succumb to restrictions of their rights.
When installing or re-installing Windows...
Posted by: Anonymous Coward on November 15, 2003 05:28 PM#