December 5, 2001

Secured against disaster: Governments look to Linux to avoid viruses

Author: JT Smith

- by Jack Bryar -
This week brought an Outlook disaster as yet another virus took down
every Windows system in sight. I'm so sick of viruses and badly written
software. Unfortunately, I don't think switching the world to some
standard vanilla Linux would solve the problem. It is better, but not
foolproof. However, there is a version of Linux that could make viruses a
thing
of the past. If I could only get past that
weird feeling I have concerning the people who wrote it.Today's column nearly didn't make it to print today.
All connectivity at my primary employer effectively ceased for nearly six
hours when one of our salespeople opened a cute little note from a
friend.
It said, "Hi, How are you? When I saw this screen saver, I immediately
thought about you. I am in a harry, I promise you will love it."

She didn't love it one bit. Soon everyone in her Microsoft Outlook
Address
book was sent the same message with the same copy of the W32/Goner@MM

worm virus, disguised as an alleged screen saver, GONE.SCR. In

the meantime her system was wrecked. Files were altered. Executables
were messed up.

Once again MS Outlook was the vehicle for taking down an
entire business. It's always something. A few weeks ago the virus de
jour was Sircam. Despite all the patches and tweaks, there is always something
being made by someone that can change and even delete files and even
entire applications running on Microsoft's monopoly platform.

Microsoft isn't the only OS with built-in security holes, although it
is easily the worst. If anything it does better than some of its competitors at fixing those holes.
According to a Netcraft
survey
, the Code Red virus that popped up earlier this year
prompted Microsoft to offer a cumulative patch to fix many of the most glaring
security holes in their system. It also prompted many users to pay attention
and
implement the patch. Meanwhile, security problems on Sun remain
uncorrected. Even Linux systems have been hit with viruses. Based on the
number
of defacements reported by a German
Web site

that tracks such things, Linux and Apache can be messed with, as well.

Whatever its flaws, Linux, like all other members of the Unix
family, is a lot more difficult to attack with viruses. The partitioned
user/administrator-level permissioning architecture is far more secure in fighting the types of large-scale attacks that show up on Windows systems with depressing regularity.
In addition, file types are easier to shelter from the end user, making
it much more difficult to set up a Trojan horse. Finally, programs
like Tripwire provide additional protection for systems administrators,
allowing them to catch a greater share of nuisance code before it can do any
mischief.

These features of Linux architecture are among the many reasons that
several governments have begun to champion Linux as an alternative platform.
Last
year RedFlag Linux was
being promoted by China's security apparatus as an alternative to a
Windows
platform many felt was too vulnerable (not to mention too American).
Even today, RedFlag is being promoted using an interesting phrase, as "an
alternative solution for
governments, armies, and businesses." Elsewhere, governments such as India
have
been less public about their Linux preferences. However, even as it has been
criticized in the Indian media for ignoring the technological
threat posed by Jihadi extremists and Kashmiri separatists, India has quietly
hardened its communications backbone using redundant, Linux-based systems in
critical sites.

Nevertheless, Linux remains a vulnerable architecture. As Avi Fogel
pointed out in a LinuxSecurity.com article earlier this year, Linux, like Windows, has little in the way of intrusion detection
capabilities.
More importantly, it lacks sufficiently granular network or file access
controls. There's a first principle at stake here; there is something
fundamentally wrong with
ANY system that allows code to automatically change executables and
other core files without a user permission.

Oddly enough, the most important intelligence arm of the U.S.
government has prepared a fix and wants you to have it, no questions asked.
At
the beginning of the year, the formerly secretive National Security Agency ported
to Red Hat Linux 7.1
a security feature people there had built into the NSA's
Mach Operating System's microkernel. This "Security-Enhanced Linux" has been released as a GPL package with support
documentation
and can be downloaded from the agency's Web site. Admittedly, there's no tutorial for
this
"SELinux" package and when you try to set group policies and configure
domain management, you're on your own, but it is secure.

SELinux employs an access control system that uses data types and
a variety of rules-based enforcement protocols as a means for setting up
both confidentiality and integrity rules on user systems. The result is
a highly flexible, yet highly secure system with enforcement rules
embedded into a discrete "security server." The server contains the policies
for
each type of data and on each each type of data acts on another piece of
data. SELinux revalidates the security permission schema for each file
type each time it is used.

The result is that a virus cannot succeed in a SELinux system. In the
unlikely event that a virus could even be introduced into an SELinux-based
system, and then
executed, the virus should not be able reproduce onto an executable file. In
theory, this shouldn't happen because
Unix programs shouldn't have more than read or write permissions anyway, but in this case, SELinux would also prevent propagation of the virus
because
the reach of each program executable is restricted to its own "type."
Therefore,
any of the executables that would normally be targets for the virus are
effectively walled off. Even attacking the root won't have an effect on
the policies structure. The system may not be foolproof, but as a
secure,
intelligently configured alternative it beats traditional Unix
configurations,
and it beats Windows hands down.

Perhaps your company doesn't think replacing Windows with Linux is
worth
the hassle. But if their systems crashed because of Code Red or Systran
or Goner -- or perhaps all three, have them take a look at SELinux, and
-- have a conversation.

Category:

  • Linux
Click Here!