Applications Management Engineer Sr (NYC) Next Step Systems US-NY-New York Post A Job | Post A Resume

"An article appeared on the Silicon.com website in March in which a "security expert" claimed that Linux was insecure because of the open source nature of the code, a surprising if not astonishing claim. The expert went on to claim that Unix in general was less secure than other operating systems because of its more open nature, which, given the modern history of computing, is curious to say the least. One has to ask, are these experts serious?"

"Unix was designed from the ground up as a networking system with in-built multi-user security, assured by file read and write protection. Any system is only as secure as it is allowed to be by the users and administrators. The basic principle behind any Unix system is that the system administrator or super-user has complete access, but any individual user has access only to the files under his or her immediate control or the files to which group access has been allocated. This would not include system files which are accessible only by the superuser. Therefore, a properly supervised system, with proper backup regimes and sound practices, is relatively secure. An intruder has to have access to the superuser password to seriously damage the system, or to damage the files of any other user, and this is unlikely. Given a password of 8 or more unpredictable character combinations, even the most advanced cracking tools are unlikely to decode the password. Perhaps the expert would argue that though this is true, in the real world people don't behave as they should, and this is why crackers can break into networking systems. In that case, I suggest they employ a responsible "security expert", and deploy the numerous tools available to secure them. No system with any kind of world access is invulnerable. To pretend that Microsoft or other propprietary systems offer greater security is laughable, if only because events have proved otherwise."

"Moreover, the kind of practices that have led to the biggest virus scares on Microsoft systems, centred around macro code, VB and ActiveX, imported by browser and e-mail facilities, are not permissible in a properly modular operating system. This fact, as much as anti-competitive practices, is the primary argument why the browser is not and should not be an integral part of the operating system, and why so much of system security is dedicated to Anti-Virus activities. A multi-billion dollar business exists with little other purpose than to protect Microsoft operating systems from their inherent vulnerabilities, vulnerabilities that would not be possible on a Posix-compliant Unix, namely self-activating modules that can access any part of the operating system. These systems are not open source and users have to wait months for non-specific upgrades and service packs."

Complete Story

Related Stories:
SunWorld: Forensics - Getting to the bottom of a security breach(Aug 06, 2000)
ComputerWorld: Debate erupts over disclosure of software security holes(Jul 28, 2000)
InternetNews.com: German Federal Government to Support Open Source Software(Jul 05, 2000)
SiteReview.org: Unix's poor Internet Security Reputation(May 17, 2000)
Linux.com: Designed for Uncertainty(Apr 27, 2000)
PC Week: Higher stakes, more options ["many eyes" vs. "security by obscurity"](Apr 03, 2000)
Eric S. Raymond -- The Case of the Quake Cheats(Dec 27, 1999)
The Phoenix Adaptive Firewall - Security Through Obscurity?(Dec 10, 1999)
SJ Mercury: Lessons from the latest Microsoft security flap(Sep 07, 1999)
Slashdot: Obscurity as Security(Aug 17, 1999)

Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat     Talkback(s) Name  and Date   Well :)    Sancar Saran Aug 16, 2000, 14:39:47     Minor point    Anthony Aug 16, 2000, 17:40:12     Not completely true    Fred Mobach Aug 16, 2000, 20:20:11     Security ratings    Leon Brooks Aug 17, 2000, 01:11:27     Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!