Linked by Thom Holwerda on Fri 5th Jan 2007 20:11 UTC, submitted by sogabe
Zeta MauriceK writes about security in the ZETA operating system. Apparently magnussoft, sole distributor of ZETA, makes security claims [on the German version] that with ZETA "it is not possible to examine a system from the outside without notifying the user due to the architecture of this software." MauriceK seems to think differently, and even gives examples on how code can be executed without the user's knowledge in ZETA. In related news, BeUnited is no more. Instant update: the discussion concerning security just made its appearance on the Haiku m-l.
Permalink for comment 198999
To read all comments associated with this story, please click here.
RE[2]: Not secure
by molnarcs on Sat 6th Jan 2007 14:36 UTC in reply to "RE: Not secure"
molnarcs
Member since:
2005-09-10

But Zeta (as well as BeOS) is an OS where all ports are closed after the installation.

That doesn't make it secure. In fact, much depends on what you mean by "closed". Closed ports simply mean that there are no applications listening on a port, though they could open at any time. Open means that an application is listening on a port for connections or packets. Any OS that ships without active services listening for incoming connections have all ports closed by default. That does not mean they are secure. Of course, using a firewal helps inasmuch as it slows down port scans (your ports are not simply "closed," but filtered, which means that port scanners cannot determine their state), but port scans are looking for vulnerable applications running on open ports.

If I do not start any server (e.g a ssh or a telnet server) and if I do not install any piece of software from "alien" software repositories, why should this Zeta be "unsecure"?
O.k., there are other factors like an outdated Firefox browser or a few old graphics libraries (libtiff, libpng).
But how realistic are Maurice K's scenarios? How could a cracker break into Zeta without the user's interaction or "help"?


They are very realistic. User's help or interaction: the difference might be huge, depending on what you mean by these terms. Firefox is more secure than IE 6.x b/c it warns if something nasty tries to find its way to your computer. Disregarding these warnings is actively helping the cracker. However, we constantly interact with our computer, and what Maurice proves is that by mere interaction (not actively disregarding warnings) a cracker can break _easily_ into Zeta. From what I gather from this post is that Zeta's security is on par with Win98.

Edited 2007-01-06 14:39

Reply Parent Score: 2