OSNews

"Your comment regarding Windows' filesystem permissions is plain wrong."

Not it wasn't, although I may have accidentally mislead you with my wording. The problem with user accounts in Windows right now, and the reason they're a dirty hack is because users who don't have administrator privileges often end up with files, folders and shortcuts on their desktops which they have no ability to rename, move or delete. Because of this the users usually get rather angry and in the end either you give them aministrator privileges so they are once again in control of their desktop, or they simply get administrator priviliges without asking.

Have you ever booted XP home in safe mode, the adminsitrator account is just sitting there with no password. Supposedly you can set it during the installation, but that's not indicated at all in the Windows XP home installer and most people using Windows XP home don't know about it at all. This is one of a few ways users can increase thier account privileges.

"The ability to embed exploits within data files is hardly novel. See zlib for just one example. "

Zip files don't just run by being embedded into a web site, images that took advantage of the WMF vulnerability did. Microsoft even unknowingly facilitated this by intentionally making the mechanism available themselves. Microsoft showed that at in a best case scenario some of their legacy code which was never reviewed and is still in current versions of Windows was never designed with security in mind.

"A lot of aspects of Windows wasn't designed with resilience toward trojans in mind."

Windows doesn't need trojans to get infected, the WMF vulnerability was exploited without the user having to install anything themselves. And what's more, you argue that Windows which wasn't designed with that in mind fairs just as well with it's current user base as a system with security in mind would at the same user base. Design is important, especially when it comes to automated spreading of malware such as how viruses get around. Mac OS X did have flaws recently, but they don't qualify as viruses, the only viruses around for OS X and Linux are proof of concept viruses which wouldn't get very far in the wild because of how fast patches are put out and in the case of Linux how well user privileges are implemented. Plus for those who are absolutely paranoid there is AV software for Linux, and I'd be surprised if there wasn't any of OS X. That said viruses are a good example of poor security-minded design but a bad benchmark for vulnerability because AV companies hype people up to the point of wetting their pants over the latest viruses in order to increase sales.

"Even if the number of flaws were reduced 99%, finding those flaws would provide the most reward and their impact would be the greatest."

So how come it's taking so long for someone to come up with a way to get Windows XP working on MacBook Pros, or for that matter why can't I simply download an ISO of a recent version of OS X that I can install on my generic X86 box just as transparently as if I was running one of Apple's very own boxes. Simply put crackers are imperfect human beings like the rest of us, and if there were less flaws it would take them longer to find and exploit them. My comments on Microsoft leaving some things unpatched, and some other things too long without a patch relates very much to this.

"Even if the number of flaws were reduced 99%, finding those flaws would provide the most reward and their impact would be the greatest."

The only rewards I can think of for cracking are:
1) If you want to set up a zombie network.
2) If you're a bored script kiddie.
3) Stealing private data.
4) If you're an experienced cracker testing your skill.

Number 1 is a big one, and in that case going after the dominant OS would be advantageous; however, Windows is most frequently infected either by viruses or trojans which are far easier to implement for Windows than any other modern OS I can think of. Linux and maybe Mac OS X (which I've never actually used, that's why I said maybe) require the root password to get anything to install beyond the scope of your user account. If you're root you usually know what software is good and what software isn't. Someone really wouldn't put a lot of work into breaking into each computer individually because that would mean a very slow growing zombie network.

Number 2 relies on Number 4 to do much of anything, they are large in number but small in skill and knowhow. Often just bored kids they have to take advantage of tools created by Number 4 to do 90% of what they think they know how to do all on their own. The only reward for them is the illusion that they are l33t. They have no control over which platform will be the easiest for them to break into, it's a matter of which platform has the longest delay for patches.

Number 3 targets all systems already and the best target isn't your home computer but rather company servers. These systems have a much more distributed user base than workstations and desktop computers do. There's not much of a monoculture there, and so there's much less reason to specifically target Windows.

People from group number 4 usually discover security holes and privately notify the developers, giving them anywhere between a week and a month to fix the security hole(s) before the public is told and software, APIs and example code comes out showing group Number 2 how to exploit those security holes. In the case of Linux security holes are often publicised very quickly without keeping anything secret and patches usually follow promptly and/or a workaround is immediately disclosed. Microsoft has the worst track record here that I know of, although admittedly there may be no operating system with a perfect record here.

That said, I don't want you to feel that I'm saying Windows is swiss cheese. Given an firewall, adequate defensive software, and a knowledgable administrator Windows can be "safe enough" IMO.

Not it wasn't, although I may have accidentally mislead you with my wording. The problem with user accounts in Windows right now, and the reason they're a dirty hack is because users who don't have administrator privileges often end up with files, folders and shortcuts on their desktops which they have no ability to rename, move or delete.

User accounts in Windows aren't a dirty hack. The craptastic Win32 software designed to target Windows 95 are dirty. Some of the decisions regarding XP Home and file permissions were poor. Ever encouraging the use of FAT32 on NT systems was also stupid. However Windows, and especially as it pertains to the topic at hand, does not have file permissions that are trivially circumvented automatically.

Zip files don't just run by being embedded into a web site

Unfortunately a zlib problem becomes a problem of libpng, apache, and so forth. A libjpeg problem becomes a problem of everything that links to libjpeg. I'm telling you that bugs in libraries that process data files are not novel.

And what's more, you argue that Windows which wasn't designed with that in mind fairs just as well with it's current user base as a system with security in mind would at the same user base.

You can have any discussion with yourself that you want, but don't attribute it to me.


Mac OS X did have flaws recently, but they don't qualify as viruses, the only viruses around for OS X and Linux are proof of concept viruses which wouldn't get very far in the wild because of how fast patches are put out

When it comes to a production environment, a "virus" takes a pretty massive back seat to any means of privilege escalation. That said, viruses wouldn't propogate rapidly between MacOS X and Linux installations because there are significantly fewer hosts with sufficiently different usage models from the distribution of Windows viruses, that it would be easier to break into Apple or $LINUXVENDOR's network and distribute them that way than to expect them to be distributed in the wild. If you're going to do that, then you might as well prefer subtle backdoors. There isn't a lot of Linux warez to distribute via Kazaa. Worms would have a much better success at spreading on these hosts.

Plus for those who are absolutely paranoid there is AV software for Linux, and I'd be surprised if there wasn't any of OS X.

For the most part this software is used to scan files for viruses that are predominately targetting Windows. Maybe the occassional malicious Office macro that would be a pest for others using Office.

So how come it's taking so long for someone to come up with a way to get Windows XP working on MacBook Pros

Most of the people trying to run XP on x86 Mac if you look at their comments in forums aren't precisely the sharpest tools in the shed. This isn't a "security" measure on the part of Apple or Microsoft, it's making an operating system that was shipped to require the PC BIOS operate without it, with half of the people trying just copying files from Vista betas or screwing around with partitions and installation sources. On top of this, it's a really small market that has gone out and bought an x86 Mac to run Windows on it.


or for that matter why can't I simply download an ISO of a recent version of OS X that I can install on my generic X86 box just as transparently as if I was running one of Apple's very own boxes.

You can run OS X on a decent quantity of hardware if you want. I don't know what you think the limitations of available drivers has to do with the inherent results of homogeneous computing on the impact of security flaws. You can't just pull a device driver out of thin air, but that isn't security.

Simply put crackers are imperfect human beings like the rest of us, and if there were less flaws it would take them longer to find and exploit them.

Though your examples thoroughly have nothing to do with this, it is plainly obvious that the more esoteric flaws are in a system, the more difficult they are to uncover. And once a flaw is uncovered the proverbial shit hits the fan and people scramble to update 90% (far less because a bulk of them are in the hands of people who wouldn't know up from down in these matters) of the computers in the world because they're all vulnerable. These flaws though are endemic of the software development practices used on all platforms. On top of any and all mental failings on the part of Redmond, the bulk of the damage can be done by doing it to Windows, and that is where the greatest malware interest lies.

Windows is most frequently infected either by viruses or trojans which are far easier to implement for Windows than any other modern OS I can think of.

Short of an operating system that only accepts programs written in brainf--k, or a system that relies on signed binaries, trojans are equally-easy to write for all major platforms. Viruses aren't anymore especially easy to add to PE files than any other format, they just propogate more thoroughly because
1. Most Windows users are afraid of a multi-user operating system, or are impeded by the broken software they use from using it properly
2. Most illicit file trading (the easiest way of distributing a virus next to e-mailing them to people that don't know any better) that doesn't trade RIAA/MPAA content consists of programs that run on Windows. The 50 million unlicensed users of Photoshop can't be wrong.

Writing a virus in a multi-user environment with a 3-5% share of users with the same impact of one practically running in a single-user environment would require the scanning and exploitation of local security flaws which would involve more complexity. If you can obtain privilege escalation on a server, you might as well steal anything of value on the system rather than copy your payload to ls (where it's bound to see significant redistribution!) That doesn't mean that the viruses written for Windows or DOS before it are trivial, because some of them are quite clever.

Number 3 targets all systems already and the best target isn't your home computer but rather company servers.

No, these are both excellent targets. The home user is constantly buying things from ebay, amazon, and so forth. They have the worst record-keeping and the least competetent administrators. And probably the best amateur porn around.

That said, I don't want you to feel that I'm saying Windows is swiss cheese.

It really has nothing to do with Windows being insecure or not. It's merely a matter of recognizing that interest and impact follow usage, and a homogeneous computing environment relying on the current methods of providing system integrity is always going to be the prime target. A sufficiently-constrained system with different design priorities, say one that required signing and proof-carrying for example, would be a more difficult target than even the most up-to-date Windows XP Home or MacOS X installation. But despite the challenges that would impose, if that were the single system 90% of the market turned to it would be just as appealing and the ramifications of flaws would be just as severe.

I'm going to give this one last try, if you continue arguing I'm just going to ignore you after that because I've got other stuff to do.

You're argument that Windows is less secure because it's more popular is a common unproven theory which I consider flawed to the point of being a blatant lie.

Yes Windows has a huge user base, but everyone taking advantage of that is competing over that user base. People don't want botnets on machines infected with viruses and all sorts of other malware because those would be crippled if there was too much garbage on them and they'd be worthless. The same goes for virus writers, they don't care for computers that are already full of viruses or malware because they would be more or less crippled and wouldn't have much bandwidth to spare for propagating those viruses. I doubt hackers get much in the way of bragging rights or an adrenaline rush out of cracking yet another Windows box.

I don't know exact figures, but I would estimate that Linux and Mac OS X each have a minimum user base of one million, that is hardly obscure and it's not hard to find on the internet. That is a target which according to you is untouched because it's "obscurity" makes it secure. According to your line of thought that they would be just as insecure as windows given the same user base it must then be assumed that crackers would be able to exploit those systems just as easily as Windows. So why then would they compete over a crowded market instead of going after a clean one, why fight amongst each other over the Windows machines instead of going after what is an unspoilt mass of Linux, Solaris and OS X machines? The answer is simple, it's harder, and it's harder because those operating systems are more secure by nature, not by obscurity. As for hackers, don't you think they'd get bigger bragging rights for breaking into a system that people consider more secure like Linux, Solaris or OS X than they would by breaking into a Windows system like every other hacker and script kiddie out there, I imagine they'd get a far greater kick trying to break through SELinux than they would going after Windows.

See that burning thing crashing to the ground, that's your argument. Now please stop being irrational. I've layed out my case flatly right here, and no it's not a direct reply to your above post, it's a reply to your main points throughout the entire argument. I won't be lead on a wild goose chase until you're either too frustrated to continue, or you somehow think you've proven yourself right.