Linked by Thom Holwerda on Fri 5th Jan 2007 20:11 UTC, submitted by sogabe
Zeta MauriceK writes about security in the ZETA operating system. Apparently magnussoft, sole distributor of ZETA, makes security claims [on the German version] that with ZETA "it is not possible to examine a system from the outside without notifying the user due to the architecture of this software." MauriceK seems to think differently, and even gives examples on how code can be executed without the user's knowledge in ZETA. In related news, BeUnited is no more. Instant update: the discussion concerning security just made its appearance on the Haiku m-l.
Thread beginning with comment 198855
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Not secure
by Valhalla on Fri 5th Jan 2007 23:16 UTC in reply to "Not secure"
Valhalla
Member since:
2006-01-24

Eugenia wrote:
-"Zeta and BeOS were never that secure. It was not developed as a secure OS and the engineers never paid any attention to security in any major way."

of course not, security was not exactly a major focus in desktop os'es back then. nor was the internet as hostile.

Zeta builds on the Dano code iirc, so unless they've made alot of security oriented changes it is likely just as (un)safe as Beos was.

that said, the statement was -"it is not possible to examine a system from the outside without notifying the user due to the architecture of this software." all the examples from MauriceK where of abuses from the inside, in other words, it requires user action, like executing a malicious program. if he had shown examples that remotely connected and executed code on a zeta machine then it would have made some sense in this context.

Reply Parent Score: 4

RE[2]: Not secure
by molnarcs on Sat 6th Jan 2007 14:56 in reply to "RE: Not secure"
molnarcs Member since:
2005-09-10

the statement was -"it is not possible to examine a system from the outside without notifying the user due to the architecture of this software." all the examples from MauriceK where of abuses from the inside, in other words, it requires user action, like executing a malicious program. if he had shown examples that remotely connected and executed code on a zeta machine then it would have made some sense in this context.

The vast majority of security issues with WinXP is due to attacks from the inside, malicious code that found its way to your hard-drive. The statement Maurice set out to debunk is completely bogus. You can make the same claim of any OS, including win98 ;) ... until you ran an application that has remote code execution vulnerability. Or what about portscans - you can use use nmap to scan a Zeta machine, which surely qualifies as an examination from the outside ;) )) But jokes aside, what Maurice shows is that due to the "architecture of this software," it is very very easy to hide malicious software on the system without the user having any chance to notice them. Of course this depends on user-interaction, and once the code is on your puter, it qualifies as an "inside" attack vector, but still, the original statement is false (as in meaningless), and its only purpose is to lull users into a false sense of security.

Reply Parent Score: 2