Microsoft, Monocultures, Security FUD & Other Fun 509
techiemac writes "Dan Geer, who has been mentioned on Slashdot before due to his warnings about Microsoft's "monoculture" has just been written up by AP for his warnings about the widespread use of Microsoft products and the serious security flaws that are being discovered. This story is quickly becomming big news (Yahoo is currently carrying it on their front page). For those who don't know, Dan Greer was fired from @Stake Inc for his criticism of Microsoft (they are a big client of @Stake Inc). " Somewhat related, there has been interesting reaction pieces on ORA and OSDN to a recent, some say ill-informed article run on DevX.
not the first time... (Score:5, Informative)
For those who don't know... (Score:3, Informative)
Dan Greer was not fired because he criticized Microsoft. He was fired because he published his opinions about the Microsoft monoculture without making it clear that those were his personal opinions and not those of @Stake.
Re:Open for exploit (Score:3, Informative)
Remember, there was lots of food being grown in Ireland during said famine; but it was being exported to England.
The monoculture threat is real (Score:4, Informative)
Solution: Multi-OS Boxes (Score:5, Informative)
On high-reliability systems (Space Shuttle [gvsu.edu] & X-29 [nasa.gov] flight controls), multiple redundant subprocessors attempt to compute the same answer. If the subprocessors get different answers, the majority-rules and the system logs the exception. If each processor ran independent code, then exploits of any one codebase would be detected and disinfected. A multi-system with one exploited/infected codebase would continue running while ignoring the output of the infected subprocessor.
The system would still have some vulnerabilties. Simultaneous attack on a majority of the codebases might succeed in redefinig the majority to suit the malware. Also, codebase independence is very hard. More than likely several codebases might share the same fault (e.g. a buffer overrun bug). Attacks on the overseer/majority-rules system might also succeed. Finally, if the standard has an exploit (e.g., decrypting WiFi WEP), then all codebases implementing the standard are vulnerable.
The biggest downside is bloat and cost. But at least it would give people a reason to buy the latest greatest chips from Intel, AMD, IBM, etc.
Some things the DoD and others do... (Score:5, Informative)
Anyway, something the DoD and others have done for some time is to have triple barriers for certain things like firewalls. So instead of having the same firewall product and system all over the place, for each firewall, you have a series of 3 systems: one is a "hardware" firewall (an appliance basically), followed by two different firewall products running on two different architectures. This way a single flaw on one firewall or system will not comprimise overall security.
They also turn the IT infrastructure into compartments, each walled out with firewall groups. So you have one compartment for front-end servers, one for desktop users, one for your data, etc.
Yeah it adds to complexity, but this is what the paranoid types do to give themselves peace of mind.
Re:Hate to admit it... (Score:3, Informative)
At least get the name right: (Score:4, Informative)
-dave
Re:For those who don't know... (Score:5, Informative)
Re:WARNING! (Score:4, Informative)
The integration of the browser's ability to directly run code in Windows is the big hole that Microsoft has failed to fix. Integration of user software, such as Outlook or Office, directly to the operating system makes Windows the virtual equivalent of a petri dish for the internet and giving every 11 year old hacker the ability to cripple corporate networks globally.
Re:What Microsoft doesn't want is *Standards* (Score:2, Informative)
http://www.pbs.org/cringely/pulpit/pul
html
And it if can't own the standard, then it will make the standard as complex as possible as to deter enterance - I give you SOAP as a first exhibit.
h
Re:I hope he's wrong ... (Score:5, Informative)
I work as a consultant in Health IT and I'll give you 5 that I've found in my travels.
1. Pharmacy systems
2. Allergy interaction checking systems
3. Dietary system, wrong or delayed diets can kill a patient
4. Workstations in the ER that have access to critical applications and patient charts
5. Workstations that communicate with the ambulence and med chopper teams
Re:I guess ... (Score:3, Informative)
And here I thought all this time it was "No one ever got fired for choosing IBM".
Re:Open for exploit (Score:1, Informative)
Re:I hope he's wrong ... (Score:4, Informative)
http://www.salon.com/tech/feature/2003/12/16/bl
Re:I hope he's wrong ... (Score:2, Informative)
Ok, I'll bite. How about the USS Yorktown shutdown in 1997. A Windows NT bug crashed their engine control system and required that they be towed to port. Dockside repairs took several days. You can get the full story here [gcn.com].
Had this happened in a battle, it would have likely resulted in loss of life and probably the ship.
Re:MS Open Source Is Fertile Ground for Foul Play (Score:5, Informative)
Copyright is _NOT_ patent. You can read copyrighted work and then write something similar by yourself. Copyright does not protect ideas, structures, algorithms or data formats. Copyright protectes the actual code - copy/pasting or recopying Windows code into Free Software would be disastrous. Reading Windows source code to understand protocols or formats and then writing your own Free implementation is not.
Of course, you're not allowed to have windows source code at first, and you can be sued for having it. Not for writing source code with the knowledge you gained for it; the same way that reverse engineering is fordbidden in US, but if you use reverse to write Samba or a XFree driver, Samba or the driver will be legal. You can be sued if it's proven you used reverse, but your code will not.
Re:I hope he's wrong ... (Score:1, Informative)
Damn thing would beep when my heart rate went below a threshold value, which happened only when I slept. Long night.
Derek
WRONG! stop the lies (was Re:Interesting spin ...) (Score:4, Informative)
Yeah, without Microsoft products, Al Gore couldn't have invented the internet.
I see my mission now.. to reply to every post with this lame ass joke with information about how it is NOT TRUE. You've heard of snopes.com, the Urban Legends Reference Pages? Please read this article [snopes.com] before posting this lie. The proper joke would be, "Al Gore says he took the initiative in creating the Internet!". While certainly a poor choice of words for Mr. Gore even in context of the interview, he did not claim to invent the Internet.
That goes for you too, moderators. This cliche is certainly not +5 Funny and you know it.
Re:MS Open Source Is Fertile Ground for Foul Play (Score:5, Informative)
If absolutely nothing else, you can do the reverse engineering in the UK, where reverse engineering is explicitly allowed by law. The law even says that regardless of EULA terms, you can decompile software.
Re:I hope he's wrong ... (Score:3, Informative)
Had this happened in a battle, it would have likely resulted in loss of life and probably the ship.
Nice attempt at FUD there, skippy. It's a pity you're misinformed and ignorant of the true facts.
In a letter to the "Comment and Discussion" department, published in the Aug 98 Naval Institute Proceedings, page 22, Captain Richard T. Rushton, then-CO of Yorktown, categorically states:
Or this one: http://www.cs.virginia.edu/~survive/NEWS/news003.
http://www.gcn.com/archives/gcn/1998/november9/6.
So all in all, it doesn't sound like the system crashed to me... You can't bring back a dead system by changing data in a field. You can't even change the data if the system is down.
Re:WRONG! stop the lies (was Re:Interesting spin . (Score:1, Informative)
Re:MS Open Source Is Fertile Ground for Foul Play (Score:2, Informative)
For UK, it's true, but not only for UK, most European countries (including France and Germany) have similar laws: reverse engineering is allowed for interoperability, whatever the EULA says.
The same was done for the European patents directive: the version that was voted by the European Parliament includes a specific clause allowing to bypass patents for interoperability reasons.
Re:I hope he's wrong ... (Score:2, Informative)
Last I knew, the New York Stock Exchange ran on NT. Also, I happen to know that many airline dispatch systems run on NT as well. I've never heard M$ say not to use their OS.
May be legal, but also stupid (Score:5, Informative)
To the letter of the law, that's true. However, there's also something called plagiarism which DOES NOT have to be a "cut-n-paste," but can be a situation in which I looked at your work and implemented my version in much the same way. That is a potentially illegal breach of copyright in software just as it is in school with papers.
As such, the best way to protect oneself from copyright violations is complete ignorance of anything one might potentially infringe. As you say, an implementation is not copyrightable, so if you have never seen someone eles's implementation, you're clean. Basically, proving you've seen someone else's code can be damaging if you get sued for violation. You don't want that. And there's no reason to make the first critical part of their case for them.
Of course, this is what makes copyright different than patent, as you say. Ignorance does not protect one from patent violations (although it can with regard to penalties, which can be trebled given intent, I believe). Ignorance aka "cleanroom implementation" DOES give complete immunity with regard to potential copyright violations.
Re:Monoculture not just a Microsoft phenomenon (Score:3, Informative)
I know of only one application that uses deflate but does not use zlib: putty (Windows ssh client). Excellent code, uses own zlib implementation partly to avoid monoculture, partly for other (very good) reasons.
Another culprit is OpenSSL. I'd REALLY like to see a nonrestrictive-licensed (BSD or public domain, not GPL) API-compatible OpenSSL alternative. In fact, I'm considering doing it myself, but I'm not fooling myself about how much work this is.
Other (smaller) examples: MD5. All code I've seen uses the same public domain MD5 implementation. The code is short enough that security shouldn't be an issue, but it's still a bit strange that everyone uses the same code when MD5 is a publicized Internet standard.
One really dangerous example is ASN.1. This is so horribly complex (commitee-designed) that nobody would want to implement an ASN.1 encoder/decoder when a public domain implementation exists, so everybody uses the same code. This is the code that caused those SNMP vulnerabilities a while ago: good example of code monoculture since it affected *nix, Windows and even embedded stuff like Cisco IOS.
Re:I hope he's wrong ... (Score:2, Informative)
I'd say that the moron who deployed such systems (YOU!) is more responsible here than Windows itself.
Re:They still don't get it (Score:2, Informative)
Unfortunately you've got this exactly backwards.
Ok, let's start with the Unix permission model: r/w/x for user, group, or everyone. That's it w/o adding additional software.
Windows uses ACLs by default, so you can say only Joe and Sally have access to this (with no relationship between Joe and Sally). Eg, and administrator could setup a %ProgramFiles%\Oracle and let you install anything you want below it. You could also create groups of course, and put Joe and Sally into the DBA group.
As for your registry needs admin access, this is completely incorrect. Registry access is fully ACLed just like file access (and just like so many other things in NT: threads, mutexes, pipes, services, printers, etc... [microsoft.com]). Now, you can't put permissions on an individual value but you can put permissions on the keys. So, again you could be given the proper permissions necessary to modify the portions of the registry you need to.
There are tricky parts on the registry. For COM objects for example you need to update the key HKCR\CLSID and probably HCKR it's self. You'd need to setup it up so that your account has these permissions: Query Value, Create Subkey & Enumerate Subkeys. That'd let you insert values, and the pre-existing CREATOR OWNER value gives you full control of the subkeys you created. Now you can add any new COM objects to the system, but you can't delete/edit the ones that are there.
So in NT you have one security model that applies to a diverse range of objects throughout the entire system. In Unix you have users, groups, and access control on files. This almost works very well in Unix because "everything is a file" - the only problem is not quite everything is a file (is a process a file? a thread? are the posix threading APIs and objects files? how about the entries within a config file? are those file? - unfortunately the answer to all of these is NO).
So I think in practice you'll find that NT's security model is not only more finer grained in the permissions that can be handed out, but is also more fine grained in the objects that can have access control applied to them.
Automating Admin Tasks (Score:1, Informative)
If you're looking to automate administration tasks, might I suggest you take a look at cfengine [iu.hio.no]?
Re:I hope he's wrong ... (Score:2, Informative)
I was unable to find a link that explained the situation in more (technical) detail. If you have a link that would indicate specifically whether the operating system of the computer running the database software was still alive or not after the crash, then that would be helpful. Otherwise the issue remains unclear.
Here you go:
http://www.gcn.com/archives/gcn/1998/november9/6.
Re:Interesting spin ... (Score:3, Informative)
Ximian Evolution -- Certainly the look and feel is outlookish, but unified calendar / contact / task / email clients are old hat, and far pre-date Outlook. Outlook just had (arguably) the best UI, though it was often quirky and hard to use. One of Evolution's best features, though, is its virtual mailbox handling which is a hybrid of VM (Emacs) and mutt handling.
Mozilla -- This one Microsoft had nothing to do with, though they did push Netscape's development cycles, that was just competition, not a reaction to MS' closed products per se. Mozilla is the child of Netscape and Netscape was a re-implementation of Mosaic from scratch... interestingly Microsoft's IE is a descendent of another Mosaic variant: Spyglass.
Re:They still don't get it (Score:3, Informative)
Except that you are wrong. The user that is created when you first launch Windows XP always has administrative privileges by default. So, a "stupid windows user" actually has to remove himself from administrators group and set up a separate account with more limited privileges, and then always use that account. I don't know anybody who has done this, or even is aware that there are more security risks if they don't.
Besides, most windows users (and even many apps written for them) still view a Windows box as a single-user system. i.e., when I use Linux, I can't arbitrarily store my files outside of my home directory without becoming root or another user. In contrast, most Windows users that I know, store their files all over the place under C:\, D:\ or whatever.
I'm not sure, if even MS decided to take administrative rights away from the default user, how many apps that would break or not be able to run under that user at all due to lack of privileges to read/write outside your home directory. Maybe, by the time Longhorn comes around, I am guessing, it won't be as much of an issue.
I don't know how many are running Win2K, but, again, XP default user has administrative privileges. You retract a little from your previous statement - yes, XP gives you "power" to create a user with less rights, but how many Sixpacks do it? I don't know of any.
Re:Which Culture? (Score:1, Informative)
If number of vulnerabilities were comparable it might be fair.
If Windows 2000 came with several pop, imap, http, and ssh servers and many office suites and email clients and browsers then it might be a fair comparison. Redhat ships (er, shipped) with every bit of software you might need -- compare the entire range of Microsoft software to Redhat's and that might be a fairer comparison.