Actually, there was quite a bit of focus on security back in the 70s
and 80s, but the topology employed for scalable computing was
vulnerable to different threats. The prevailing notion was that ever
larger CPUs would be timeshared as computing utilities by multiple
organizations. The concern was thus on protecting one running
application from another sharing the same CPU and memory; this was
the genesis of Saltzer's work on mutually suspicious subsystems, ring-
based protection mechanisms, and capability-based architectures.
Multics was the poster child for this approach, and survived some
close encounters with MIT hackers, as mentioned in
http://en.wikipedia.org/wiki/Multics . Many of these ideas were later
implemented in the DEC VAX and DG Eagle.
Unix was developed by members of ATT's Multics team inspired by the
idea that lots of overhead could be eliminated by running on a less
expensive CPU dedicated to one user -- initially, a DEC PDP-7.
Security was one of the first things they threw overboard! Many
operating systems designed in the 80s made this tradeoff, encouraged
by the explosive price/performance increases of single-user
microprocessor-based machines; Microsoft's DOS and Windows were no
exception.
It was the Internet that pulled the rug out. Suddenly, PCs running
operating systems that assumed physical security were being attached
to uncontrolled networks. Microsoft never claimed that Windows 95
provided the appropriate protection for an internet-based world. Home
users can be forgiven for not understanding the impact of this
shortcoming, but the commercial world certainly understood the risks
of deploying Windows on open networks, if for no other reason that
Sun, Apollo, HP, and DEC sales reps were screaming about it at the
top of their lungs. As usual, short-term thinking prevailed.
Comparing the current positions of Sun, Apollo, HP, DEC, and
Microsoft, who made the right business decision? I hate it when that
happens.
It would have been nice if Microsoft had followed up on its
impressive mid-90's "internet shift" with a version of Windows
designed from the ground up to handle the internet's threat
environment, but software engineering at this scale has never been
their forte, as Cairo/WinFS/Longhorn/Vista has demonstrated.
73,
Dave, AA6YQ
--- In [email protected], "Peter G. Viscarola"
<[EMAIL PROTECTED]> wrote:
>
> >
> >Unix was *always* secure and Linux flowed out of Unix
> >as did BSD. Unix is very old.
> >
>
> I don't know what you're background in the computer field is, and I
> don't mean to turn this into a resume review, but I've been writing
> operating systems and OS-level components since, oh, 1978. Your
> statement that "Unix was *always* secure" is *entirely* inaccurate.
>
> First, let me very clearly state my comments are restricted to
> commercial operating systems -- not special purpose military
operating
> systems.
>
> Next, I can categorically state that *no* commercial operating
system
> written in the 70's or 80's was "secure" as we mean the term today.
> When we wrote operating systems code back then, we didn't fully
> appreciate threats such as elevation of privilege, buffer
overflows, or
> code-injection (to name a few and to keep things simple). We never
even
> considered the possibility that some kid in his bedroom in would
spend
> DAYS sending every undocumented system service code to the OS, or
every
> possible I/O Function Code to every driver, just to see what it did
to
> the system. This was largely because, back then, we could never
> anticipate some kid in his bedroom having access to a computer
(Heck,*I*
> didn't even have a computer *terminal* in my office back then).
Cuz,
> back then, the smallest computer was as big as your refrigerator and
> cost $200K (in 1978 dollars).
>
> I can tell you with absolute certainty that -- back in the day --
even
> code written for *highly* secure and sensitive defense department
> systems (NOTE: THAT ARE NO LONGER IN USE) was written in such a way
that
> it would not pass even the most trivial level of threat analysis
that is
> routinely performed on almost ANY commercial code today.
>
> In this way, Unix was *never* any more secure than any other OS
written
> during that time. I was there. I've read the code and I was one
of the
> people who WROTE the code (mostly device drivers) that ran as part
of
> these operating systems.
>
> >
> >MS *chose* to not implement security due to profit
> >considerations and the impossbility of security because
> >of the wide-open-everything-executes-in-root structure.
> >It was a marketing and technological nightmare -- I
> >remember it well as a systems manager and consultant.
> >
>
> Here are you referring to a different level of "security". The
> questions of (a) what protections does the OS provide, (b) what
privs
> are required to do things question, and (3) what are the default
account
> settings on a system.
>
> In the context of what protections are available and privs are
required,
> Unix-based systems have a rather coarse-grained security structure,
> whereas Windows-based systems stemming from the Windows NT tree
(thus,
> starting with Windows 2000) have always had a rather fine-grained
> security structure. Consider that it's possible to grant or
withhold
> individual privileges to individual Windows users. Further,
consider
> the security capabilities of the NTFS file system where you can
grant or
> withhold to a single, specific, user the privilege to access a
specific
> file in a specific way. So, for a simple example, I could set the
> security on a file that says UserX can READ the file but not write
it
> and when they do, I want an audit event written that says when they
read
> it.
>
> Again, by the measurement of what security policies and protections
are
> AVAILBLE, Unix-based systems including Linux are NOT more inherently
> secure than any Windows based on Windows NT (which was introduced in
> 1993 and is the basis for Windows 2000, XP, and Vista).
>
> In terms of DEFAULT security policies: YES. Windows DEFAULT
security
> policies have been open. By DEFAULT most home users have been
granted
> administrative access to their systems. This allows them to install
> drivers, update the O/S, and do similar things without having to
logout
> of their user account and log back in as an administrator. In
> retrospect, this was probably a bad idea. Well, perhaps a VERY bad
idea.
>
> The prevailing thinking at Microsoft for years was "we want just
about
> everything to be do-able by a user without having to login and
logout"
> and "we want defaults for things setup so everything just works."
This
> approach made sense back in the days when it was first taken...
When the
> world was a safer place and the internet (didn't exist or certainly)
> wasn't nearly so prevalent.
>
> The world has changed over the past few years and so has the policy
at
> Microsoft. The policy is now "secure by default" even if it breaks
> stuff.
>
> In retrospect, did Unix-derived systems make a better choice? They
made
> a more secure choice, certainly, not having users run with "root"
privs
> by default and making folks authenticate to gain such privs. From
our
> vantage point in 2007, this was clearly a better choice.
>
> >
> >Now I donate to many Linux developers because I
> >want to support them. It is not about Free to me,
> >it is about choice and integrity and freedom from
> >abusive OS contracts and limitations.
> >
>
> That's good! In fact that's GREAT! Linux is a good and useful
> alternative -- as is OS/X -- for those who want to use it. There
have
> been strides made in the Linux space in recent years that Windows
may
> *never* be able to catch. For example, the idea of "live CD"
systems is
> pure genius -- Windows would probably implement the same thing, but
I
> suspect they can't figure out how to ensure that they make money on
such
> an idea (one CD, many copies, lots of systems... you see my point).
It's
> wonderful that there's a whole community that helps move the Linux
> platform forward with limited restrictions imposed by the motives of
> profit.
>
> But it is simply not technically accurate to say "Unix was always a
> secure OS and Windows was not."
>
> I might not know much about amateur radio, but I *do* know operating
> systems,
>
> de Peter K1PGV
> Disclaimer: I am not now, nor have I ever been, a member of the
> Communist Party, a Republican, a member of Al Qaeda, or an employee
of
> Microsoft Corporation.
>
