I agree with your observations about F&P services and IE, but that is not a security methodology but an application functionality / API methodology.
Windows is still a bit more monolithic in its foundation than *nix is, with the apparent goal being that 3rd parties will have an easier time layering on functionality, because the underpinnings are more consistent across the board. The advantage is that many more features are assumed to exist in a default Windows installation. The disadvantage is that hackers can exploit many more features which are assumed to exist in a default Windows installation. They've made some improvements in how much is available, and how much of it is configurable over the years, especially for the server installations, but the Windows "kernel" is a wee bit heftier than the *nix kernels. Interestingly enough, Windows is trying to slim down somewhat (to address performance and security), and Linux has been bulking up over time (to address ease and consistency of installation for novices). -*ASB*: http://XeeSM.com/AndrewBaker <http://xeesm.com/AndrewBaker> Providing Competitive Advantage through Effective IT Leadership -ASB: http://XeeSM.com/AndrewBaker Providing Competitive Advantage through Effective IT Leadership On Mon, Sep 28, 2009 at 4:46 PM, Ben Scott <[email protected]> wrote: > On Mon, Sep 28, 2009 at 4:05 PM, <[email protected]> wrote: > > Most Windows security issues today have little to do with Windows > "security model" > > This I mostly agree with. > > I think there are advantages in the *nix world, but none of those > areas are currently being widely exploited by attackers. The > widespread attacks are all about tricking lusers into willing > installing malware, and the exploit-of-the-week in commonly exposed > software. > > One thing I find intriguing is the idea of "integrity levels" > (introduced with Vista). They're essentially a concept of how much > trust one puts in a process, within a single user account. So, for > example, a user's web browser process can have fewer privileges than > their word processor. I don't think it's much help against the > current attacks (lusers just willingly elevate the stuff anyway), and > it's not much taken advantage of in current code, but I think the > potential is there. > > *nix doesn't really have a concept like that yet. I think you might > be able to do it with MACLs and SELinux, but I don't think anyone is, > "out of the box". > > > Most vulnerabilities today are actually in applications, not the OS. > > One problem with that statement is Microsoft keeps blurring the line > between "application" and "OS". One example being that I still need > to reboot my "OS" when Microsoft's web browser "application" gets an > update. :-p > > Another example is file and print services. They're still part of > the system core, even with Win 2008. In the world of *nix, I can > update Samba for a security fix, and all I need to do is restart my > Samba services. On Windows, an update to SRV.SYS still means a > reboot. > > Further, penetration of Samba does not automatically mean a system > compromise. It's not a kernel process. (Although a Samba exploit > often does mean system compromise, because Samba still runs the common > service processes as "root", partly because of need, but also because > nobody wants to take on the task of reorganizing the code to > facilitate privilege separation. Microsoft appears to have the same > issue. Except Microsoft is charging me big bucks to have them not do > it.) > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
