Microsoft Talks Back To Google's Security Claims 528
Kilrah_il writes "Yesterday there was a piece about Google ditching Windows for internal use because of security concerns. Now Microsoft is fighting back, claiming its products are the most secure — more than Google's and Apple's. 'When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else. And it's not just the hackers; third-party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.'"
Re:Both have problems (Score:5, Informative)
I don't like MS, though the truth is that with this last Windows, they are really more secure than others SO's, if you guys pay attention in the hacker championship, that one the gives a prize for the fastest hacker that invade one system, the fast invasion happens into Mac OS X, then Linux and Windows for last.
Oh, you mean Pwn2Own? 2010? Nope, Linux not tested. 2009? Nope, not tested. 2008? Can't be, the Sony Vaio running Ubuntu was never cracked [tippingpoint.com].
Anybody got results from 2007 or earlier? I can't find them.
Re:Both have problems (Score:5, Informative)
I always figured they hacked the prize they valued most and that's why Windows was on the bottom of the list.
Wrong. They always hacked the Mac because Apple is way easier to hack then Microsoft [threatpost.com]
From the links article:
This came in via e-mail: Many pundits have made a lot of the fact that the Mac was the first to be exploited in the Pwn2Own contest. Was the choice of the Mac as the first target because the hardware/operating system combo was more desirable as a prize than the commodity Windows laptops of the other competitors? Or was it just because Macintosh exploits occur with much less frequency than Windows exploits and would therefore be more newsworthy?
So until this year, applications on Apple were way easier to exploit than Windows. This is because Apple had weak ASLR and no DEP while Windows had full ASLR and DEP. This year, Snow Leopard has DEP, so its no longer trivial to exploit. In fact, I have lots of bugs in Safari that I easily could have exploited on Leopard but will be very difficult on Snow Leopard. So it used to be that that it was much worse, but now its mostly comparable (although still slightly behind)
And this is from Pwn2Own 2010.
Re:Security? (Score:3, Informative)
UAC in vista was more or less completely worthless because it was so intrusive that nearly everybody turned it off.
Only people who didn't read the directions turned it all the way off.
I turned it down so that it only pops up if I'm about to install something. Now it only pops up if I'm about to install something. Oboy, click this box to install; yeah, I meant to install that, thank you for checking. Like that's a big hassle. In general, because of the improved installation system, it's still a lot fewer clicks than it used to be.
Re:Both have problems (Score:2, Informative)
Re:Some Helpful Advise (Score:5, Informative)
I seem to remember the person that won the P0wn20wn contest stating that there are several security enhancements with regards to the memory stack that are not present in OSX but are in FreeBSD, Linux, and Vista.
But this may be things like the windows login being provably secure, but the firewire driver allowing you to end run the login screen.
Windows has security features that on paper make it look like it could be a very secure system, the problem is that once you have locked it down to use all the security features, you probably have to write your own applications, as most off the shelf windows software does not run in that type of environment.
Re:Both have problems (Score:4, Informative)
No, they aren't granted physical access. But they are allowed to set up a web server serving arbitrary content, for example, and then direct the person (who isn't one of them) using the laptop to open an URL on that website in the browser. I.e. it does not require the user to be entirely passive.
Re:OpenBSD Security is a Myth... (Score:4, Informative)
First line of the blog.
Firstly, I would to apologize for, and clarify the title of this article. I wanted to use a title which would hold attention and encourage discussion while remaining true to the argument I make. I certainly don’t mean to imply that OpenBSD is a horribly insecure operating system – it isn’t.
Comment removed (Score:3, Informative)
Re:Security? (Score:3, Informative)
All daemons with the exception of x.org were running under their own restricted user name accounts that were locked down enough to not touch the rest of the system while Windows runs daemons under various accounts including SYSTEM, LOCAL SERVICE, NETWORK SERVICE which all have varying degrees of access to the rest of the system which is how many Windows worms are capable of accessing the rest of the system.
It's perfectly possible to run services under other accounts, so it's not a security model problem.
This is more of an issue with default configuration, which no-one really bothers to change. I agree that it is still a problem, by the way, though there have been some changes in that department in MS products - e.g. SQL Server installer will try to force you to create a separate user account for its services.
I don't see how, gksudo is not wrapped around applications waiting for them to perform some operation that requires extra permissions and then prompting about it. It requires you run the command in question as the given user if you wish to do so.
That is precisely how UAC works, actually. A process cannot elevate itself via an UAC prompt. It can only spawn a new, elevated process. Furthermore, this can only be done explicitly - an app written without knowledge of UAC will not cause an elevation prompt to pop up by doing something it's not allowed to do. It'll just get an error code from the API call that it made which will amount to "permission denied".
Unlike UAC however, these commands are usually simplified in some way such as you will see it prompting to run '/usr/bin/updatedb' as gksudo rather than application want to do action "{0f15391e-105f-4b05-91e3-48b73c60ae63}". Even for power users, stuff like "{0f15391e-105f-4b05-91e3-48b73c60ae63}" makes no sense. Does that mean it's going to install adware in IE? Does that mean it's just going to read/write some configuration settings? No idea. At least with gksudo you could see exactly what script/command it was executing and investigate.
A well-behaved application will just provide descriptive text to UAC.
A malicious application can generate a temporary script with contents that contains the actual nasty stuff, but with a convincingly sounding name that is good enough to fool a casual user.
gksudo also is not vulnerable to window messaging APIs like UAC is, where by you can craft various specially crafted applications to push buttons and such (hint: just get the application to toggle compatibility flags to get around windows 7's fixes against that) which defeats the whole purpose of Microsoft locking down console 0, but alas...
Erm, that's the whole point of running UAC prompts on a separate desktop - no application can "push buttons and such" on it.
Your reference to some compatibility flags that, if I understand you correctly, let one work around that is interesting, but I'm not aware of such a thing. Can you provide references?
I can think of other things employed such as intrusion detection and elimination done on Linux via things like apparmor and selinux.
It's a good point, but how many desktop Linux distros run AppArmor or SELinux in practice (and I mean not just out of the box, but rather not disabled or dumbed down to the point of being useless immediately after install)?
And what about OS X?
Re:Security? (Score:3, Informative)
I think you have been living in the Windows reality distortion field too long. An application doesn't need "low level access" in order to do useful or even powerful things. To write a 3D modelling app, you don't need a kernel module to gain direct access to memory -- you just need good, proper, APIs such as OpenGL. User-mode drivers have proven to be quite useful in *NIX... take for example "fuse" file systems and the like. How nice would it be in Windows to be able to mount a CD/DVD ISO image or some other [virtual] file system without having to have administrator rights to accomplish this? *NIX can accomplish this rather trivially and securely. Don't need root, just need membership in a group with those focused privileges. (For example, a tty or dialout group that grants a member access to particular serial port/communications devices on the system.)
Windows is pretty much "need administrator access" for everything. There is "power user" access levels but it's usually quite useless. The Windows security model is great in some ways, but falls short in so many others.
Now as for what you just said, "for total security, [a program should not] accept data and also connect to the internet at the same time" I can't imagine how else one would run a web browser or even telnet. Having source code to verify what a program is likely doing answers that concern pretty well. Most of us know that we can't completely trust Microsoft Windows for the very reason you just mentioned -- we don't know for sure what it is doing. Is there REALLY a "genuine advantage"?
Re:Some Helpful Advise (Score:3, Informative)
Uninformed response is uninformed.
The easy money is not on Unix, it's on Windows. So Vladmir Q MalwareWriter wants to build a botnet to sell to spam or DDOS services, is he going to pick 1% of the worlds most powerful but well protected computers or 90% of computers where at least 60% of that market doesn't care about security in any meaningful way.
Yes, the big money is on UNIX, banks, stock exchanges and so forth but these orgs have dedicated security teams monitoring the systems 24/7. Like the GP said, do a quick cost/benefit analysis here, there is less money on Windows but it's dozens of orders of magnitude cheaper and easier to get. Ultimately, if you are doing something clandestine on someone elses equipment you do not want this noticed by the people using that equipment. How long would a trojan remain undetected in a bank?
But it is. Out of the box, Ubuntu (arguably, one of the weakest distro's in terms of *nix security) is miles ahead of Windows and Mac OSX (both still permit blank passwords).
Here's the rub, it is not easy to configure *nix to be less secure then Windows but it can be done. Mac OSX has almost done it (saved by the virtue that OSX does enforce separate user permissions). Windows and OS X are very difficult to secure properly unlike Linux and other *nixes. OS X makes it even more difficult because Apple insist on propagating a false sense of security around Macs (you cant get viruses, OS X is 100% safe). Security through obscurity, Mac's can get viruses and trojans the same way 90% of windows boxes get viruses and trojans, the user installs them and giving the user a false sense of security will only exacerbate this. If OSX gains a significant market share we will see OS X viruses becoming as abundant as Windows viruses because the biggest weakness for any system remains in the end user.
Re:Both have problems (Score:5, Informative)
All of these work without any user intervention, by default, on all running programs. Part of the OpenBSD developers' philosophy is that all code is buggy, and the system should do everything that it can to minimise the security impact of running buggy code.
Another part is that no one uses optional security measures. Windows NT has had fine-grained ACLs on all kernel objects from the start, yet people tend to leave Windows permissions wide open because they're hard. Even now, Fedora and Ubuntu documentation often says 'disable SELinux' for various things to work. It doesn't matter how secure SELinux or UAC is, if the end user disables it.