[Discuss] What do typical Linux users do WRT protecting their systems from malware
Richard Pieri
richard.pieri at gmail.com
Wed Jul 20 21:35:59 EDT 2011
On Jul 20, 2011, at 8:44 PM, MBR wrote:
>
> Besides the fact that users generally aren't logged in as root, what
> other aspects of the Unix/Mac/Linux architecture make Unix a harder
> target than Windows?
The oldest security flaw in Windows/NT, from 4.0 onward, has nothing to do with being logged in as root (Administrator). It is GDI, the Windows Graphics Device Interface. NT 4.0 "featured" the move of GDI and user I/O from ring 3 to ring 0. This resulted in significant performance improvements over NT 3.5. It also meant that non-privileged processes were given direct access to ring 0 -- full hardware privileges. The rest is sordid history.
Linux doesn't have hooks like this. DRI is an exception, I think, but don't quote me on that. Even if it is, DRI was designed with security in mind, and vulnerabilities can be easily fixed.
OS X's microkernel prohibits other code from running in ring 0. That's a feature of microkernel architectures.
--Rich P.
More information about the Discuss
mailing list