 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Jul 20, 2011 at 08:44:52PM -0400, MBR wrote: > On 7/20/2011 8:01 PM, Richard Pieri wrote: > > Macintosh is a much harder target than Windows/NT simply because of > > the OS architecture. Similarly, Linux is a harder target than Windows > > for reasons similar to Macintosh. > Besides the fact that users generally aren't logged in as root, what > other aspects of the Unix/Mac/Linux architecture make Unix a harder > target than Windows? There is a long-standing class of vulnerabilities in Windows related to the close coupling of the graphics driver, the kernel, and the application interface. As a result, it's usually trivial for any code to escalate privileges and gain complete control. More recently, the decision to pull many of the IE browser components into the general graphics interface has meant that code from the net -- JavaScript, PDF, etc. -- has also had an easy time escalating privileges. And Microsoft only started thinking of security as a priority in the last five or six years. Prior to that, it wasn't even on the nominal checklist. I'll also dare to suggest that the closed-source nature of Windows meant that the OS programmers felt a much more profound faith in security by obscurity than was ever justified. Microsoft applications divisions -- Word, Excel, and the rest of the Office moneymakers -- made decisions impacting the OS. Sometimes they used function calls that were not documented for anyone else's perusal. Features generally took priority over anything else. By way of contrast, most Unixoid systems have relatively few big apps running on top, and those are almost universally written with an eye towards portability. The division of code between kernel and system and application is much clearer, and subsystems are expected to work in isolation, and are frequently replaceable. There's more competition among DHCP clients in Linux, for instance, because the market doesn't even exist elsewhere. -dsr- -dsr- -- http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference. You can't fight for freedom by taking away rights.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
