Interesting claim as to why GNU/Linux is more secure than Windows

Discussion in 'OT Technology' started by piratepenguin, Feb 7, 2007.

  1. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    http://blogs.zdnet.com/threatchaos/?p=311

    It presents images of all the system calls made by a Windows + IIS and GNU/Linux + apache machine.. One is significantly more complex than the other, and it claims "In its long evolution, Windows has grown so complicated that it is harder to secure."
     
  2. zero xeal

    zero xeal Guest

    Plus theres the fact that most people writing malacious code other than exploits target windows because the use linux on their homebox.

    I cant do full disk encryption with watermarking, advanced ACL's for all executables, and custom kernel patches for winblows either.
     
  3. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Windows certainly does suffer from its evolution as a single-user OS, though NT obviously does a lot better with that than 9x did.

    I don't know what zero xeal means by "advanced ACL's for all executables", but you can custom-patch the Windows kernel by shutting off Windows File Protection or by using the install CD to login using Restore Mode. Also, NTFS does support transparent file encryption, though without being familiar with what you mean by "watermarking", I can't say whether Windows does that or not.
     
  4. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    It certainly does.
    I'm guessing (this really isn't my area of expertise) he's referring to SELinux - it provides VERY powerful methods towards security (...developed by the NSA).
    Custom patch the Windows kernel!? This is news to me.. What crazy crazy people do this? What patches have been developed?
    I don't know what watermarking means either, but I was looking at filesystem encryption today (since I'm looking at backing up my databases which contain passwords and shtuff onto my ipod when I recharge it, and they should be encrypted - this power is one reason I love GNU/Linux. It might be possible in Windows, but I bet GNU/Linux dwarfs Windows in accessability/usability (I'd nearly be reluctant to call myself a programmer) in these places ;)). There are a bunch of security issues (with at least Windows 2000) with NTFS encryption @ http://en.wikipedia.org/wiki/Encrypting_File_System#Security More applicable is probably this:http://en.wikipedia.org/wiki/Filesystem-level_encryption
    Linux has many more choices - many proven. One I've found very interesting is the IBM developed encryptfs: http://kernelnewbies.org/Linux_2_6_19#head-84bff1fcee3ba49a9c8b0a4ab3adf1f98cfed364
    (the more proven) dm-crypt (which achieves nearly the same thing) is very cool too.

    Also, I think file level encryption (which is probably what I'll go with for my databases - using GPG (provided by pretty much all GNU/Linux distros), reading the manual now) is very important as well as filesystem and disk level.
     
  5. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    The version of NTFS that Windows 2000 supports has problems with data corruption when using NTFS compression, as well as security problems when using NTFS encryption. In the version of NTFS that Windows XP/2003 supports, these problems have been fixed. However, to my knowledge the NTFS encryption still doesn't extend to covering MFT entries -- frankly, it had never even occurred to me to want to do this, but I guess data is more secure when the bad guys can't even be sure it's there.

    I don't know of any substantial kernel patches for Windows, I just know that it IS doable.
     
  6. zero xeal

    zero xeal Guest

    Yea I was talking about SElinux. MS has a shitty history when it comes to cryptography IE there hashing for passwords so I wouldn't trust whatever filesystem / folder encryption they dole out. By watermarking I was reffering to integrity checks on encrypted partitions, so you can validate that no one has touched your data since you powered your machine down.

    You cant so much patch the windows kernel as you can play with services and options. My present standpoint is that microsoft is incapable of making an operating system that lives up to its price tag. Can't wait until we see corperate versions of linux for workstation usage... its only a matter of time :o
     
  7. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    Seriously!?? Since Windows 2000 is still supported by Microsoft, since MS got so much money out of it, I would expect nothing less than that these issues would be patched.

    I know plenty of people who claim Windows 2000 is the best MS OS release ever. I've used it, and I well see where they're coming from! Patched, does it seriously have these problems with NTFS?

    Goddamn GPG is some piece of software.. What I needa see now is it more integrated with distros like Ubuntu. Seahorse might do it for us. (an ubuntu bug report)
     
  8. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    I've had persistent problems with Windows 2000 NTFS compression causing data loss ever since Win2k first was released, on all different kinds of hardware and with different service packs installed, and I'm not the only one who's had that experience; when I wanted to use NTFS compression on the workstations at my office, I had to convince my boss AND his boss that Windows XP wasn't going to suffer the same file-corruption problems that the older Win2k computers did. (They had tried it once before and had apparently caused the loss of a rather large map database -- it took them weeks to rebuild it.)
     

Share This Page