system security

Eugene Leitl (eugene.leitl@lrz.uni-muenchen.de)
Fri, 20 Nov 1998 00:26:03 +0100

Mike Linksvayer writes:
> The obvious and politically correct answer:
> * Encourage the use of open source software -- security holes are
> found and fixed faster.

Faster, yes. However Linux nor FreeBSD is immune, and 95% of all installations will succumb if you apply tricks pulled out of last year's bugtraq traffic. There are no mechanisms to distribute authenticated kernel patches via network and automagically recompiling the kernel periodically. Paradoxically, one of the more secure systems is MacOS, a closed-shop system. By using well-cured TCP/IP implementations you can reduce the probability of a buffer overrun scan finding a hole within minutes, but you can't prevent it from happening altogther. And this doesn't at all address the application layer -- while applications are multiplying like flies. The only way to leave this behind is to step away from brittleware. Sorry, don't see this happening within one decade from now.

> * Don't create an environment in which hackers are treated harshly
> for relatively harmless exploits -- more holes found and faster,
> perhaps well-behaved worms are created to seek out and report
> exploitable holes.

A measureable, but minor effect.

> Obscurity and diversity seem very different to me. I don't know if

Ok. Macs (Be? OS/2?) are rarely used by hackers, hence the exploits are rare. Same applies to switch/router firmware. That's obscurity. If you have a 100 types of systems, each with a 1% market share, no worm is ever an issue. Civilization doesn't collapse if 1% of all systems are suddenly taken out of circulation. (I know this for certain, since the percentile of crashed M$ boxen at this instant is probably significantly higher than 1% ;)

> increasing system diversity is an observable trend now, but it's
> easy to think of reasons why it won't decrease and will likely
> increase:

Marginally. You've got mostly a redistribution of market shares.

> * I'd guess that unix, Microsoft, Macintosh, and various network
> hardware accounts for nearly all of the systems on the net now.
> None of these are going away.

Microsoft contributes the bulk, with Mac ranging at less than 10% and Unix (well, Linux actually) a more or less close third. Network firmware will be Cisco and Bay Networks mostly, eh?

> * Both dominant providers are facing perilous product transitions
> (Microsoft Win9x -> Win2k, Intel IA32 -> IA64). Each is very
> likely to lose market share for this and other reasons, opening
> up the field for new systems.

I think there is much conservation within software product families, rendering derivates susceptible. Diversity of machine languages is a major bulwark against system perversion, however. Even if the hole is the same, the code will crash on a different architecture. Intel recently pushing StrongARM, rediscovering Linux and Compaq enamoured with Alpha does seem like a good thing, but some ten architectures none of them dominating the market share? Improbable.

> * Everything else that isn't connected but likely will be at some
> point (phones, TVs, handhelds, electronic pets, etc.), adding
> lots of diversity. This could be a problem though -- many of

Yeah, 'diversity' as in 'Java'. Show me a bugless VM implementation.

> these devices will probably be very insecure and unpatchable.

ciao,
'gene

P.S. Heard Drexler for the first time in person, today. Excellent speaker.