[Amps] Computer security (was Power Transformer)

[David Kirkby <david.kirkby@onetel.net>]

Ed Briggs wrote:

> Lots of factual errors here folks. 
I don't agree.

> It's important to distinguish between
> personal opinion and fact on matters like this, because some readers are
> likely to take the opinions as factual.
>  
True.

> First, there are lots and lots of vulnerabilities in Sparc and Solaris,
> lots. Have a look at
>
> http://search.cert.org/query.html?rq=0&ht=0&qp=&qs=&qc=&pw=100%25&ws=1&la=&qm=0&st=1&nh=25&lk=1&rf=2&oq=&rq=0&si=1&qt=sparc&col=certadv
Yes, so too are there in any operating system. However, SPARC systems 
tend to get exploited far less. Obviously there is less of them around. 
Where I work we have a large number of each (both SPARCs and PCs) and 
whilst the number of PCs  is about 5x as many as SPARCs, the number of 
successful attacks on PCs over a number of years is a lot higher that 
5:1. It's several years since a Sun was compromised - but PCs get 
compromised quite frequently.

PCs tend to get patched more often, whereas the SPARCs do not. This is 
leaving the SPARCs more open to attack, but in practice they are 
attacked far less than Windows PCs. Hence the IT people don't devote as 
much effort to patching them as PCs, since experience (over many years, 
with many machines) shows the number of attacks has been far less. With 
PCs, it is far more important to keep up to date with patches.

With hundreds of computers in a university environment (which means 
systems which allow logging in anywhere in the world), we would expect 
more attacks than commercial companies with much stricter access 
requirements.

Nobody in their right mind would consider running a PC now without 
anti-virus software. Yet few people would even bother on SPARCs. I never 
have bothered, and where I work we do not.

> so switching to Sparc to avoid exploits is simply not true, and even Sun
> wouldn't make that claim.
I'd maintain you are *far* less likely to get your system compromised 
than if running a Windoze PC, taking the same care to maintain each.

> The assertion that switching to Linux, Unix, or MAC will bring better
> security is also not true. Again, have a look that Cern or any of the other
> academic / government agencies that track these vulnerabilities.
>
> See
>
> http://search.cert.org/query.html?rq=0&ht=0&qp=&qs=&qc=&pw=100%25&ws=1&la=&qm=0&st=1&nh=25&lk=1&rf=2&oq=&rq=0&si=1&qt=Linux&col=certadv&x=15&y=1
Linux (on x86) suffers many of the problems of Windows - a lot of people 
own it. It is cheap to run. It is also a very powerful operating system, 
often run by people who don't really have a clue what they are doing. 
They get a copy of  Linux for x86 off of the front cover of a magazine 
and install it. They install everying on their 120GB disks and have tons 
of daemons running they do not need.

People running SPARCs *generally* tend to be a bit more clued up than 
those running Linux.

And SPARCs are the most common of the real UNIX systems. Go to something 
like IBM's AIX on an IBM RS/6000 and you will have even less chance of 
being attacked, because few have access to AIX systems, so few are in a 
position to develop/test software to exploit problems. You can buy old 
Sun systems (like the SPARCstation 20 that http://www.g8wrb.org/ is 
hosted on) for $30 or so on eBay so they are quite cheap and easy to 
obtain. You can download the operating system from Suns site
http://www.sun.com/software/solaris/binaries/

But still SPARCs are in far less common usage than PCs. IBM RS/6000's 
tend to be big boxes (mine will take 18 internal disks), and the OS is 
not free.

> for page after page after page of serious Linux security holes. I frequently
> hear that Linux is more secure than WIndows, and it simply isn't true.
Properly administered you are less likely to be compromised, but the 
problem is few people do. A well set up Linux machine will only have 
running what is actually needed. A Windoze PC will have a lot of 
unnecessary stuff you can't remove even if you want to. You don't need a 
GUI to run a web server, but you can't disable the GUI on Windoze. 
Internet Exploer, which has had so many bugs can't be removed from the 
system even if you don't use it.


> I ofter hear people say 'I've never had to apply a security patch to Linux
> or Solaris'. In reality this means that there systems are wide open to
> attack because there are many many known vulerabilities that are well
> documented. 
Agreed. But the chances of you being targeted are much less.

> Also, the notion that 64 bit processors are immune to buffer overrun attacks
> is not true - it is much more difficult - but not impossible and no, I'm not
> going to tell you how to do it.
I did not say  that 64-bit CPUs are  immune from buffer overflow attacks.

Once a program has a buffer overrun problem, then it's quite easy to 
stuff a load of random data at it and get it to function in a way the 
programmer did not intend. But with random data you have no control over 
what it will do. It will probably just crash.

Getting it to do something really nasty, such as removing files, gaining 
admin privilidges is more difficult on *any* system as you need to get 
the program execute a specific set of instructions. To do that on a 
SPARC, you must be much more clued up.

It is by the way possible to do  a lot on a SPARC to stop buffer 
overflow attacks by forcing the system to not execute code off the 
stack. The following is put in /etc/system does a lot to prevent buffer 
overflow attacks.

set noexec_user_stack = 1
set noexec_user_stack_log = 1

Strickly, the former breaks the SPARC standard, but in practice it is 
not a problem.

> surprized if you look and the actual numbers, and even more surprized if you
> look at the treads (increasing/decreasing) and the time it takes to get a
> patch to a vulnerability.
>  
As I said earlier, even when problems are known, such as buffer overflow 
attacks, they tend to get exploited far less on SPARCs. Just because a 
security problem has been found in a program does not mean anyone has 
written some code to explot it - only that it known that it might be 
possible to do it. Here's a complete program with a buffer overflow 
problem which will echo what you pass to it.

#include stdio.h
main(int argc, char **argv)
{
char *buffer;
buffer=malloc(101)
scanf(buffer,"%s");
printf(%s);
}

Put more than 100 characters and the output is undefined. Trying to 
write a program to exploit this is a bit more difficult, even if this 
run as root.

> I know this will be controversial since many people have alot of 'emotional
> energy' invested in product X or Y superiority. At the end of the day, when
> you actually spend some time examing this sort of thing systematically , you
> find that most of these sorts of assertions of Product X being more secure
> that Y just don't hold water.
Whilst "securtiy by obscurity" is not a good idea, in practice if you 
use a system that less people are familar with, then less people will 
have access to hardware, so are not in a position to exploit 
vunerabilities. People can send me all the batch file, .exe with viruses 
and it does not bother me one bit. They will not be able to attack my 
system.

I would maintain that if a Widoze system has 100 security holes and a 
SPARC one 100 too, then on average the Windoze will much sooner be 
exploited just because there are more tools around for attacking Windows 
PCs.

Thieves know how to defeat the locks on many cars. You could remove the 
manufactueres lock and design one yourself, with it being no more of 
less secure than the manufactuerers ones. But yours is less likely to be 
defeated simply because few people will know how to.

If you use the most common processor (Intel Pentium or compatable) with 
the most common operating system (XP) and the most common brower and 
mail client (Internet Explorer and Outlook) you have a system for which 
numerous people are busy developing tools to hack your system.

BTW, http://www.g8wrb.org/ is hosted on SPARC with two 125 MHz CPUs, 196 
MB RAM and running the latest release of Solaris and the latest (or very 
near latest) release of the web server software. Fancy running XP on a 
10 year  old PC with 196 MB RAM?

I would add that whilst I maintain UNIX is more secure than Windows, and 
its less common usage helps in this matter too, I still do use sensible 
precautions myself. I use a hardware firewall. Where possible file 
systems on my web server are mounted read-only. The systems are patched 
reguarly, and I don't have unnecessary software running on the machines.

Another advangate of SPARCs is they tend to last a lot longer. The PSUs 
don't die as often as PCs. The SCSI hard drives in most Suns last far 
longer than the IDE ones in most PCs. The fans tend to be good quality 
and not pack up after a couple of years of continuous use.

I don't work for Sun and never have done. I don't even work in IT, 
although I did for a short period. I also feel Sun have lost their way 
in the workstation market, as their hardware is too expensive for the 
performance it gives. But big sites like eBay don't run on SPARC 
hardware for no reason.

Another problem with Windoze is that if you want to install software you 
need admin access. In fact, many people log in with admin rights simply 
because it is less hassle. I sometimes have to arrange for students at 
work to get admin rights on a PC just so they can do their work. But 
this is not necessary on the Suns.

On UNIX systems one does not need admin rights very often. You don't 
need admit rights to install a word processor or most other programs. 
The fact most people run as administrator on Windoze PCs means they are 
less secure since any program able to gain the rights of the user has 
administrative privilidges. On UNIX sytems they might be able to gain 
the rights of a normal user, but getting root privilidges is more 
difficult.

G8WRB.

_______________________________________________
Amps mailing list
Amps@contesting.com
http://lists.contesting.com/mailman/listinfo/amps