UNIX/Linux Offer More Security Than Windows: Evidence

Dr. Roy Schestowitz

2009-01-16 11:38:02 UTC
Modified: 2009-01-16 11:38:02 UTC

"Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system..."

--Dennis Fisher, August 7th, 2008

Peter Kraus and David Gerard drew attention to the following interview with an author of adaware a few days ago. It explains in simple terms why Windows is inherently lacking in terms of security as it accommodates intrusion, despite all the denialist spinning [1, 2, 3]. Here is just a portion of this interview:

Eventually, instead of writing individual executables every time a worm came out, I would just write some Scheme code, put that up on the server, and then immediately all sorts of things would go dark. It amounted to a distributed code war on a 4-10 million-node network.

S: In your professional opinion, how can people avoid adware?

M: Um, run UNIX.

S: [ laughs]

M: We did actually get the ad client working under Wine on Linux.

S: That seems like a bit of a stretch!

M: That was a pretty limited market, I’d say.

Patching

Earlier in the week we found reports of new holes in Windows.

As previously announced, Microsoft has released a security update for Windows to close a total of three holes in the SMB protocol implementation. All three holes are based on buffer overflows. Two of them can apparently be exploited to inject and execute code remotely, without previous authentication. The third buffer overflow reportedly only causes the computer to reboot.

This is a lot more serious than Microsoft wants people to realise.

Microsoft Patch Tuesday bug is scary

THE FIRST Patch Tuesday fix of 2009 put out by Microsoft addresses a dangerous security vulnerability in its Server Message Block (SMB) protocol, or so say some insecurity experts

Botnets

"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."

--Jim Allchin, Microsoft

The pace of infection is very high and one worm alone is claimed to have seized millions of Windows-run computers in just one day.

The computer worm that exploits a months-old Windows bug has infected more than a million PCs in the past 24 hours, a security company said today.

One worm alone is spreading like wildfire.

Report: 2.5 million PCs infected with Conficker worm

According to F-Secure, there are already almost 2.5 million PCs infected with the Conficker worm, also known as Downadup. Since the worm has the ability to download new versions of itself, it is expected that the infection could spread much further. The new code is downloaded from domain names generated with a complex algorithm, making it hard to predict what domains will be used to spread the worms updates.

About 300 million PCs are still primed to become zombies too because of this one flaw.

With nearly a third of all Windows systems still vulnerable, it's no surprise that the "Downadup" worm has been able to score such a success, Kandek said. "These slow [corporate] patch cycles are simply not acceptable," he said. "They lead directly to these high infection rates."

In general, it is estimated that 98% of Windows PCs are ripe for hijacking [1, 2].

Attacks

Is there room for some humour in all this?

Here's a new way to get Microsoft to pay attention to you: Slip a brief message into the malicious Trojan horse program you just wrote.

That's what an unnamed Russian hacker did recently with a variation of Win32/Zlob, a Trojan program victims are being tricked into installing on their computers.

The message is surprisingly cordial, given that Microsoft's security researchers spend their days trying to put people like Zlob's author out of business. "Just want to say 'Hello' from Russia. You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast," the hacker wrote, adding, "Happy New Year, guys, and good luck!"

E-mail

Many people remember Windows for submarines -- a fiasco that reportedly led to the departure of many angry engineers. Well, not more than a month passes by and the Royal Navy, which runs Windows, gets stung by a virus infection that causes harm. Interestingly enough, the report from The Register mentions only lost E-mail as the severe consequence, but surely there is considerably more.

The Ministry of Defence confirmed today that it has suffered virus infections which have shut down "a small number" of MoD systems, most notably including admin networks aboard Royal Navy warships.

The Navy computers infected are the NavyStar (N*) system, based on a server cabinet and cable-networked PCs on each warship and used for purposes such as storekeeping, email and similar support functions. N* ship nets connect to wider networks by shore connection when vessels are in harbour and using satcomms when at sea.

It is no surprise that the United States military gradually moves to Red Hat Linux. Crucial operations were getting stung by Windows, even in the recent past.

Along with a rise of botnets, whose masters exploit vulnerabilities in Windows, comes a lot more SPAM as well. SPAM affects everyone.

The demise late last year of four of the world's biggest spam botnets was good news for anyone with an email inbox, as spam levels were cut in half - almost overnight. But the vacuum has created opportunities for a new breed of bots, some of which could be much tougher to bring down, several security experts are warning.

This short report is based on just a few days. Nothing has improved -- security-wise -- in Microsoft's product line. ⬆

"Usually Microsoft doesn't develop products, we buy products. It's not a bad product, but bits and pieces are missing."

--Arno Edelmann, Microsoft's European business security product manager

Comments

Needs Sunlight

2009-01-16 12:39:07

I remember in 2000 when WIndows rootkits started to get popular, they're largely ignored by the press. I'd guess they're ignored because they bypass any and all AV software, and thus bypass the advertising money. They also go against the myth about Windows being securable that Gates folk like the public to bleat.

Two interesting pieces:

"Trusting Trust" http://www.acm.org/classics/sep95/ alternate link: http://cm.bell-labs.com/who/ken/trust.html

"Exploiting Concurrency Vulnerabilities in System Call Wrappers" http://www.usenix.org/events/woot07/tech/full_papers/watson/watson.pdf

The first link, "trusting trust", shows that no amount of bluster or bluffing can make Windows secure. Without full access to the source code for all components in the system and its applications back doors can be hidden all over.

Two follow ups for that, also show that at the end of the day, you must have and be able to use the complete source code for the whole system and each and every component or application: http://www.dwheeler.com/trusting-trust/ http://www.schneier.com/blog/archives/2006/01/countering_trus.html

The second link, "concurrency vulnerabilities", looks like it completely destroys the myth that add-ons can help. It *looks* like all currently existing security software for Windows can be bypassed without detection or recourse -- until such time as Windows is redesigned and rewritten from the Kernel on up.

To pick on FOSS for a bit, the first two show why the decision to tolerate BLOBs in Debian and the downgrading of the Qt license to LGPL can lead to unmitigated disasters, either through insecurity, vendor lock-in, DRM, and hardware lock-in.
The Mad Hatter

2009-01-17 03:24:30

As an aside, has anyone read 2003 and Beyond by Andrew Grygus? It's one of the reasons that I started to seriously pursue an alternative to Windows (and Microsoft), and it's an excellent evaluation of Microsoft's plans for the years ahead (and it's interesting to read it 6 years on, and compare what Andrew thought was happening, with what actually happened).
Jose_X

2009-01-18 21:29:41

[ http://cm.bell-labs.com/who/ken/trust.html Reflections on Trusting Trust ]>> The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode.

To add some:

Reading source code tells all -- if you trust the build system binaries that will be used to turn that source into binaries. In particular, if you have the source to the build system components, it's easier to trust those build system binaries; however, the build system binaries have to be built themselves, this means you need an existing (simpler) build system. So do you have the source to that? And how about the source to the (even simpler) build system that built this last build system? At some point, dissembling very simple binaries upon which a multi-stage build process will occur may be what is necessary in order to gain the most trust.. or just be really sure you get your binaries from someone that has gone through that trouble. For example, the gcc system should have gone through a lot of care over the years (including back when gcc was much simpler). If gcc+co are safe, then everything else built upon it (eg, a whole distro since even other language platforms like perl, etc, could be built with gcc+co) should be as trustworthy as the sources to each of the component parts of the distro (ie, you can trust those sources that make up the distro if you trust the gcc build system).
Jose_X

2009-01-18 21:36:11

In the prior post, I ignored the obvious hardware issues that parallel. It's important to at least make sure companies like AMD exist to keep Intel somewhat honest. ..AMD/Intel to keep Nvidia somewhat honest. Etc.
Roy Schestowitz

2009-01-18 21:40:28

You can use binary/source code signatures for your programs and compilers. Assuming your digital signatures come from a good source like CERT, then you at least have some confidence.

Over in China, I suspect the GNU/Linux distribution they force-feed has some China-only surveillance facilities strapped onto it.

GNU/Linux Measured at All-Time High in Sweden: Can 'influencers' have played a role
GNU/Linux Becoming More Universal: It seems likely the end of Vista 10 coinciding with a sharp rise in memory prices (and now energy prices) will benefit GNU/Linux and therefore give us more to write about
Can Economies Like the American One Hang On?: The coming weeks will be "interesting" unless wars end
SLAPP Censorship - Part 32 Out of 200: Garrett Made Spurious Requests (Later Withdrawn) the Same Week Someone He Later Spoke to by E-mail Sent Threats to Our Webhost: The "plot thickens" because there's a multi-party tag-team act, as confirmed by Garrett after he had sworn on the Bible
IBM is a Dying Company, Nowadays It Kills Red Hat With Slop: when your last day is a national holiday in IBM's country
"Independence Drives" and Community-Run Sites: Independence in reporting is a much-valued trait
When Charlatans Are Only Good at Losing Money and Storytelling (e.g. About Investment in Them): Wait till a a barrel of oil costs $300
What Apple Fans Are Missing: Apple is a bad company
The "Pale Blue Dot" Moment Had Returned: To many people, the "bitter-sweet" observation of how small we are
Saudi Arabia Does Not Rely Much on Microsoft/Windows: Putting aside politics, this is good for Free software
Almost 12 Years of Exposing Corruption in Europe's Second-Largest Institution: The "unready" President is now an abandoned President
Easter Moon Mission and Its Reminder of IBM's Demise: A lot of NASA operations now rely on GNU/Linux
When Power is Scarce and GNU/Linux Has Power: In Cuba, GNU/Linux has long enjoyed high adoption rates
Don't Totally Dismiss the 'Survivalists': 'Survivalists' or similar terms are used to describe a particular mindset of people who prepare for some really awful scenarios
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, April 02, 2026: IRC logs for Thursday, April 02, 2026
A Much Better Use of Fuel Than Slop: Something positive for a change
Hoping for Peace: There are still many things to be enjoyed, including nature and kind people
Gemini Links 03/04/2026: "Slide Rule Triple Multiplication" and End of "Picture Pages": Links for the day
Rumours of Microsoft Layoffs This Season: Just how much trouble is Microsoft in at this point?
SLAPP Censorship - Part 31 Out of 200: Speaking About 20+ Years of Alleged Harassment/Defamation and High-Profile 'Targets' of Garrett: attempts were made to settle (in effect end the case) by the person who started the case almost half a dozen times along the way
In Asia, Windows is in Its Teens (Below 20%): On a global scale, Windows is down to about 26%
Low Morale at IBM and Perception of Destructive Management: IBM is going nowhere, fast
Gemini Links 02/04/2026: Super Mario Galaxy Movie and New Antenna Instance: Links for the day
It Seems Like Google News Cracked Down on (Omitted, Delisted) a Lot of Slopfarms: There's no justification/point in spending so much energy just to plagiarise things poorly
Steam Survey for Last Month Says 5.33% Use GNU/Linux: big leap for GNU/Linux
Links 02/04/2026: Science News, Energy Scarcity, Oil Sold in Yuan: Links for the day
Links 02/04/2026: Apple Turns 50, Efforts To Ban VPNs: Links for the day
Gemini Links 02/04/2026: Kubernetes With FreeBSD, OFFLFIRSOCH, and Great Circle Distance: Links for the day
Dr. Andy Farnell on Microsoft Silencing or Deplatforming Opposition in the UK and Elsewhere: Microsoft as a king or a kind of "religion" one cannot question
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 01, 2026: IRC logs for Wednesday, April 01, 2026
SLAPP Censorship - Part 30 Out of 200: The Time We Reported Abuse to Greater Manchester Police (GMP) and It Was Escalated to Its Cybercrime Unit: he started trolling and harassing me for criticising his employers' monopolistic and users-hostile agenda
'Modern' Cars Not a Rosy Industry: The current "modern" cars already have a shelf life similar to that of many toothpastes
Wrongthink Detector and Filter in "Think About the Children" Clothing: It is not about "age verification", it's a Trojan horse for social control
IBM Facilities Now Deemed Legitimate (Military) Target, Along With GAFAM Bases: Does IBM have any defences in place to protect against "downtime by explosions"?
What Happens When Some Large News Sites Turn to Slop and Spew Out Nonsense: LLM slop makes such grotesque mistakes abundant
Hardly Seeing Slopfarms Today, Even in Google News: Google's adventures with slop increased its debt significantly
Links 01/04/2026: Quantum Hype (Turing and Google), "US Fuel Prices Surge Past $4 a Gallon": Links for the day
Gemini Links 01/04/2026: "Sacred Week of Cycling" and Zenity for Scripts: Links for the day
Losing Debian: Sruthi Chandran election flop: Reprinted with permission from Daniel Pocock
French judgment: parasitisme by FSFE & Matthias Kirschner (CO23.002709): Reprinted with permission from Daniel Pocock
Microsoft Uses April Fools to 'Joke' About Inserting "Age Verification" (Surveillance) Into Linux: MinceR says the "lkml [message/page] one is April Fools or at least they're trying to pass it off as April Fools [however] the [GitHub] one was archived on the 8th and yesterday, so that probably isn't..."
IBM "Headcount Reductions" by Early Retirement and Death: The tragedy at IBM started 33 years ago on the first of April
Red Hat: Latin-1 character set under threat from Bishop Michael Martin, North Carolina: Reprinted with permission from Daniel Pocock
Links 01/04/2026: Microsoft GitHub Now Pushing Ads Into People's Code/Commits, Earth Overshoot Day Draws Nearer: Links for the day
What IBM and EPO Workers Have in Common: European Media Not Covering Very Major News (Press Became Dysfunctional): Are IBM operatives working to scuttle the process of investigative journalism?
Free Speech in the United Kingdom When "Chilling Effect" is Increasingly Prevalent: If politicians cannot even use a term like "parasitic behaviour", then where do we as a society end up?
Oracle Lays Off Because of Debt and Commercial Issues, Not Slop: Like Scam Altman, Larry Ellison hangs around Cheeto King because he could use some bailouts in the form of government contracts or phony money with an incredible name like "Stargate"
The Real Reason Many Sites and Forums Shun Microsoft Lunduke: When forums say that they banned Microsoft Lunduke or don't want him mentioned it's probably because they are familiar with the "stench" that follows him around
Gemini Links 01/04/2026: Hallucinations, Stitching, and Type Systems: Links for the day
Lots of Layoffs at IBM, "Media Blackout" About Mass Layoffs at IBM's HashiCorp and Confluent Last Month: IBM is a dying company circling down the drain while manipulating or paying the media to pretend everything is fine
Microsoft Under Investigation by the UK's Competition and Markets Authority (CMA) for Abusive Tactics: What's noteworthy is that this is "set to begin in May"
Sounds Like Red Hat (IBM) Layoffs in Slop Clothing: This is an IBM policy. They try to justify staff cuts.
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 31, 2026: IRC logs for Tuesday, March 31, 2026

UNIX/Linux Offer More Security Than Windows: Evidence

Patching

Microsoft Patch Tuesday bug is scary

Botnets

Report: 2.5 million PCs infected with Conficker worm

Attacks

E-mail

Comments

Recent Techrights' Posts