Analyst claims additional security layers in Windows add to risk

    Date09 Mar 2004
    3887
    Posted ByAnthony Pell
    Security problems are exacerbated by the fact that Windows 2003 is designed to be an integrated platform and as a result is based on complex dependencies between various operating system components. To tighten security on a Linux or Unix platform users can remove functionality by configuring the kernel or recompiling it, but this is not as easy on Windows. "All Linux and Unix operating systems are much simpler than Windows," said Blum. (Some Linuxsecurity commentary within..) . . . This article nicely contrasts Linux/UNIX style security with that of Windows. Here is an excerpt:

    Security problems are exacerbated by the fact that Windows 2003 is
    designed to be an integrated platform and as a result is based on
    complex dependencies between various operating system components.

    To tighten security on a Linux or Unix platform users can remove
    functionality by configuring the kernel or recompiling it, but this is
    not as easy on Windows. "All Linux and Unix operating systems are much
    simpler than Windows," said Blum.

    Bradley Tipp, national system engineer responsible for security at
    Microsoft, defended Windows 2003's security. "With an integrated
    approach it is much easier to apply patches, since the user does not
    have to go to multiple supplies to secure the operating system," he
    said.

    -=- Our commentary:

    Notice the basic dishonesty of Bradley Tipp's reply. He implies that a highly integrated operating system with many interdependancies is the easier to patch than code written on the open source/modular design model. This must come as news to just about anyone who has ever attempted to write a software patch, but fortunately, Mr. Tipp doesn't make it quite that easy.

    Instead he gives his justification from the -consumer's- point of view: they don't have to track the patches from all sorts of different suppliers. This leads us to ask the obvious question: Just what exactly are these "Linux Distributions" supposed to do? The very essence of a distribution is that it takes a collection of free software, builds it under a known environment, sets rational defaults, and, MOST importantly: acts as a central point for updates.

    Imagine what would happen to, say, Red Hat's stocks (not to mention market share) if they suddenly announced that they would no longer be the single clearing house of their own security patches? That their customers should go to the sourceforge or the individual software package websites, and patch their own software? I predict their stock would crash to the floor within two days of the announcement. Why two? Because many people simply wouldn't believe it on the first day, and they'd expect Red Hat to retract the hoax announcement.

    Could it be that the renowned Mr. Tipp does not know this? Or does Microsoft really feel threatened?

    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.