Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Common Tator

It has been known for some time that the TCP/IP stack in Windows was taken from BSD. (Not "Berkley Linux" --- BSD and Linux are similar, but not the same.) The BSD license allows commercial products to incorporate BSD code as long as credit is given. OSX is based almost completely on BSD.

There are several differences between the way Windows and unix-like systems work that make Windows far more vulnerable.

First, *nix operating systems enforce user privileges. Generally, a user needs to enter an administrative password before changing important system files or installing programs.

In Windows almost all users have administrative rights,which allows any program to alter crucial system files and run any code. If a malicious program tries to alter system files in Linux or OSX, it would either need to use a flaw in the system to escalate privileges to administrator or convince the user to enter an administrative password.

Secondly, ActiveX allows a website to run programs on a user's computer with the user's full privileges. This is the fundamental reason why Internet Explorer is unsafe. Until recently, a user could simply visit a site, and an ActiveX control could run, download the malicious software and run it without any user intervention. Unpatched systems still have this vulnerability.

Windows' problems are based on design decisions made by the Windows developers many years ago. They assumed that the Internet was safe and that no one had malicious intent. They have been working to deal with those assumptions for years. The first big step was XP SP2, where the firewall was on by default, which ended much of the worm problem. Now, they have required user intervention to run ActiveX controls.

Windows Vista will make it much harder for hackers to take over machines, since it implements unix-like privilege system for all users. At the very least, in Vista, a user will have to click "OK" before any software is installed or touches system files.



53 posted on 01/07/2007 11:39:52 PM PST by MediaMole (9/11 - We have already forgotten.)
[ Post Reply | Private Reply | To 19 | View Replies ]

To: MediaMole
Vista rewrote the TCP/IP from the ground up.

This should worry anyone who knows anything about security. Sure enough, the early versions of Vista fell to the Land attack which has source IP == destination IP. This vulnerability first appeared in Windows 95 over ten years ago.

Sounds like the Vista developers really put at lot of thought into their new TCP/IP stack. Of course, the "thought" was on how to incorporate DRM at the packet level rather than security

64 posted on 01/08/2007 4:15:35 AM PST by chilepepper (The map is not the territory -- Alfred Korzybski)
[ Post Reply | Private Reply | To 53 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson