Wired talks with Stephen Toulouse, Microsoft’s security program manager. A few interesting points:
Download.Ject, a big exploit found in June that enables key logging via a security hole in Internet Explorer .. still not fixed.. “We are still working on that” — 2 months of a very known and very widely published exploit, still unable to be adaquately fixed. nice.
“Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would’ve allowed an attacker to run a program on my system.” — Two interesting tidbits.. #1 — he forgets to mention that the flaw was not with Firefox but with how Windows handles the shell: protocol. No fix was required for any other operating system. #2 — apparently the security manager of Microsoft uses Firefox as his browser — interesting. Actions speak louder than words..
“We’re two and a half years down a much longer road; it’s more of a 10-year timeline.” — so lets see .. mid-2004 .. 2.5 years ago is Feb 2002 (Gate’s Trustworthy Computing initative) .. 10-year time line = Feb 2012 … so Windows will be secure in 2012? Great. 8.5 years of job security patching Windows machines. yippie. Oh wait.. Thats assuming things go to plan .. Given Longhorn’s delays (originally scheduled Mid-2004, now a rolling release, starting end of 2006..), perhaps Windows will be secured 2018-2020? Seems like by that time, Windows will be a footnote.
On UNIX and UNIX-like systems (Linux, BSD, etc…) there is a concept where everything is a file. Files can be divided into four categories; ordinary or plain files, directories, device files and process files.
While plain files and directories (or folders) are a common concept to most systems, the idea that there are devices files and process files are probably not.
A device file (located in /dev) is a representation of a particular port or device connected to the computer. For example, access to the mouse might reside in the file /dev/usbmouse or /dev/sysmouse. A CD-ROM drive may reside at /dev/cdrom, cpu at /dev/cpu, etc.
A process file (located in /proc) is a representation of a running process (program, application, service, etc..) on the system. Each process is given a process ID (PID) and information regrading the process can be found in its folder. For example, I have a text editor (KATE, KDE Advanced Text Editor) running with the PID of 4064. I can access the information in /proc/4064 regarding the process. It will link me to the directory the process was launched (/proc/4064/cwd (cwd = current working directory)), list the command line in the /proc/4064/cmdline file as well as provide a lot of data regarding the running process (state, memory usage, permissions, etc.). In addition, the files located in /proc also provide current global system information such as uptime, current cpu info (type, speed, quick benchmark (via bogomips), etc..)
So what is the great big deal about everything being a file?
For one thing, it makes commands that work on traditional files available for other devices (of course, some exceptions apply — ie you can’t copy a /dev/cdrom and expect to see a second CD-ROM drive appear on your machine.. ). In particular (and the reason I brought this up) is the ability to use the command lsof (list of open files) to determine the source of issues.
The lsof command, as named, lists open files. If everything is an open file, it will list devices that are open as well. Why is this important? If you attempt to utilize a device on your computer and it comes back that the device us being used (such as a modem, com port, etc..), you can run lsof and request all info regarding the device file relating to the modem. If you are unsure what device file relates to a particular device, you can use the dmesg command. This command will show the startup hardware configuration and show how devices are assigned.
Lets say we find that the modem was assigned to /dev/modem. We can run lsof and look for entries pertaining to /dev/modem. However, on my system, there are over 3175 “files” opened, so instead, I’ll pipe the output to the grep command (grep allows for searches on a given input stream) to only display /dev/modem entries:
# lsof | grep /dev/modem
kcomm 4040 joe 11u CHR 116,0 44216 /dev/modem
Thats better. According to the output, the program kcomm with the PID number 4040 is currently accessing the modem. In addition, it was user “joe” who originally launched the application.
Now we know exactly why the modem is in use and can simply kill the processes (# kill 4040) so the modem is made available, request that user “joe” quit so we can use the modem or get additional information regarding the process by visiting the /proc/4040 folder.
Needless to say, this is a very simple way to capitalize on the “everything is a file” metaphor. Another interesting concept is creating CD images (ISOs). I could use “cat” (a quick way to take input and direct it to some output .. generally used to view a text file (ie: cat /proc/4040/cmdline) and simply redirect the CD-ROM file to a local, regular file:
cat /dev/cdrom > /home/joe/joesmusic.iso
This provides me with an ISO version that I could then burn to other CDs or mount as a file system locally (ie, I can take install CDs for applications, make ISOs and mount the ISOs as folders on a file server so desktops on the network can install from the network instead of original CDs).
What is interesting, is every file has permissions. As a result, if you don’t want to allow someone to have access to a particular device, you can set the permissions on that device file accordingly. Of course, since everything is accessible via the root user, if you disable access to a device that is needed, it may have undesired results.
The Arizona Republic had this article regarding viruses and malware on Windows machines. I particularly like this quote:
“Viruses are bad, and spyware is even worse. It’s so bad you can’t do anything on your computer.”
Needless to say, I was rather disappointed that they didn’t even think to mention alternatives (Mac OS X, Linux, etc..) that DO NOT HAVE THESE ISSUES. If these issues are SO BAD that it deserves the top spot on the front page of the largest paper in Phoenix … well ummm… some alternatives might have been nice. I emailed the reporter my thoughts on that. 
I think I’ll officially dub WinXP SP2 the Microsoft operating system that not only inhibits productivity through poorly implimented security methods but is ineffective in being any more secure than previous versions.
According to this article on eWeek, the newly released Windows XP SP2, touted as a major boost to security for Windows, has not only a security hole, but atleast according to PC Magazine’s test labs, a “security crater”.
Apparently a malicious program can simply bypass the almighty “Windows Security Center” and do its bidding without being detected. It was but only slightly over a day ago when this guy touted about how his WinXP configuration was “secure” and I replied basically saying “hmm.. no.” Looks like I am right. No offense, but I have *NEVER* heard the term “Security Crater” before, but it appears to fit this issue just dandy.
It was 13 years ago today when Linus Torvald posted the following message to comp.os.minix:
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds)
Newsgroups: comp.os.minix
Subject: What would you like to see most in minix?
Summary: small poll for my new operating system
Keywords: 386, preferences
Message-ID: <1991Aug25.205708.9541@klaava.Helsinki.FI>
Date: 25 Aug 91 20:57:08 GMT
Organization: University of Helsinki
Lines: 20
Hello everybody out there using minix -
I’m doing a (free) operating system (just a hobby, won’t be big and
professional like gnu) for 386(486) AT clones. This has been brewing
since april, and is starting to get ready. I’d like any feedback on
things people like/dislike in minix, as my OS resembles it somewhat
(same physical layout of the file-system (due to practical reasons)
among other things).
I’ve currently ported bash(1.08) and gcc(1.40), and things seem to work.
This implies that I’ll get something practical within a few months, and
I’d like to know what features most people would want. Any suggestions
are welcome, but I won’t promise I’ll implement them
Linus (torvalds@kruuna.helsinki.fi)
PS. Yes - it’s free of any minix code, and it has a multi-threaded fs.
It is NOT protable (uses 386 task switching etc), and it probably never
will support anything other than AT-harddisks, as that’s all I have 
.
Now 13 years later, there are millions using the system, major tech companies (HP, IBM, Novell, Sun, Intel, AMD, etc..) with vested interest in the success of this system, governments (local, state, and country) implimenting FOSS/Linux solutions, businesses utilizing Linux as a strategic advantage in their IT infrastructures, a significant portion of the Internet running it, it is a major driver in the continued use and development of UNIX related technologies and perhaps most importantly, competition for Microsoft to keep the industry healthy.
Needless to say, Linus was wrong about Linux not being portable (it is now available for virtually every system out there) and not able to support anything other than AT-hard disks (it now supports SCSI, SAN, NAS, SATA, ATA, AT, RAID, etc..).
Not bad for a hobby operating system that “won’t be big and professional like gnu” (sidebar: I think gnu refers to gnu hurd, the operating system to compliment gnu’s FOSS UNIX replacement apps)