A Taste Of Computer Security

andrew_ps writes "Amit Singh has published on his KernelThread.com a paper (mini book really) on computer security. A Taste of Computer Security is a VERY comprehensive paper in what it covers, but is remarkably easy to read. This is not some list of "sploits" though! Topics covered include popular notions about security, types of mal-ware, viruses & worms, memory attacks/defences, intrusion, sandboxing, review of Solaris 10 security and plenty of others. Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."

Interesting "book", great read for PHBs!

Looks like an interesting read, and if nothing else, something we should be slipping onto our PHB's desks!

Re:Interesting "book", great read for PHBs!

Not meaning to point this directly at you, mindhaze, but it _is_ an interesting read, and if nothing else, _we_ should be reading it before slipping it into our PHBs' desks.

I would go so far as to say this should be made the must-read EULA for joining Slashdot. It might cut down some of the pointless conjecture and idiotic jibber that so clutters every discussion that mentions Windows, security or anything related. Hell, Slashdot may even grow still and quiet once in while. Not.

- Oisin

Amit Singh, thank you!

Kernelthread is by far the best source of information about OS X, barring Apple itself.

The UNIX vs MS Windows discussion is lacking

I specifically was looking for one of the biggest problems with Windows -- Administrator authority is too easily doled out (by default, every home user is also an administrator.) This is exacerbated by the fact that so many Windows applications require the user to have Administrator authority.

For example, the bottom of this page [microsoft.com] shows a list of games that require Administrator authority to play. Why should administrator authority need to be granted to play a game? And to suggest granting Administrator access to people just so they can play them?

I have found no more powerful example of Microsoft's lack of commitment to security than this. I think this philosophy more than anything else contributes to the proliferation of destructive worms and viruses.

Re:The UNIX vs MS Windows discussion is lacking

Funny how the games listed there are all microsoft games. You'd think that MS would know how to get a game to run without Admin access... Well, I'd like to think anyhow :)

Re:The UNIX vs MS Windows discussion is lacking

Of the Games Listed the Bulk are Microsoft made games. So it is the game writers fault, but since MS is the game writer you can just skip a step and blame MS.

for you who didn't click on the link

* Microsoft Age of Mythology
* Microsoft Age of Mythology: The Titans
* Microsoft Age of Empires II: The Age of Kings 2.0
* Microsoft Age of Empires II Expansion: The Conquerors
* Microsoft Age of Empires II Gold Edition
* Microsoft Baseball 2001
* Microsoft Casino
* Microsoft Classic Board Games
* Microsoft Combat Flight Simulator 2: WWII Pacific Theater 1.0
* Microsoft Combat Flight Simulator 3: Battle for Europe
* Microsoft Crimson Skies
* Microsoft Dungeon Siege 1.0
* Microsoft Flight Simulator 2004 - Century of Flight
* Microsoft Flight Simulator 2002
* Microsoft Flight Simulator 2002 Professional Edition
* Microsoft Flight Simulator 2000
* Microsoft Flight Simulator 2000 Professional Edition
* Microsoft Freelancer
* Microsoft Golf 2001 Edition
* Microsoft Halo: Combat Evolved
* Microsoft Impossible Creatures
* Microsoft Links LS 2000
* Microsoft Links 2001
* Microsoft MechCommander 2.0 1.0
* Microsoft MechWarrior 4: Vengeance
* Microsoft MechWarrior 4: Mercenaries
* Microsoft Metal Gear Solid
* Microsoft Midtown Madness 1.0
* Microsoft Midtown Madness 2 2.0
* Microsoft Motocross Madness 2 2.0
* Microsoft NBA Inside Drive 2000 1.0
* Microsoft NFL Fever 2000 1.0
* Microsoft Pandora's Box 1.0
* Microsoft Rise of Nations
* Microsoft StarLancer 1.0
* Microsoft Train Simulator 1.0
* Microsoft Zoo Tycoon
* Microsoft Zoo Tycoon: Complete Collection
* Microsoft Zoo Tycoon: Dinosaur Digs Expansion Pack
* Microsoft Zoo Tycoon: Marine Mania Expansion Pack

Re:The UNIX vs MS Windows discussion is lacking

Why should administrator authority need to be granted to play a game?

Obviously, to make low level system calls for direct hardware access in a copy protection scheme.

I have found no more powerful example of Microsoft's lack of commitment to security than this.

While some blame attaches to Microsoft, since they choose to use such a copy protection method with their games, the real culprit is Macromedia, who made the SafeDisc copy protection system at fault.

So, what do you think will happen if it can be proven that the copy-protection methods the Content lobbies (RIAA/MPAA/BSA) are using are a threat to Homeland Security?

Re:The UNIX vs MS Windows discussion is lacking

The security initiatives have been going on a lot longer than just their "global security mobilization" of October 2003. For example, this "Secure Platform" document [microsoft.com] was authored in December 2002. And since they seem to be able to put out the "hot fix of the week" to handle the "virus of the previous week," I should think they have had plenty of opportunities to get OS patches released, driver patches, or whatever is required to the computers that need it.

Given that, explain why "Microsoft Flight Simulator 2004 - Century of Flight" should still make the list? If software they've released years after they've been aware of these problems still demands bad security practices, who is to blame? The application programmers or the environment in which they must work?

You said, "if an application requires administrator access to run, it is not the fault of the Operating System." Explain how a train simulator could possibly require admin authority except in a poorly architected environment? Then answer, 'who provided that poor architecture?'

This is Microsoft -- author of both these applications as well as the OS. They've had the chance to address it, they've had the incentive to address it, but they have not done so. I stand by my comment.

Re:The UNIX vs MS Windows discussion is lacking

Why should administrator authority be needed to play a game?

So the game can have "root"-level control over your machine, to ensure that you're not cheating with 3rd-party apps running on the same machine. It must be able to inspect all applications and drivers in memory, comparing them against a list of "cheat signatures" rather like a virus-scanner does.

Seriously. This is exactly what's happening. Evenbalance.com licenses cheat-prevention software modules to several major game publishers, and they've started disallowing players on XP machines unless they're running under the "administrator" account.

Just read the FAQ here [evenbalance.com]:

1. Why does PunkBuster now require players to run the game as an administrator under WinXP/2K?
   
   Because some cheats/hacks cannot be detected otherwise

The reason you give is obselete- mistrust of the end user is the new, upcoming explanation.

Re:The UNIX vs MS Windows discussion is lacking

Actually, it's quite trivial to install most software on Unix as a "mere user". It has been this way for decades.

If Vendors choose not to allow for this, it is certainly not due to a lack of functionality in the underlying system.

Re:The UNIX vs MS Windows discussion is lacking

I have found no more powerful example of Microsoft's lack of commitment to security than this [common requirement that the user have Administrator privilages]. I think this philosophy more than anything else contributes to the proliferation of destructive worms and viruses.

You know, you have pointed out one of the two major failings of Windows security-wise. The other is at least as bad, however.

People often think of UNIX being a nightmare of dependencies, but from a security perspective, the dependency nightmare is actually far worse on Windows. Some of this I can understand, but some I cannot. For example, it is true that copy and paste in Windows depend on RPC. This is understandable (in Gnome, they depend on CORBA). But last time I tried to secure a Windows box by turning off RPC on the PPPoE interface, it would not authenticate until I re-enabled it. Apparently the PPP authentication mechanisms require that RPC is running (works if firewalled) on the same network interface, or at least that is what I was told when I finally called technical support (Microsoft). Granted this was Windows 2000 and I was using a third-party PPPoE extension, but still...

At least with GNOME, I don't have to have CORBA listening on my network interfaces....

If I am securing Linux or UNIX, there is generally it is usually clear what can be turned off whithout adverse results to the rest of the software. This is NOT true with Windows, and I have generally found disabling unnecessary services to be extremely difficuly on Windows because it is difficult to determine what is actually necessary.

I find Windows security to be a complicated headache compared to UNIX security.

Of course, real security depends on the admin, not the OS.

Re:The UNIX vs MS Windows discussion is lacking

A fault of Microsoft it may be...but a fault of windows it isn't...

No, this is a fault of Windows. We don't know how these games run or why they require admin authority. It might be to access the sound card, or the video drivers, or DirectX or something similar. But in all those cases it's a fault of Windows for not providing non-admin-level access to the required resources.

It may have something to do with backwards compatibility with Windows 9x. In that case, yes, the application probably could have littered itself with millions of 'if (WindowsVersion >= 4) SafeFunction() else UnsafeFunction() calls, each of which would have killed performance dead. They also could have shipped fat binaries or even two binaries, and had the installation program make the right choice up front. All those solutions add their own problems to an already complex product, though, and if those types of bad solutions are required, I'd say it's the fault of the OS for requiring them.

I would also think that if it were something they could easily fix at the application level, Microsoft's newest releases would not make this list. However, since it includes "Microsoft Flight Simulator 2004 - Century of Flight" I'd say that in these days of Microsoft waving the "Security First" flag, they have never actually addressed the root problem. And the root is Windows, not the application.

MS Bob

I'd never heard of MS Bob [kernelthread.com] until I read this article. Wonder why it wasn't called MS Bill?

Sure..

Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."

Ok, so his thesis seems to be that Windows is insecure because it's too hard? Is this guy on crack?

There are too many "knobs." The exposed interfaces are either too complicated, even with documentation, or too weak and limited. Security on Windows is hard to configure correctly (try setting up IPSEC).

This guy can't seriously expect me to buy his argument that properly configuring a unix box is "easier", can he?

This isn't a fair analysis, it's just more "MS is teh gay linucks is awwwwsome!!!!!11!" tripe.

It's really not hard at all to secure Windows, and you can lock it down every bit as tight as any Unix if that's what you want to do. Just because people don't doesn't make it the OS's fault.

How about all the newbies running their X sessions as root because it's the only way they can get the soundcard/dvd-r/tv-tuner/misc hardware to work?

Is it Linux's fault that once you start piling OSS layers onto ALSA and jam the whole pile of shit into Gentoo's default devfsd setup, that it's a huge pain in the ass to get a non-root user to be able to play sounds? Cuz it is. Don't give me the bullshit about "all you have to do is add the user to the audio group" stuff.

What about lazy fucks like me who quit trying to have their daemons chroot and su to another user, because every fucking time they type emerge -u world portage decides to change all the file permissions and ownerships around, so now all of a sudden slapd cant read or write it's data directory, hosts.allow and hosts.deny are no longer world-readable, etc, etc.. Fuck it, the only way to guarantee my LDAP server stays up is to have it run as root. And, of course, it has to stay up, else noone could log in.

I can't remember which distro now, but it shipped with a single * in the xdm's Xaccess file - ie; anyone anywhere could get a local X session on it.

What about every app that uses svgalib having to be suid root, or run as root. Those mythTV boxes and advanceMAME cabs are just big fat fuckin backdoor waiting to be exploited.

The only point I'm trying to make is, any PC out there is no more secure as it's user/owner/admin and the apps they run. Most normal people dont enjoy spending 8 hours a day doing nothing but configuring their systems.

Re:Sure..

> Ok, so his thesis seems to be that Windows is insecure because it's too hard? Is
> this guy on crack?
> This isn't a fair analysis, it's just more "MS is teh gay linucks is
> awwwwsome!!!!!11!" tripe.

His thesis is actually more along the lines of (and I'm quoting from the Win v Unix section of the article):

"Current Windows systems have some of the highest security ratings (as compared to other systems)... However, the number of documented security issues and the real-life rampant insecurity of Windows are not speculations either! The problems are real, both for Microsoft, and for Windows users."

Nowhere here is he saying that MS sucks, or that linux r0x0rs. Again, from the sam part of the article:

"We stated earlier that UNIX was not even designed with security in mind. Several technologies that originated on Unix, such as NFS and the X Window System, were woefully inadequate in their security."

The argument that explains the paradox is along the lines of what many of us already know - that MS is more prevalent, has a wider spectrum of users (inexperienced to experienced) and exists in a wider range of vulnerable environments - not just cozy, isolated research labs.

So while your arguments are valid, they don't really go against the overall opinion of the article.

Re:Sure..

The problem is deeper than that, don't ask a RHCE to tighten down a Slackware or Gentoo box. Linux distros can be worlds apart. For instance, Slackware doesn't have /etc/init.d, it uses rc.d scripts, etc.

They store config files in different places, with different names (ldap.conf vs nss_ldap.conf, etc). They install apps to different places, and so on and so on. Now we can deal with XFree vs X.org (migrating to X.org on Gentoo also broke, well, almost freakin everything I use, and I still don't know how to properly configure the new font paths for tightvnc)

For that matter, don't ask a guy who's RHCE is a year old to secure a RedHat box, because for all you know, he doesn't know shit about, as an example, Samba 3.0's new config options or iptables (since he was taught ipchains). The OSS world likes to completely reinvent apps between revisions, for some reason.

Whereas, one XP box is pretty much the same as the next, and not far removed for Win2k.

I've had the same problems with both. I installed PuTTY in Windows as Administrator, tried to run it as a user, oops.. No user rights.. This is when you find out what kind of user you are. Do you switch to Administrator, screw around with permissions, and test until it works and you feel it's secure, or do you just go "fuck it" and add your username to the Administrators group so you don't have to deal with that kind of shit every day.

I'm not ashamed to admit I'd put myself in the latter category. Screwing around with filesystem ACLs and group memberships isn't what I like to spend my time doing. My firewall/router is about the only "secured" box on my home lan, which is fine, since I lock the doors when I leave so the likelyhood of a script kiddie sitting down at one of my machines is low.

There is a point to be made, and it's that it's nearly impossible to have the best of both worlds. It's either simple and painless to use (desktops), or super-hardcore secure (servers). Both OS's can function in both roles.

Re:Sure..

Ok, so his thesis seems to be that Windows is insecure because it's too hard? Is this guy on crack?

There are too many "knobs." The exposed interfaces are either too complicated, even with documentation, or too weak and limited. Security on Windows is hard to configure correctly (try setting up IPSEC).

This guy can't seriously expect me to buy his argument that properly configuring a unix box is "easier", can he?

You are purposefully misunderstanding his point. He was not stating that Windows is "harder" than unix to secure, merely that the "average" unix user will generally have a deeper understanding of how the underlying OS works as opposed to an "average" Windows user. Think about it.

Unix has a larger barrier of entry in terms of learning the OS and understanding how it works until you get to a point where it is "usable". Windows on the other hand has a much lower barrier of entry and a deep understanding of the underlying actions of the OS are not required in order to utilize the system. As a result the complexity of securing unix systems is not as complex to the average unix user since they already have overcome that initial large barrier whereas Windows is more complex to the average windows user because they are faced with a magnitude of complexity they normally do not see.

I do agree with you that Windows can be locked down thoroughly and be just as secure as a unix machine.

Summary

Windows enables things by default that enable exploits. This is done for ease of use. Users can make Windows secure.

*NIX disables things by default. This is done for security. Users could make *NIX insecure.

The number of different *NIXs makes it tedious to create viable exploits.

In spite of what the guy says, I think most of us already knew this stuff. Have I missed anything?

The core security problem with Windows.

The core security problem with Windows is that Microsoft has been unable or unwilling to take advantage of the core security capabilities of Windows.

It's more than just the fact that there are existing applications that expect to have write access to system directories and do other dengerous things, it's that Microsoft doesn't seem to be able to respond appropriately. For example, our early Citrix-based server showed the path to solving the problem of writing to system directories... it mapped system write access into the user's profile, and you had to switch to an explicit "installer" mode to actually modify things in the system.

Microsoft owns that code now, it's surely in Terminal Server, but instead of implementing it they created a high level workaround... the sort ofthing you'd expect to see coming from a third party... that monitors the system and puts files back when they change. This not only breaks more applications than the old Citrix-style code did, but it provides another hiding place for viruses that manage to infect the repository or trick the system into backing them up.

Similarly, the whole protocol/handler problem in Internet Explorer... or rather the Microsoft HTML control... (and being inexplicably copied by Apple and the KDE people) could be almost completely prevented by simply making the protocol and helper application binding the responsibility of the application calling the control instead of making the control guess whether the application it's calling is hardened for use by untrusted pages, and if not then it has to guess whether the page it's displaying is trustable or not.

A better article on Solaris 10 security

is here [securityfocus.com].

As an aside, items like ASET and RBAC are not new for S10; IIRC they have been included since S8.

Or instead of reading about these things, individuals can download the Solaris 10 Beta 5 ISOs and try them out. Go to this page [sun.com] and scroll to the bottom to Solaris Express.

CC evaluation? Orange book?

I more or less disagree with him on his treatment of the Windows adherence to the CC and Orange book standards.

Even though Windows 2000 is EAL 4+ certified, that doesn't mean it is a secure system. On the contrary, the protection profile Microsoft chose to use specifically states that the threats Win2k should guard against do not include either malicious outsiders or malicious users.

A more or less similar situation exists when we regard the C2 certification for Windows NT. That certification is obtained only when using a NT 4 system with several subsystems removed and no network access.

Both certifications sare the facts that a very specific hardware-software combination has been audited. This is so extreme that EAL 4+ is only valid for a Windows 2000 system with a very specific set of patches applied (SP2 and 1 patch IIRC). In other words, totally useless for any serious real-world application.

Re:CC evaluation? Orange book?

These evaluations are evaluations on procedures in handling data. They are not evaluations on system breakability and security against unauthorized break-in as such. They are evaluations on suitability of a system to handle confidential data according to some predefined requirements.

Basically a EAL or Orange book certified system will not allow casual transfer of data from a higher security level to a lower security level. That is the core of the qualification concept. All the stuff about admin roles, etc is just fluff oriented towards managing the concept and the granularity to which it is managed.

After the wave of buffer overrun hacks that followed the publishing of Alef1's paper "Smashing the Stack for Fun and Profit" in 1996 I had a conversation with the security head of a bank-to-bank transfer house head of security. We were discussing what can we do about intrusions like this. His first suggestion was to raise the security level to B1 or higher. At which point I had to point to him that all intrusions were circumventing the security mechanisms, not breaking through a problem in them so the Orange Book level of security did not bloody matter at all.

On a similar note, Old SCO OpenServer 3.x which had C2 certification was quite hard to hack in its normal mode of operation. Raising the system to C2 and the enabling of roles required to do so made the system a walkthrough. It took me around 5 minutes to get root on it by doing casual operations, no real hacking involved.

Solaris 10 is so nice

I'm very impressed with zones, the resource control and monitoring are even better than in 9, dtrace is just about the coolest thing I've ever seen on Unix, and zfs and the souped-up NFS look great too. (Though I haven't had the chance to play with those yet,)

Nice to see Sun can still innovate.

frustrated with "anti"-virus on Windows

I'm still getting MyDoom.o [mcafee.com] emails. It spread like wildfire inside the company I work at. No update pushed to McAfee on workstations until the next day after the infection. After... the barn door is already open and horses are gone. Be sure to shut that barn door after everything is compromised.

On this Windows box at work I'm protected from thousands upon thousands of viruses except the one that gets written tomorrow and the idiot that opens its brilliantly socially-engineered email attachment.

This is rhetorical and wishful: when are we going to get some anti-virus software that protects us before an outbreak?

(please don't say don't run Windows, it is realistic but not realistic today right here)

Windows will be secure, next time!

A very interesting thing about the comparison in the end of the article is that he looks at all the different OSs as they are right now. Except for MS Windows, where he says, it has good chances of being secure when the next SP is released... Isn't this always the case with MS products? "we know something is f*cked up, but it will be fixed in the next version, promise!".

Maybe he's just propagating what MS is saying there though, since the rest of the analysis doesn't suffer to badly from this.

Mac security circumstances?

The security "philosophy" of the Mac platform, and of the Mac community, is immature yet. While Mac OS X has a good amount of circumstantial immunity against malware, it is significantly lacking in its security paraphernalia as compared to the cutting edge feature-set found in its competitors. The difference is more stark on the server side, where the competition is stiffer.

Isn't this argument sort of like saying that Macs are only secure because they are obscure?

I have read [theregister.co.uk] OS penetration has little to do with security. Additionally, with Mac OS X there is a BSD underpinning that utilizes ipfw. OS X is shipping with a strong firewall built in, that doesn't seem circumstantial to me. Does this mean the the BSD's are also circumstantially secure?

I am not saying OS X is completely secure, I have seen the recent exploits, but certainly Mac OS X security is methodical and planned since its roots are from a relatively secure BSD.

Maybe I am reading too far into the above statement. I am not more educated in this subject than the author, but it certainly seems like an unfair treatment of a relatively secure OS.

It managed to crash IE six times while printing

No, I can't install anything else, I don't manage this desktop. I do UNIX for a living. The printed output also looks horrible. Be that as it may, an excellent article. I could have spent all day meandering around his site. I did read most of the history of Apple and a bit about Mac operating systems, but duty calls.

Oh-oh

If you folks are ANYTHING like me, the first thing you read was the section Windows-v-UNIX. The author's points were non-biased and well thought out. That 'forced' me to read the rest. The article is now being routed through all my buds (PHBs, UNIX and Windoze Sys Ads, Developers), both in company and in other venues. A lot of 'intelligent' conversations will be started on this subject - again! It is unfortunate that some of us keep trying to get proof for our point of view instead of trying to see the other side of things.

Eye Candy...

The material on his site is good but his layout has way too much eye candy. To me, its very visually distracting and hard to focus on the content of his article...thats just me though :)

Not nice at all...

There are too many "knobs." The exposed interfaces are either too complicated, even with documentation, or too weak and limited. Security on Windows is hard to configure correctly (try setting up IPSEC).

You really shouldn't call Windows users that. They can't help it.

And don't make me do a Beavis and Butthead laugh for following a comment about 'knobs' with one about 'exposed interfaces'.

and the most intelligent thing was

to not have a private opinion on windows. The page is down, was that a joke or was there something up once that got hastily removed?

Favorite Quote

This sums up America so well on so many levels.

Same tired old arguments

In the "Unix .vs. MS Windows" part, all I saw was a re-hashing of common miscomceptions, and little substantive on interesting info, and some revealing logic stumbles.

"Windows is supposed to be an easy-to-use platform, while Unix is supposed to be cryptic and hard-to-use." - good grief. An ad-hoc conclusion like this pretty much points to a lack of actual logical analysis.

"Microsoft's success, as reflected in their incredible market share, amplifies their security problems". So, giving an email client the ability to infect a system has nothing to do with it? The article seems to gloss over MS's efforts to graft its applications into its OS as part of the problem. By this logic, killing turkeys causes winter.

"A potentially relevant issue is the phenomenal amount of resentment against Microsoft and Microsoft products that is seen in many circles." So, Microsoft's security issues are because people hate them. Get my violin.

"'Security' is hard to formalize, hard to design (and design for), hard to implement, hard to verify, hard to configure, and hard to use. It is particularly hard to use on a platform such as Windows, which is evolving, security-wise, along with its representative user-base." ! He seems to be saying that windows security is evolving and its users are also 'security-evolving', and as as a result, windows security is getting worse. Well, wait a minute. Maybe he's right on that one...

MS exploits explained...

In this context, a rule-of-thumb definition of security is often cited: a system is considered secure if its "secure-time" is greater than its "insecure-time." Secure time is simply the time during which a system is protected, that is, free of "incidents". Insecure time is the sum of the time it takes to detect an incident and the time it takes to react to the incident (summed over all incidents in a given interval):

I've never heard such a naive definition of security. Apparently, regardless of how many security holes my system has, or how many times I get hacked, I can call it secure as long as it can be recovered quickly.

So, by this definition, my system is still secure even when:

• A hacker exploits IIS and downloads all my customer names and CC numbers.
• A hacker destroys all of my data from the last backup; as long as I can recover it quickly, data loss doesn't matter, right?
• A hacker DDOS' our server and we lose several days worth of business. Our system is still up, so obviously it's not secure.
• A hacker installs a rootkit on our server. You see, it doesn't matter if the box is owned, as long as its up and running, right?
• A hacker zombies the machine and uses it to send SPAM, or worse, host illegal content.

Need I go on?

I don't think I could come up with a better explanation of why Microsoft will never design secure software than this one: they're definition of what constitutes a secure system is simply out of touch with the requirements of running a business.

until SP2, OS X more secure than Windows. Period.

Like most security-related rants, this article fails to first scope what it intends to mean by security.

I personally like to scope security as end-user security for someone using their computer as a client machine, NOT a server. Opening a shiny new box, plugging it on the network, and do very basic things most people do: check email and surf pr0n, sign-up for "free stuff".

Right now, by plugging a brand new installation of XP onto an unprotected network, you get owned by Sasser within seconds. There were many before Sasser, among a few that come to mind are CodeRed and Nimda.

How did those worms spread so fast? One easy answer: Services that users did not need were running on a default installation of the operating system. You woulda thought microsoft would have learned to turn all services off by default since 2001 for client machines. Nah. They've kept many open.

Apple has been smart about this. It provides two very distinct operating systems: An end-user operating system, the mainstream Mac OS X, and a server operating system, aka Mac OS X Server. Apple knows to be humble about the network services it offers, even if most of 'em are open-source and quite mature, and KEEP THEM TURNED OFF on end-user, client machines. That's what regular Mac OS X is for. You can buy a new end-user Mac, plug it in a network, run nmap against it, and you'll get zero hits. Not one. Not a single network service is running by default.

Virulent and devastating Worms and Viruses don't spread thru server machines, those tend to live in pretty-heavily firewalled networks. No. They spread thru END-USER machines.

SP2 had better do one thing and do it real well to the average end-user client machine: TURN OFF ALL SERVICES.

Beyond that, musing about security is mostly beating a very dead horse. Every single time you turn a network service on, you are opening yourself to infection risks. The OS architecture ought to mitigate those risks. A sysadmin with a clue or two will keep his server secure, regardless of what OS it runs, because that sysadmin knows security is about constant vigilance and works in many many layers.

Again, when talking about security, people should scope the discussion within the distinction of end-user usage and server usage.

A quote that bothers me

The primary environment in which a typical Windows system exists has traditionally been hostile especially after the advent of the Internet. While Unix systems share the same environment today, their traditional environments were comparatively trusted: research labs and universities. Similarly, Unix users have had backgrounds differing from Windows users.
So the "Internet" did not exist until after Windows ... sigh ...

Re:Fr0st pist.

hmm i get a lot of mail these days with similar content. is this another test of the slashdot bayesian BS-filter?

Re:PDF?

Why did this person get modded down? He has a legitimate question. I for one do not want to have to read the entire huge paper online, reding a page, clicking next and waiting for the next page to load, etc. I would much rather have a PDF that I can print out and read.