Operating System Security(the joke is on us)

Recently with the debacle of the Gentoo Linux distribution falling prey to a Trojan due to negligence on the part of the repositories administrators(see here: http://www.theregister.co.uk/2010/06/14/linux_game_backdoor/ and here http://www.gentoo.org/security/en/glsa/glsa-201006-21.xml) . The Windows crowd has been spreading all kinds of dis-information or rather some severe FUD(Fear Uncertainty and Doubt) with regards to this event. The truth is that NO operating system is safe be a desktop computer or server running Windows, Linux, MAC OSX or Unix and its variants.

The reason why these folks are getting all crazy about it is because when it comes to Linux this rarely happens. Since Linux advocates put security as the main reason to switch from Windows to Linux now that this has happen they can point the finger back at them and say “uh huh you see I told you Linux security was nonsense”. The absolute truth is that Linux is safer than Windows by leaps and bounds due to the nature of how the Linux OS is built. The Linux OS is built with multi-user from the ground up meaning that every user runs in its own separate space within the system with its own set of processes and have no root or administrative access to critical system processes. Which means that if a particular user were to ever get an infected file (virus) or a trojan or any other malware it would only live within that particular user space and can’t affect anything else. Windows on the other hand was not built this way and no matter how many versions of it they release they are still not built that way. Yes they now have a UAC (User Account Control http://www.neowin.net/news/main/09/01/07/windows-7-whats-up-with-the-uac) but this is still not built the same as most Linux distributions are. The Windows system relies on a central registry so if something goes wrong with one part of the system it most likely affects the rest of the system. So these folks apparently either don’t or can’t comprehend this or they just turn a deaf ear to it; which is fine but then they should not get upset when their systems get compromised and its all over the news.

When using any OS one should make sure that secure practices are in place to install software and that these softwares are coming from a reputable vendor. In the case of a Windows system a Network Administrator should make sure that all the software has been signed by the vendor with a digital certificate and that Microsoft has verified such said certificate. On the Desktop side for home user this is not as easy as most home users have no clue as to what this is. So they just download everything and anything that has an .MSI or .EXE extension which is the reason why they get all kinds of malware and viruses and soon their PCs become part of Botnets (http://en.wikipedia.org/wiki/Botnet).

On the Linux side software is distributed through repositories which are verified by the company who distributes the OS such as Ubuntu and Canonical. Canonical makes sure that all their software in their repositories are verified and that they have a GPG signature(http://www.gnupg.org/). Which means that all the software distributed on the repositories are safe and can be installed. Now if a user decides to go outside of this repository then it is up to the user to make sure that the software is reputable and that it too has a digital signature and it can be verified. And the same thing can be said for MAC users as well. Although we are not 100% sure if MAC OSX users actually have repositories or even have digital signatures for their software. But Apple applies this concept to the iPhone/iTunes through their application store.

The best thing to do for Windows users is to install a good anti-virus and software that can check for rootkits within the system (What is a rootkit? See here: http://en.wikipedia.org/wiki/Rootkit). You can also set strong passwords for your user(s) accounts and try to be very careful where you download software from. In the case of web infections this is a tough one to deal with; our best advice is to use FireFox or Google Chrome instead of Internet Explorer regardless of the stupid commercials Microsoft has been displaying on TV about IE.  It is not safe no matter what they say. And keep your system up to date with the latest software. Although this can be a bit tricky as Microsoft can sometimes break your system on patch Tuesday so here you take your chances.

For Linux folks they have wrote a good article here on ZDNET (http://www.zdnet.com/blog/btl/five-tips-for-improving-linux-security/35798).

MAC OSX users pay close attention to Apple updates and install them as soon as they are available.

Remember if you are going to go outside of a trusted software vendor or repositories please make sure you can verify who they are.

Safari 5! Oh yes is a web browser…

So what is the big deal about this new browser? We honestly don’t see anything new that other browsers don’t already have. Extensions have been around for quite some time. Firefox has had this feature for a while now which is why it leads in this category. Google Chrome also has this feature as well.

Our question to you folks is why opt for a web browser that is closed source and besides the extensions has very little to offer. The browser runs like garbage on a Windows PC and is not available for Ubuntu/Linux at all; Yes it does run well in its native environment (Mac OSX) but most users don’t own a MAC. Although the use of extensions is very good for developers to add much needed functionality to this new browser it really offers very little compared to what is currently out there.

Safari has a ton of HTML 5 capabilities but so do the other browser such as Chrome and Firefox. Just a couple of days ago Apple showcased a bunch of HTML 5 (http://www.apple.com/html5/) functions which could only be seen if you installed Safari. We know Apple wants to push its products to the point where it wants to shove them down our throats but come on HTML 5 is an open standard/markup language . We think this is totally ridiculous that in order to see it you had to either fool the web site by making it think you had a Safari browser or to actually download Safari.

Safari 5 may have some good features such as a good Javascript engine and the use of WebKit which is open source but besides this we really don’t see anything else other than the fact that its a tad faster and it has a built in reader. It also has created a partnership with Microsoft to bring BING as the default search engine (Why would you dump Google and go with Bing?) and that it supposedly uses hardware acceleration. Take a look at all the new features here (http://www.apple.com/safari/whats-new.html).

In terms of security Apple has decreed that in order to create any extensions for its browsers developers must attain a digital signed certificate which to us seems reasonable and is free to obtain one, but you do see where we are going with this. Just like with the Apple store it will reject any extensions it does not like. So sure developers can go ahead and go crazy with extensions development . In the end however if Apple does not want to allow your extensions it simply will not issue a security certificate and your extension wont be published.

Apple has made it easier for the developers to built extensions and it will not use the same XUL language as Firefox to built the extensions as it will use a build in package called Extensions Builder which will allow the developers a much easier way to built and deploy their extensions.

As with the current stable version of Safari it will render pages very well with the exception to Web fonts which it currently blows out of proportion depending on the font. For example if you try to incorporate the Google font API into your existing web sites some of these fonts will not render correctly, Internet Explorer 7 has this same issue by the way.

Until Apple makes this browser available for all operating systems we don’t see why anyone would want to use it or even create extensions for it as it has very little market share and lacks functionalities that the other browsers currently have. What Apple should do is follow Opera’s lead and make it available to everyone. Apple sure loves to use Open Source code in their products but wont even make a crack in their closed closet door.