Operating System Security(the joke is on us)

2 Comments

Recently with the debacle of the Gentoo Linux distribution falling prey to a Trojan due to negligence on the part of the repositories administrators(see here: http://www.theregister.co.uk/2010/06/14/linux_game_backdoor/ and here http://www.gentoo.org/security/en/glsa/glsa-201006-21.xml) . The Windows crowd has been spreading all kinds of dis-information or rather some severe FUD(Fear Uncertainty and Doubt) with regards to this event. The truth is that NO operating system is safe be a desktop computer or server running Windows, Linux, MAC OSX or Unix and its variants.

The reason why these folks are getting all crazy about it is because when it comes to Linux this rarely happens. Since Linux advocates put security as the main reason to switch from Windows to Linux now that this has happen they can point the finger back at them and say “uh huh you see I told you Linux security was nonsense”. The absolute truth is that Linux is safer than Windows by leaps and bounds due to the nature of how the Linux OS is built. The Linux OS is built with multi-user from the ground up meaning that every user runs in its own separate space within the system with its own set of processes and have no root or administrative access to critical system processes. Which means that if a particular user were to ever get an infected file (virus) or a trojan or any other malware it would only live within that particular user space and can’t affect anything else. Windows on the other hand was not built this way and no matter how many versions of it they release they are still not built that way. Yes they now have a UAC (User Account Control http://www.neowin.net/news/main/09/01/07/windows-7-whats-up-with-the-uac) but this is still not built the same as most Linux distributions are. The Windows system relies on a central registry so if something goes wrong with one part of the system it most likely affects the rest of the system. So these folks apparently either don’t or can’t comprehend this or they just turn a deaf ear to it; which is fine but then they should not get upset when their systems get compromised and its all over the news.

When using any OS one should make sure that secure practices are in place to install software and that these softwares are coming from a reputable vendor. In the case of a Windows system a Network Administrator should make sure that all the software has been signed by the vendor with a digital certificate and that Microsoft has verified such said certificate. On the Desktop side for home user this is not as easy as most home users have no clue as to what this is. So they just download everything and anything that has an .MSI or .EXE extension which is the reason why they get all kinds of malware and viruses and soon their PCs become part of Botnets (http://en.wikipedia.org/wiki/Botnet).

On the Linux side software is distributed through repositories which are verified by the company who distributes the OS such as Ubuntu and Canonical. Canonical makes sure that all their software in their repositories are verified and that they have a GPG signature(http://www.gnupg.org/). Which means that all the software distributed on the repositories are safe and can be installed. Now if a user decides to go outside of this repository then it is up to the user to make sure that the software is reputable and that it too has a digital signature and it can be verified. And the same thing can be said for MAC users as well. Although we are not 100% sure if MAC OSX users actually have repositories or even have digital signatures for their software. But Apple applies this concept to the iPhone/iTunes through their application store.

The best thing to do for Windows users is to install a good anti-virus and software that can check for rootkits within the system (What is a rootkit? See here: http://en.wikipedia.org/wiki/Rootkit). You can also set strong passwords for your user(s) accounts and try to be very careful where you download software from. In the case of web infections this is a tough one to deal with; our best advice is to use FireFox or Google Chrome instead of Internet Explorer regardless of the stupid commercials Microsoft has been displaying on TV about IE.  It is not safe no matter what they say. And keep your system up to date with the latest software. Although this can be a bit tricky as Microsoft can sometimes break your system on patch Tuesday so here you take your chances.

For Linux folks they have wrote a good article here on ZDNET (http://www.zdnet.com/blog/btl/five-tips-for-improving-linux-security/35798).

MAC OSX users pay close attention to Apple updates and install them as soon as they are available.

Remember if you are going to go outside of a trusted software vendor or repositories please make sure you can verify who they are.

Advertisements

Google Chrome Web Browser Version 6

1 Comment

The new version of Google Chrome web browser has been released (http://www.google.com/chrome/intl/en/more/index.html). This new version uses the WebKit engine (http://webkit.org/) to render its HTML/CSS and JavaScript pages. It also boosts support for lots of CSS3 features such as the ones found here (http://tinyurl.com/35lupzz) plus lots of HTML5 features as well. The browser also lets you import your Fire Fox bookmarks and it allows you to sync your bookmarks across PCs which have the Google Chrome browser already installed(very cool feature).

Google Chrome Start Page extesion

Speed

The one thing that has really impressed us about the browser is its speed. We have tested the browser across several operating system such as Windows(XP,7), Mac OSX and Ubuntu 10.04 and it is fast. Very quick to start up and loading the actual web sites. The only other web browser out there that is faster than Google Chrome is Opera 10.10(http://www.opera.com/browser/). This new version also features a faster JavaScript engine which makes JavaScript driven applications to perform much faster.

Security

In terms of security the browser is very solid just like Fire Fox 3.x(http://www.mozilla.com/en-US/firefox/personal.html). It actually warns you if you have stumbled into a web site which could harm your PC. This however does not mean you should throw away your anti-virus software specially if you are on a Windows PC(regardless of the version your are running).

Google Chrome Feedly page

Extensions

In this area just like Fire Fox the browser shines as it already has tons of extensions for you to choose from and they work extremely well. You can also find most extensions which are available for Fire Fox such as Feedly or Pixlr Grabber. In terms of developing extensions Chrome makes it easy to do so, you can take a look at this article here (http://www.mattcutts.com/blog/write-chrome-extension/).

Conclusion

In our opinion if you have not tried Google Chrome you should for three reasons.

  1. Faster web browsing experience
  2. Better security
  3. Lots of extensions to choose from.

If you are currently running Internet Explorer (6,7 or 8 ) and you don’t necessarily need it for any specific web applications then we say dump it like your life depends on it as it lacks support for various CSS 2.1, CSS 3 and HTML 5 features which are rapidly being deployed to new web sites. On this merit alone Internet Explorer should be dropped like a bad habit (not to mention security issues).

If you are running the latest version of Opera or Fire Fox then you should be OK as both of these browsers keep adding more CSS 3/HTML 5 functionalities. But if your adventurous then give Google Chrome a shot you just might like it. Take a look at some of the capabilities of Google Chrome here http://www.chromeexperiments.com/ and you can download it here http://www.google.com/chrome?hl=en.