rcd@ico.ISC.COM (Dick Dunn) (06/02/89)
I've seen several postings which seem to assert that the GNU folks won't be interested in security because that's somehow at odds with free software. I haven't quite been able to make the connection. Is there some other part of the FSF philosophy (or RMS' personal philosophy, or whatever) that says that security is a Bad Thing? For example: > | }Security: ACLs? Get rid of root? Security monitors? Auditing? > | } Provably secure(A1)? . . . > ...provably secure? From RMS??? You dream... Does this imply that security is not a concern, or only "provable" security at some level? Seems to me that if you're after some level of security, being able to prove it is closely related (albeit not equivalent) to knowing what you're doing. >...(On the other hand, the lack > of security that RMS prefers would be the biggest stumbling block in getting > people to *use* GNU... This is what really makes me wonder--*does* RMS really prefer a lack of security, or are we/you/they putting words in his mouth? I just can't make the leap. For example, I think I can like the idea of free software a whole bunch without wanting someone else to be able to read my private correspondence at will. Just because I trust me with my machine doesn't mean I trust everyone in the world who owns a terminal and a modem. -- Dick Dunn UUCP: {ncar,nbires}!ico!rcd (303)449-2870 ...CAUTION: I get mean when my blood-capsaicin level gets low.
mike@thor.acc.stolaf.edu (Mike Haertel) (06/03/89)
Since everyone is making such a big deal about `security and RMS' I thought I would try to clarify things a bit. I am employed by the Free Software Foundation, and I have known Richard for about a year. Perhaps this will stop all the wasted bandwidth in useless speculation. In article <15812@vail.ICO.ISC.COM> rcd@ico.ISC.COM (Dick Dunn) writes: >I've seen several postings which seem to assert that the GNU folks won't be >interested in security because that's somehow at odds with free software. Security is not at odds with free softare, but . . . >Is there some other part >of the FSF philosophy (or RMS' personal philosophy, or whatever) that says >that security is a Bad Thing? Yes. I (almost) quote RMS: `I do not believe there should be security among the users of a computer system.' (He posted (approximately) this statement to one of the GNU newsgroups sometime back, when someone was complaining that the default emacs Makefile installs things 777 mode.) >>...(On the other hand, the lack >> of security that RMS prefers would be the biggest stumbling block in getting >> people to *use* GNU... > >This is what really makes me wonder--*does* RMS really prefer a lack of >security, or are we/you/they putting words in his mouth? RMS *really prefers* a lack of security. (He doesn't mind a bit of auditing though, to see who last changed a source file . . .) The GNU system will of course support the UNIX ownership and protection mechanisms, but I find it highly unlikely whether we at the FSF will implement anything more. Other people can if they like, and we might even redistribute it along with other non-FSF user-contributed software. But it's a pretty sure bet that even if we distribute such a system we will never support it in any way. As for my beliefs on the subject: (1) Anyone who thinks a UNIX-compatible system can be `secure' has some serious delusions. Timing windows and covert channels abound. (2) There should not be security among the users of a computer system. The principal use I have seen security put to has been the self- aggrandizement of system administrators at the expense of the user community. (I agree that in some situations it is reasonable to have security to keep out outsiders, though.) -- Mike Haertel <mike@stolaf.edu> ``There's nothing remarkable about it. All one has to do is hit the right keys at the right time and the instrument plays itself.'' -- J. S. Bach
haynes@ucbarpa.Berkeley.EDU (Jim Haynes) (06/04/89)
In article <2322@thor.acc.stolaf.edu> mike@stolaf.edu writes: > >(2) There should not be security among the users of a computer system. > The principal use I have seen security put to has been the self- > aggrandizement of system administrators at the expense of the > user community. (I agree that in some situations it is reasonable > to have security to keep out outsiders, though.) Well, you have a right to your opinion; but a corollary of this belief is that all the users of a computer system have to be mutually friendly and responsible and trust one another. Which sounds like the mythical home town where people don't need to lock the doors when they leave home. I claim the right to remain highly skeptical when the user community is a collection of college students of widely varying backgrounds, political beliefs, sexual orientations, maturities, academic abilities, etc. I'm sorry you have had such negative experiences with system administrators. Perhaps if the users of a computer system are paying out of their own pockets for the services they can choose an administrator who will run it to please them. haynes@ucscc.ucsc.edu haynes@ucscc.bitnet ...ucbvax!ucscc!haynes "Any clod can have the facts, but having opinions is an Art." Charles McCabe, San Francisco Chronicle
jamesa@arabian.Sun.COM (James D. Allen) (06/04/89)
In article <2322@thor.acc.stolaf.edu> mike@stolaf.edu (Mike Haertel) writes: > > (1) Anyone who thinks a UNIX-compatible system can be `secure' has > some serious delusions. Timing windows and covert channels abound. Help stamp out covert channels! I don't care what text-editor my computer runs as long as KGB agents can't use it to send messages to Moscow Central. In article <29457@ucbvax.BERKELEY.EDU>, haynes@ucbarpa.Berkeley.EDU (Jim Haynes) writes: > In article <2322@thor.acc.stolaf.edu> mike@stolaf.edu writes: > > > >(2) There should not be security among the users of a computer system. > > The principal use I have seen security put to has been the self- > > aggrandizement of system administrators at the expense of the > > user community. (I agree that in some situations it is reasonable > > to have security to keep out outsiders, though.) Bravo! I'll do an occasional % chmod 600 Personal_little_black_book to discourage casual snooping, but I always make /dev/mem and /dev/disk `rw-r--r--'. If a user wants to write his own improved `df' or `ps', more power to him. > > Well, you have a right to your opinion; but a corollary of this belief > is that all the users of a computer system have to be mutually friendly > and responsible and trust one another. Which sounds like the mythical > home town where people don't need to lock the doors when they leave home. Rare perhaps in 1990 U.S.A., but "mythical"? Boy. I guess one way to cope with cynicism is to believe things are this bad everywhe{n,re}. > > I claim the right to remain highly skeptical when the user community is > a collection of college students of widely varying backgrounds, political > beliefs, sexual orientations, maturities, academic abilities, etc. Oh, I was wondering how different organizations used the group_id. Let me guess: % cat /etc/group fhetero:*:1: mhetero:*:2: fhomo:*:-2: mhomo:*:-3: boviphile:*:-4: I suppose Berkeley invented setgroups() to accommodate bisexuals. + In article <3, I think> jfh@rpp386.cactus.org (John F. Haugh II) writes: + + I think [a previous poster] meant getting rid of UID == 0 being a + + privileged user. Again, this an Orange Book requirement. Orange Book? Oh, you mean the people that brought us the B-1 Bomber and the Iranian secret police. Right on! Let Noriega export billions of $ of cocaine to North America, just don't tell him the root password. > -- > Mike Haertel <mike@stolaf.edu> > ``There's nothing remarkable about it. All one has to do is hit the right > keys at the right time and the instrument plays itself.'' -- J. S. Bach So JS Bach was a Unix hacker! It wasn't mentioned in his biography.
carroll@s.cs.uiuc.edu (06/05/89)
/* Written 1:55 pm Jun 3, 1989 by haynes@ucbarpa.Berkeley.EDU in s.cs.uiuc.edu:comp.unix.wizards */ In article <2322@thor.acc.stolaf.edu> mike@stolaf.edu writes: >(2) There should not be security among the users of a computer system. Well, you have a right to your opinion; but a corollary of this belief is that all the users of a computer system have to be mutually friendly and responsible and trust one another. ^^^^^^^^^^^ /* End of text from s.cs.uiuc.edu:comp.unix.wizards */ Put with "skillful" with "responsible". I used to share a couple systems with some associates of mine, all of whom I trusted complete to be _honest_ and _ethical_. I certainly did _not_ trust all of them to be _skillful_. As an example, I have a friend who I'd trust in my house while I'm gone, but I'd _never_ loan him the keys to my car because _he doesn't know how to drive_. Similarly, I didnt' give my some of my associates full priviledges because _they didn't know enough to be safe_. If ever one was a wizard kernel-hacker, then it wouldn't be a problem. But that doesn't happen in the real world. Properly used security also prevents _accidents_. Further, I kept private information on the system - I trusted them not to look, even with root priviledges, if I set the permissions to exclude normal logons. Setting everything 666 (or 777) strikes me as bogus. How are others to know what they are welcome to look at / edit or not? Alan M. Carroll "And there you are carroll@s.cs.uiuc.edu Saying 'We have the Moon, so now the Stars...'" CS Grad / U of Ill @ Urbana ...{ucbvax,pur-ee,convex}!s.cs.uiuc.edu!carroll
jv@mh.nl (Johan Vromans) (06/05/89)
> From: mike@thor.acc.stolaf.edu (Mike Haertel) > As for my beliefs on the subject: > > (1) Anyone who thinks a UNIX-compatible system can be `secure' has > some serious delusions. Timing windows and covert channels abound. Agreed. This could need some improvements. > (2) There should not be security among the users of a computer system. > [...] (I agree that in some situations it is reasonable > to have security to keep out outsiders, though.) Agreed. > The principal use I have seen security put to has been the self- > aggrandizement of system administrators at the expense of the > user community. One of the reasons for security is to protect users against themselves. On most of the systems we run most users know how to become root if they want or need to. But when you're super user, you have to be extremely careful not to mistake or to mistype. I am not afraid that any other user will deliberately mistreat my data, I'm just afraid of accidents. And humans make mistakes, you know. > Mike Haertel <mike@stolaf.edu> Johan Vromans <jv@mh.nl> -- Johan Vromans jv@mh.nl via european backbone (mcvax) Multihouse Automatisering bv uucp: ..!{mcvax,hp4nl}!mh.nl!jv Doesburgweg 7 phone: +31 1820 62944 2803 PL Gouda - The Netherlands fax: +31 1820 62500
mchinni@pica.army.mil (Michael J. Chinni, SMCAR-CCS-E) (06/05/89)
In article <2322@thor.acc.stolaf.edu> mike@stolaf.edu writes: > >(2) There should not be security among the users of a computer system. > The principal use I have seen security put to has been the self- > aggrandizement of system administrators at the expense of the > user community. (I agree that in some situations it is reasonable > to have security to keep out outsiders, though.) I disagree. Maybe in a education environment no security may be okay, but I can't see this in a commercial/governmental environment. No security on the computer is similar to allowing anyone to come into your office and look at anything they please, and also to allow them to change anything they please. I doubt if many people would like this. In case someone says: "Protect what you want protected but don't force protection on everyone", I say "Protect user's work from everyone else (root obviously excepted) and inform them as to how to lessen this if they want". Protection from root should not be needed. If a sys. admin. is not responsible enough to not go snooping, then they should not be allowed to have root privileges. In closing, I feel that security should NOT be decided on a VENDOR level, but on a local sys. admin. level based upon the needs/requirements of his/her/thier system(s). /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Michael J. Chinni Chief Scientist, Simulation Techniques and Workplace Automation Team US Army Armament Research, Development, and Engineering Center User to skeleton sitting at cobweb () Picatinny Arsenal, New Jersey and dust covered workstation () ARPA: mchinni@pica.army.mil "System been down long?" () UUCP: ...!uunet!pica.army.mil!mchinni /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
rang@cpsin3.cps.msu.edu (Anton Rang) (06/06/89)
In article <19857@adm.BRL.MIL> mchinni@pica.army.mil (Michael J. Chinni, SMCAR-CCS-E) writes: In article <2322@thor.acc.stolaf.edu> mike@stolaf.edu writes: > >(2) There should not be security among the users of a computer system. > The principal use I have seen security put to has been the self- > aggrandizement of system administrators at the expense of the > user community. (I agree that in some situations it is reasonable > to have security to keep out outsiders, though.) I disagree. Maybe in a education environment no security may be okay, but I can't see this in a commercial/governmental environment. In an educational environment? No way. Maybe in small graduate-level work groups. When you can give everybody their own workstation, fine. But I like being able to keep files on the system without everybody being able to read them. It's much easier than keeping them on a PC and uploading/downloading them all the time. Besides, it would really mess up the profs that assume cheating is tough... :-) Anton P.S. What's really needed is a secure system with a way to minimize security. They already exist; look at many commercial OS's. +---------------------------+------------------------+ | Anton Rang (grad student) | "VMS Forever!" | | Michigan State University | rang@cpswh.cps.msu.edu | +---------------------------+------------------------+
steve@note.nsf.gov (Stephen Wolff) (06/06/89)
> In closing, I feel that security should NOT be decided on a VENDOR level, > but on a local sys. admin. level based upon the needs/requirements of > his/her/thier (sic) system(s). Absolutely! Couldn't agree more. Vendors should not foist over-zealous and restrictive security on their customers. SysAdms should indeed bear the responsibility for configuring the OS environment to provide the default security level wanted by their users. -s
jfh@rpp386.Dallas.TX.US (John F. Haugh II) (06/06/89)
In article <2322@thor.acc.stolaf.edu> mike@stolaf.edu writes: >As for my beliefs on the subject: > >(1) Anyone who thinks a UNIX-compatible system can be `secure' has > some serious delusions. Timing windows and covert channels abound. The NCSC believes a UNIX-compatible system can be made A1 secure. Apple recently announced a B2 [ B1? ] secure compartmented workstation. The IBM RT/PC runs a C2 capable version of UNIX, complete with all the nasty BSD cruft. How much longer until a B3 workstation is announced by a real player, like DEC or Sun? [ A more likely question is how long until AT&T or IBM buys Apple ... ] -- John F. Haugh II +-Button of the Week Club:------------- VoiceNet: (512) 832-8832 Data: -8835 | "AIX is a three letter word, InterNet: jfh@rpp386.Cactus.Org | and it's BLUE." UucpNet : <backbone>!bigtex!rpp386!jfh +--------------------------------------
bbh@whizz.uucp (Bud Hovell) (06/06/89)
In article <29457@ucbvax.BERKELEY.EDU> haynes@ucbarpa.Berkeley.EDU.UUCP (Jim Haynes) writes: >In article <2322@thor.acc.stolaf.edu> mike@stolaf.edu writes: >> >>(2) There should not be security among the users of a computer system. >Well, you have a right to your opinion; but a corollary of this belief >is that all the users of a computer system have to be mutually friendly >and responsible and trust one another. Which sounds like the mythical >home town where people don't need to lock the doors when they leave home. Such home towns were not a myth. I lived in several during my lifetime. But they were characterized by having populations which were fairly stable, and relatively small, and where the same shared values were preserved by the vast majority of people. In other words, they tended to be highly homogenous. >I claim the right to remain highly skeptical when the user community is >a collection of college students of widely varying backgrounds, political >beliefs, sexual orientations, maturities, academic abilities, etc. You're right. But this doesn't fit the definition of the "home town" to which you referred. No highly heterogeneous community (San Francisco, or typical college campus, etc.) will fit. And the safeguards will probably have to be much more stringent. People tend to generalize from their own (often immediate) experiences. Having a system set up under the assumption of "trusted users" is not wrong if the population of such users is, indeed, trust-worthy. If not, then greater safe- guards are indicated. But the appropriate level of security (on a computer system - or in a community) is a function of the degree and nature of likely threat, not compliance to iron-clad rules which fail to recognize sometimes- enormous local differences. Bud Hovell :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : UUCP: {sun!nosun | tektronix!{percival|bucket} | attmail}!whizz!bbh : : TELEX: 152258436 (Whizz/Bud Hovell) VOICE: +1 503-636-3000 : : USPO: McCormick & Hovell, Inc., PO Box 1812, Lake Oswego, OR USA 97035 : :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: "Vote NO!"
dinah@shell.UUCP (Dinah Anderson) (06/06/89)
In article <29457@ucbvax.BERKELEY.EDU>, haynes@ucscc.ucsc.edu writes: >Well, you have a right to your opinion; but a corollary of this belief >is that all the users of a computer system have to be mutually friendly >and responsible and trust one another. Which sounds like the mythical >home town where people don't need to lock the doors when they leave home. This no longer applies in the distributed operating system environment- especially when this environment crosses administrative domains. I no longer look at unix systems as standalone systems that just happen to be on a network. You have to consider all systems and your network is as secure as the least secure member (without the implementation of secure routers or 3rd party authentication systems.) Dinah Anderson Shell Oil Company, Information Center (713) 795-3287 ..!{sun,psuvax,bcm,rice}!shell!dinah
bzs@bu-cs.bu.edu (Barry Shein) (06/07/89)
>I disagree. Maybe in a education environment no security may be okay, but I >can't see this in a commercial/governmental environment. No security on the >computer is similar to allowing anyone to come into your office and look at >anything they please, and also to allow them to change anything they please. I >doubt if many people would like this. Although I'd probably agree with what you're trying to say I just want to point out that 10 Million PC's and about 1 Million Mac's say you're (we're?) wrong. There's no concept of security on those machines (heck, there's no concept of a "user" tho various things have been hacked on top for network add-on software.) I'd have to call that representative of "many" people. We can go back to "reason" but, hey, 11 million user's voted with their pocketbooks, hard to dispute. Anyhow, not a flame, just seemed worth a moment's reflection. -Barry Shein Software Tool & Die, Purveyors to the Trade 1330 Beacon Street, Brookline, MA 02146, (617) 739-0202
frank@rsoft.bc.ca (Frank I. Reiter) (06/07/89)
In article <19896@adm.BRL.MIL> bzs@bu-cs.bu.edu (Barry Shein) writes: > >Although I'd probably agree with what you're trying to say I just want >to point out that 10 Million PC's and about 1 Million Mac's say you're >(we're?) wrong. There's no concept of security on those machines Okay, so network them all together and add dialin access and we'll see just how happy these 11 million people are having no security. I think you see my point. :) -- _____________________________________________________________________________ Frank I. Reiter UUCP: {uunet,ubc-cs}!van-bc!rsoft!frank Reiter Software Inc. frank@rsoft.bc.ca, a2@mindlink.UUCP Langley, British Columbia BBS: Mind Link @ (604)533-2312, login as Guest
gph@hpsemc.HP.COM (Paul Houtz) (06/07/89)
bzs@bu-cs.bu.edu (Barry Shein) writes: >>I disagree. Maybe in a education environment no security may be okay, but I >>can't see this in a commercial/governmental environment. No security on the >>computer is similar to allowing anyone to come into your office and look at >>anything they please, and also to allow them to change anything they please. I >>doubt if many people would like this. >Although I'd probably agree with what you're trying to say I just want >to point out that 10 Million PC's and about 1 Million Mac's say you're >(we're?) wrong. There's no concept of security on those machines >(heck, there's no concept of a "user" tho various things have been >hacked on top for network add-on software.) I'd have to call that >representative of "many" people. We can go back to "reason" but, hey, >11 million user's voted with their pocketbooks, hard to dispute. Sorry Barry. This is totally invalid. The PC's are not multi-user systems. There is little need for security on a single user system. The PC is like someones file cabinet or desk. No one is SUPPOSED to be going through someones PC files or desk or file cabinet (note that anyone who has sensitive data on their pc has a physical lock on the machine). On a multi-user system, there are other people who are SUPPOSED to be accessing the system, so you have to have the equivalent of door/drawer/cabinet locks on peoples accounts, hence, security.
nugent%tartarus@gargoyle.uchicago.edu (06/08/89)
Barry Shein writes: > Although I'd probably agree with what you're trying to say I just want > to point out that 10 Million PC's and about 1 Million Mac's say you're > (we're?) wrong. There's no concept of security on those machines I think the computer virus issue is starting to make these people feel uncomfortable with the lack of security on these machines. I know that the Macs with hard drives in our own public clusters have to be wiped clean and rewritten every week or two, in spite of anti-virus measures and procedures. I am familiar with some law firms and option trading firms, who are VERY concerned about the virus issue on Mac clusters. I'm afraid that it is a case of repeating the mistakes of the past in a new guise. As Mac and PC OSs get more features and complexity, they have a greater need for some form of security. Nobody needs security on a 128k Mac with one floppy!(remember that) but a Mac II with 140 MB hard drives mounting NFS partitions over ethernet is a different animal and in some environments does need some form of protection. Todd Nugent Computer Science Dept.
weiser.pa@xerox.com (06/08/89)
See the commentary in this months CACM by Jim Morris. His point is that, approximately, identification is the key thing, security is unnecessary except in special military applications. I like his way of thinking: computers and networks are like life, in life there is no nature-enforced security, instead we rely on identification and peer pressure for 99.999% of enforcement. Let's do computers the same way. If the above interests you, read the commentary, don't just respond to my short, distorted summary. -mark
bzs@bu-cs.bu.edu (Barry Shein) (06/08/89)
Gee, I feel a little like everyone was just looking for someone to jump all over about the security issue and I stepped right in it. Remember, I didn't say the 11 Million PC users were right, I just said that you can't deny their existence (in response to a claim that no one would buy a system without security, hah!) The problem is that everyone is naming their favorite "possibly related to security" issue and offering it as proof that they need some other vague thing they're referring to as security. Will someone explain to me exactly how usernames and passwords and file protections (a not unknown form of security) will protect against computer viruses?? These are often introduced into the system by unwitting bona-fide users, hiding in a useful looking program picked up somewhere. The point is: Define security. It's going to have to be a little more concise than "something which prevents anything evil from ever happening to my computer". That's where the confusion lies, let's hear your security model, not just a description of where it hurts. -Barry Shein Software Tool & Die, Purveyors to the Trade 1330 Beacon Street, Brookline, MA 02146, (617) 739-0202
jik@athena.mit.edu (Jonathan I. Kamens) (06/08/89)
In article <19896@adm.BRL.MIL> bzs@bu-cs.bu.edu (Barry Shein) writes: >Although I'd probably agree with what you're trying to say I just want >to point out that 10 Million PC's and about 1 Million Mac's say you're >(we're?) wrong. There's no concept of security on those machines >(heck, there's no concept of a "user" tho various things have been >hacked on top for network add-on software.) Actually, I think the trend nowadays in personal computers is toward increased security as more and more PC users realize that their machines are not as secuire as they "should" be and as more and more PC users are using LAN's and such with multiple users rather than a single-user machine. Examples abound -- most IBM's nowadays comes with a lock program that can completely disable the keyboard, and such programs are coming out for the mac too. Encryption software for data is also becoming more common for PC's. Now, granted, the security on most PC's is still rather lax, and many PC users don't realize how to use it and therefore it ends up being pointless. However, to use the PC community as an example of a community without security is, I think, at least partially invalid. Jonathan Kamens USnail: MIT Project Athena 410 Memorial Drive, No. 223F jik@Athena.MIT.EDU Cambridge, MA 02139-4318 Office: 617-253-4261 Home: 617-225-8218
ed@mtxinu.COM (Ed Gould) (06/08/89)
>Now, granted, the security on most PC's is still rather lax, and many >PC users don't realize how to use it and therefore it ends up being >pointless. However, to use the PC community as an example of a >community without security is, I think, at least partially invalid. But the point is not that nobody in the PC community cares about security, but that there are *lots* of PC users who either don't care or don't know enough to care. As a counter to the argument "nobody will buy a system without security," the portion of the PC community that doesn't bother with security - for whatever reason - serves quite well. -- Ed Gould mt Xinu, 2560 Ninth St., Berkeley, CA 94710 USA ed@mtxinu.COM +1 415 644 0146 "I'll fight them as a woman, not a lady. I'll fight them as an engineer."
ed@mtxinu.COM (Ed Gould) (06/08/89)
> Sorry Barry. This is totally invalid. The PC's are not multi-user >systems. There is little need for security on a single user system. True, PCs are single-user systems. But, thjey're often shared among several users - not sumultaneously, but shared none the less. There PCs are also connected to networks, allowing access - even simultaneous access - by a variety of people. There's just as much (however much you think that might be) need for security on the single-user PC as on any other system that isn't locked away whenever its only user isn't present. -- Ed Gould mt Xinu, 2560 Ninth St., Berkeley, CA 94710 USA ed@mtxinu.COM +1 415 644 0146 "I'll fight them as a woman, not a lady. I'll fight them as an engineer."
maujf@warwick.ac.uk (Mike Taylor) (06/08/89)
[Someone claims that the average user wants security on his machines] In article <19896@adm.BRL.MIL> bzs@bu-cs.bu.edu (Barry Shein) writes: > Although I'd probably agree with what you're trying to say I just want > to point out that 10 Million PC's and about 1 Million Mac's say you're > (we're?) wrong. 11 million users voted with their pocketbooks, hard > to dispute. Irrelevant. People don't buy MACs and PCs because that don't want security, they buy them because (A) their friends have them, (B) they can afford them, and (C) they can understand them (or think they can). To compare sales figures for PCs with those for UNIX/VMS installations is fallacious. You might just as well say that because more toilet rolls are bought every day than Sun4, therefore what people really want in a computer is to be able to wipe their backside (translationb for Transatlantics: "ass" :-) with it. ______________________________________________________________________________ Mike Taylor - {Christ,M{athemat,us}ic}ian ... Email to: mirk@uk.ac.warwick.cs
ram@nebulus.UUCP (Richard Meesters) (06/09/89)
In article <887@mtxinu.UUCP>, ed@mtxinu.COM (Ed Gould) writes: > > Sorry Barry. This is totally invalid. The PC's are not multi-user > >systems. There is little need for security on a single user system. > > True, PCs are single-user systems. But, thjey're often shared among > several users - not sumultaneously, but shared none the less. There > PCs are also connected to networks, allowing access - even simultaneous > access - by a variety of people. There's just as much (however much > you think that might be) need for security on the single-user PC as > on any other system that isn't locked away whenever its only user isn't > present. > PC security with regards to multiple users utilizing a single PC is called using your own floppy disk and taking it with you. Security on networks is available, at least with the networks I've used and are familliar with. Usually you can set Access rights limitations to the directory level. BTW, How the heck did we get to talking about PC security in comp.unix.Wizards? Regards, Richard Meesters
campbell@redsox.bsw.com (Larry Campbell) (06/09/89)
In article <570025@hpsemc.HP.COM> gph@hpsemc.HP.COM (Paul Houtz) writes:
-
- Sorry Barry. This is totally invalid. The PC's are not multi-user
-systems. There is little need for security on a single user system.
Wrong -- thousands of victims of PC viruses would disagree with you.
--
Larry Campbell The Boston Software Works, Inc.
campbell@bsw.com 120 Fulton Street
wjh12!redsox!campbell Boston, MA 02146
hznx@vax5.CIT.CORNELL.EDU (06/09/89)
In article <19930@adm.BRL.MIL> bzs@bu-cs.bu.edu (Barry Shein) writes: > >Will someone explain to me exactly how usernames and passwords and >file protections (a not unknown form of security) will protect against >computer viruses?? These are often introduced into the system by >unwitting bona-fide users, hiding in a useful looking program picked >up somewhere. Exactly. Let's take the analogy to an office with single-user PC a step further. If your office is in America, you have a door with a lock on it, to keep unauthorized persons out. You may have a burglar alarm, to alert you when an unauthorized person gets in. Thanks to this control that YOU have over YOUR personal machine, you can keep all nincompoops and other negligent computer users away. Look at all the "free" security you get with this arrangement! The lock works because only authorized users have keys, picking the lock is difficult, and the chance of getting caught is significant (if low). The burglar alarm works because it is not able to be compromised by the burglar; furthermore, it brings the police to the scene. As far as nonmalicious users go, you simply keep them away. Yet even this is not enough. Single-user machines run by all types of users fall victim to accidental reformats, accidental file deletion, and system crashes due to incorrect software installation. Viruses propagate because programs perform actions they should not be doing (modifying executable files, parts of the OS in memory, etc). So the single user takes precautions: lots of backups, format recovery programs, antivirus software. And when the system goes down, the single user might spend a few hours restoring from the backup and a few more recovering his data. No big deal. Remote-access multiuser machines do not have any of these luxuries. The chance of getting caught while "picking the lock" is extremely low. Unsocial youths turn to cracking instead of picking high-security locks, partly because of the unlikelihood of getting caught. Burglar alarms (audit trails) are useless if they can be changed by the burglar, if they are hard to read, or if the end result is not some punishment. And without *strict* login security, you never can know whether your best friend replaced version 2.1 with version 1.3 or whether a cracker faked his account. Can you? Accidental problems grow exponentially without security, since there are more users who can make mistakes and more users who must restart their work whenever any one user screws up. Viruses damage everyone's work, not only the hapless soul who contracted it. Security reduces (does not eliminate) these problems. Access vandalism can be no more common than physical vandalism iff access restrictions are used. The damage of viruses and Trojans can be limited to a much smaller amount of data and their frequency can be reduced: if the virus can't scramble my program's or the system's data, it has been killed. File protections (coupled, of course, with login restrictions) are the only means to do this on a multi-user system. And protection is needed to secure an audit trail; someone must maintain it and make it available to *some* other people. Sure, not all systems need security. UNIX-like systems, because they are used in environments where the above problems are/can be commonplace, do need security. To claim that high security should not be available as an integral, unhacked part of the OS (because not everyone needs it) is similar to tossing out "awk." The default issue is moot. If the sysadmin is incapable of changing defaults, he'll have far more serious problems than security. If he's just lazy, he'll have problems with both security and free exchange of information. Remember. I grew up in a small, homogenous, moral community in the farming state of South Dakota. None of our neighbors would ever commit a crime. But we locked our doors every night. Did it impair our sense of community? No, because we had a doorbell: if someone wanted to come in, they would ring it. It's a small price to pay when compared to the benefits. All the sysadmins I know keep a mailbox for those who wish access to protected stuff. In the real world, there are some things I do not tell anyone else; there are some things I tell only my close friends; there are some things that *must* be protected from my business competitors. Until competition (not just capitalism) ceases, I let stated enemies read not only my diary but my mind, and I leave the door to my office (or home) unlocked when the police are on vacation, I want security. It can be abused. But that's a personal issue. > -Barry Shein Dan Dulitz hznx@vax5.cit.cornell.edu
tainter@cbnewsd.ATT.COM (johnathan.tainter) (06/09/89)
In article <19930@adm.BRL.MIL> bzs@bu-cs.bu.edu (Barry Shein) writes: > >Gee, I feel a little like everyone was just looking for someone to >jump all over about the security issue and I stepped right in it. > >Remember, I didn't say the 11 Million PC users were right, I just said >that you can't deny their existence (in response to a claim that no >one would buy a system without security, hah!) PCs have security. There security comes from the limitations of the PC. I.E. It has not concept of multiple users, it is severely limited in who can get to it. In most instances, these eliminated the need for further security efforts. Note however, that as these limits are slowly stripped away from the machines that the added security is added in. >Will someone explain to me exactly how usernames and passwords and >file protections (a not unknown form of security) will protect against >computer viruses?? File protections may not stop them, but it can significantly restrict the harm they can do. > -Barry Shein >Software Tool & Die, Purveyors to the Trade >1330 Beacon Street, Brookline, MA 02146, (617) 739-0202 --johnathan.a.tainter-- att!ihlpb!tainter
guy@auspex.auspex.com (Guy Harris) (06/10/89)
>BTW, How the heck did we get to talking about PC security in comp.unix.Wizards?
Well, for one thing, sometimes systems other than UNIX give useful
lessons for people thinking about UNIX, surprising as this occasionally
seems to be to some people here :-(.
For another, some PCs do run UNIX....
jc@minya.UUCP (John Chambers) (07/23/89)
> (1) Anyone who thinks a UNIX-compatible system can be `secure' has > some serious delusions. Timing windows and covert channels abound. Unlike any other operating systems, I guess. And unless it's perfect, it's unacceptable, so why bother? > (2) There should not be security among the users of a computer system. > The principal use I have seen security put to has been the self- > aggrandizement of system administrators at the expense of the > user community. (I agree that in some situations it is reasonable > to have security to keep out outsiders, though.) You've all been missing the major reason I like some sort of security. It keeps dumb/careless users (like me ;-) from shooting themselves in the foot (to steal a useful metaphor). I wish I had a buck for every time a DOS user has deleted or overwritten "system" files on their PC, and then been mystified by the machine's strange behavior until someone restored the file somehow. With such money, I could buy myself a Cray as a toy. And we've all grown tired of the debates triggered by some poor Unix user typing "rm * .o", right? (Not that any of us has done this; this *is* unix.wizards, isn't it? ;-) In my mind, the question isn't so much whether there should be security; it is how best to arrange the security so that it interferes with the destruction of files that shouldn't be destroyed, while not interfering with writing files that should be written. To do this successfully would likely require some sort of AI, if not prescience, on the part of the security system. But the basic Unix security system, if understood and judiciously applied, can go a long way towards keeping things safe without undue interference with getting a job done. Teaching users to use it can be difficult, though I've found that waiting until they accidentally delete their own files gives them a real motive to listen. One of the things I'd like to see (in GNU, or in any other system) is a security system that can be understood by relatively novice users, i.e., it wouldn't be much more complicated than Unix's security system, and which does a better job of refusing things which in retrospect turn out to have been a bad idea. Anyone have any good ideas? -- #echo 'Opinions Copyright 1989 by John Chambers; for licensing information contact:' echo ' John Chambers <{adelie,ima,mit-eddie}!minya!{jc,root}> (617/484-6393)' echo '' saying