Path: utzoo!attcan!uunet!lll-winken!ames!purdue!mailrus!cornell!vax5!hznx From: hznx@vax5.CIT.CORNELL.EDU Newsgroups: comp.unix.wizards Subject: Re: GNU, security, and RMS Summary: privacy and safety Message-ID: <18763@vax5.CIT.CORNELL.EDU> Date: 8 Jun 89 22:42:12 GMT References: <19930@adm.BRL.MIL> Sender: news@vax5.CIT.CORNELL.EDU Reply-To: hznx@vax5.cit.cornell.edu (Dan Dulitz) Organization: Cornell Information Technologies, Ithaca NY Lines: 84 In article <19930@adm.BRL.MIL> bzs@bu-cs.bu.edu (Barry Shein) writes: > >Will someone explain to me exactly how usernames and passwords and >file protections (a not unknown form of security) will protect against >computer viruses?? These are often introduced into the system by >unwitting bona-fide users, hiding in a useful looking program picked >up somewhere. Exactly. Let's take the analogy to an office with single-user PC a step further. If your office is in America, you have a door with a lock on it, to keep unauthorized persons out. You may have a burglar alarm, to alert you when an unauthorized person gets in. Thanks to this control that YOU have over YOUR personal machine, you can keep all nincompoops and other negligent computer users away. Look at all the "free" security you get with this arrangement! The lock works because only authorized users have keys, picking the lock is difficult, and the chance of getting caught is significant (if low). The burglar alarm works because it is not able to be compromised by the burglar; furthermore, it brings the police to the scene. As far as nonmalicious users go, you simply keep them away. Yet even this is not enough. Single-user machines run by all types of users fall victim to accidental reformats, accidental file deletion, and system crashes due to incorrect software installation. Viruses propagate because programs perform actions they should not be doing (modifying executable files, parts of the OS in memory, etc). So the single user takes precautions: lots of backups, format recovery programs, antivirus software. And when the system goes down, the single user might spend a few hours restoring from the backup and a few more recovering his data. No big deal. Remote-access multiuser machines do not have any of these luxuries. The chance of getting caught while "picking the lock" is extremely low. Unsocial youths turn to cracking instead of picking high-security locks, partly because of the unlikelihood of getting caught. Burglar alarms (audit trails) are useless if they can be changed by the burglar, if they are hard to read, or if the end result is not some punishment. And without *strict* login security, you never can know whether your best friend replaced version 2.1 with version 1.3 or whether a cracker faked his account. Can you? Accidental problems grow exponentially without security, since there are more users who can make mistakes and more users who must restart their work whenever any one user screws up. Viruses damage everyone's work, not only the hapless soul who contracted it. Security reduces (does not eliminate) these problems. Access vandalism can be no more common than physical vandalism iff access restrictions are used. The damage of viruses and Trojans can be limited to a much smaller amount of data and their frequency can be reduced: if the virus can't scramble my program's or the system's data, it has been killed. File protections (coupled, of course, with login restrictions) are the only means to do this on a multi-user system. And protection is needed to secure an audit trail; someone must maintain it and make it available to *some* other people. Sure, not all systems need security. UNIX-like systems, because they are used in environments where the above problems are/can be commonplace, do need security. To claim that high security should not be available as an integral, unhacked part of the OS (because not everyone needs it) is similar to tossing out "awk." The default issue is moot. If the sysadmin is incapable of changing defaults, he'll have far more serious problems than security. If he's just lazy, he'll have problems with both security and free exchange of information. Remember. I grew up in a small, homogenous, moral community in the farming state of South Dakota. None of our neighbors would ever commit a crime. But we locked our doors every night. Did it impair our sense of community? No, because we had a doorbell: if someone wanted to come in, they would ring it. It's a small price to pay when compared to the benefits. All the sysadmins I know keep a mailbox for those who wish access to protected stuff. In the real world, there are some things I do not tell anyone else; there are some things I tell only my close friends; there are some things that *must* be protected from my business competitors. Until competition (not just capitalism) ceases, I let stated enemies read not only my diary but my mind, and I leave the door to my office (or home) unlocked when the police are on vacation, I want security. It can be abused. But that's a personal issue. > -Barry Shein Dan Dulitz hznx@vax5.cit.cornell.edu