semi-OT re The Dark Side
While incompatibility between platforms was something one used to just nod at and move on, the existence of widely available, often zero-fee development environments which have been engineered to run on multiple platforms prevents me from tolerating apps that don't run on my box. The Mozilla project has a toolkit for writing apps that run anyplace Mozilla itself will run, using Mozilla's back-end to drive the UI. Java runs anyplace, unless you've bought and used a crippled java development tool that was designed to prevent cross-platform use. Web sites that refuse to offer me their content because they test my browser's ID string instead of its functionality are especially idiotic: I tell the browser to lie about who it is and where it is running and the content works just fine. Do the site's managers have any idea how many people are running Konqueror or Mozilla or OmniWeb where they had, for whatever bizzare reason, hoped to create an enclave of M$-only browsers?
So I have no tolerance for newly-written software that won't run on my box. I especially have no tolerance for BAD software that won't run on my box. A trip through law offices in Houston has shocked me with the pitiful quality of the performance, much less the user experience, on some really expensive software (I think of most commercial software as "really expensive" ... hundreds of dollars per seat is "really expensive" when there are free alternatives that work better) designed to run the law offices and their records. Whole teams of people are sucked into making this stuff ... ahem ... "work". And it's STANDARD to be this bad, apparently. The more things change, the more they stay the same.
Security? Here's what I wrote when people on a listserv started arguing over whether Apple was lying when it said its operating system came with integrated antivirus technology, and whether Apple could have as accurately said its products came with anti-tiger technology (you haven't been mauled by a tiger at your Apple have you?):
No, I don't think MacOS X can be fairly said to include anti-tiger technology.
The reason Outlook and Exchange are big virus propagators, and not the high-volume mailservers (like QMail, Postfix, etc.), is directly related to the fact that their creator has no real concern about or interest in genuine security. Thus, bolt-on "security" in the form of antivirus software is needed to even begin describing such systems as "secure". (Remember the remote control exploit, useable on any default XP installation on a network, available for XP a few weeks after MS declared XP the most secure product it had ever shipped?) Let's face it: if so many Outlook installations did not execute scripts attached to unauthenticated incoming communications, there would BE no super-scale virus propagation, only the propagation of Trojans by people duped into executing them by hand. I have yet to hear of Pine, Eudora, Mail.app, or any other client causing unintended transmission of self-propagating email to entire address-books full of victims. Mind you, I get junk attachments all the time, returned to me because a virus used my email in a forged return address when attempting to infect a third party -- and my machines have NEVER infected others as a result of receiving such an attachment. No client I have run has the faults that enable self-propagation, the defining feature of a virus.
Denying unauthenticated incoming transmissions the power to execute themselves, or to propagate themselves, is a design decision which is a security feature. Sure, KMail *could* enable javascript to run KMail itself, and turn KMail into an instrument of virus propagation, but KMail does not. KMail is in this respect possessed of integrated anti-virus architecture. This is a trait not shared with the creators of Outlook, Exchange, IIS, MS-Word, etc. These apps, running on the operating systems created by the same manufacturer, usually run with privilege which exceeds that of the user at the keyboard, and thus enables further mischief. Parts of IIS as I understand it run effectively in kernel mode; DLLs used by MS-Word on its native platform execute commands with privilege which exceeds the logged-in user's; and since MS-Word now opens ports to try to trade messages with other MS-Word installations, while remaining fully scriptable, thus opening a whole vista of attacks which allow elevated privileges to be enjoyed by strangers who lack privilege even to log into the machine.
One day in the Texas capitol, I tested an XP exploit which relied on the predictable, but insecure, misbehavior of XP's software update tool. It is possible for a user on machines which have not been updated since that time to recursively delete all files from any point in the filesystem, merely by clicking a specially malformed hyperlink. (Yes, even C:/ ... though this was not my test. The app which did this was analagous to a SUID app in that it had super privileges though it was executable by any user.) Given that Outlook will happily send this malformed link to everyone in your address book, it seems permitting Outlook to be installed in an error anywhere you do not intend to reinstall every machine's OS and applications. The fact that Outlook will send the link to everyone in your address book is a nuisance, but the fact that the link will hose an entire system is unacceptable. The fun part is that since MS-Explorer is also scriptable, you don't even need the user to click the link ... just run Outlook.
Rather than expect "bolt-on" security like anti-virus software to catch attacks, I prefer to see systems designed to avoid exposing vulnerable services with any privilege which would cause real irritation. The Secure Shell Daemon is a good example of an application which permits lots of power without permitting lots of subversion. Especially now that it is designed with separation of privilege, the architecture exposes great functionality without exposing the boxes running it to great embarrassment. It is this sort of thinking that we need to see in security, not a ballooning market of bolt-on software to drive up the cost of running boxes while neglecting real security. Apache does not run as root on any system I have used, it runs as a fictitious user with no privilege to overwrite users' home directories, etc. This is a security feature. Ignoring this because it isn't a third-party add-on is simply not fair. Especially as my server logs have recorded attempted attacks from MS' own servers running IIS (from the hotmail.com domain), I regard minimum-necessary-privilege design and genuine privilege enforcement without in-kernel code run by the webserver to be a very high quality form of anti-virus. The IIS servers which attacked me included machines in Korea, and I could not even tell their operators that the machines were infected. Meanwhile, self-propagating messages were being transmitted throughout IIS-land in the form of Nimda and Code Red ... fearful sysadmins took servers offline as a preventative measure, accomplishing what virus-writers themselves need not in rendering their services unavailable ... and my Apache on MacOS X on an old beige G3 kept serving away, logging all the attacks against it and dutifully serving underwater hockey information to the world.
So, actually having apps run in user space to take advantage of user privilege limits, the existence of privilege limits even in "admin" accounts, the forbiddance of auto-execution of any-attachment-received-from-anywhere, and other features do constitute real anti-virus technology, and in my view are better described as "built-in" security than the inclusion of some bolt-on extra like an antivirus scanner package. Sure, feel free to use an antivirus screen on your server to catch cascades of obviously hostile executables, and protect vulnerable users and their scarce disk space. But don't call that "security" when the answer is to architect systems to forbid the most obvious and the most heinous attacks in the first instance.
Understanding what goes into virus propagation on other systems is the first step to figuring out what constitutes an antivirus strategy. I'm happy with my antivirus strategy, and it doesn't cost me more than my OS license and my local network environment.
Cheers,
--Tex.
AI
