Operating Systems > Linux and UNIX
Linux vs Windows a real life comparison
toadlife:
Dude....
Almost all of the features in SELinux have been a part of Windows since WindowsNT 4.0.
See what Im saying when I say you Widnows bashers dont know much about Windows?
piratePenguin:
--- Quote from: toadlife ---Dude....
Almost all of the features in SELinux have been a part of Windows since WindowsNT 4.0.
--- End quote ---
Really? How well do they work? Why isn't it being used (or is it/where is it being used?)?
--- Quote ---
See what Im saying when I say you Widnows bashers dont know much about Windows?
--- End quote ---
Yea, maybe I should go to university and study Windows.
toadlife:
Well SELinux is more flexible than Windows, and very well might be a bit more advanced, but the concepts are the same. SELinux has ACL's for file permissions instead of the stadard rwx permissions. Windows has had since NT 3.5. SElinux uses policies which determind what actions what users can perform and I also think they can set ACL's. Again, Widnows has had system polcies forever.
There is a good discussion in Slashdot I had while back about the SELinux and it's comparison to Windows security model.
You can check it out it here.
The big problem with these advanaced security models, us that they can get really complicated really fast. Most Windows users who have grown accustomed to Windows security features are shocked when they move over to UNIX, as the stadard UNIX seecuirty model is MUCH simpler, and therefore much less flexible. On the other hand, seasoned UNIX dudes who move into the windows world are known to curse the Windows security model because of the are accustomed to the simplicity of standard UNIX security and the complexity of ACL's and polcies are annoying to them, as they view the complexity it brings as a weakness - because the more complex something is, the easier it is the screw up.
piratePenguin:
--- Quote from: toadlife ---Well SELinux is more flexible than Windows, and very well might be a bit more advanced, but the concepts are the same. SELinux has ACL's for file permissions instead of the stadard rwx permissions. Windows has had since NT 3.5. SElinux uses policies which determind what actions what users can perform and I also think they can set ACL's. Again, Widnows has had system polcies forever.
There is a good discussion in Slashdot I had while back about the SELinux and it's comparison to Windows security model.
You can check it out it here.
The big problem with these advanaced security models, us that they can get really complicated really fast. Most Windows users who have grown accustomed to Windows security features are shocked when they move over to UNIX, as the stadard UNIX seecuirty model is MUCH simpler, and therefore much less flexible. On the other hand, seasoned UNIX dudes who move into the windows world are known to curse the Windows security model because of the are accustomed to the simplicity of standard UNIX security and the complexity of ACL's and polcies are annoying to them, as they view the complexity it brings as a weakness - because the more complex something is, the easier it is the screw up.
--- End quote ---
I was talking about MAC, which at least in SELinux, if I understand correctly, I can setup so that when the user "piratepenguin" runs gaim, the gaim process can only write to ~/.gaim. AFAIK SELinux can do that through MAC (I've never looked much into SELinux), can Windows do the same thing through these "policies"?
While we're talking about security, while I was googling for "windows "mandatory access control" selinux", I came accross this article comparing the security capabilities of GNU/Linux and Windows. Damn there's alot of security stuff out there I never knew much about... Anyhow, it concludes that GNU/Linux is best in almost all areas (seven tested). It mentioned MAC for Linux through SELinux, and nothing about a Windows equivilent to it. Is this "policy" stuff I hear the same idea as MAC? It's well over a year old, but I don't know if much has changed since, maybe you do.
cymon:
If the only reason Windows is attacked more is it's higher marketshare, then why is IIS attacked more than Apache httpd?
Also, consider this. While the Macintosh has a low market share, one common use for them is pro film editing. Since they dominate that market, someone with an axe to grind against the MPAA could put together a virus for OSX, and kill the movie studios. So if the Mac doesn't have better security, then why hasn't this happened?
Could it be that Unix systems are more secure? This so called Windows Firewall is a joke. Does it have HIPS, or any of the other things that you pay for in a real firewall? One thing I would like to see is a firewall that automatically gets a list of MAC addresses used by crackers, and automatically blocks them, sort of like PeerGuardian. Now, since Unix systems are open-source, at least the kernels, one could easily add this to Slackware or Debian or FreeBSD. But since Windows is closed source, you can't add it to the system.
Another issue is not just IE, but Outlook. They both use the same rendering engine, so a VB script will execute automatically in both IE or OE. And since there's no way to remove either, and IE is the file browser, that's a big hole. Now I know you can get the patches, but isn't a secure system supposed to hold it's own against crackers WITHOUT relying on a patching mechanism?
Now will Windows' stellar security features encrypt my entire disk drive, or my home folder, like MacOSX. You won't get code sharing, you'll just get a shoddy DLL, which can be replaced with one with malicious code. The only thing stopping this from happening is File Protection Services, which just checks the name. The fix for the .WMF hole was a DLL of the same name.
Now you could have a secure Windows box as long as you don't use IE, don't run as root, have a virus scanner, don't use Outlook, etc....
But the fact that all that is required to run Windows safely is proof that Windows is NOT secure, that it is a breaking dam, and that all those virus scanners are just delaying it's inevitable collapse.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version