lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mvp at joeware.net (joe)
Subject: RE:  M$ - so what should they do?

Oy, best laid plans of mice and men... 

Tried to take this offlist but you can't hold back such a knowledgeable and
well experienced Windows person (465 machines... I had no idea... my pardon
to your exceptional skills) from trying to make a point to their peers... 

ActiveX/OLE/COM is, again, not core Windows. They are applications that run
on Windows. The default user interfaces on the system use these for
management of the system and they are heavily embedded in several user faced
applications such as IE so that you may think they are core Windows but they
are not. One of the best responses on this list in the last couple of days
was from Ondra, go look for it. 

Core components are things like file system, memory system, subsystem model,
service system, process system, audit system (which is a subset of the
permission system), permission model/system/structures,
authentication/authorization systems, IPC/LPC/RPC, etc. The fun thing is
that many of those can be picked up and replaced if you want to and know how
to. 

You want to complain about things in the native system that should be fixed,
complain about creator/owner in the ACL model and how bad that is. Complain
about localsystem and how dangerous that is. Complain about how you can send
NULL in as security descriptor for any securable object. Complain about the
ability to capture the password hashes and brute force attack them. Complain
about how you can go in and wipe a password hash. Complain about the seeming
complexity of the ACE/ACL/SACL/DACL system especially in terms of inherited
and explicit ACEs and how dangerous that is in the general world of
computers with the base level knowledge most people have. Complain about the
ability to coerce ACLs into into doing non-intuitive things based on how you
order the ACL. Complain about how you can actually set Everyone NO Access on
anything yet use C/O to get back out of it. Complain about some of the
serious shortcomings in the security boundaries in Active Directory which is
the core authentication/authorization structure. There are several things to
complain about that are core Windows, only the really vocal guys don't seem
to know about them. 

There are some very intelligent people on this list who have good
understanding of things that are really wrong with Windows and the *nixs.
Many of the people posting "on the side" of OSS though seem to be prattling
bigots who simply want to be heard and seem like they are incredible wits.
Well they are maybe half-right. I would expect that many others who are "on
the side" of OSS would wish these people would just go dig a hole and fill
it back in after they have jumped in. If you don't want to do that, you
would be better served simply extolling the benefits of your OS of choice
without trying to show it is better by how it beats something else because
in many cases you really don't know what you are talking about and could
simply be highlighting your lack of knowledge in what you are speaking of.
As I said before, you can talk about how great X is with X being whatever it
is you want it to be without having to say because Y sucks. Saying Y sucks
proves nothing about X. 

Now back to the topic of security. I still haven't seen a post that actually
points out why from a security standpoint, Windows needs a base level
redesign. I have seen lots of arguments however poorly expressed that there
are many portions of the user space that are less than steller with IE being
the poster child here. Even the points I make above don't require complete
redsigns, just dedicated work. Especially if the goal is as it normally is,
to not break as many people as possible. This is a serious concern with MS
because if they piss off all of their customers, there aren't many other
people to come use their stuff. Quite unlike any other OS which could lose
all of their users and get a completely fresh batch of users of exactly the
same size and never miss the previous users. 

I keep getting emails about how I am an MS Lackey and don't know what I am
talking about. The latter could possibly be true but my paychecks are fine
so I am happy with that. The former is definitely not true and I have pissed
off many inside of MS probably far more than a vast majority of the people
reading this. People who sit there and whine and complain and say things
like M$ and complete rewrite or MS is just criminals, etc don't really get
listened to to even get to a point to piss anyone off at MS. They are simply
rightfully written off as dumdums. If you actually want to make a difference
formulate intelligent responses and listings of issues and possible
solutions to at least show you have a concept of what you are talking about.
Note again, saying look at X because they do it correctly isn't very good
either. 

I do actually run and sometimes suggest BSD/Linux. I have said this multiple
times. Of course we have some extremely intelligent folks here on the list
who went looking for my secret resume and found no listed *nix experience so
rightfully assume that I have none because no one ever manipulates their
resume in the way they want to present themselves... 

Finally and once more. These are tools. There should be no sides here. This
isn't a religion. It seems many IT people have given up deity religions but
seem to need to believe in something in an insane fanatical way so they pick
an OS. That is still a little on the kookoo side in my opinion. These are
tools treat them as such. If you feel yourself getting all upset because of
something someone says about an OS or a program, you probably need to take
five.

 joe
 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Edge, Ronald D
Sent: Tuesday, June 22, 2004 1:58 PM
To: full-disclosure@...ts.netsys.com
Cc: joe
Subject: [Full-Disclosure] RE: M$ - so what should they do?

>-----Original Message-----
>From: joe [mailto:mvp@...ware.net]
>Sent: Tuesday, June 22, 2004 11:08 AM
>To: Edge, Ronald D
>Subject: RE: [Full-Disclosure] RE: M$ - so what should they do?
>
>Almost everything you said here is user interface, not core Windows and 
>why it needs a redesign. The remaining is either wrong or 
>(mis)configurations.
>This illustrates exactly my point. I fully concur that much of the user 
>interface needs work, I tell this to every MS developer I run into and 
>many of them agree as well. They are working on it....

You're just jerking chains here, right? Did you read what I wrote?

Where in the world in what I wrote can you point to something that specifies
the user interface as the problem?

That is simply not true. The inability to distinguish between being logged
on as root vs. non-privileged user, and the latter still in their sandbox be
able to function, install their programs, do their work, yet simply not have
any chance to accidentally attack and destroy the operating systems, is
inherent in the Windows design as it is, and is truly at the root of current
evil.

This has zippity doo dah to do with the user interface.

ActiveX controls are program objects. They were introduced so sites on the
Internet could run programs on local computers.
This is the root of much evil. There are few who argue this now.
Many of them provide the ability to create user interface object superior to
simple HTML, but the evil they do and can do and have done goes far, far
beyond that.

I should have added a final point, and that is the Misgeburt, as the Germans
would call it, the registry. What a single failure point, designed to be
more a study in obfuscation than an exercise in good database and system
design. Even Microsoft is retreating from the registry, according to what I
have heard at the last two database development conferences I have attended.
The registry, to be frank, sucks. It just offers crackers fruitful paths of
attack, the favorite of course being loading something in the start key so
when the computer boots next time is it is toast, since the users is 95%
sure to be running with full admin privileges, and the program will be able
to do anything it wants.
And it is so easily broken by poorly written install and uninstall programs
that I would laugh, if it were funny, but it is not.

I could go into the rise and fall of com objects and ole, too, but like most
Microsoft stuff, it rises, some fools develop using it, and 18 months later
MS changes its mind, and presto, instant obselescene in programming. Not
exactly a good investment if you are still paying attention to ROI.

Note that I see this as a Windows user, using development and database
software on Windows, and managing 465 + machines all but about two dozen of
which are windows XP or or 2000 or 2003 servers, and a remaining handful of
2000 machines.

None of the usability features can override the intrinsic flaws in security
design that have resulted in at this moment literally millions of Windows
machines compromised world wide, and ongoing daily nightmares in just
keeping things glued together so they work at least the majority of the
time.

Ron.

Ronald D. Edge
Director of Information Systems
Indiana University Intercollegiate Athletics edge@...iana.edu  (812)855-9010
http://iuhoosiers.com

"Patriotism is not short, frenzied outbursts of emotion, but the tranquil
and steady dedication of a lifetime." - Adlai Stevenson
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ