Re: CRIME Perspective on Criticisms leveled at Microsoft

From: Crispin Cowan (crispin@private)
Date: Tue Apr 09 2002 - 21:09:02 PDT

Next message: Alan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"

Previous message: MAGEE Rob: "RE: CRIME Perspective on Criticisms leveled at Microsoft"
In reply to: Alan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Next in thread: Alan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Next in thread: Andrew Plato: "RE: CRIME Perspective on Criticisms leveled at Microsoft"
Reply: Alan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan wrote:

>On Tuesday 09 April 2002 02:06 pm, Jere Retzer wrote:
>
>>Seems like everyone is going to philosophize so I might as well join:
>>
>>1) Security holes are proportional to bugs is proportional to lines of code
>>-- Win 2000 is what--30 million lines? 
>>
>Sometimes I think this "estimate" is used as an excuse for bad code.  It makes 
>it seem as if security flaws are inevitable, so why bother.  With proper 
>attention, this sort of problem should be a minor problem, not a regular 
>occurrence.
>
I'm not sure I get your point. W2K was about 30 MLOC (Million Lines Of 
Code). XP is more like 45 MLOC. These numbers are "estimates" in that 
they may be off by a million lines, here or there :)

It is indisputable that bugs happen. It's not an excuse for bad code, 
bugs always happen.  Dilligence can reduce the rate at which bugs 
happen, but a very, VERY low rate would be 1 per thousand lines of code. 
That means 45,000 bugs in XP.

And that, in turn, is why I'm ranting about bad design. The equivalent 
piece of code in Linux (the kernel) is about 1 MLOC. So if we just 
assume equivalent code quality (which is pretty generous considering 
Microsoft's record) then XP will have approximately 45 TIMES as many 
vulnerabilites as Linux.

Of course its not that simple. In large part, comparing the size of the 
kernels is meaningless, because most security vulnerabilities are in the 
applications, not the kernel. So we would need some way to compare the 
MLOCs of code running as root or as children of inetd on Linux against 
the MLOCs of code that XP offers as services. That, in turn, is so 
subject to configuration vagueries that we inevitably end up with an 
apples/orange situation.

>>2) Microsoft philosophy of embrace,
>>extend, 3rd party developers makes it inherently easy to hack
>>
>Microsoft makes a number of rules for developers as to what they can and 
>cannot do.  Unfortunately, they ignore those rules when it is to their own 
>advantage.  For example, in order to get MS Office to work on NT Terminal 
>Server, you need to give everyone WRITE access to the system directory.
>
That's another one of those failures to apply the Principle of Least 
Privilege: Office should not require write access to such a sensitive 
directory. Note also, that this is a security defect in Office, not Windows.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html

Next message: Alan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Previous message: MAGEE Rob: "RE: CRIME Perspective on Criticisms leveled at Microsoft"
In reply to: Alan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Next in thread: Alan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Next in thread: Andrew Plato: "RE: CRIME Perspective on Criticisms leveled at Microsoft"
Reply: Alan: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:53 PDT