RE: NT vs Unix on the Internet

From: Russ (Russ.Cooperat_private)
Date: Fri May 08 1998 - 03:33:11 PDT

  • Next message: Kinczli Zoltan: "Re: Blitzkrieg Server -- For Real?!"

    >Unix has 25 years on NT in support, development and real-world
    >deployment. Because of this, Unix vendors have seen just about
    >every scenario in which a Unix system can be deployed. As a
    >result they have (for lack of a better term) "hardened" the
    >system against that type of attack. Because the world keeps
    >changing, and the methods used by hackers keep changing, the
    >security world must also keep changing. (Unix and NT included)
    As Aleph One so adeptly stated, the passage of time has done very little
    to improve the level of security that gets implemented (note, time has
    definitely improved the level of security that "could" get implemented).
    People take a lot longer to evolve than operating systems,
    However, as the moderator of the list dedicated to discussing security
    exploits and security bugs in Windows NT, and an active participant in
    the recent Teardrop2 attacks against Win boxes, I can tell you something
    about the current state of affairs wrt NT on the Internet.
    The vast majority (say roughly 90%) of all "hacks" of NT that have been
    reported have come about as a result of lack of knowledge on the part of
    the installer/administrator. Granted, getting the knowledge to prevent
    these exploits is not something that comes in the NT Documentation, but
    the information is out there.
    Theorizing about attack methods against NT is extremely popular today,
    as is sensationalizing reports of exploits (read: DISN). The media loves
    it, the hackers love it, its a win-win situation for those two mutually
    supporting groups.
    This is not to say that NT is secure, or can be made secure, that's not
    my point. Debunking a sensational report may have the adverse effect of
    leading people to believe its not a problem. I've been responsible for
    some of that, I know.
    Some facts about NT:
    1. Most known Unix exploits have little effect on native NT system (e.g.
    MS Exchange versus Sendmail).
    2. NT has exploit realities/possibilities that do not exist in Unix
    (e.g. getadmin, lsa-secrets).
    3. The number of people who "know" how to secure an NT box against
    "known" exploits are far fewer than their Unix brethren (that's why we
    get paid so much...;-])
    4. The number of people, proportional to the number of users, who can
    *honestly* say they feel comfortable managing the security of an NT box
    is far, far, lower than those in the Unix field (note: when asked, a lot
    more will answer yes even though they don't know because they believe
    things aren't an issue that are).
    Russ - NTBugtraq/NTSecurity moderator

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:52 PDT