Thread: NT was written before the Internet says security expert
View Single Post

   
  #5 (permalink)  
Old 02-15-2008, 12:11 PM
Bill Campbell
 
Posts: n/a
Default Re: NT was written before the Internet says security expert
On Sun, Mar 07, 2004, Joe Dunning wrote:
>On Sun, 7 Mar 2004 13:05:34 -0800, Bill Campbell <bill@celestial.com>
>wrote:
>
>>
>>Buffer overflows have been around for a long time. Wasn't the Morris worm
>>a buffer overflow exploit of sendmail (one of the few *ix worms)?
>
>Not quite. It had 3 attack methods, including invoking the "debug" mode
>in sendmail and a buffer overflow in fingerd.

The point is that buffer overflow vulnerabilities aren't new, at least to
anybody with a bit of experience, and knowledge of systems other than
Redmond's.

I've always thought that one of Microsoft's main weaknesses has been a lack
of experienced software people. They've had a long history of hiring
people right out of college, or even those who've never graduated. These
people grew up thinking that DOS and Windows are Operating Systems, and
that BASIC is a programming language. They grew up on single user, single
tasking systems where every program owned the entire system so never
learned about things like memory protection, multiple processes accessing
devices and files, or user security.

Computer systems security is much more than firewalls, packet filter, and
similar technology, it's an attitude and an underlying awareness of
security issues. DOS and Windows started out life as a BDPL (Brain Damaged
Program Loader) for hobbyist hardware in the early '80s, and not as a
networked system subject to outside attack. No amount of bandaids tacked
on can overcome the basic lack of security (e.g. any running program can
read/write anything on the system. Add to this Microsoft's desire to make
their systems easy to use by the technically clueless to who security makes
things less convenient, and you have a recipe for disaster.

Bill
--
INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

``People from East Germany have found the West so confusing. It's so much
easier when you have only one party.'' -- Linus Torvalde, Linux Expo Canada
when asked about confusion over many Linux distributions.
Reply With Quote