Here is some recent ESR marketing material.
-JCJ
Eric S. Raymond -- Will
You Be Cracked Next?
Aug 6, 1999, 18:07 UTC
Contributed by Eric S. Raymond
Melissa. Explore.zip. Back Orifice. If you think there has
been a bad rash of viruses and crack attacks lately, you're
right. And security experts say it's going to get worse, not
better; the frequency of crack attacks is rising
exponentially. So are the money losses fromm the problem.
Computer Economics, a research firm in Carlsbad NM,
reports that American businesses lost $7.6 billion due to
software viruses during the first half of 1999 -- more than
in all of 1998,
Curiously, the massive mainstream media coverage of these
incidents completely fails to mention the one thing they all
have in common; Microsoft Windows. Non-Microsoft
operating systems such as Linux are invulnerable to macro
attacks, immune to viruses, and can laugh at Back Orifice.
This simple fact explains why your Internet service
provider never suffers from viruses; essentially all ISPs run
their services off Unix boxes, and about 40% of them run
Linux. Evidently businesses are finding this an increasingly
attractive option; a recent Computer Associates survey
reports that 49% of information technology manages
describe Linux as "important or essential" in their
enterprise plans.
One of the reasons for this trend is surely security. Anyone
running a Microsoft operating system on a machine visible
from the internet is just begging to be cracked. If you're
concerned with computer security, you need to understand
why -- and why Microsoft will not and cannot fix the
problem.
Linux and other operating systems like it were designed
from the ground up to be used by several people on the
same machine, and to protect those people from each other.
The user interface of Linux is separated fromn the `kernel',
the privileged operating system core. And the kernel is
carefully protected from being modified by ordinary
programs. This is why Linux doesn't get viruses.
Microsoft Windows, on the other hand, has a
one-person-per-machine assumption built deeply into it.
There is no internal security and the Windows kernel is not
protected against being modified by user programs. In fact,
the user interface of Windows is wired right into the kernel.
This is why hostile programs coming in over an Internet
connection (such as Back Orifice) can reach right through
the user interface, deep into the oprating system core, and
infect it.
If you value your data and your privacy, you need to
understand that Microsoft cannot fix this. Too many
applications (including Microsoft Office and the IIS web
server) actually *depend* on the lack of security in the
system. Furthermore, the fact that the source code of
Windows is closed means that it never gets properly
audited for security problems.
How does Microsoft deal with this? Not well. Mainly, they
tell lies and try to confuse the issue.
Three days ago, on August 3 1999, Microsoft put a machine
running a beta of its new Windows 2000 operating system
on the net and challenged crackers the world over to break
into it. A few hours after the announcement, the machine
crashed. Microsoft spokespeople subsequently claimed that
it had been brought down by electrical storms.
But the machine's own error logs showed there had been
nine crashes due to errors in Microsoft's own software, not
the weather. Furthermore, crackers did indeed get in and
alter a guestbook application during the short time the
machine was actually up -- a fact Microsoft tried to dismiss
as irrelevant.
A few hours after Microsoft's challenge was announced, a
Linux company in Wisconsin matched it. During the
following three days, their Linux machine withstood 6,755
attacks without crashing once.
Which system would *you* rather trust your critical data
to?
|
