Return to BSD News archive
#! rnews 3811 bsd Path: euryale.cc.adfa.oz.au!olive.mil.adfa.oz.au!navmat.navy.gov.au!posgate.acis.com.au!warrane.connect.com.au!news.syd.connect.com.au!news.mel.connect.com.au!munnari.OZ.AU!uunet!in2.uu.net!utcsri!eecg.toronto.edu!colohan Newsgroups: comp.os.linux.misc,comp.os.linux.development.system,comp.os.linux.networking,comp.unix.bsd.bsdi.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.freebsd.misc From: colohan@eecg.toronto.edu (Chris Colohan) Subject: Re: need secure OS to entrust millions to X-Nntp-Posting-Host: canucks.eecg.toronto.edu Message-ID: <1996Feb25.152559.8977@jarvis.cs.toronto.edu> Summary: Security is not shrink wrap Keywords: security linux freebsd operating system Organization: Department of Computer Engineering, University of Toronto References: <4gi6t6$3h9@lace.colorado.edu> <nc0453Dn96w6.93F@netcom.com> <y5ad974s4v4.fsf@graphics.cs.nyu.edu> <4gqf17$1lr@cynic.portal.ca> Date: 25 Feb 96 20:25:59 GMT Lines: 56 Xref: euryale.cc.adfa.oz.au comp.os.linux.misc:88681 comp.os.linux.development.system:18067 comp.os.linux.networking:29775 comp.unix.bsd.bsdi.misc:2474 comp.unix.bsd.netbsd.misc:2332 comp.unix.bsd.freebsd.misc:14392 In article <4gqf17$1lr@cynic.portal.ca>, Curt Sampson <curt@cynic.portal.ca> wrote: >In article <y5ad974s4v4.fsf@graphics.cs.nyu.edu>, >David Fox <fox@graphics.cs.nyu.edu> wrote: >> >>Of course, so that you know there is someone standing behind the >>system who is competent enough that they have the confidence to take >>legal responsibility for the security of the software. > >Am I out to lunch, or does every single agreement I've ever seen >on a shrink-wrap box specifically state that the company makes no >respresentations the the software will even boot, much less work >or be secure? The point that has been made repeatedly is that for a high security commercial application, you just don't buy a shrink wrap package (or use free software). You buy a license to the software that comes with the provisions that you need, and the 24x7 support that is required. Most importantly, you have an expert consultant coordinate the setup and maintenance of the machine, to ensure that there are no holes, and any that are there are detected and fixed as fast as possible. To reiterate the points that have been made so far: 1. Buy commercial software that is designed and built for high security applications. It has been developed with security in mind from beginning to end, and has had experts comb through it for flaws. It also will cost money to get the source, which means that it is more difficult for intruders to get the source and look for holes. 2. Buy a service contract and a source license for the OS. You can hire professionals who will guarantee that your machine will keep on working to your standards, and be as secure as you can afford to pay for. By having access to the source, fixes can be made quickly if necessary. What do you lose by using a free OS in a mission critical application? 1. Security through obscurity. More people have access to the source code for your OS, so there is a greater chance of someone finding a security flaw and exploiting it before you can fix it. 2. Single minded design. The free OS will be designed to serve all sorts of uses, and the priority of the designers may be to emphasize speed, simplicity, elegance, cutting edge technology, or portability over security. In any design compromises are made, and if the OS was not designed with security as a top priority, it may not be what you want to use in your high security application. Of course, you may be able to purchase a 24x7 service contract for a free OS based machine, but whoever supports the system will be limited by the points above. Chris Colohan Computer Engineering Student -- University of Toronto colohan@eecg.toronto.edu