Hex dump of Gibe-F worm.

OS-Specific Security Issues

Operating-System-Specific Security Issues

Cisco Router Security

Here are some great references on current best practices for Cisco router configurations:

Secure IOS Template Secure BGP Template Cisco router security

Also see the Center for Internet Security benchmarks

SCADA, Industrial Control

This category of network-connected industrial control systems was attacked by the Stuxnet advanced persistent threat.

See the French government's Classification Method and Key Measures for how to do this right. That's their ANSSI ICS industrial systems cybersecurity standard document.


How to harden a default Linux or OpenBSD installation

How to set up SSH

STONIX — a program for hardening UNIX and Linux

UNIX IP Stack Tuning Guide

Securing and optimizing Linux is a great book available for free download. It covers configuring and tuning Linux for improved security and performance.

Libsafe protects against buffer overflow and "stack smashing".

Saint Jude Linux Kernel Module detects and blocks attempts to gain inappropriate privileges.

Hardening Solaris user authentication

If you have Solaris 8 or earlier, you are stuck with the mid-1970's "classic UNIX" authentication. Only the first 8 password characters matter, and they're hashed in a way that was fairly secure against brute-force attack by, oh, common computers of the mid-1970's...

If you have Solaris 10 or later, it uses much more secure password hashing by default. Arbitrarily long pass phrases, hashed with MD5.

If, on the other hand, you have Solaris 9, while it is capable of the stronger method, you have to specify it. First, modify /etc/default/passwd and change the line now reading:
to a more ambitious number.

Edit /etc/security/policy.conf, first verifying that it contains this line:


Now un-comment this line by removing the leading "#":


Change the default hashing algorithm like this:


Once you've done that, you will need to re-set the passwords with passwd to put the hashes into the more secure form.

The algorithms are as follows, note that the "1/2a/md5" notation was taken from Cisco:

ULTRIX/ OSF/1 / Digital Unix / Tru64 Unix Security

Bugs and fixes

HP-UX Security

HP/UX exploits

IRIX Security

IRIX exploits

AIX Security

Search IBM's Redbooks collection for: AIX AND security

Andre Derek Protas on AIX security

AIX exploits

Mac OS X Security

This series of papers describes the firmware and the hardening of both the GUI and command-line interface:

Securing Mac OS X Mac OS 10.3 (Panther) Mac OS 10.4 (Tiger) Mac OS 10.5 (Leopard)

DOS Security

DOS security tools

VMS Security

VAX/VMS security tools

Think you're secure because you run VMS? See the first chapter of UNDERGROUND — Tales of Hacking, madness and obsession on the Electronic Frontier (ISBN 1-86330-595-5)

Common Windows warning message

Windows Security

Windows Security from the Ground Up

Abandon hope, all ye who enter here

Jim Allchin was a vice-president and later co-president of Microsoft. He retired from Microsoft as of 30 January 2007, the day on which Microsoft officially released their Windows Vista operating system to consumers. Allchin was co-president of Microsoft's Platforms & Services Division, was the manager of the Vista project, and led the development of a number of Microsoft's operating systems. Allchin provides some interesting information:

"I am not sure how the company lost sight of what matters to our customers (both business and home) the most, but in my view we lost our way. I think our teams lost sight of what bug-free means, what resilience means, what full scenarios mean, what security means, what performance means, how important current applications are, and really understanding what the most important problems [our] customers face are. I see lots of random features and some great vision, but that doesn't translate into great products.
I would buy a Mac today if I was not working at Microsoft. ... Apple did not lose their way. ..."

It appears that the guy in charge of the Microsoft operating systems has very little confidence in them. Why should we contradict him? The above is from the Allchin memo to Bill Gates and Steve Ballmer, January 2004, read more about the background here, here, and here.

Then there is the problem of privilege escalation through the Win32 API. Microsoft says this is not fixable but not really a problem, which is true unless you really don't want people breaking your OS. While testifying before the U.S. Department of Justice in an anti-trust case, Allchin referred to this as a fundamentally unsecurable design representing a threat to U.S. national security due to the U.S. government's reliance on Windows. Allchin then mentioned the Windows message-queuing subsystem, which allows for what's known as the "Shatter" attack. Read more about it here, here, and here.

This was at least partly fixed in Vista, but some issues remain. Oh, and after Microsoft said "Outsiders cannot be allowed to see the source code as that would damage US national security", they allowed the government of the People's Republic of China to view the source code. See, the PRC said they didn't want to buy Windows unless they could see the source code, and Microsoft didn't want to miss out on a big sale....

Then there are the three highly placed Microsoft executives whose internal communications were brought to light in a US District Court case, described in a New York Times article 9 March 2008. Their frustrations were caused by a lack of functionality and support in Vista, which at the time of their problems had been released as a supposedly finished product and was being sold for full retail price. The angry executives included:

If you want to reduce your security risk due to Windows:

  1. Use any other operating system. Really. Most users need little more than a web browser, an e-mail tool, and something to handle documents.
  2. If you really must use Windows on some systems, then do not use Explorer for anything. Beyond profound code quality issues, aspects of its design are fundamentally insecure and unsecureable. Use any other browser, most people find the Mozilla Firefox browser an excellent tool. Most people also find that getting rid of Exploder means, for the most part, an end to spyware, and many phishing attacks become more obvious.
  3. Given that, do not use Outlook for anything, as it silently uses some of the most insecure components of Exploder and the user can't prevent that. Mozilla Firefox comes with Thunderbird, an integrated e-mail client.
  4. Use the NTFS file system, but don't expect it to protect you from booting off a Knoppix CD.
  5. If you use Kerberos, rip out Microsoft's weakened version and use real Kerberos, available for free from MIT. Weakened? Yes, their silly "pre-authentication" violation of the Kerberos rules supports a known-plaintext attack by an attacker.
  6. Finally, try to use any other operating system in place of Windows.

On to the Windows security list. Remember that "NT" is Microsoft's term for an entire family of operating systems. It refers to all forms of Windows with user authentication, so NT 3.x and NT 4.x through the Windows Server series and Windows 10. Windows 98 was the last one that wasn't NT.

This good discussion of Windows rootkits gets you into the technical details of how a rootkit works.

You can always break in with bootable media, such as the Windows "rescue" boot media, a.k.a. the NT break-in media or the NT password and registry editor media:

Or, you could do similar things with the Knoppix Linux live DVD

NSA has recommendations for securing Windows

Disturbing facts about Windows file system insecurity

The newer members of the Windows NT family support EFS, Encrypting File System, which originally seemed like a decent design:

The disturbing part is this disclosure on one of Microsoft's pages:
Windows NT zero-fills memory and zeroes the sectors on disk where a file is placed before it presents either type of resource to an application. owever, object reuse does not dictate that the space that a file occupies before it is deleted be zeroed. This is because Windows NT/2K is designed with the assumption that the operating system controls access to system resources. However, when the operating system is not active it is possible to use raw disk editors and recovery tools to view and recover data that the operating system has deallocated. Even when you encrypt files with Win2K's Encrypting File System (EFS), a file's original unencrypted file data is left on the disk after a new encrypted version of the file is created.

So.... EFS only matters if you agree to play by Microsoft's contrived rules and only use Microsoft Windows to operate all computers at all times. But boot from Knoppix and there is cleartext data lying all over the place. This is a strangely narrow meaning of the term "Encrypting File System"! See the page describing this strangeness on Microsoft's site.

Fyodor has a collection of Windows exploits.

Here is an explanation or BackOriface, NetBus, and other Windows network attacks.

The classic John Kirch paper describes in detail why various Unix operating systems out-perform the Windows OS family.

For underlying philosophical problems leading to Windows security holes, see Byte, November 1997, pp 81-86 for details of how Microsoft re-invents broken wheels. Many problems that were discovered, and fixed, in other operating systems over the past two to twenty years are routinely repeated by Microsoft! Also see Computers and Security, vol 17, no 2, pp 100-106 for details.

See my page on user authentication for details on just how weak the default Windows design is.

How Microsoft's poor (missing?) protection of the master cryptographic key exposes all of a user's net communication, "How to recover private keys for Microsoft Internet Explorer".

Comparing Windows to Linux and BSD

What is wrong with Linux?

It is as disorganized and resistant to organization as a herd of cats.

The kernel of the operating system itself is fairly good. But a Linux distribution is largely a pile of things that aren't the kernel and which tend to lower security:

Also, Linux is not very good for playing games. Apparently this matters a lot more than security to an awful lot of people.

What is wrong with BSD?

The same problems as Linux, just to far less degree.

While there are just three BSD implementations — FreeBSD, NetBSD, and OpenBSD, and their releases are far better controlled those for Linux, the BSDs use the same application software and graphical environment (GNU, KDE, Gnome, et al) as Linux. While their installation tools assume quite a bit of *NIX expertise (you'd better know how to set up a BSD partition/slice scheme by hand!), they may still hide some details from the installer.

BSD is not very good for playing games, either, if you care more about that than security.

What is wrong with Windows?

Three crucial components seem to be far more intertwined in Windows than in other operating systems:

The accepted method for administering the system is to login to the graphical interface as Administrator and use graphical tools. There is next to no separation of privileges.

Compare that to the UNIX model where the operating system and the graphical interface are relatively separate, and where cautious administrators log in as unpriviliged users. Only to the extent absolutely necessary do they elevate privileges, using su or Role-Based Access Control (RBAC) tools.

Then there are the other really bad design decisions — the window message queueing API, really questionable TCP/IP design decisions (like file and print sharing over IP broadcast rather than IP multicast!), etc.

Commentary on leaked Windows source code

Finally, don't forget hubris, which has caused trouble for its practitioners since the Illiad and Odyssey. Microsoft's continued claims that their latest expensive product is far more secure or reliable will just invite attacks.

However, Windows is very good for playing games if that's what matters to you.

Back to the Security Page