Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Mono Culture - was Re: Bell Labs or Microsoft security?

  • From: Joseph T. Klein
  • Date: Wed Jan 29 08:45:01 2003

On Wednesday, January 29, 2003, at 02:32  AM, Sean Donelan wrote:

On Tue, 28 Jan 2003, Steven M. Bellovin wrote:
They do have a lousy track record.  I'm convinced, though, that
they're sincere about wanting to improve, and they're really trying
very hard.  In fact, I hope that some other vendors follow their
lead.
Lest we forget, Microsoft did not originally design Windows for the
Internet, nor for a lot of what it does today.


Of course we need to be honest with ourselves and recognize this has
been going on for a long time before Microsoft was even a glimmer in
Bill Gates eye.

Multics security. Bell Labs answer: Unix. Who needs all that "extra"
security junk in Multics. We don't need to protect /etc/passwd because
we use DES crypt and users always choose strong passwords. We'll make
the passwd file world readable so we can translate uid's to usernames.
Multi-level security? Naw, its simplier just to make everything Superuser.

FORTRAN/COBOL array bounds checking. Bell Labs answer: C. Who wants
the computer to check array lengths or pointers. Programmers know what
they are doing, and don't need to be "constrained" by the programming
language. Everyone knows programmers are better at arithmatic than
computers. A programmer would never make an off-by-one error. The
standard C run-time library. gets(char *buffer), strcpy(char *dest, char
*src), what were they thinking?
Unix and C where also not designed for the Internet.

More ramble ... but a point will emerge ...



 My big worry isn't the micro-issues like buffer overflows
-- it's the meta-issue of an overall too-complex architecture.  I
don't think they have a handle on that yet.


The Internet magnifies relatively harmless conveniences into
major problems. Network access and "crack" made the world readable
/etc/password into a major security hole. "C" is a vast improvement
over assembly and evolved into the language of choice for developers
over other languages. So we have a few buffer overflows now and then.

The formative Internet did a lot to spread C source code. Unix was
the primary platform for the Internet before ISPs spread the network
to small businesses and home computers. Some of us remember down
loading C code from ftp sites in the era before the web page
when you could count off the major source code archives on your
fingers.

The strange thing about complexity is its much harder to design a "simple"
system than a Rube Goldberg contraption.
The complexity of Windows ... indeed all our modern OSes has evolved
as they adapt themselves to network environments, complex graphics,
multi media applications, complex user interfaces. Microsoft has tended
to absorb applications into the core OS and, perhaps more than any
other, softened the line between kernel and application to a point
where security suffers. Unix systems have the same problem when root
privileges are given to given to code ... often because it is less
complex to give a process privilege than to craft a secure sandbox.

I was just starting to use the Internet when the Morris worm chewed
its way through the net. The Morris worm was the first taste of what
a harmless back door and lapses in security could do on the Internet.
It has been almost 15 years since that incident and look at how far
we have come. Common code and lack of review contributed to that one.

Internet worms and viruses have a far greater impact when we all use
the same code, the same operating system, the same stack. If you
plant one genetic strain of corn you risk famine come the blight.

Having BSD*, Linux, OS X, and Microsoft in the mix helps prevent
mono culture blights. Having Juniper, Cisco, and others in the
core is good for our networks.

Competition, variety and some level of complexity do act as safeguards
against the the catastrophic failures exhibited by "mono culture" systems.

IMHO competition and diversity are necessary for healthy systems,
corporation, economies and societies. Any complex set of
structures that becomes dominated by a single technology, OS,
ideology or genotype becomes the ideal growth media for disease.

This is why, IMHO, mono-anythings are bad, no matter how benign
or well designed.
--
Joseph T. Klein

The benefits of Democracy, Republic, and IETF is that we do
not speak with a single voice.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.