Two weeks ago theregister.co.uk summarized an analysis (done by Quocirca) of reader response to questions on Linux  desktop migration.
To no one's surprise, the study found that business people cite the opportunity to sidestep the insecurity of the Microsoft PC, not cost savings, as the primary reason for considering desktop Linux. Most respondents agreed, furthermore, that the high cost of matching Windows applications, particularly Microsoft Office and custom applications, is the greatest barrier to change.
What's most interesting about this is what it reveals about the respondents: specifically that they're so focused on fighting Microsoft's alligators that they don't see the hardware side of their security problems and are blind to the BSD-based Mac OS X option for running Microsoft Office without Microsoft Windows.
Software and Hardware Vulnerabilities
At present, attacks on Microsoft's Windows products are generally drawn from a different population of possible attacks than those on Unix variants such as BSD, Linux and Solaris. From a practical perspective, the key difference is that attacks on Wintel tend to have two parts: A software vulnerability is exploited to give a remote attacker access to the x86 hardware and that access is then used to gain control of the machine.
In contrast, attacks on Unix generally require some form of initial legal access to the machine and focus on finding software ways to upgrade priveleges illegally.
Consider, for example, CAN-2004-1134 in the NIST vulnerabilities database:
Summary: Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
Published Before: 1/10/2005
Severity: High
The vulnerability exists in Microsoft's code, but the exploit depends on the rigid stack-order execution and limited page protection inherent in the x86 architecture. If Windows ran on Risc, that vulnerability would still exist, but it would be a non-issue because the exploit opportunity would be more theoretical than practical.
Linux and open-source applications are thought to have far fewer software vulnerabilities than Microsoft's products, but Linux on Intel is susceptible to the same kind of attacks as those now predominantly affecting Wintel users. For real long-term security improvements, therefore, the right answer is to look at Linux, or any other Unix, on non x86 hardware. (continued...)
|
