The main threat

From the sounds of it the main threat is machines getting infected from people plugging in infected USB devices, or through the network. Linux is obviously going to be more secure in both regards. That isn't to say Linux is immune to attack, far from it, but attacks tend to require at least some level of human involvement & direction at the other end to succeed.

Well, there aren't many cross platform virii, and as the vector was probably some idiot using a USB stick at home and work, this should help.

@DrXym RE: "The main threat" You are almost certainly correct here.......

.............I have to say that I find the thought of service personnel involved in the computer systems controlling *weapons systems* being so "several expletives deleted" that they would do such an insanely stupid thing is absolutely terrifying.

No icon here because I cannot choose one that adequately expresses my feelings of incredulity in this instance.

@Err...

Both the low level design of Windows, and its closed source nature, make it fundementally more vulernable than Linux. Later Windows versions have copied some unix security features, like sudo. But the world is still populated by old versions of Windows, and systems lacking proper AV. Thus the vector. It is Windows' legacy, as much as anything, that puts people at risk.

@People

"Linux is obviously more secure" is exactly the sort of thinking that allows someone to hack a linux box. If people are stupid enough to put memory sticks into a supposedly secure system (which shouldn't have even had USB enabled) they will be stupid enough to manually run something on that stick. Are we to believe that these Linux boxes will be securely configured by the same IT department that put in Windows boxes without taking even basic security precautions, like disabling USB and automount.

Windows isn't closed source, if you're a big company or a governmental organisation.

Runas is not a copy of sudo.

Windows shortcomings don't really matter if the systems are properly configured - you'll notice that the vast majority of ATMs run by banks run Windows and these don't have security problems (I'm sure Prof Anderson would tell us, if they did) that systems which control weapons systems were so poorly configured is alarming in the extreme.

@Tom Chiverton 1

The plural of "virus" is "viruses". Pet peeve.

The "some idiot" was the moron who allowed the drone(controller) to use removable media in the first place ... This kind of system should never be accessible via sneakernet. But I expect THAT bit of tomfoolery will be swept under the carpet ...

@anon idiot

"you'll notice that the vast majority of ATMs run by banks run Windows and these don't have security problems "

Yes, except they generally use a restricted functionality version of Windows, arn't connected to the internet (except when occasionally using VERY secure VPN), don't have a bug ridden browser installed even if they were, don't have a qwery keyboard or mouse to bypass the app and access the OS direct, nor do they have any public facing way of loading data onto the system such as USB or DVD-ROM. Even windows is secure if your interaction with the machine is limited to using a numeric keypad and few selection buttons.

"The "some idiot" was the moron who allowed the drone(controller) to use removable media in the first place ... This kind of system should never be accessible via sneakernet. But I expect THAT bit of tomfoolery will be swept under the carpet ..."

You'd rather it be hooked up to the US military network (which we all know is as secure as a field)?

Since they got infected by removable media, that is basically saying they had auto-run enabled - which I understood was disabled by a MS patch a while ago - meaning their systems also aren't up to date. Therein is the problem: bad configuration/administration, as usual.

Transferring video/drone data by disk is more secure than hooking these puppies up to a network where they theoretically can be attacked 24-7.

RE: Patched up windows

Not that patched windows systems are so much more secure or anything.

@Boltar

If you are going to call people idiots, it would help if you got your facts right.

Win NT4, then Win XP was generally what was used as an ATM OS when I worked on them a few years back. The normal version, just that people had thought about it's configuration.

They still had IE installed.

They were tied down - as should these workstations which control the drones.

Keyboard and mouse or not - there is no excuse for a Windows system's user loading anything that they shouldn't, it's pretty easy to configure.

And no, they don't have a public way of loading data, neither should these drones - this is exactly my point.

@joe Montana

I'm talking about proper ATMs, not the crappy dialup jobbies that charge a fortune and spring up in corner shops, pubs etc.

I've worked on both Linux and Windows systems which have been highly secured, they're both pretty much of a muchness once secured. I haven't found that you break Windows functionality (or that which you're not trying to break) by hardening a workstation.

@Boltar

No XPe wasn't used, not on proper bank's ATMs, maybe on the crappy dialup private ATMs, but not on proper "hole in the wall" systems.

windows atms aren't prfect

Anyone who thinks windows ATMs are rock solid is full of it. I can't even count the number of times I've seen a BSoD ATM and I've even seen some showing the windows desktop.

I'm working with a companies bit of hardware running xp embedded. It's shit and when it dies it dies good and proper. There is nothing rock solid about. Yet it you'd be surprised at what it runs.

More importantly banks will never let it get out if a cash point gets hacked. So saying it doesn't happen is a bit silly.

@Err....

The point is that most Linux distributions already encourage processes and procedures which are safe. While on Windows every little program mucks around with it's own updater, which needs admin privileges, on Linux you typically have users and root, and a normal user doesn't need to be able to become an admin.

Also when you download a file it's not executable by default, so people would have to go through a lot more clicks.

@Christian

Linux isn't all that good at making you do things safely - I use CentOS and RHEL a lot and they don't even prevent root logon by default.

You can't blame Windows for the updaters that programs it runs use, NetBackup on Linux uses its own updater, that is nothing to do with Linux, it's symantec.

Files downloaded (if setup correctly) need to be enabled to be executed, because they've come from an "untrusted zone".

@Toadwarrior

Occasionally you'll see an ATM BSOD, or have it's UI fail back to the Windows desktop. This is, in fact, very rare indeed, it also doesn't mean that the machine is vulnerable to attack.

As you may have gathered from the above, I worked for quite a while at a large bank who had many ATMs and I worked with the ATM systems. The only way that money is lost from ATMs is if they are physically stolen.

> So the Reg didn't carry an article recently where a white hat demonstrated

> at a conference how to make an ATM spit out money?

http://www.theregister.co.uk/2010/07/28/atm_hacking_demo/

No, obviously they didn't.

> My eyes must have made it up.

Mine too. Do you think we can sue somebody?

Vic.

GUI Root login are disable by default in both CentOS, RHEL are server based. If you want.

>>You can't blame Windows for the updaters that programs it runs use, NetBackup on Linux uses its own updater, that is nothing to do with Linux, it's symantec.

You can't "blame Linux", however Microsoft and Apple are to be blamed.

Close proprietary litter is not convenient.

It 1-3 out of 10^5. ON Windows it is mostly the opposite. My is advise to not use proprietary crap at all. OK compare what you do install emacs on

1) Debian based - "sudo aptitude install emacs"

2) rpm based - "# yum install emacs"

3)freebsd - "# pkg_add -rv emacs" or "cd /etc/ports/editors/emacs2.../; su ; make install "

>>Files downloaded (if setup correctly) need to be enabled

And if you download/copy to a different location? So why does M$ exactly advises NOT to click on unknown weblinks? Or you'll get infected.

And how do you exactly do it on Windows?

Like I said

I was fairly clear that I was talking about proper bank "hole in the wall" ATMs and not that sort of privately owned dialup crap.

@Davidoff

Many of the 'potential buffer over-run' problems that were flagged against Linux were found by syntactic code analysis of the openly available source code. I have often wondered whether anything like the same was done on propriety OSs.

I don't know how much code you look at, but peer review, which is practiced by most software companies, does not make you immune to code defects. It may protect you from howlers (stupid mistakes or typos), but it is unlikely to protect you from complex logic problems unless you are prepared to spend more time analyzing the code that was spent writing it. But it has it's place.

The main difference in security between an OS like Windows, and a UNIX-like OS is the amount of time you have to be running a privileged account when using the system. I'm sure that if you were to look at most personal Windows XP installations, and probably Vista and 7 as well, the primary account used is an administrator account. This nullifies *ALL* of the actually quite good security model of Windows. It's not the design of Windows that is the problem, it is actually the way this design is implemented and (mis-)used in normal practice.

If you look at most Linux distributions, although the primary account is in an admin group of some sort, allowing the use of sudo, the accounts are not actually privileged in any other way. This means that for any infection vector, you *STILL* have to cross the privilege barrier in order to touch the OS. And if you are worried, it is easier still for an everyday account to be set up that does not even have this privilege. But that will not protect personal information or code that is installed and run from user-space, just the system. But in a multi-user world, I prefer to know that the basic OS is mainly immune from something somebody else is doing.

This is not complete protection. Anybody who thinks that one measure on it's own will provide total protection is a fool, but it is a fairly large first hurdle to jump for infection vectors involving users compared to Windows.

BTW, although I know that Android is based on Linux, I don't count it as a Linux for exactly the reasons you are thinking of. It still has privilege separation, but most of the code is installed and run in user-land.

@Davidoff

How many long term bugs does MS Windows have? There might be more undiscovered ones in all systems out there. Actually, A typical distro contains MUCH more applications that the M$ has ever written/bought. Comparing the numbers is not a fair business.

So SSH bug you say, so which visruses did that bug ensue? The SSH server is not installed BY DEFAULT on any Linux distro or *BSD!!! What about the RPC on M$ Windows? It is installed by default, are you familiar with the consequence? It, in particular, includes conficker, stuxnet and many more?

>>short look at the one Linux variant which is most widespread with consumers (Android) and which in short time has become a feast for malware should be enough to demonstrate that this again

OK, don't you really see the difference or just hate the logic?

Everey single Android malware infection happened because a user installed it, not because he/she CLICKED ON A WEB LINK, INSERTED AN SD CARD, OPENED AN INFECTED EMAIL!!!

Capitalized it for your convenience so that you finally understand the difference.

@Eulampios

SSH server isn't installed by default on any Linux distro? Balls.

You demonstrate yourself as not knowing that much about your precious Linux.

It doesn't really matter if the SSH bug was exploited or not, it was fixed before it was exploited, as were the vast majority of (if not all of) the recent Windows bugs. I also don't know where you're going with suggesting that inserting random removable media, clicking on random web links etc is ok on Linux, it's a silly idea on any OS, no matter how secure. As for opening random emails causing problems - that's been fixed for what, a decade?

@ Coward

Hey, I guess, by judging how much folks around me and here on the forum know, I know a little more about GNU/Linux and IT stuff than my Windie-blown counterparts.

What is your point? I will try to make more clear for you. RPC bugs have been known to cause a havoc in millions of INFECTED PCs. SSH has not. Maybe, because

1) SSH is more secure from ground up;

2) SSH server is NOT installed by default on most most Linux distros (FreeBSD asks if you want to set it/install before installation), while Redmond idiots persevere in the default installation of RPC

That is may be why conficker had managed to infect millions of servers running various flavors Windows, not a single variant of Linux or *BSD. I know the said idiots had fixed it, their customers did not bother to update (considering the Win updater makes you do it and forces the reboot of the machine by default -- this could be the reason why updates are hated in the Windie world). They are idiots because the potentially insecure RPC is turned on BY DEFAULT. Stuxnet bug(s) were not fixed, and guess what RPC was one of the "vectors" and present on every machine.

>>I also don't know where you're going with suggesting that inserting random removable media, clicking on random web links etc is okay on Linux, it's a silly idea on any OS, no matter how secure.

It is more secure to click on web links, insert removable media or open an email, I am suggesting on most non-Windows systems. Non of that has ever caused a single problem on any GNU/Linux or *BSD desktop. I am trying to explain why, you and some others don't seem to get the point. Not that I would suggest it to the people in the military or on other important facility to do it, there should be no WIndows-like paranoia though. Enough just to not get the media mounted by default and do mount it as noexec.

>>As for opening random emails causing problems - that's been fixed for what, a decade?

When was it ? This one of he recent ones: http://en.wikipedia.org/wiki/Storm_Worm .

I am guessing that they had been thinking of replacing these machines with Linux for a while now. This malware outbreak was probably the last straw. Malware is only one reason, but let's consider stability and other factors. Windows just isn't stable for mission critical applications like this. You can lock down the Windows installation nice and tight but it won't guard you against blue screens of death that Windows is famous for, not to mention other bugs.

Actually, sudo is more flexible and transparent than runas. The concept of running with limited capabilities then escalating them has been around in Linux for many years. Microsoft was last to the table for that feature.

Got it!

> use of the word "advised" in context with military hardware

it's that metallic "click" you hear before the nice man in mirrored sunglasses says "we really would advise you not to do that"

I'm a person, who

would be uneasy to be referred to as a "drone unit".

Initial resistance to Linux...

was the (incorrect it turns out) belief by the airforce that their pilots would cause penguins to fall over.

Not sure if it is really a comforting image, certainly not if you're an ordinary civilian living in an Afghan or Pakistani village who can see the drones flying overhead. But I accept that, by its very nature, linux and open source can be used by anyone for any purpose. That is part of the deal.

Now we just need to find a way to aim a Penguin drone at Redmond and another one at Cupertino. All is fair in love and penguin wars! (but not really).