*BSD News Article 62196


Return to BSD News archive

#! rnews 3811 bsd
Path: euryale.cc.adfa.oz.au!olive.mil.adfa.oz.au!navmat.navy.gov.au!posgate.acis.com.au!warrane.connect.com.au!news.syd.connect.com.au!news.mel.connect.com.au!munnari.OZ.AU!uunet!in2.uu.net!utcsri!eecg.toronto.edu!colohan
Newsgroups: comp.os.linux.misc,comp.os.linux.development.system,comp.os.linux.networking,comp.unix.bsd.bsdi.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.freebsd.misc
From: colohan@eecg.toronto.edu (Chris Colohan)
Subject: Re: need secure OS to entrust millions to
X-Nntp-Posting-Host: canucks.eecg.toronto.edu
Message-ID: <1996Feb25.152559.8977@jarvis.cs.toronto.edu>
Summary: Security is not shrink wrap
Keywords: security linux freebsd operating system
Organization: Department of Computer Engineering, University of Toronto
References: <4gi6t6$3h9@lace.colorado.edu> <nc0453Dn96w6.93F@netcom.com> <y5ad974s4v4.fsf@graphics.cs.nyu.edu> <4gqf17$1lr@cynic.portal.ca>
Date: 25 Feb 96 20:25:59 GMT
Lines: 56
Xref: euryale.cc.adfa.oz.au comp.os.linux.misc:88681 comp.os.linux.development.system:18067 comp.os.linux.networking:29775 comp.unix.bsd.bsdi.misc:2474 comp.unix.bsd.netbsd.misc:2332 comp.unix.bsd.freebsd.misc:14392

In article <4gqf17$1lr@cynic.portal.ca>,
Curt Sampson <curt@cynic.portal.ca> wrote:
>In article <y5ad974s4v4.fsf@graphics.cs.nyu.edu>,
>David Fox <fox@graphics.cs.nyu.edu> wrote:
>>
>>Of course, so that you know there is someone standing behind the
>>system who is competent enough that they have the confidence to take
>>legal responsibility for the security of the software.
>
>Am I out to lunch, or does every single agreement I've ever seen
>on a shrink-wrap box specifically state that the company makes no
>respresentations the the software will even boot, much less work
>or be secure?

The point that has been made repeatedly is that for a high security
commercial application, you just don't buy a shrink wrap package (or
use free software).  You buy a license to the software that comes with
the provisions that you need, and the 24x7 support that is required.
Most importantly, you have an expert consultant coordinate the setup
and maintenance of the machine, to ensure that there are no holes, and
any that are there are detected and fixed as fast as possible.

To reiterate the points that have been made so far:

1.  Buy commercial software that is designed and built for high
security applications.  It has been developed with security in mind
from beginning to end, and has had experts comb through it for flaws.
It also will cost money to get the source, which means that it is more
difficult for intruders to get the source and look for holes.

2.  Buy a service contract and a source license for the OS.  You can
hire professionals who will guarantee that your machine will keep on
working to your standards, and be as secure as you can afford to pay
for.  By having access to the source, fixes can be made quickly if
necessary.

What do you lose by using a free OS in a mission critical application?

1.  Security through obscurity.  More people have access to the source
code for your OS, so there is a greater chance of someone finding a
security flaw and exploiting it before you can fix it.

2.  Single minded design.  The free OS will be designed to serve all
sorts of uses, and the priority of the designers may be to emphasize
speed, simplicity, elegance, cutting edge technology, or portability
over security.  In any design compromises are made, and if the OS was
not designed with security as a top priority, it may not be what you
want to use in your high security application.

Of course, you may be able to purchase a 24x7 service contract for a
free OS based machine, but whoever supports the system will be limited
by the points above.

Chris Colohan
Computer Engineering Student -- University of Toronto
colohan@eecg.toronto.edu