Is Microsoft Windows quite secure (as secure as linux) if used properly?

I wanted to get the perspective of the linux crowd on this, to understand security better (both linux and windows)

I'm a linux person, been using Linux since I started usign computers.

Recently I've been learning about windows security(mostly for Xp Pro), and have found some really cool features that make it quite secure.
Some of the major causes of "windows security" seem to me to be as follows:

1. Use of admin account as default (windows sorta messed up here in terms of user education).

2. Not using software restriction policies, not turning autoplay off.

3. Use of untrusted binaries installed by user(linux is nice in that there is a cental repository for a whole lotta apps). Common sense can mitigate a lot of issues here.

So, if a user uses Limited user account(LUA) + software restriction policies(SRP) + turns autoplay off + uses common sense in installing apps+ additionally uses Sandbox like free third party utilities for web browsing; it seems like windows can be as secure as linux, maybe more secure since linux doesnt have as many third party easy to use security apps like windows.

 

If you run LUA with a good AV, good browser and common sense, I don't see why not

 

Oh lord, here we go again...

But to answer your question: I think modern versions of Windows (Vista/7/Server 200 can be made pretty secure because Microsoft has *finally* caught on to what the Unix world has been doing for 40 years.

If you do these things, you can make Windows pretty secure:

• Use a 64 bit CPU with a 64 bit Windows version

• Run in a LUA

• Utilize SRP/Applocker

• Turn on full DEP/ASLR

• Broswer: use either IE in protected mode or Chromium (with its sandbox). If you prefer Firefox, put it in a sandbox like Sandboxie

Linux and other *nixes have all of the above protections and have for longer than Windows.

 

Sandboxie is not needed in Linux, Linux comes in both x32 and x64 flavors, both supporting DEP hardware via kernel. You can enable apparmor for browser to get Sandboxie like security.

 

Well apparmor has been discontinued in linux.

Does linux have SRP?

 

That is wrong. Now, Ubuntu is officially maintaining it and AppArmor will be integrated in the next version of the linux kernel (LSM).

If theoritically (and practically), it doesn't cover as much as SeLinux, it is so easy to configure that it is still a very good hardening tool.

By default, most Linux distros have SRP like enabled. Below a screen capture showing the properties of a downloaded file. The exec capability is not checked by default.

 

Well yeah, that file is an archive and would have its execute flag off at the server. What about files that are executables?

BTW, you can have executables in tar archives, and when the archive is untarred, the execute flag is autoomatically on in the execuctable.

 

BTW, SeLinux is also a *tool* for linux for system hardening; its not a distro as the name might imply,

 

Same for executables: No execute right, by default.

Concerning executables in archives, it is not worrying in the first place security wise as it needs two actions from the user:
- extract manually the archive,
- execute manually the file,
And even then the execution is still confined in user mode...

 

Thats pretty cool!

Yup.

So how would drive by attacks work in Linux? Javascript?
Can we not have the follwoing scenario: A website downloads a file onto user system. Javascript turns on the execute flag, and then invokes the executable.

 

I will let more knowledgeable people answer this question.

Nevertheless, I have the default ubuntu FF apparmor default profile in enforced mode and FF doesn't have any execute right in Home. Therefore, be it Javascript or whatever couldn't execute the downloaded executable file. Same for Chromium or any other of my apparmor profiles.

The idea with apparmor is to create a profile for every internet facing application in which you give the right to write and read in Home, and deny the right to execute (by omitting to give this right). You recreate somehow per app a SRP.

 

Sandboxie uses virtualisation whereas Apparmor uses policy, much like Geswall (MAC application using windows capabilities) and DW (same, but uses its own mechanism instead of relying on windows's)

 

I have configured my neighbors PC something like this:
winxp pro sp3
-limited user account
-disabled services he doesn't use (built in firewall is on)
-software restriction policy
-full dep

Firefox in private browsing with noscript addon

He hasn't been infected ever since

 

Another important point for me is that in Linux, when you click "check for updates", it will check for updates for all apps installed through the package manager.... in windows you need "Hunt" sometimes... more and more apps today have "chech for updates automatically", But no doubt in linux this is a lot more easy.

 

Enable SEHOP for all processes and I think you have a winner.

I *do* think Windows users can be safe with this set-up.

Just make sure she/he also applies all timely patches and it will work well.

 

SEHOP does not exist for Windows XP https://www.wilderssecurity.com/showthread.php?t=270357

 

You are correct, sir!

 

From a flaw in the application's code (like Firefox for instance). If FF has a 0-day it can be exploited and will give the attacker the same access rights as Firefox itself has. That is unless Firefox was locked down with a MAC system like AppArmor.

 

In the absence of AppArmor, is a 0-day needed for the javascript attack I mentioned?
Isnt javascript basically unlimited (except that it doesnt have root access) in what it can do in FF?

 

Limited user accounts in Linux are rather more limited than in Windows though, no direct access to keyboard devices for example. A driveby on Linux could easily wreck your data, but it would be a lot harder to log keystrokes.

(On the other hand, there'd be no problem recording you if you had a webcam. )

Generally Linux security isn't spectacular by default, but the default settings tend to be... a bit saner than Windows', I think.

Re Windows, I used to think you could secure any Windows NT OS if you knew what you were doing. Now, after that shortcut vulnerabilty... I'm not so sure.

Actually I take that back. You can still secure a computer very effectively with a limited account and SRP or AppLocker. The problem is, that works fine for someone who just browses and watches movies and stuff, but if you're compiling software and otherwise running stuff in your home directory, it's quite inconvenient.

If there's a security solution for people like me who do tons of stuff with their computers (other than using an obscure OS like Linux, which won't keep us safe forever), I haven't found it; and I frankly doubt it exists. It seems to me that there's just an inherent tradeoff between functionality and security on the desktop.

[/long boring speech]

 

http://www.h-online.com/security/news/item/AppArmor-set-for-inclusion-in-Linux-kernel-1049106.html

 

That's as close to a perfect setup as one can get, imo. It's using mostly built-in security, limited account, fully updated, reduced services, and only no script as a 3rd party addition. Two XP machines are set up this way here, except IE8 instead of Firefox (kids don't like Firefox) and Sandboxie with browser forced in it, and restrictions on what can access Internet from it. The SRP practically guarantees security.

 

When was apparmor ever discontinued in Linux? This is news to me, till today Novell actively develops it for SUSE and Ubuntu and other Linux distros implement it. Also apparmor is used in SUSE Enterprise which has a larger share than RH in server market so development of apparmor is a must for linux server and desktop.

 

If you switch to private mode browsing in Google Chrome, you get the same effect as well, you can then use apparmor policies to jail it from any hacks. I use FF and Opera with apparmor and have no surfing issues period. Even my torrent client is apparmored.

 

http://developer.novell.com/wiki/index.php/Apparmor_FAQ