Fog Creek Software
Discussion Board




Heterogenous environment idea

So - if a mixed network of Windows and Linux would help protect a company from vulnerabilities of the individual software packages...

...wouldn't that be the perfect place for Java?

Philo

Philo
Tuesday, August 26, 2003

<g> I think Id rather have the virusi...

FullNameRequired
Tuesday, August 26, 2003

Probably.  At least you would have a homogenous development language which does make some sense as opposed to a homogenous Operating system environment.

Fred
Wednesday, August 27, 2003

In the phrase "largest common denominator" the use of the word large is often misleading. This is why the idea of a mixed MS / *nix network with common apps is likely to give you apps that are bound to be inferior. These apps cannot ever fully expoit all possibilities of either the MS or *nix platform like native platform apps can.

I'm not going to settle for "inferior", are you?

As for the security argument, you're probably right but IMO security vulnerablilities are not found on any platform in particular, just the one that is most popular (as in: of the people) and least in fashion with the self declared avant-garde, at some point in time.
Maybe we'll ever see the day where we have a *nix dominance on the desktop (aaaarrg) and it'll propably show as much security holes as Windows today. I wonder who we will blame then?

Geert-Jan Thomas
Wednesday, August 27, 2003

If you go to all the trouble of using a heterogeneous network then having a single run time environment could itself become a single point of failure.

Perhaps its best not to be doctrinaire about anything and develop applications and servers in whatever makes sense in individual circumstances.

Simon Lucy
Wednesday, August 27, 2003

With the risk of mr. nameless person and others mocking me, I'd like to state something which most people seem to ignore:

C/C++ is also portable. Really.

Java doesn't suffer from endianness problems, word size problems, and various other catches; Neither does C, the language - but C doesn't stop you from introducing these problems the way Java does.

Programmers, being lazy, often don't bother to stick to the language standards, and use a platform specific feature. Java makes you go to greater length to use a platform specific feature, which results in apps that are more portable (but often less capable). But many Java apps do go to that length, because they need it.

Portability isn't a property of the langauge, it's a property of how it is used. Some discipline can produce perfectly portable C/C++ (There are hundreds of examples in the open source world - KDE, AbiWord, gcc, Apache, to name a few). Limit yourself to using an abstraction layer, e.g., TrollTech's Qt, and you're just as portable as Java if not more.

Finally, if you insist on the automatic discipline that Java gives you, Python does too and is more "portable" than Java - first, because it can compile to Java bytecode (hence at least as portable as Java), and second because the C Python implementation compiles out of the box on many platforms for which a JVM is not available.

Ori Berger
Wednesday, August 27, 2003

Time and time again it is shown that the weakest link in the security chain is the people, not the platforms.
Take Slammer, take Slapper, take Blaster: fixes were available long before the outbreak, 2/3'ds remain unpatched until something happens, 1/3 remain unpatched even after something happens.
Take SoBig.F: it is the people opening the attachement, not any system security failiure. As I have already mentioned, if the Java runtime was more prevalent, this thing might have been written in Java and infected all your precious cross-platform systems.

Just me (Sir to you)
Wednesday, August 27, 2003

"if a mixed network of Windows and Linux would help protect a company from vulnerabilities of the individual software packages..."

Huh?  How does a heterogenous environment protect a company from the vulnerabilities of individual software packages?  Heterogenous computing environments have been a fact of life within corporate America for some time now and and this hasn't stopped corporations from getting hacked or infected with viruses. 

As I am sure you already know, security is much more than which operating system you are using.

Perhaps you should have used words such as "lessen the impact from a hostile attack..." instead of "protect"?


"...wouldn't that be the perfect place for Java?"

I am not aware of anything made by Microsoft that runs on a Linux network so yes, Java is certainly a viable option and one that appears to be used quite extensively throughout corporate America.

One Programmer's Opinion
Wednesday, August 27, 2003

There is no real security in diversity in it self. Viruses will still propagate etc.
Whats good about it is that if a virus takes out your fileserver, your DB and webservers might still be running.
You reduce the chances of having all your critical systemems fail at the same time, from the same vulnerabillity. (Not the chance of them ever failing.)

Having a bit of redundancy across the platforms can be a blessing.

Eric DeBois
Wednesday, August 27, 2003

"Take SoBig.F: it is the people opening the attachement, not any system security failiure."

It sure as hell is.  Why is this executable????

Think
Wednesday, August 27, 2003

Basically for corporate development you have to choices.  Java or .net.  .Net is great if you only plan to run on Windows (insert comment about mono, rotor and other non viable pipe dreams here)  Java is used because it doesn't lock you to any particular platform.

Think
Wednesday, August 27, 2003

This begs the question...

If java is platform independent and all major OS's support java, why aren't virus writers targeting the JVMs?

A google search for "java virus" reveals several from the 90's, but nothing recent.

Further thought... When (if) java becomes more mature and widely adopted, will it become a bigger target?

Russell Thackston
Wednesday, August 27, 2003

"It sure as hell is.  Why is this executable????!"

Euh, you want  a platform without executables? How would that work?

"Java is used because it doesn't lock you to any particular platform"

Well, with the exception of the Java platform, right? Would you also argue Windows does not lock you into any particular platform, since you can run Win2K on VMware in Linux and in Virtual PC on Mac?

Just me (Sir to you)
Wednesday, August 27, 2003

"Time and time again it is shown that the weakest link in the security chain is the people, not the platforms."

Indeed this is true for "big news" security exploits, but here's a thought for you: What if someone knew about these exploits long before they were publicized and became big news? What if there are people or groups out there who know about buffer overflows with the remote registry service, or the Windows Messenger service, or IE when the mime type save as attachment XYZ is encountered, or DNS when a UDP packet is returned (this one would be easy to exploit even through firewalls), or any other of the hundreds of apps eagerly waiting for the opportunity to be exploited. Rather than the big news worms where you have a sociopath looking to "make an impact", but what if you had actual professionals who wanted to profit from it, selectively picking targets for financial gain, be it to gather insider information, carry out terrorism, gather personal information like account numbers, or even blackmail of that executive with the asian foot fetish. If you think that every exploit comes from some company like eEye looking for some corporate fame, then you are absolutely nuts. To me the scariest exploits are the ones we DON'T hear about, and you know given the track record of exploits found years after the software is distributed that there are probably hundreds or thousands such backdoors waiting to be discovered. That is the problem of the environment of "security comes second" that no one can deny: Software can't be perfect, but in the highly exploitable internet world, I expect things like buffer overflows not to exist (it is a TRIVIAL issue that keeps biting us in the ass).

Dennis Forbes
Wednesday, August 27, 2003

Dennis,

I do agree that those are potentialy far more dangerous exploits. However, even in these cases anecdotal evidece points to it usualy involving sloppy admin and social trickery rather than "original work". One of course does not exclude the other.
These "secret exploits" are of course what the "full disclosure" people are always on about when they justify their actions, claiming things are being exploited and the software companies are putting a lid on it.
I think it is an open question of wether this approach was a decent trade-off in the past, and brought about the greater security emphasis, or wether things were already moving anyway.
However, at this point in time the "advantage" seems to have been consumed and all that is left is the public price paid. More responsible forms of disclosure should be considered.

Just me (Sir to you)
Wednesday, August 27, 2003

"Euh, you want  a platform without executables? How would that work?"

I wasn't very clear, why is it executable from within email? 

Fred
Wednesday, August 27, 2003

Ah! Wel that depands on the email programs behavior. I do not know about other email clients, but for Outlook there have been solutions available since June 2000 to prevent this sort of thing, and it has been introduced by default since Outlook 2000 SP2.
Rather than praise MS got an angry reaction form the public for this with many calling the stance taken "Draconian". Some "experts" shouted loudly in favor of less stringent solutions that would warn the user but in the end let the user decide wether or not to run or open the thing. We all know what that gets us http://napps.nwfusion.com/compendium/archive/003362.html .
Still, as a result many third party "configurators" appeared to let the disgrunteled users trim the forbidden extention list.

Just me (Sir to you)
Wednesday, August 27, 2003

The deny access to attachments was a stupid idea, that is why there was so much backlash. 

Leave the attachments accessable, make the bad ones (.scr, .pif, .exe, .vbs, .bat) non executable from within email.  Make users copy them out to the desktop or elsewhere to run them.  At least it would put a hurdle up to infect yourself.

Keep in mind Microsoft deserves any and all bad press it gets by putting out unsecure products.

Fred
Wednesday, August 27, 2003

You mean so all the virus writer has to add in the cover mail is

"hey dude, check these out! Bouncey!!!!
P.S. if it doesn't work, just save it to your desktop and open it form there"

Just me (Sir to you)
Wednesday, August 27, 2003

no no no don't make the user save it. make them run it from a sandbox. (of course, the os needs to create a sandbox, but dammit they should have started on that 3-5 years ago. more than just .NET).

if you make the user save to the desktop/my documents, it's run from within the user's 'trusted things' area.

but that has nothing to do with heterogenrous envrionments. java == mostly homogenous environment, so it's not a solution by itself. then again, nothing is.

mb
Wednesday, August 27, 2003

Come to think of it..

Shouldnt it be possible to restrict an executables rights so that it cant write outside its own folder or launch other processes? So that anything not explicitly approved of by an admin would automatically be sandboxed.
(..Im no win-guru..)

If there was a tool that made that kind of stuff easy it could be a real hit, no?

Eric Debois
Wednesday, August 27, 2003

Depends on whether the security manager is finegrained enough to give you the security you want.  I do think Java adds more security than a normal C/C++ compiler, since at some point programs go through an interpreter that can enforce security policy.

Still, I don't see how this secures your machine against things like the worm.  Sounds like a broad topic.

Tayssir John Gabbour
Wednesday, August 27, 2003

.NET will allow you to do all that, but is it the solution? If the problem is social engineering, the virus writer can give instructions on how to bypass all these things (e.g. the saving to the machine first etc.).

People mostly are there own administrator. People want to be able to receive and install software. People do not want to go jumping through hoops to do this. The machine has no way of knowing the difference between a legit install or a devious one tricked through social engineering, it can only ask the user "Do you realy want to do that, Dave?", and believe me, they are not going to take "I can not let you do that, Dave" for an answer.

Only education can help, but we all know how popular that will be.

Just me (Sir to you)
Thursday, August 28, 2003

*  Recent Topics

*  Fog Creek Home