Information Technology Refuting the Claims

Information Technology

Refuting the Claims That Windows-based systems are not as Secure

As Linux or Apple Mac systems

The evaluation of one operating systems' level of security relative to another is often evaluated from the number of patches completed in response to severity from the United States Computer Emergency Readiness Team (CERT) database, or from customers making it widely known there are security holes and shortcoming in new products (Buckler, 3). There are also the architectural analyses of the Microsoft Windows, Linux and Apple operating systems, each being evaluated in terms of their relative level of security and stability (Parnas, 112). In fact the truest answer to which operating system is the most secure is found in the combing of these factors and evaluating these operating systems across both empirical and theoretical analyses. While Microsoft Windows has a dominating market share of Worldwide PC Operating Systems Market Share as can be seen from Figure 1, analysis of security threats using the CERT database actually show Linux is gaining through rootkit attacks (Baliga, Iftode, Chen, 323)

Figure 1: Worldwide PC Operating Systems Market Share

Calendar Q4, 2007 to Q4, 2009

Source: http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8&qptimeframe=Q&qpsp=35&qpnp=9&qpct=3&qpmr=5

The number and severity of attacks then is not dependent purely on the number of operating systems in use by a given software company or open source distribution. Instead the level and severity of security breaches to operating systems is more dependent on the design goals and architectural structure, both within the kernel and in each subsystem including those that enable integration to networks and the Internet via Transmission Control Protocol/Internet Protocol (TCP/IP) to be secure. Merely analyzing the number of entries for any given operating system or its version by severity on the United States Computer Emergency Readiness Team (CERT) database entries is an incomplete analysis. Using just severity metric in fact can lead to drastically inaccurate conclusions as the widely held belief that Linus is more scalable and secure than Windows when in fact it is being attacked this year with Rootkit-based approaches that have been around in variant forms for decades (Baliga, Iftode, Chen, 323). Analyzing CERT data is like looking in the rear-view mirror instead of looking through the windshield to drive. Looking instead at the inherent differences in Directory Support, Public Key Infrastructure (PKI), cryptography functions including integration with hardware, and Kerberos support being integrated or added on through ancillary code all need to be considered. In addition the role of IPSec and SSL tunneling over Virtual Private Network (VPN) lines also needs to be considered. As each of these approaches to security vary drastically in their configuration and use in organizations, there are implications at the operating system level for these functions as well. Given the rapid growth of remote and telecommuting workers in organizations, VPNs and the corresponding roles of IPSec and SSL in security is also included in this analysis. As more organizations seek to gain the cost advantages of Software-as-a-Service (SaaS) applications and the use of virtualization increases as a result, the role of server-based operating systems from Microsoft, Linux server distributions are analyzed as well. SaaS-based platforms are also commonly hosted on Amazon Web Services (AWS) or Google Web Services platforms, alleviating the need for virtualization of servers in organizations. The security issues surrounding virtualization however are so significant that any company that produces a server-based operating system needs to be cognizant of it and define a strategy of compliance and continual security improvement (Mattsson, 15). When all of the factors are taken into account, it is clear that the use of a single metric from CERT and its trending is not sufficient to claim one operating system more or less secure than another. A multifaceted approach is necessary starting with an assessment of operating systems design and structure including the definition of Operating Systems Security Design Variations

The integration of disparate, often completely incompatible systems at the byte-order level is happening with increasing frequency as organization seek to gain efficiency and performance advantages from their data. As a result of the onslaught of system integration brought on by Business process Management (BPM) and Business process Reengineering (BPR) efforts in organizations, significant security gaps at the operating system level have been found, especially in industrial and plant-based systems (Harmon, 44). This has led to organizations auditing the security of operating systems to the kernel and platform level (Parnas, 112). The results of this analysis indicate that kernels or the central coordination logic of an operating system has much more to do with security, and in fact can either significantly reduce or increase the level of security breaches one operating system has relative to another.

The Apple Macintosh, Linux and Microsoft Windows kernels and corresponding operating system structures are now analyzed from the standpoint of Directory Support, Public Key Infrastructure (PKI), cryptography functions including integration with hardware, Kerberos support, IPSec and SSL tunneling over Virtual Private Network (VPN) are all considered.

Apple OS X Kernel Analysis

Cognizant that security of the Apple OS X operating system would be more reliant on the level of cross-platform integration it could achieve relative to Apple's traditional focus on graphics and image processing (Stern, et.al.) this latest edition of an Apple kernel structure is shown in Figure 2.

Figure 2: The Apple Mac OS X Kernel Structure

Source: (Stern, et.al.)

Ironically the initial reports of lack of security within this kernel structure are not emanating from the BSD distribution used for integration or the Application Services layer responsible for coordination of Classic, Carbon, Cocoa and Java (JDK) and support for Java Virtual Machine (JVM). They are from one of the most tested areas of this operating systems' structure, and that is the JVM component and its coordination role across the myriad of web browsers available on the market today (Paul, Evans, 338). JVM code can be hacked through the use of scripting and annotation through impersonation (Fong, 138). This is a major security breach in the architecture itself. Despite the myth that Apple gets hacked the least because hackers are running on this platform and are brand-loyal to it (another misconception) the fact of the matter is that its architecture is easily penetrated through JVM impersonation and also through QuickTime hacks, a point made clear in the CERT database (Buckler, 3). Clearly one of Apple's design objectives with this operating system is the eventual introduction of Web Services that are transparent across all devices. Lack of transportability and ubiquity of single sign-on continues to be a major criticism of the Apple operating systems and parallel business models of systems, servers, operating systems, and their iTunes economic ecosystem. The issue is that these systems are not integrated with one another past the GUI level, a point made when the proprietary Digital Rights Management System (DRMS) of Apple's iTunes ecosystem is taken into account (Erber, et.al.). This philosophy pervades Apple's design mindset in this kernel as well, and opens up significant security liabilities as a result. As can be seen from Figure 2, the Mac OS X operating system does not take into account cryptography at the hard level, a management framework or support for virtualization and partitioning. This is consistent with the company's philosophy of hardware abstraction not being necessary due to the lack of parallel systems and process integration. This is also indicative of how Apple envisions Web Services progressing on this platform, namely, in all-Apple environments. As a result of these design decisions the QuickTime and Java components become the most at-risk areas of their platform. Unlike other kernels which are evaluated in this analysis, there is shared memory usage and directory support integrated across the entire memory allocation for the operating system. This by definition then is a cooperative multitasking environment, and JVMs can be created that impersonate threads through the operating system, causing a complete breach to the rootkit level (Baliga, Iftode, Chen, 323).

In conclusion it is apparent from analyzing the Apple OS X operating system kernel that at a systemic level, it is flawed from a security standpoint. The myths of hackers and those with the skills to penetrate these systems not choosing to due to their brand loyalty is not founded and in fact can be seen contrary through the availability of rootkit-based guidance online on how to hack into Apple systems and servers (Baliga, Iftode, Chen, 323). Second, the claims of Mac OS X not being hackable are false (Mansfield-Devine, 7) (Voss, Siegel, 10). What is established from this analysis is the fact that there is greater correlation of shortcomings in the operating system structure itself and reported security breaches in CERT and other databases when design criteria are not fully met or are based on assumptions regarding use that don't turn out to be accurate. JVM hacks into cooperative memory areas of an operating system can completely define authorization and user privileges, leading to impersonation of user accounts. Clearly the Mac OS X kernel is not designed with a heterogeneous, more integrated environment in mind and as a result of not hardening JVM, QuickTime and Application Services it is in fact one of the most vulnerable operating systems in this comparison.

Linux Kernel Analysis

Much has been written in praise of the Linux (Crandall, Wu, Chong, 359),

(Parnas, 112), (Baliga, Iftode, Chen, 323), and its use of preemptive multitasking memory architectures to manage process control, file management, device management, information maintenance and communications subsystems securely and effectively. The Linux modular design, lack of reliance on Remote Procedure Calls (RPC), and use of UNIX-based system administration all are often cited as factors in how it is significantly more secure than Microsoft Windows for example. Linux relies on a dedicated memory partition architecture more comparable to Microsoft Windows than UNIX and also has a specific API calls for each of the subsystems as well. The combination of modularity and preemptive multitasking through dedicated memory structures is also an architectural argument that Linux supporters site when defending the inherent security of this operating system. In fact the KDE and GNOME components of the operating system are monolithic, not modular in design and therefore pose a security risk from the standpoint of being accessible through the kernel. Figure 3, Linux Kernel Structure, provides a graphical representation.

Figure 3: Linux Kernel Structure

Source: (Jaeger, Edwards, Zhang, 7)

What is immediately apparent from analyzing the Linux kernel is that when you take into account its wide variation in interpretation between Linux distributions from Debian, Red Hat, MandrakeSoft and SUSE it is clear that coordination and collaboration to resolve severe security risks can be challenging. In fact the highly fragmented nature of the Linux kernel and the distributed ownership of it across all those companies who are offering unique distributions make response time to severe alerts (as defined by CERT's methodology) challenging. Further exacerbating this shared ownership of security on the Linux platform is the integration of only Crypto functions, IPSec, SSL Tunnel and firewall functions. All other functions critical for operating system security are in fact supported through 3rd party partners including Directory Support, PKI integration, Cryptography at the hardware level, Kerberos support and a security management framework. As a result of the Linux kernel structure and operating system infrastructure being so balkanized the days of risk associated with any attack and the response time to resolve them is significantly longer than any Microsoft operating system included in the analysis (Massel, et.al.). This is a function of the lack of concerted, focused collaboration on the part of companies who are creating and marketing Linux distributions. Unlike the Apple operating system and its QuickTime and Java Virtual Machine (JVM) security liabilities, Linux has more complex security threats. At the operating system, kernel and the threat of days of risk growing rapidly due to a lack of shared knowledge (despite the myth of the open source community being egalitarian) Linux has significant security vulnerabilities (Massel, et.al.).

Microsoft Windows Operating System Architecture Analysis

The Microsoft Windows architecture has evolved to support pre-emptive multitasking and also the support of up to four concurrent application environments including Win!6, Win32, POSIX and UNIX emulations on the Windows XP Server architecture, which is the processor to Windows 7. As can be seen from Figure 4, Microsoft Windows Operating System Structure the Windows API Layer includes Win16 (16 bit Windows Subsystem) and Win32 (Windows 32 Bit Subsystem) support both with their own kernels (KRNL386.EXE and KERNEL32.DLL) in addition to their own GID and user components. These two subsystems in the API layer are completely separated from the Kernel Mode. Microsoft initially made this design decision from a security standpoint. There is also a Hardware Abstraction Layer (HAL) within the architecture which supports cryptography customization to MIL-STD specifications.

Figure 4: Microsoft Windows Operating System Structure

Source: (Shone, et.al.)

The Windows Operating Structure integrated directory support, PKI, cryptography functions at the kernel and hardware levels through the hardware Abstraction Layer, while also having legacy support for Kerberos authentication and security technologies. IPSec, SSL and remote access have over time been integrated into a common subsystem which runs in its own memory space. The System Virtual Machine also has its own memory partition and is an emulation of a full Win32 runtime environment instead of making calls directly into the kernel of the operation system. Win16 and Win32-based applications therefore are not integrated to the kernel; therefore applications cannot be used to launch security attacks. Vulnerabilities within the Microsoft architecture emanate from device driver layer (Hartley, 4) and the lack of consistency on firewall definitions and methodologies over the lifecycle of the operating system (Mogull, Pepper, 1). Microsoft has also been negligent in defining common platform integration for third party systems, databases and architectures as well (Parnas, 112). These have all combined to create security liabilities for the operating system over time. In previous generations of the Microsoft architecture, including the first editions of Windows NT and later XP, there was extensive use of Remote Procedure Calls (RPCs). RPC threat analysis based on CERT entries showed that there was the potential to gain access to the kernel layer of the operating system. There is also the factor of how Microsoft originally chose to interpret TCP/IP and specifically how the development of the telnet and FTP commands were completed. These both have been configured as UNIX equivalents, where administrators can only grant access via these commands to an entire system. There are also authentication processes in place to alleviate the risk of RPC-based calls when SQL Serer is being used, significantly reducing a previous threat when both of these system components were used in conjunction with each other (Bradley, 34). The multithreaded environment of Windows NT/XP/7 is now managed through the Virtual Memory manager, a development originally in XP that continues in Windows 7 to alleviate individual program threads from being impersonated or otherwise used to launch attacks to the kernel level of the operating system.