Benefits of Windows and Unix

 Benefits of Windows and Unix

 

Both windows and Unix have advantages and disadvantages as far as security goes. The main advantage of Windows NT is that it does not support (without additional software purchases) many of the services, such as Telnet, Internet mail and the X windows system, that are provided out of the box with UNIX systems. These services may be used by a penetrator to gain remote access to a Unix System.

 

The primary advantages of UNIX is its maturity. It has been subjected to hacking for many years, including years before Windows NT was conceived. As a result, most of the UNIX security bugs have been identified and counter measures have been implemented. Under a security conscious system administrator, a UNIX Web site can be made as secure as it would be using other operating system platforms.

 

Note:

While this section has covered the merits of one operating system over another , it is important to keep in mind that many break-ins occur as the result of social engineering duping people into divulging their password or other bad security practices.

 

 The Web User's Perspective

 

Although the risk of using the web is small , it still merits some consideration. The basic question that you need to ask is , "What do I have to lose?" If you use your PC purely for recreation and don't perform any financial transactions over the web , then the answer is , "Not much." However , if you use your PC to store your diary and sensitive company documents and use the web to make online purchases, then you may want to examine your risk more closely.

 

For users, Web security begins with the browser and, for most of us, that means a Netscape or Microsoft browser. Netscape Navigator and Microsoft Internet Explorer provide a number of features that go beyond simple webpage display.

 

Both browsers support executable content Java and , of course , Javascript. In addition to executable content, both browsers support plug-ins (Internet Explorer supports Navigator plug-ins and ActiveX controls, in addition to its own), cookies, Secure Sockets Layer (SSL) communication, and digital certificates. Each of these features has implications for user security , as described in the following subsections.

 

Dealing with Executable Content

 

When most people think of browser vulnerabilities they think of java, Javascript , and ActiveX.

 

For most of us, the thought of opening a Web page and automatically having a program load and execute on their computer is a bit frightening. There is a good reason for this  fear it is a very difficult to allow executable content without leaving yourself wide open to a Trojan horse attack.

 

A Trojan horse is a program that appears to provide a useful while, in reality , it is attacking your system. The name comes from the legend of the huge wooden horse that was left as a gift at the gates of Troy. When the Trojans opened the gates of their city to bring in the horse, Greek soldiers who had been hiding inside the horse poured out and attacked the Trojans.

Each of the three major browser programming technologies uses a different approach to protecting against Trojan horses:

 

]Java code executes in the Java Virtual Machine(JVM), which is part of the Java runtime system.

]The runtime system is designed to prevent operations that would violate the browser's security policy.

]Javascript eliminates Trojan horse code by not providing objects or methods that could be used to cause damage or violate the user's policy.

]ActiveX components do not provide any inherent protection against damage. Instead, these components are digitally signed.

]The signature provides high degree of assurance that the component originated from the organization that it claims.

]Navigator and Internet Explorer 4 also support signed Java Applet. The signature can be used to determine whether the applet should be given extra privileges beyond those allowed by the default Navigator security policy.

 

Of the three approaches , Javascript's is the mostly secure. By not providing a mechanism for creating damage, it is able to prevent the damage from occurring. But how do we know that no object or method can be used to cause damage? The answer is extensive script that could damage your system.

 

Java's approach is next best when it comes to security . The Javascript runtime system is capable of supporting multiple security policies. For example, Java programs that are loaded from your hard disk are allowed more privileges than applets that are loaded over the network. Signed applets are given more privileges than unsigned applets. Java's approach, in allowing multiple security policies to be enforced , is darling. Except for a few early flaws , the Java runtime system has held up to its claims of security.

 

ActiveX uses the least secure of the three approaches. The signature attached to an ActiveX component does not provide any assurance that the component won't destroy your system; it just tells you who to go after in case it does.

 

Both Navigator and Internet Explorer provide the capability to selectively turn off these browser programming capabilities. If you simply can't take the chance of Trojan-horse Software being loaded into your computer, then you should take advantage of this option.