Austin Wilson of the Windows Vista Security Team reported back from the recent Black Hat conference about a demonstration in which a security researcher inserted unsigned code into the kernel of an x64 version of Windows Vista. This demonstration has led many to declare the security of the upcoming Microsoft product to be poor.
Of course the person running the demo had administrative rights to the computer to begin with. Austin says it pretty well:
“There is no “silver bullet” when it comes to security, and it’s very difficult to protect against an attacker that is sitting at the console of your computer with an administrator command window open.”
In essence this demonstration only proved that an operating system is not impervious to the actions of a person who has full administrative access to the computer. Just think what a person can do to a Linux or BSD computer with root access.
I’m a big fan of OpenBSD. I decided one day a few years ago to have a crack at this operating system that had such a reputation for security, since security is of much interest to me. I printed out the installation guide from the website, dusted off an old P-90 with 32mb of RAM and 3 or 4 goes later had it up and running.
OpenBSD quickly replaced the IPCop system I had running at the time. I made plenty of bungles in the early days and rebuilt it many times. Eventually I upgraded to a Celeron 300mhz machine with 64mb RAM and it became even better. Its still running on that same hardware over 2 years later and has only gone down when my house lost power, or more recently just last weekend when I recabled the power for that shelf.
The only thing that disappoints me about OpenBSD is that I currently don’t get to use it professionally. I would love to deploy and manage it for customers but I just don’t see the opportunities out there at the moment. Hopefully that will change soon.
If you don’t know much about OpenBSD there is a good article here that is worth reading. Then head on over to OpenBSD.org and get started.