Paranoid Penguin - Interview with Marcus Meissner

Insights from SUSE's Security Team Lead.
Operating System Architecture

MB: In the Linux world, we've seen less malware (viruses, trojans and worms) than the Microsoft Windows world has been subject to. Why is this, do you think?

MM: First, Microsoft Windows just has more installations, and so it is a more valuable target; thus, it gets more research into exploitability.

Second, Windows has quite a high integration level. You can do lots of stuff from everything, and this was seen as good thing—easy embedding of document/image viewing and so on. Although on the one hand, this is a good thing, it also exposes a lot more code to the attackers.

Plus, the Windows software development community before the Internet was not really programming with security in mind, and so there were large holes. The same goes for reviewing the code; it was hard without source for externals.

It's something like a mix of all those things, I guess.

MB: My own opinion for several years has been that Linux isn't inherently more or less secure than Windows; their underlying security models are very similar. What are your thoughts on this?

MM: UNIX/Linux has, for example, the advantage that we separated (the concept of) the user from the administrator right from beginning, which Windows still has problems with.

Due to less integration, or integration at different levels, Linux has perhaps a better chance of resisting those attacks.

Linux also has less of a monoculture in programs and libraries, and it is also more rapidly changing than perhaps on Windows.

MB: What kind of potential do you see in mandatory access control (MAC) systems, like AppArmor and SELinux, in improving Linux security for the masses? To what extent do you think they're already helping?

MM: It's difficult to say. I have no experience with SELinux, but with AppArmor, I see a bit of acceptance issues in default settings, and then it does not catch everything.

MB: When SUSE incorporated Novell AppArmor into its general releases, this caused a bit of controversy. It seemed like some people involved with SELinux felt that this undermined their efforts. As a SUSE employee, I assume you're pro AppArmor, but what do you think about the controversy? Isn't it healthier for multiple MAC options to be available to people?

MM: There surely was controversy, but most of it seems to have died down now.

It is healthier to have more than one MAC system, especially in exploring the MAC problem from different angles.

That AppArmor was much more usable than SELinux also has caused lots of thinking and usability improvements in SELinux (think targeted policies, booleans and so on), and the other way around. AppArmor now can contain more things than in earlier times. We currently see both as solutions that even could co-exist to some degree.

Other new MAC approaches, like SMACK and so forth, also are appearing now.

MB: So, are there any plans for SUSE to support SELinux, as an alternative to AppArmor?

MM: I cannot say at this time, especially since partner requirements are still open for future products.

Virtualization

MB: When Linux virtualization first started to emerge into the mainstream a few years ago, it seemed to me that the whole concept of a hypervisor—an intelligence logically above the guest-OS kernel that manages system resources and monitors VM behavior—has a lot of security potential. Nowadays, I wonder whether I wasn't overly optimistic. The additional layer of abstraction might introduce other attack vectors. Your thoughts?

MM: Virtualization environments, unfortunately, were/are sold as security solutions, but the breakout possibilities are only now being investigated, and there likely was no formal containment design from the ground up.

Several ways also have been found for almost all virtualization technologies to break out of confinement.

So yes, I think its being used as security containers is overly optimistic.

Embedded Linux

MB: One of the most remarkable developments in Linux, it seems to me, is its rapid inroads in the embedded systems market. All kinds of consumer electronic devices are now Linux-powered. Does SUSE ever show up in this space? Do the particular challenges and ramifications of embedded operations figure into your team's work?

And, from a security perspective, how good of an idea is it to use a general-purpose operating system like Linux (or Windows) for embedded applications?

MM: We are not really showing in this space, even though we are working to bring the enterprise desktop more into the thin-client space. But, it's not the real embedded market.

What matters most for security in those devices is how they get updates and what security processes are there from their vendors. If the vendor just gives up support after six months for a device, but the device lives for five years or longer, it's bad. You have lots of unpatched devices out there.

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState