Examples of Unix system security

Unix / Llnux shell job control

There are distinct differences between Unix and MS Windows security philosophies. Two design policies serve as apt examples of those differences.

One of the key differences between the Unix approach to system security and the MS Windows approach is that significant security characteristics of Unix systems are a consequence of good architectural design. Many of these same characteristics, when there is any attempt at all to incorporate them into MS Windows, are implemented as features on top of the OS instead of designed into the system architecture.

For instance, privilege separation in Microsoft Windows has long been a problem for Windows security. Some privilege separation does exist in MS Windows at the architectural level, but it is only a half-hearted implementation, dependent upon user-level features behaving well and being used as intended.

Modularity within the system is another example of architectural security in Unix, but lacking in MS Windows. There are applications that tie into every major part of the MS Windows system in such a promiscuous fashion that something as apparently trivial as a browser exploit can actually reach into kernel space, and from there affect the entire system. The same kind of close coupling between parts of the system does not exist in the base system of Unix.

The importance of privilege separation

Some might complain that all the information you want to protect on your system is stored where your user account can access it, so that privilege separation does not really help security much. These people fail to grasp the full extent of what security benefits you gain from separation of privileges, however. Privilege separation does more than prevent infections and intrusions from gaining access to root privileges.

Malware that makes its way to the system via the network is hindered by the fact that server processes typically run under specialized user accounts on Unix systems. This means that getting in through some network port usually gets the intruder no further than the affected service. This is even true of many services that are started from a normal user account, because those services are typically configured to switch user account "owners" when they start to take advantage of the benefits of privilege separation.

Many tools of malicious security hackers require administrative access to work effectively for them. Keyloggers are one of the major bogeymen of MS Windows security, but they require access to administrator-level components of the system to operate effectively on Unix. This means that a keylogger inserted into the system via some unprivileged user account does not have the access it needs to do its job.

Other security threats, such as rootkits, trojan horses, and botnet clients, also require root access on a Unix system to work. On MS Windows, the lack of rigorous privilege separation short-circuits this defense against malware.

You might also like

Alternative Open Source Hosting Control Panels  — TheHostingNews.com
Zpanel – Written in PHP, Zpanel is light and flexible, working on Windows, Linux and other Unix-like operating systems. It supports modules, themes and more.

Webroot Software Webroot Spy Sweeper AntiSpyware
Software (Webroot Software)
  • Webroot continues to improve Spy Sweeper, and provides subscribers with regular enhancements to the application
  • Detects, quarantines, and deletes harmful spyware
  • Simple one-click spyware search
  • Time-saving custom configuration options
  • Protects against identity theft, browser hijackers, hackers, and more

Q&A

avatar
Why is Unix more secure than other operating systems?

Unix is not necessarily more secure than other operating systems; it has a lower target profile because it is easier to find Windows based systems and attack them first.
Also, Unix is more mature than Windows (it has been around a lot longer).

avatar
How is a job run periodically in Unix system Explain with an example

The cron facility of Unix allows periodic tasks to be started. You need to add a scheduler entry to cron (via crontab) in the form:
minute hour dom month day-of-week
So the entry:
0,15 3-5 * 12 0 /run/some/script
would run the file /run/som/script on the hour and 15 minutes past the hour, from 3 - 5 a.m. every day of the month for December if the day is a Sunday.