UNIX/Linux versus Mac versus Windows Outline
When dealing with computers that people use daily, especially over the Internet, security becomes a major issue. There are many threats to computers that can cause physical damage to system components, compromise sensitive information, infect software, and even affect e-mail. These threats come in many forms and have been around since the implementation of operating systems. These threats include viruses, worms, logic bombs, trojan horses, backdoors, mobile code, exploits, auto-rooters, kits, spammer programs, flooders, keyloggers, rootkits, bots, spyware, and adware. They can be sent through e-mail, software from an outside source (usb drive, burned data disc), and downloading from the Internet. Because of these threats OS developers need a way to prevent and combat them, so the programmers have implemented security measures to ensure the safety of their operating systems.
The UNIX/Linux security system is set up for individual users by the administrator assigning a unique user identification number to each individual that needs access to some part of the system. The individuals create a username and password to go along with their unique ids. Users also can be assigned to group that have their own unique group id. As long as the users do not disclose their password access to their accounts will stay secured. This is not the only method that Unix/Linux uses to provide security. Once UID’s have been assigned, permission bits are applied to each user and grants them permissions for either read or r, write or w, and execute or x. Some or all of these permissions can are given to the individuals dependent on the user’s needs. Access control list are also used that aid in security measures. There are two DAC and MAC. According to Bassil (2012) “DAC short for Discretionary Access Control is well at the discretion of the user” (p. 21). This means that the creator or owner of the object has permission rights to allow anyone else access and permission to access the object. According to Bassil (2012) “In contrast, MAC short for Mandatory Access Control involves several aspects that the user cannot control or is not usually allowed to control” (p. 21). So in other words the objects are controlled by the system administrator even though they may not be the creator or owner of the object.
The Windows OS uses an access control scheme that requires the user to have a user name and password to logon and access files. Once the user creates a user name and password, they are assigned a security ID or a SID. Stallings (2012) stated, “Access control is governed by two entities: an access token associated with each process and a security descriptor associated with each object for which interprocess access is possible” (p. 667). The SID is part of an access token that also includes what privileges the user has. The access token includes the security id, group id, privileges, default owner, and default ACL. A group id holds multiple SID’s allowing the ability to assign a group privileges instead of giving each individual access. Privileges are what access rights a user or group would have to an object. For instance, they could give users access to read, write, or even backup objects. Default owner is the user who creates an object. Default ACL is a default list created for an object once it has been created. The security descriptors include flags that are the type and the content of a descriptor, owner that could be an individual user or a group, System access control list (SACL) tells what type of messages are generated on the object, and discretionary access control list (DACL) that tells who can access an object. These steps are necessary because once a user attempts to access an object the object manager attempts to match each category to ensure the correct privileges are allowed by the user to access the object.
The Mac OS is based and built on