[4youever]

To distinguish them from insecure operating systems we shall refer to operating systems like Unix and NT as securable operating systems. This should not give the impression that Unix and NT are secure: by its nature, security is not an achievable goal, but an aspiration that includes accepted levels of risk. Nevertheless, these operating systems do have the mechanisms which make a basic level of preventative security possible.

A fundamental prerequisite for security is the ability to restrict access to certain system resources. The main reason why DOS, Windows 9x and the MacIntosh are so susceptible to virus attacks is because any user can change the operating system’s files. Properly configured and bug-free Unix/NT systems are theoretically immune to such attacks, if privilege is not abused, because ordinary users do not have the privileges required to change system files. Unfortunately the key Phrases properly configured and bug-free highlight the flaw in this dream.

In order to restrict access to the system we require a notion of ownership and permission. Ordinary users should not have access to the hardware devices of a secure operating system’s files, only their own files, for then they will not be able do anything to compromise the security of the system. System administrators need access to the whole system in order to watch over it, make backups and keep it running. Secure operating systems thus need a privileged account which can be used by the system administrator when he/she is required to make changes to the system.