The seeds of UNIX were sown in 1965 when Bell Labs, General Electric Company, and Massachusetts Institute of Technology designed an operating system called Multics. From the outset, this was designed to be a multiuser system supporting multiple concurrent users, data storage, and data sharing.

By 1969, with the project failing, Bell Labs quit the project. Ken Thompson, a Bell Labs engineer began "rolling his own"—soon to be called UNIX (a pun on Multics). The next year, Dennis Ritchie wrote the first C compiler (inventing the C language in the process), and, in 1973, Thompson rewrote the kernel in C.

UNIX was getting to be portable and, by 1975, was distributed to universities. The attraction of UNIX was its portability and low-end hardware requirements. For the time, it could run on relatively inexpensive workstations. Consequently, UNIX developed a strong following within academic circles.

This popularity coupled with the availability of a C compiler lead to the development of core utilities and programs still included in our distributions today. Many utilities have quite a rich or comical history—I recommend you check the history books. With businesses recognizing that they could save on expensive hardware and training costs, it was only a matter of time before a number of vendors packaged their own distributions. From there, the UNIX family tree explodes—splintering off into very different directions based on the motivation and financing of the maintainers.

Vendors ported UNIX to new hardware platforms and incorporated "value-added" items such as printed documentation, additional device drivers, enhanced file systems, window managers, and HA (High Availability) technologies. Source code was no longer shipped in favor of "binary-only distributions" as vendors sought to protect their intellectual property rights.

To stand a chance of securing government contracts, vendors implemented security extensions as specified in the Rainbow Series of Books, by the U.S. Department of Defense. Each book defined a set of design, implementation, and documentation criteria that an operating system needed to fulfill to be certified at a particular security level. Probably the best known level is C2, which we'll look at later.

Getting "accredited" was no mean feat. It required a significant amount of time and money. This tended to favor the big players who could afford to play the long game.

As it turns out, the security interfaces across different distributions are pretty incompatible. On top of this, the code running the C2 subsystems tended to be immature, buggy, and slow. The administrative tools were awful (and often still are) as was the support. Ask a UNIX administrator about C2 auditing, and she'll either look at you blankly or laugh.

These developments were happening against a backdrop of low technical security awareness—even lower than today. The IBM mainframe stored all the corporate secrets and was considered a well-known commodity. As for UNIX, it gained a reputation for being something of an unruly beast. The combination of its hippie culture, unorthodox parentage, and its almighty superuser (root) proved something of a nightmare for some auditors.

Consequently, the advice given to administrators was very general in nature and seemed to focus solely on who had access to root and what version of sendmail was running (because of its long history of security problems). These things are clearly important, but the fact that their shiny new systems were running a slew of overtrusting network services and buggy, privileged programs just wasn't on their radar. (And we haven't even mentioned the application programs!) Crackers were well aware of the shortcomings in popular distributions and were running rings around the less capable administrators.

However, at the other end of the spectrum was a loose community of "security pioneers"— programmers cum administrators, who developed some of the most pervasive security tools ever written. We'll cover the best ones in due course. The authors openly shared their source code with the wider community via Usenet—way before the WWW (World Wide Web) had been invented.

Recent years have seen a significant rise in the popularity and business acceptance of open source UNIX. Traditionally, commercial support for open source distributions was limited to small specialist outfits that tended to have limited geographical presence. The recent explosion of business interest in GNU/Linux has vendors lining up to earn support dollars. Times have really changed in the UNIX world. In the world of commerce, proprietary UNIX systems once ruled the roost. Now, everyone is talking open source.