Help--I need a new newsreader

Page 3 of 4  


You are correct Leon. So much so, that CERT came into being over a hacked UNIX environment - not hacked Microsoft environments. Virus', worms, trojan horses, etc. were all very real threats in the UNIX world. One of the problem with open source environments like UNIX is that it is indeed easy to create malicious code. Apple has already seen the attention of the hacker community as well. Not to the degree that Microsoft has, but for all of the reasons you've listed.
--

-Mike-
snipped-for-privacy@alltel.net
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Yes.
But if you go back 20 some odd years ago when Unix boxes still outnumbered machines on the internet running microsoftware, what was the percentage of each that was compromised at any give time?
Despite the fact that the Unix machines were more lucrative targets, having faster connections and greater bandwidth, as well as outnumbering Microsoft PCs, wasn't the percentage of infected PCs much, much, higher?
It certainly jumped when Microsoft released its first OS/ email client combination that allowed a sender to install software onto the recipient's computer without notifying the recipient. That upswing was pretty much entirely a product of the technical aspects of the microsoftware and had almost nothing to do with it's popularity.
--
FF



Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

But... I maintain that this is because the world of hacking, creating viri, etc. had not reached the level of interest that is has today.

Law of large numbers. Once the phenonena became publicized, interest, copy-cats, etc. skyrocketed and the PC was the obvious target for reasons of (both) securitiy issues and popluation.

I believe it was due to both.
--

-Mike-
snipped-for-privacy@alltel.net
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
rec.woodworking:

I believe that Unix would be just as insecure if it was as commercially successful as Windows. I think Unix is secure because it has remained in the hands of informed and educated administrators and developers, mostly.
Big commercial success means lots of uninformed users who would demand whiz-bang applications like games. Programmers who crank out that stuff aren't particularly concerned with security -- they're concerned with getting the code out the door by the Christmas sales season and making pretty pictures, so they take hardware and software shortcuts.
Granted, Unix has architectural features that make it more difficult to access the privileged areas, but it isn't impossible. I used to be a VAX developer and administrator. That OS was well designed for security, but we had regular patches to fix security issues, and that was before the Internet was developed.
--
Steve B.
New Life Home Improvement
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Leon" wrote

Granted a bit of a simplistic overview, but IMO, the point being missed in many of the arguments being bantered about, and using the word "security", is the distinction therein between the "hacking" (for lack of a better term) or breaching of a system/network; and the act of spreading viri/malicious code by _exploiting_ sloppy programming.
Both fit nicely under the umbrella of "security" and are often used in conjunction to compromise a system/network.
The fact that MSFT operating systems, whether for server platforms or workstations, have historically shipped with defaults set to 'ease of use' instead of 'security against breach' has been a big problem with the first part above. Add to the mix the fact that sloppy coding inherent in a rush-to-market mentality (notably manifested in the infamous "buffer overruns") has been responsible for most of the known virus/malicious code exploits with MSFT products.
Now add those two, ALONG with their _ubiquity_, which you correctly mention, and you get the deadly combination we are currently in with regard to "security" as users of MSFT products.
I'm not a MSFT detractor, but in the realm of security they indeed shot themselves, as well as their users, in the foot in their headlong rush for market share, with "security" arguably not even entering into their thoughts until forced to do so by the obvious.
That MSFT still does not have their act together in this regard is amply illustrated by the number of "security updates" in yours and my "Windows Update" logs ... ... not to mention that this particular genie is VERY difficult to get back into the code base bottle. ;)
As far as the ease of effecting the "security" of a system/network with tools, knowledge, and an inherent, built-in capacity to do so, Larry Blanchard put it very succinctly in another post.
--
www.e-woodshop.net
Last update: 3/27/08
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

As a matter of curiosity, do you know if MS has begun using Code Data Separation?
--
FF


Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Fred the Red Shirt" wrote in message

I'm not sure I understand the question ... do you mean the OS taking advantage of processor functionality, like NX, to prevent stack overflows, or their .net/xml content management/code/data separation?
--
www.e-woodshop.net
Last update: 3/27/08
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Yes.
Several years ago, round about when W2k came out a person whose expertise I respect pointed out that Windows stored data and code interspersed in memory so that an overflow in the data could overwrite elements of a program, or maybe even the OS. Sounds to me like he was explaining the infamous 'buffer overflow exploits' as well as why Windows crashed so much.
That type of problem was solved by pretty much everyone BUT Microsoft decades earlier by segregating data and programming in memory--Code Data Separation (CDS). I remember CDS as a compiler option for our HP a-900 (I think it was a 900) circa 1987.
So, which of those was I talking about?
--
FF





Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Some of this isn't an OS issue. It's a processor architectural issue. The x86 processors use a von Nuemon (sp?) architecture, where both data and instructions are transmitted on the same bus and stored in the same memory. The PIC, for example, uses a Harvard architecture where data and instructions are kept seperate.
There are x86 options now (like the NX bit) to try to solve some of the problems, but it will take a LONG LONG time to get everyone switched over. It took 10 years to get everyone switched over from the DOS-based 9x kernals to the superior NT kernal.
Oh, and don't underestimate the resourcefulness of crackers. If they post "please send me teh codez" enough, someone's bound to do it! (Just adding a bit of humour.) :-)
Puckdropper
--
You can only do so much with caulk, cardboard, and duct tape.

To email me directly, send a message to puckdropper (at) fastmail.fm
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Fred the Red Shirt" wrote

Yes:
http://i29.tinypic.com/10gidzr.jpg
--
www.e-woodshop.net
Last update: 3/8/08
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
There is currently a security hole in Windows 2000 and XP. You get two attachments a *.doc and a *.mdb (or *.asd) file. If you open the *.doc file, you get infected with a virus.
http://www.symantec.com/enterprise/security_response/weblog/2008/03/another_reason_why_microsoft_s.html
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Except when you screw up. The iPhone runs as superuser, and not an unpriviledged user. This is one reason why it was so easy to hack.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Maxwell Lol wrote:

According to McAfee (and a large number of other sources) the "Join the Crew Virus" was a hoax.
--
--
--John
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That's the point.
You can't get a virus just by reading email.
Or rather you couldn't until Microsoft began writing email clients.
--

FF

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

You forgot to mention the versions of XP home that required the user to connect to MS over the internet and without any firewall or other protections in order to complete the installation. The ruesult was that many, if not most, installations of XP on home computers with high speed internet access were compromised with zombies use to propagate spam, viruses, and DDOS attacks during their initial installation.
Note XP was targeted JUST because it was common. XP was targeted because the Microsoft installation process REQUIRED that it be left open for abuse.
Thus demonstrating Heinlein's observation that there are degrees of incompetence or stupidity so extreme as to be indistinguishable from malice.
--
FF



Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I had the same problem with Linux years ago. It was a new install, and while downloading hte latest patches, it was compromised.
To be honest - both Vista and Linux systems have improved. Some just take longer than others...
Microsoft has a big problem - with a zillion users, you can't make people change their behavior without being flooded with complaints.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Out sysadmin found out (the hard way) that a patch from HP reset our mailserver to an open relay.
Of course the documentation from HP didn't warn about that, it was obvious--to them.
--
FF


Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That's really all you needed to say :)
--
********
Bill Pounds
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 03 Apr 2008 17:24:58 +0000, Colin B. wrote:

And me, for much the same reasons. But explaining that to a non-techie is a lost cause. With a great deal of persuasion you might get them to use Thunderbird.
There are applications that don't run under anything but Windows so I have it on my machine. But most of the time, and all the time I'm online, I use Linux. When I get the time I'm going to try WINE (Windows emulator) and see if the apps I use will run under it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Larry Blanchard wrote:

Try vmware server on linux. Any windows apps you need will run with no problems. You can install windows and any windows apps that you might need. When your windows virtual machine gets hacked, just delete and reinstall. Your linux machine will be the none the worse for wear.
http://www.vmware.com/products/server /
I have it on my linux box running win2K, winXP and Solaris 10, all at the same time and with no performance issues. Memory is your friend - on a desktop with 2.5GB, I still don't have any paging issues.
Fortunately, the only windows apps I need are things like Taxcut and cutlist. So far, my virtual windows machines haven't been hacked, probably because of infrequent use and a good linux based firewall/nat/dns/dhcp linksys wireless router running the dd-wrt linux based firmware as well as the full suite of AVG protection tools.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Site Timeline

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.