Hadron wrote:
> High Plains Thumper writes:
>> Chris Ahlstrom wrote:
>>> High Plains Thumper belched:
>>>> Hadron wrote:
>>>>> High Plains Thumper writes:
>>>>>> Richard Rasker wrote:
>>>>>>> DFS wrote:
>>>>>>>> MontGumDropped1 Paul wrote:
>>>>>>>>> Richard Rasker wrote:
>>>>>>>>>> MontGumDropped1 Paul wrote:
>>>>>>>>>>
>>>>>>>>>>> Linux is under attack just like the rest.
>>>>>>>>>>
>>>>>>>>>> But it doesn't succomb to these attacks as
>>>>>>>>>> easily as the rest.
>>>>>>>>
>>>>>>>> There's no proof of that at all:
>>>>>>
>>>>>> http://www.theregister.co.uk/2008/03...left_standing/
>>>>>>
>>>>>>

Only Ubuntu left standing, as Flash vuln
>>>>>> fells Vista in Pwn2Own hacking contest
>>>>>>
>>>>>> Contestant overcomes bout of 'hacktile dysfunction'
>>>>>> By Dan Goodin in Vancouver
>>>>>> Published Saturday 29th March 2008 21:27 GMT
>>>>>>
>>>>>> CanSecWest. A laptop running a fully patched version
>>>>>> of Microsoft's Vista operating system was the
>>>>>> second and final machine to fall in a hacking
>>>>>> contest that pitted the security of Windows, OS X
>>>>>> and Ubuntu Linux. With both a Windows and Mac
>>>>>> machine felled, only the Linux box remained standing
>>>>>> following the three-day competition.

>>>>>>
>>>>>> OSX and Vista pwned by Ubuntu! Debian security
>>>>>> unsurpassed.
>>>>>
>>>>> You stupid fool. Do you never tire of making a dick
>>>>> head out of yourself? This is the problem with
>>>>> headline surfers like you and Roy. You don't
>>>>> understand the bigger picture. Here's a hint:
>>>>>
>>>>> http [snip rest of troll trailer trash rant]
>>>>
>>>> Again as a reminder:
>>>>
>>>> http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/
>>>>
>>>>

1.4 The Charter of comp.os.linux.advocacy
>>>>
>>>> The charter of comp.os.linux.advocacy is:
>>>>
>>>> For discussion of the benefits of Linux compared to
>>>> other operating systems.
>>>>
>>>> That single sentence is the one and only charter of
>>>> the newsgroup comp.os.linux.advocacy. The newsgroup's
>>>> charter is for the newsgroup as a place for supporters
>>>> of Linux to gather to discuss Linux, for the betterment
>>>> of the Linux community and the promotion and development
>>>> of Linux. It supports this as a place for those who
>>>> would like to learn more about Linux to come to learn
>>>> from those who know Linux. It does not call for it to be
>>>> a place where the anti-Linux propagandists to gather in
>>>> order to discredit Linux.

>>>>
>>>> What does your rant have to do with discussions of the
>>>> benefits of Linux compared to other operating systems?
>
> Nothing. It has everything to do with posting misinformation
> though. Do try and get that through your skull. It's all about
> telling the truth.

Interesting, posting the truth about how Linux came out ahead in
a hacking contest, besting both Microsoft Vista and Apple
MacIntosh OSX is considered a lie. This smacks of his ranting
and raving per the Microsoft Evangelism document:

'Use [...] the Internet, etc. to heighten the impression that the
enemy is desperate, demoralized, defeated, [...] associated with
mental deficiency, as in, "he believes in Santa Claus, the Easter
Bunny". Just keep rubbing it in, via the [...] newsgroups, [...]
make the complete failure of the competition's technology part of
the mythology of the computer industry.'

(Reference Comes vs Microsoft lawsuit, PDF pages 45 & 55 on
http://www.groklaw.net/pdf/Comes-3096.pdf)

>>>> None apparently, except for a hate agenda against Linux
>>>> and those who advocate Linux.
>
> Hate Linux? Are you crazy? I love Linux. What I hate is lies
> and bull**** from you and and Ahlstrom day after day after
> day. Watching Liarmutt suck up to Willy Poaster is nauseating.

http://colatrolls.blogspot.com/2007/...ark-troll.html

http://tinyurl.com/6ngfby

Subject: Re: Microsoft's Secret Sauce for 'Success'
Date: Thu, 19 Jul 2007 20:32:35 +0900
Message-ID: pan.2007.07.19.11.32.30.969000@gREMTHISmail.com

>> No it isn't. Linux is freely available for download. The
>> problem is that for too long Linux was crap and simply not
>> ready for the prime time desktop. It is now. But it's missed
>> the boat. And people like you whining all the time about MS
>> isn't going to change that. Grow a set of balls and advocate
>> LINUX and stop whinging like schoolgirl about the Market
>> Leader.

Hadron uses a very common trolling technique. Rather than
participate in the discussion, attempts to deflect the issues by
flinging insulting retorts, such as homophobic name calling and
referring to a poster's expressions as "whines". In his
insulting, extolls a competing operating system by calling it a
market leader. This confirms he is here to troll.

He misrepresents the truth, showing that he truly is not an
advocate, referring to Linux as crap. Yet 10 years ago, Linux was
a complete and suitable desktop product. As you show in the
following explanations regarding Microsoft concerns expressed
through the Halloween papers.

>>> Hate-drone? Nah. He's too much of a putz for that word.
>
> Yet I have mastered you in each and every tech discussion you
> have poked your little brown nose into. Hell, Rick has more of
> a clue than you.

Sense of denial ....

http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/

7.6 Trespasser Disinformation Tactics [...]

50. Claim god like attributes. Claim god like attributes,
such as being all knowing. If you don't want to make that claim,
behave as though you are, any way.

51. Claim only you understand what the issues are. Claim and
other wise present the attitude to imply that only you know what
the issues really are. Attempt to project the attitude that would
tend to discredit your opponent at the same time.

>> What do you call his derogatory, insulting, altering of
>> poster's nyms? Usage of terms such as "stupid fool", "dick
>> head", "lies", "liars", "A lot of the OSS apps are crap",
>> "frothing at the mouth", "shreaking about 'wintrolls'", "wet
>> your knickers", "sad packer", "stroking Tattoo Vampire's
>> brillo pad hair", "snip High Plains Hypocrite's ludicrous
>> attempt to appear informed", "Old Fogies who were clueless",
>> "High Plains Hypocrite", "Liarmutt", "God you're dim",
>> "f*cking idiot", "You're a twit", "Willy 'me too' Poaster",
>> "Cola Advocates tell lies", "paranoid twit", "loony",
>> "paranoid loser", "clueless", "baton twirling", "Liarnut",
>> "Phil Da Tard", "Dumb Willie", "scum", "sycophantic lap
>> dog", "dream la-la-la land facts spouted in here", "lunatic
>> conspiracy theories from odd balls", "whinge and simper",
>> "stupidity", "ext3 .... its omnipresence for mediocrity",
>> "bull****ter", "Owned", "psychopathic nut job", "Microsoft
>> pawn", "gang shilling", "Rasker bull****", "clueless idiot",
>> "A lot of COLA advocates are unable to tell the truth",
>> "need to adjust your meds", "ignorant Liarmutt wants to be
>> when earning another doggy drop from his Master Roy",
>> "Brazil? The place full of long yellow republicans that
>> people skid on?", "Schestowitz is to Linux Advocacy as a
>> 'doggy do' is to a child's playground. Distinctly smelly and
>> unwanted", "Roy's henchmen", "preening little arse kisser",
>> and ad nauseum?
>>
>> Time to smell the coffee?
>
> One call only call it as one sees it. And your recent attempt
> to repaint your image is a total failure.
>
> We know who starts the language and attitude here : the likes
> of you, Willy Poaster, Peter Koehlmann, Tattoo Campfire etc
> etc etc. Quite disgusting. And you can't take it back eh?
> Cissy. There you go - add that one!
>
> I am particularly proud of this one though:
>
> "... Liarmutt wants to be when earning another doggy drop from
> his Master Roy"
>
> LOL!

See my above comment.

--
HPT
Quando omni flunkus moritati
(If all else fails, play dead)
- "Red" Green

Hadron wrote:

> High Plains Thumper writes:
>
>> Richard Rasker wrote:
>>> DFS wrote:
>>>> MontGumDropped1 Paul wrote:
>>>>> Richard Rasker wrote:
>>>>>> MontGumDropped1 Paul wrote:
>>>>>>
>>>>>>> Linux is under attack just like the rest.
>>>>>>
>>>>>> But it doesn't succomb to these attacks as easily as the
>>>>>> rest.
>>>>
>>>> There's no proof of that at all:
>>
>> http://www.theregister.co.uk/2008/03...left_standing/
>>
>>

>> Only Ubuntu left standing, as Flash vuln fells Vista in Pwn2Own
>> hacking contest
>>
>> Contestant overcomes bout of 'hacktile dysfunction'
>> By Dan Goodin in Vancouver
>> Published Saturday 29th March 2008 21:27 GMT
>>
>> CanSecWest A laptop running a fully patched version of Microsoft's
>> Vista operating system was the second and final machine to fall in a
>> hacking contest that pitted the security of Windows, OS X and Ubuntu
>> Linux. With both a Windows and Mac machine felled, only the Linux box
>> remained standing following the three-day competition.
>>

>>
>> OSX and Vista pwned by Ubuntu! Debian security unsurpassed.
>
> You stupid fool. Do you never tire of making a dick head out of
> yourself? This is the problem with headline surfers like you and
> Roy. You don't understand the bigger picture.

OK, put up or shut up. Show us this "bigger picture", proving that Linux
users are just as vulnerable to malware, viruses and other mayhem as
Windows users. Just one credible story will do -- in other words: just
*one* reliably provable Linux infection tear jerker is enough against
200,000+ separate pieces of Windows malware.

Yep, I thought so. All talk and no trousers.

Richard Rasker
--
http://www.linetec.nl

After takin' a swig o' grog, High Plains Thumper belched out
this bit o' wisdom:

> Hadron wrote:
>>
>> Hate Linux? Are you crazy? I love Linux. What I hate is lies
>> and bull**** from you and and Ahlstrom day after day after
>> day. Watching Liarmutt suck up to Willy Poaster is nauseating.

He hate me!

> http://colatrolls.blogspot.com/2007/...ark-troll.html
>
>

> http://tinyurl.com/6ngfby
>
> Subject: Re: Microsoft's Secret Sauce for 'Success'
> Date: Thu, 19 Jul 2007 20:32:35 +0900
> Message-ID: pan.2007.07.19.11.32.30.969000@gREMTHISmail.com
>
>>> No it isn't. Linux is freely available for download. The
>>> problem is that for too long Linux was crap and simply not
>>> ready for the prime time desktop. It is now. But it's missed
>>> the boat. And people like you whining all the time about MS
>>> isn't going to change that. Grow a set of balls and advocate
>>> LINUX and stop whinging like schoolgirl about the Market
>>> Leader.
>
> Hadron uses a very common trolling technique. Rather than
> participate in the discussion, attempts to deflect the issues by
> flinging insulting retorts, such as homophobic name calling and
> referring to a poster's expressions as "whines". In his
> insulting, extolls a competing operating system by calling it a
> market leader. This confirms he is here to troll.
>
> He misrepresents the truth, showing that he truly is not an
> advocate, referring to Linux as crap. Yet 10 years ago, Linux was
> a complete and suitable desktop product. As you show in the
> following explanations regarding Microsoft concerns expressed
> through the Halloween papers.
>

>
>>>> Hate-drone? Nah. He's too much of a putz for that word.
>>
>> Yet I have mastered you in each and every tech discussion you
>> have poked your little brown nose into. Hell, Rick has more of
>> a clue than you.

*splorf*

Never drink fluids while reading a Hadron Quark post!

> Sense of denial ....
>
> http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/
>
>

> 7.6 Trespasser Disinformation Tactics [...]
>
> 50. Claim god like attributes. Claim god like attributes,
> such as being all knowing. If you don't want to make that claim,
> behave as though you are, any way.
>
> 51. Claim only you understand what the issues are. Claim and
> other wise present the attitude to imply that only you know what
> the issues really are. Attempt to project the attitude that would
> tend to discredit your opponent at the same time.
>

>
>>> What do you call his derogatory, insulting, altering of
>>> poster's nyms? Usage of terms such as ...
>>>
>>> Time to smell the coffee?
>>
>> One call only call it as one sees it. And your recent attempt
>> to repaint your image is a total failure.
>>
>> We know who starts the language and attitude here : the likes
>> of you, Willy Poaster, Peter Koehlmann, Tattoo Campfire etc
>> etc etc. Quite disgusting. And you can't take it back eh?
>> Cissy. There you go - add that one!
>>
>> I am particularly proud of this one though:
>>
>> "... Liarmutt wants to be when earning another doggy drop from
>> his Master Roy"
>>
>> LOL!
>
> See my above comment.

I do believe Hadron is going over the deep end. He seems one the verge
of a DFS-style deranged rant.

Or maybe he's just dazed, because HPT is beating him like a rented mule.

Is that the sound of stammering I hear? Or foaming?

--
Uh-oh!! I'm having TOO MUCH FUN!!

Richard Rasker wrote:
>
> OK, put up or shut up. Show us this "bigger picture", proving that Linux
> users are just as vulnerable to malware, viruses and other mayhem as
> Windows users. Just one credible story will do -- in other words: just
> *one* reliably provable Linux infection tear jerker is enough against
> 200,000+ separate pieces of Windows malware.
>
> Yep, I thought so. All talk and no trousers.
>

If you step into a Vista NG, you see hardly any posts about malware
issues. But again, like I said, nothing is bullet proof, not even Linux.

On Mon, 13 Oct 2008 15:49:05 +0100, William Poaster wrote:

> *If* their claim *was* true, with more of the Internet running on Linux
> servers than on windoze ones (even M$ Ballmer admitted that Linux servers
> account for 60% of the Internet), don't you think that there would have
> been *successful* attacks on them? Oh, there have been attacks, but
> nowhere *near* as successful as those on the windoze servers. So why pick
> a hard target, when you can knock over an easy one?

This tired old claim again? The number of hostsnames that resolve to a
Linux host is not the number of servers on the internet.

And yes, there are successful attacks all the time on Linux. Zone-h has a
pretty comprehensive attack database, currently it shows 70.35% of all
successful attacks in the last week were on Linux systems.

http://www.zone-h.com

> Apache has a much larger market share than IIS, & yet IIS has many more
> security problems, exploits, viruses, etc. than Apache.

Hostnames != server market share.

And, no IIS has had only 3 security vulnerabilities in the last 5 years.
3, none of which were critical.

> The "popularity" argument propounded by wintrolls etc, falls flat on its
> face.

Only when you make stuff up, like you're doing right now.

In comp.os.linux.advocacy, Chris Ahlstrom

wrote
on Mon, 13 Oct 2008 21:57:53 -0400
:
> Richard Rasker wrote:
>>
>> OK, put up or shut up. Show us this "bigger picture", proving that Linux
>> users are just as vulnerable to malware, viruses and other mayhem as
>> Windows users. Just one credible story will do -- in other words: just
>> *one* reliably provable Linux infection tear jerker is enough against
>> 200,000+ separate pieces of Windows malware.
>>
>> Yep, I thought so. All talk and no trousers.
>>
>
> If you step into a Vista NG, you see hardly any posts about malware
> issues. But again, like I said, nothing is bullet proof, not even Linux.

Vista is. ;-) Especially when paired with good AV and
a NAT router, which is the traditional setup for DSL and
cable nowadays.

Unless one is ultra-braindead and opens all the NAT ports,
there's no way a packet pummeler will get through that
router, regardless of what OS is being run on computer(s)
behind it.

There are, of course, other vectors, such as phishing and
pharming. Phishing is OS-agnostic, relying on the user's
naievete on clicking on a link, which, as anyone familiar
with HTML knows, can be set up in a very straightforward
fashion to point to somewhere entirely different:


http://my.trustedbank.com/login

and what is displayed is the underlined text

http://my.trustedbank.com/login

which the naive user might click on, thinking he'll go
there, but he'll end up wherever

http://evilhost.h4cker5_r_us.com/infectmeplease.html

wants him to go. (This is a *very* fundamental flaw or
feature in HTML, and there's not a lot one can do to fix
it apart from implementing a hoverlink display -- and
that's easily overridden in the HTML via onMouseOver and
onMouseOut attributes pointing to local Javascript code
that can do various clever things with the status bar,
like display "Click me now!" or "Section 3" instead of
the actual href= link text).

The condition was exacerbated by a now-fixed bug, which
allowed for a NUL or Control A character to hide the true
location; basically, the URL actually seen by
the browser might be represented as

http://my.trustedbank.com\001dumb.so...r_us.com/login

(where \001 is a printable rendition of the dangerous
char) and the DNS processor of some.h4cker5_r_us.com
was specialized to accept anything, redirecting it to a
certain IP address (which was probably somewhere in the
h4cker5_r_us.com domain anyway) that took web accesses and
did whatever it liked. The buggy browser only showed in
its address bar

http://my.trustedbank.com/login .

which temporary placated the user -- while he was being
infected. If the hacker was ingenious enough the website
he maintained simulated a "temporary server failure" with
a clever redirect to the real website, after installing
the requisite malware on the user's system, presumably by
using AJAX techniques and an ActiveX control.

If he was even more clever he might have mimicked a login
page, which forwarded the credentials to the real website
-- while capturing it.

Linux can forestall none of these attacks (it's way too
low in the food chain; might as well ask NTLDR to deal
with Windows keyloggers!). Mozilla Firefox and Evolution
might be able to stave off some of these attacks, either
by disabling or ignoring Javascript, not loading pictures,
or carefully examining links and reporting discrepancies.
Text-only email programs such as 'mailx' or 'mutt' are
immune, though the display of the suspect message will
look like HTML glop.

Pharming is even more insidious, requiring some dinking
around with the user's host file, or exploitation of an
uplink vulnerability to replace the true IP address for
my.trusted.bank with a spoofed one, pointing somewhere
into a network under the evil hacker's control.

But never mind; you're safe with Vista.

Wait...maybe not...

http://www.infoworld.com/article/05/...viruses_1.html
http://www.avantnews.com/modules/new...hp?storyid=322
http://www.crime-research.org/news/02.04.2007/2595/
http://www.neowin.net/index.php?act=view&id=42663

A reprisal of a boot sector virus? Wow. I guess Microsoft
had better reinstall NTLDR by default, wiping out all of
those customized LILO and GRUB boot sector "viruses".

For its part Linux has its own list of malware:
http://en.wikipedia.org/wiki/List_of...mputer_viruses

Most of these are true viruses, infecting executables.

--
#191, ewill3@earthlink.net
Is it cheaper to learn Linux, or to hire someone
to fix your Windows problems?
** Posted from http://www.teranews.com **

Erik Funkenbusch wrote:
> On Mon, 13 Oct 2008 15:49:05 +0100, William Poaster wrote:
>
>> *If* their claim *was* true, with more of the Internet running on Linux
>> servers than on windoze ones (even M$ Ballmer admitted that Linux servers
>> account for 60% of the Internet), don't you think that there would have
>> been *successful* attacks on them? Oh, there have been attacks, but
>> nowhere *near* as successful as those on the windoze servers. So why pick
>> a hard target, when you can knock over an easy one?
>
> This tired old claim again? The number of hostsnames that resolve to a
> Linux host is not the number of servers on the internet.

Yes, he is tired and old, and all he does is run around Usenet giving
out mis-information. And so do the rest of the loons at Amityville.Linux
give out mis-information to each other that they spread around Usenet,
as they get hyped-up and venture out from Amityville.Linux with their
made to order gospel.

The Ghost In The Machine wrote:
> In comp.os.linux.advocacy, Chris Ahlstrom
>
> wrote
> on Mon, 13 Oct 2008 21:57:53 -0400
> :
>> Richard Rasker wrote:
>>> OK, put up or shut up. Show us this "bigger picture", proving that Linux
>>> users are just as vulnerable to malware, viruses and other mayhem as
>>> Windows users. Just one credible story will do -- in other words: just
>>> *one* reliably provable Linux infection tear jerker is enough against
>>> 200,000+ separate pieces of Windows malware.
>>>
>>> Yep, I thought so. All talk and no trousers.
>>>
>> If you step into a Vista NG, you see hardly any posts about malware
>> issues. But again, like I said, nothing is bullet proof, not even Linux.
>
> Vista is. ;-) Especially when paired with good AV and
> a NAT router, which is the traditional setup for DSL and
> cable nowadays.

No, it's because of what's in the links that Vista is better protected
from the ignorant masses than any previous versions of the NT based O/S.










From a poster who won't face reality with a general post to
Vista.Security, when I gave him the same information that I am giving you.

-----------------------------------------------------

I don't have much to comment on this issue anymore, but I'd like to ask
you a question:

Do you wear a helmet when riding your bike? (the question is void if
it's required by law though...)

-----------------------------------------------------

My response to him.

-----------------------------------------------------

Why must you act an a$$ about it? Just because you like to fly with no
safety-net and with your draws down at your ankles does that mean that
anyone else should follow in your foot steps.

The thing about Linux users on Linux machines, which makes that system
less susceptible to attack used by the ignorant is that the user never
runs as root admin.

They run as non-root admin until an admin task is encountered, and then
they must give a root admin user-id and psw to escalate to root admin
rights to perform the task. They are then returned to being a non-root
admin.

Yes, the ignorant masses my not be getting attacked like they use to be
on Vista, but on the other hand, on any previous version of the NT
based O/S, their linen was dropped to their ankles, and they had to keep
on grinnin.

Now, they have a choice to leave the security on or turn it all off, if
he or she chooses to do either one.

In comp.os.linux.advocacy, Erik Funkenbusch

wrote
on Mon, 13 Oct 2008 22:14:16 -0400
<1hf8ig6kfv4dv$.dlg@funkenbusch.com>:
> On Mon, 13 Oct 2008 15:49:05 +0100, William Poaster wrote:
>
>> *If* their claim *was* true, with more of the Internet running on Linux
>> servers than on windoze ones (even M$ Ballmer admitted that Linux servers
>> account for 60% of the Internet), don't you think that there would have
>> been *successful* attacks on them? Oh, there have been attacks, but
>> nowhere *near* as successful as those on the windoze servers. So why pick
>> a hard target, when you can knock over an easy one?
>
> This tired old claim again? The number of hostsnames that resolve to a
> Linux host is not the number of servers on the internet.

Absolutely correct. For starters, many Web servers are
required (by HTTP 1.1, aka RFC2046) to implement the Host:
header, which allows for some very creative web structures
-- and of course the service of thousands of light-duty
webhosts from a single server farm, presumably such as
GoDaddy's.

This is an OS-agnostic issue; I would be very surprised if
IIS did not have a virtual hosts capability.

>
> And yes, there are successful attacks all the time on Linux. Zone-h has a
> pretty comprehensive attack database, currently it shows 70.35% of all
> successful attacks in the last week were on Linux systems.
>
> http://www.zone-h.com

See also

http://www.linux.com/articles/24013
http://www.zdnet.com.au/news/securit...0266696,00.htm
http://www.internetnews.com/dev-news...le.php/3076701

(They were warning us about this more than 6 years ago, folks!)

and it's going *up*; the first post of the blog
below reports 53.2% back in 2003.

http://www.internetnews.com/dev-news...le.php/3076701

Somebody tries to deflect Linux's insecurity by suggesting
that it's a "n00b trying to set up a safe by leaving the
door open" issue. A possibility, but someone should at
least put a note in the safe in that case, no?

http://ttcshelbyville.wordpress.com/...ux-attacks-up/

It is far from clear that this is the only explanation.

BTW: this shows an even higher number of successful attacks,
namely 84.67%. It is not clear what week this is.

A 2008 attack has claimed 10,000 Linux sites. The report
specifies neither the attack nor the sites, although the
compromised component is Apache, as one might expect (the
precise version is unspecified here).

Once compromised, the server spews out mutating Javascript
that "calls up an exploit ****tail that includes
attack code targeting recent QuickTime vulnerabilities,
the long-runnings Windows MDAC bug, and even a fixed
flaw in Yahoo Messenger". This speaks volumes of the
sophistication of the hackers, though in all fairness
any payload can be used, once a server is sufficiently
compromised -- and of course a script kiddie can modify
the payload to suit his tastes, if he has half a clue
as to how it's stored in the malware.

http://www.tuxmachines.org/node/23518

One interesting, if again old, attack involves a rather
sophisticated DoS attack on a fundamental Linux algorithm:
the packet classification hash table. I frankly don't
know the details here but apparently it makes for an effective
lockout attack.

http://www.enyo.de/fw/security/notes...cache-dos.html

And another old article, dated 2004:

http://www.zdnet.com.au/news/softwar...9116229,00.htm

This refers to mi2g, presumably mi2g.org. Unfortunately,
its search engine is down, resulting in the interesting
user-visible message:

ht://Dig error

htsearch detected an error. Please report this to the webmaster of
this site. The error message is:

Unable to read word database file
Did you run htmerge?

So is Linux more secure? An interesting question.
At best, one has a little work to keep one's server
machines from being compromised. At worst, Linux security
may be an oxymoron, undone by human sloppiness. (I would
wish otherwise, but the price for freedom is eternal
vigilance, and there's no way the most secure of safes
can do anyone any good if one leaves the door open!)

>
>> Apache has a much larger market share than IIS, & yet IIS has many more
>> security problems, exploits, viruses, etc. than Apache.
>
> Hostnames != server market share.
>
> And, no IIS has had only 3 security vulnerabilities in the last 5 years.
> 3, none of which were critical.

http://searchsecurity.techtarget.com...114647,00.html

contains the following rather telling paragraph:

Inherent server vulnerabilities.

Despite the bad press Microsoft receives, the platforms
are almost equally vulnerable to attacks. A recent
search in the CERT Vulnerability Database yielded
28 hits for IIS vulnerabilities and 25 separate
announcements of Apache vulnerabilities. That's as
close as you get to a horse race in the information
security world.

(The article is dated 2005. Presumably both have been
improved since then.)

http://blogs.iis.net/bills/archive/2...vs-apache.aspx

has its own opinion on the matter, but is less than clear
as to which is more secure. http://secunia.com does not
have a readily identifiable "track record" page. Presuambly
IIS is far more secure than Apache now -- mostly because
IIS6 had to deal with live-fire exercises such as Nimda.
Then again, no data is available in the above website.

Note that IIS7 is far more configurable than Apache
(though in all fairness Apache doesn't handle such things
as e.g. Perl anyway; it throws the problem at a module),
and includes such things as MSIL support (which keys into
30+ languages such as C#, VB.NET, etc.)

The diagrams in

http://www.downloadsquad.com/2007/02...e-in-pictures/

are interesting but it's very easy to mistangle a routing
solution by moving the targets around; without more
assurances I can draw few conclusions here. It does
suggest that IIS routines could be simplified, but I would
also suspect that a lot of the fanout might be because of
C++/C# polymorphism -- which will inherently generate a lot
of spaghetti as the virtuals are implemented. (This might
be an issue regarding system performance, as the program
counter has to go all over creation to find code. However,
it wouldn't make much difference security wise, absent
other factors.)

>
>> The "popularity" argument propounded by wintrolls etc, falls flat on its
>> face.
>
> Only when you make stuff up, like you're doing right now.

The above is real stuff on the newswires, AFAICT.

--
#191, ewill3@earthlink.net
Linux sucks efficiently, but Windows just blows around
a lot of hot air and vapor.
** Posted from http://www.teranews.com **

In comp.os.linux.advocacy, Chris Ahlstrom

wrote
on Mon, 13 Oct 2008 23:24:54 -0400
:
> The Ghost In The Machine wrote:
>> In comp.os.linux.advocacy, Chris Ahlstrom
>>
>> wrote
>> on Mon, 13 Oct 2008 21:57:53 -0400
>> :
>>> Richard Rasker wrote:
>>>> OK, put up or shut up. Show us this "bigger picture", proving that Linux
>>>> users are just as vulnerable to malware, viruses and other mayhem as
>>>> Windows users. Just one credible story will do -- in other words: just
>>>> *one* reliably provable Linux infection tear jerker is enough against
>>>> 200,000+ separate pieces of Windows malware.
>>>>
>>>> Yep, I thought so. All talk and no trousers.
>>>>
>>> If you step into a Vista NG, you see hardly any posts about malware
>>> issues. But again, like I said, nothing is bullet proof, not even Linux.
>>
>> Vista is. ;-) Especially when paired with good AV and
>> a NAT router, which is the traditional setup for DSL and
>> cable nowadays.
>
> No, it's because of what's in the links that Vista is better protected
> from the ignorant masses than any previous versions of the NT based O/S.

Links? What links? Vista is inherently more secure because
of what's in the *OS*. The links below might explain such,
but Vista doesn't care what's in the links any more than
one's local Linux kernel will care what's in
http://www.kernel.org/pub/linux/kernel/v2.6/ .

>
>
>
>
>
>
>
>
>
>
> From a poster who won't face reality with a general post to
> Vista.Security, when I gave him the same information that I am giving you.

This is COLA; not sure where Vista.Security is in this subthread. The
crosspost probably got Followup-To:-ed out.

>
> -----------------------------------------------------
>
> I don't have much to comment on this issue anymore, but I'd like to ask
> you a question:
>
> Do you wear a helmet when riding your bike? (the question is void if
> it's required by law though...)
>

Assuming this is an analogy where the helmet is a NAT router,
and yes I do, both literally and by analogy.

(Of course it helps that I got the router for free; Earthlink
shipped it to me as part of their service.)

> -----------------------------------------------------
>
> My response to him.
>
> -----------------------------------------------------
>
> Why must you act an a$$ about it? Just because you like to fly with no
> safety-net and with your draws down at your ankles does that mean that
> anyone else should follow in your foot steps.
>
> The thing about Linux users on Linux machines, which makes that system
> less susceptible to attack used by the ignorant is that the user never
> runs as root admin.

You'd be surprised! I strongly suspect a fair number of naive users
will in fact do exactly that, despite all efforts at education.

>
> They run as non-root admin until an admin task is encountered, and then
> they must give a root admin user-id and psw to escalate to root admin
> rights to perform the task. They are then returned to being a non-root
> admin.

Actually, no. 'sudo bash' will leave up a shell until it
terminates. If one's sufficiently sophisticated one can
disable that capability, but I suspect most won't bother,
unless the distro disables it by default and explains patiently
in the docs that the user must edit this-and-that to allow it.

>
> Yes, the ignorant masses my not be getting attacked like they use to be
> on Vista, but on the other hand, on any previous version of the NT
> based O/S, their linen was dropped to their ankles, and they had to keep
> on grinnin.

Until they fall on the macadam and scrape all their skin off.

>
> Now, they have a choice to leave the security on or turn it all off, if
> he or she chooses to do either one.
>

If one has a choice.

--
#191, ewill3@earthlink.net
Windows Vista. Because a BSOD is just so 20th century; why not
try our new color changing variant?
** Posted from http://www.teranews.com **

The Ghost In The Machine wrote:
> In comp.os.linux.advocacy, Chris Ahlstrom
>
> wrote
> on Mon, 13 Oct 2008 23:24:54 -0400
> :
>> The Ghost In The Machine wrote:
>>> In comp.os.linux.advocacy, Chris Ahlstrom
>>>
>>> wrote
>>> on Mon, 13 Oct 2008 21:57:53 -0400
>>> :
>>>> Richard Rasker wrote:
>>>>> OK, put up or shut up. Show us this "bigger picture", proving that Linux
>>>>> users are just as vulnerable to malware, viruses and other mayhem as
>>>>> Windows users. Just one credible story will do -- in other words: just
>>>>> *one* reliably provable Linux infection tear jerker is enough against
>>>>> 200,000+ separate pieces of Windows malware.
>>>>>
>>>>> Yep, I thought so. All talk and no trousers.
>>>>>
>>>> If you step into a Vista NG, you see hardly any posts about malware
>>>> issues. But again, like I said, nothing is bullet proof, not even Linux.
>>> Vista is. ;-) Especially when paired with good AV and
>>> a NAT router, which is the traditional setup for DSL and
>>> cable nowadays.
>> No, it's because of what's in the links that Vista is better protected
>> from the ignorant masses than any previous versions of the NT based O/S.
>
> Links? What links? Vista is inherently more secure because
> of what's in the *OS*. The links below might explain such,
> but Vista doesn't care what's in the links any more than
> one's local Linux kernel will care what's in
> http://www.kernel.org/pub/linux/kernel/v2.6/ .

You are wrong and you are unwilling to even read the information in the
links. You are ridiculous.

Do you even know that the out of the box user-admin account that Vista
gives one or any new user account that are created are NOT user/admin
accounts that have full admin rights in certain situations, even with
UAC disabled?

And man don't give me anything about Linux when Vista is not Linux.

The Ghost In The Machine wrote:



Here is another little info about Vista, because it's not business as
usual on Vista for users or admin(s). The admin is talking about issues
he is having on Vista. He is right in the heart of the O/S at
C:\Windows\System32, and WRP on Vista is stepping in and is not letting
the admin do it.


----------------------------------------------------------------------------

Hi,

We are using Windows Server 2003 OS and Visual Studio 2005. When user
trying drag and drop .dll files in c:\windows\assembly folder we gets

"Assembly cache viewer- install failed"
Access is Denied: 'FileName.dll'.

I knew this definitely a some permissions issue. i.e user need to have
permission to update the GAC...not having admin permissions!!!

How I can give more permissions to user?

I wrote a BATCH File:

icacls C:\Windows\assembly /C /Grant "Users"F)
icacls C:\Windows\assembly /C /Grant "Users"CI)
icacls C:\Windows\assembly /C /Grant "Users"OI)
icacls C:\Windows\assembly /C /Grant "Users"IO)
icacls C:\Windows\assembly /C /Grant "Power Users"F)
icacls C:\Windows\assembly /C /Grant "Power Users"CI)
icacls C:\Windows\assembly /C /Grant "Power Users"OI)
icacls C:\Windows\assembly /C /Grant "Power Users"IO)

but i still get this error message...

can you help me???

THANK YOU!

"Kleuskes & Moos" writes:

> On 13 okt, 19:41, Chris Ahlstrom wrote:
>> Kleuskes & Moos wrote:
>> > If you see 'class' as discriminator between truth and falsehood, you
>> > will be disappointed many times. Unless you're too f*cking stoopid to
>> > notice.
>>
>> It's only truth according to you. But guess what? You don't mean
>> anything to me. So what is your point?
>
> So sad you need a wintroll to point out what you missed. But hey...
> You don't
> mean anything tome either. So what's YOUR point?
>

He has no point. As usual.

Hadron wrote:
> "Kleuskes & Moos" writes:
>
>> On 13 okt, 19:41, Chris Ahlstrom wrote:
>>> Kleuskes & Moos wrote:
>>>> If you see 'class' as discriminator between truth and falsehood, you
>>>> will be disappointed many times. Unless you're too f*cking stoopid to
>>>> notice.
>>> It's only truth according to you. But guess what? You don't mean
>>> anything to me. So what is your point?
>> So sad you need a wintroll to point out what you missed. But hey...
>> You don't
>> mean anything tome either. So what's YOUR point?
>>
>
> He has no point. As usual.

Do you hate this Chris fellow, because you do seem to be fixated on him?

On Tue, 14 Oct 2008 00:55:53 -0400, Chris Ahlstrom wrote:

Umm.. chris.

You might want to reread that.

> The Ghost In The Machine wrote:
>
>
>
> Here is another little info about Vista, because it's not business as
> usual on Vista for users or admin(s). The admin is talking about issues
> he is having on Vista. He is right in the heart of the O/S at
> C:\Windows\System32, and WRP on Vista is stepping in and is not letting
> the admin do it.
>
>
> ----------------------------------------------------------------------------
>
> Hi,
>
> We are using Windows Server 2003 OS and Visual Studio 2005. When user
> trying drag and drop .dll files in c:\windows\assembly folder we gets
>
> "Assembly cache viewer- install failed"
> Access is Denied: 'FileName.dll'.
>
> I knew this definitely a some permissions issue. i.e user need to have
> permission to update the GAC...not having admin permissions!!!
>
> How I can give more permissions to user?
>
> I wrote a BATCH File:
>
> icacls C:\Windows\assembly /C /Grant "Users"F)
> icacls C:\Windows\assembly /C /Grant "Users"CI)
> icacls C:\Windows\assembly /C /Grant "Users"OI)
> icacls C:\Windows\assembly /C /Grant "Users"IO)
> icacls C:\Windows\assembly /C /Grant "Power Users"F)
> icacls C:\Windows\assembly /C /Grant "Power Users"CI)
> icacls C:\Windows\assembly /C /Grant "Power Users"OI)
> icacls C:\Windows\assembly /C /Grant "Power Users"IO)
>
> but i still get this error message...
>
> can you help me???
>
> THANK YOU!

Erik Funkenbusch wrote:
> On Tue, 14 Oct 2008 00:55:53 -0400, Chris Ahlstrom wrote:
>
> Umm.. chris.

>
> You might want to reread that.


Reread what? The person was Admin on a Vista machine posting in a Vista
security NG, trying to install a .Net solution, trying to give
non-admin users permissions on a Vista machine to do their own install
into the .NET Global Assembly Cache, by using a batch file he created,
he was running with user/Admin elevated privileges and he was trying to
apply those rights to a folder that WRP was protecting on Vista. Vista
wouldn't allow it.

He may have been talking about Win 2k3 server and VS 2005, as software
developers do use that as a .Net development platform, but who he was
addressing and trying to get the solution installed was on a Vista machine.

C:\Programs File and C:\Windows are protected folders and folders within
those folders are protected by WRP and the TurstedInstaller account is
the account that has ownership of the protected folders.

http://msdn.microsoft.com/en-us/libr...30(VS.85).aspx
http://msdn.microsoft.com/en-us/library/aa382503.aspx

User/admin out of the box on Vista is not a user/admin that has full
admin rights and any new user/admin accounts do not have it either, like
on XP or Win 2K, because that user/account does not inherit full admin
rights from the built-in Administrator user account, like it does on XP.

The hidden built-in Administrator account on Vista has full admin rights
on Vista, just like it does on XP. But in some situations, even that
account is prohibited from doing certain things to WRP protected folders
and files.



I brought the post here from a Vista NG, because I was the one trying to
help the poster, but I couldn't at the time. But I can help someone now
that has the issue, as I figured-out how to come around it.

Here is another problem on Vista, that admin(s) don't know how to
address as the out of the box Vista user/admin account doesn't have the
power. You see them talking about they can't register a DLL.

http://chrisbensen.blogspot.com/2007...microsoft.html

On Mon, 13 Oct 2008 20:43:10 -0400, Chris Ahlstrom wrote:

> After takin' a swig o' grog, High Plains Thumper belched out
> this bit o' wisdom:
>
>> Hadron wrote:
>>>
>>> Hate Linux? Are you crazy? I love Linux. What I hate is lies
>>> and bull**** from you and and Ahlstrom day after day after
>>> day. Watching Liarmutt suck up to Willy Poaster is nauseating.
>
> He hate me!
>
>> http://colatrolls.blogspot.com/2007/...ark-troll.html
>>
>>

>> http://tinyurl.com/6ngfby
>>
>> Subject: Re: Microsoft's Secret Sauce for 'Success'
>> Date: Thu, 19 Jul 2007 20:32:35 +0900
>> Message-ID: pan.2007.07.19.11.32.30.969000@gREMTHISmail.com
>>
>>>> No it isn't. Linux is freely available for download. The
>>>> problem is that for too long Linux was crap and simply not
>>>> ready for the prime time desktop. It is now. But it's missed
>>>> the boat. And people like you whining all the time about MS
>>>> isn't going to change that. Grow a set of balls and advocate
>>>> LINUX and stop whinging like schoolgirl about the Market
>>>> Leader.
>>
>> Hadron uses a very common trolling technique. Rather than
>> participate in the discussion, attempts to deflect the issues by
>> flinging insulting retorts, such as homophobic name calling and
>> referring to a poster's expressions as "whines". In his
>> insulting, extolls a competing operating system by calling it a
>> market leader. This confirms he is here to troll.
>>
>> He misrepresents the truth, showing that he truly is not an
>> advocate, referring to Linux as crap. Yet 10 years ago, Linux was
>> a complete and suitable desktop product. As you show in the
>> following explanations regarding Microsoft concerns expressed
>> through the Halloween papers.
>>

>>
>>>>> Hate-drone? Nah. He's too much of a putz for that word.
>>>
>>> Yet I have mastered you in each and every tech discussion you
>>> have poked your little brown nose into. Hell, Rick has more of
>>> a clue than you.
>
> *splorf*
>
> Never drink fluids while reading a Hadron Quark post!
>
>> Sense of denial ....
>>
>> http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/
>>
>>

>> 7.6 Trespasser Disinformation Tactics [...]
>>
>> 50. Claim god like attributes. Claim god like attributes,
>> such as being all knowing. If you don't want to make that claim,
>> behave as though you are, any way.
>>
>> 51. Claim only you understand what the issues are. Claim and
>> other wise present the attitude to imply that only you know what
>> the issues really are. Attempt to project the attitude that would
>> tend to discredit your opponent at the same time.
>>

>>
>>>> What do you call his derogatory, insulting, altering of
>>>> poster's nyms? Usage of terms such as ...
>>>>
>>>> Time to smell the coffee?
>>>
>>> One call only call it as one sees it. And your recent attempt
>>> to repaint your image is a total failure.
>>>
>>> We know who starts the language and attitude here : the likes
>>> of you, Willy Poaster, Peter Koehlmann, Tattoo Campfire etc
>>> etc etc. Quite disgusting. And you can't take it back eh?
>>> Cissy. There you go - add that one!
>>>
>>> I am particularly proud of this one though:
>>>
>>> "... Liarmutt wants to be when earning another doggy drop from
>>> his Master Roy"
>>>
>>> LOL!
>>
>> See my above comment.
>
> I do believe Hadron is going over the deep end. He seems one the verge
> of a DFS-style deranged rant.

Quack may want to consider the fact that posting babbling rants that sound
like the hootings of a bloody fool, can be so easily mistaken for DFS.

> Or maybe he's just dazed, because HPT is beating him like a rented mule.
>
> Is that the sound of stammering I hear? Or foaming?

Foaming, probably.

After takin' a swig o' grog, The Ghost In The Machine belched out
this bit o' wisdom:

> In comp.os.linux.advocacy, Chris Ahlstrom's puppy dog forger
>
> wrote
>
>>> Yep, I thought so. All talk and no trousers.
>>
>> If you step into a Vista NG, you see hardly any posts about malware
>> issues. But again, like I said, nothing is bullet proof, not even Linux.

Although I agree with the forger in this case (well, I don't know what
happens in a Vista NG), keep in mind he's just up to no good.

--
Is it 1974? What's for SUPPER? Can I spend my COLLEGE FUND in one
wild afternoon??

After takin' a swig o' grog, Erik Funkenbusch belched out
this bit o' wisdom:

> On Tue, 14 Oct 2008 00:55:53 -0400, Chris Ahlstrom wrote:
>
> Umm.. chris.
>
> You might want to reread that.

Nah, Erik. You just got snookered by that asshole formerly known as
"The Bee", who has taken to forging my name in a fairly obvious way.

Do you /really/ think I'd ever stay on Windows long enough to make a
newsgroup post?

Anyway, it looks like he could be posting a bunch of garbage in my name
so that assholes such as Hadron and Borked Pseudo Mail and Moshe can
refer to them later to highlight my "stupidity".

Poor Bee. He's only Half-a-Bee.

Eric The Half A Bee Lyrics
Artist: Monty Python

A one... two-- A one... two... three... four...

Half a bee, philosophically,
Must, ipso facto, half not be.
But half the bee has got to be
Vis a vis, its entity. D'you see?

But can a bee be said to be
Or not to be an entire bee
When half the bee is not a bee
Due to some ancient injury?

Singing...

La dee dee, one two three,
Eric the half a bee.
A B C D E F G,
Eric the half a bee.

Is this wretched demi-bee,
Half-asleep upon my knee,
Some freak from a menagerie?
No! It's Eric the half a bee!

Fiddle de dum, Fiddle de dee,
Eric the half a bee.
Ho ho ho, tee hee hee,
Eric the half a bee.

I love this hive, employee-ee,
Bisected accidentally,
One summer afternoon by me,
I love him carnally.

He loves him carnally,
Semi-carnally.
The end.

Cyril Connelly?
No; semi-carnally!
Oh.

Cyril Connelly.

[whistling]

>>
>> but i still get this error message...
>>
>> can you help me???
>>
>> THANK YOU!

--
Old age is the most unexpected of things that can happen to a man.
-- Trotsky