DDOS attack Microsoft - Microsoft Windows

This is a discussion on DDOS attack Microsoft - Microsoft Windows ; Mark Dodel wrote: > > That is simply not true. Windows is setup from the get go for little > security. Microsoft has builtin a number of backdoors so they can > access your system (they of course claim its ...

+ Reply to Thread
Page 2 of 10 FirstFirst 1 2 3 4 ... LastLast
Results 21 to 40 of 195

Thread: DDOS attack Microsoft

  1. Re: DDOS attack Microsoft



    Mark Dodel wrote:

    <>

    > That is simply not true. Windows is setup from the get go for little
    > security. Microsoft has builtin a number of backdoors so they can
    > access your system (they of course claim its not anything insidious),
    > and these are exploitable once discovered. Why are mail attachments
    > automatically opened and run. Why are file extensions not displayed
    > by default for the people who are too stupid to click on anything that
    > someone tells them to. The users are not the problem (unless you
    > consider their constant belief of Microsoft's marketing lies),
    > Microsoft is. Instead of putting out patches that are just bandaids,
    > they should fix the damn problems with their software.
    >
    > As to the security through obscurity claim, that is a great point.
    > People should have multiple platforms available so that when Windows
    > is down with the latest virus/worm/exploit they can still be running.
    > I have no problems here, as I wouldn't let a Windows machine near the
    > internet for any length of time.
    >
    > Mark
    >
    > --
    > From the eComStation of Mark Dodel


    An interesting contradiction. Even from within Microsoft's Windows lines,
    Windows 9X is the least secure but the easiest to use. Of course, in the
    overall process of dumbing down, all sorts of funny and quirky little avenues
    open up and they can be exploited at the expense of security. Anybody still
    remember using Pine for e-mails? How about the command prompt? Or
    *.bat files and menus? Or in Windows 9X, the unending complaints of the
    inadvertant passworded log on? Don't hear the Windows NT, 2000 or XP
    users complaining even though their own arrogance while working behind
    their (and mine) firewalls, security blankets, etc., had created a false sense
    of security. Anybody want to go back to assembler?


  2. Re: DDOS attack Microsoft

    > Alan Connor scribbled:

    >> On Sun, 07 Sep 2003 15:02:56 GMT, Leythos wrote:
    >> Linux is no more secure than Windows, it's just less of a target and
    >> has less exposure to the people that want to take down MS.
    >> The problem is not MS, it's the way people use the product and the
    >> complete ignorance of it's users/installers. We've been installing
    >> Windows in industrial and office locations for more than 10 years
    >> without a single instance of a virus or compromise in any station.
    >> It's all in knowing how to secure your OS, even if it's Linux, SCO,
    >> AIX, OS/2, Windows, etc...


    > The above is, simply, garbage.
    > UNIX-like OSs were created to do real work in the real world.


    No it isn't.....

    Have *YOU* eyeballed the code, found this weeks Linux flaws and
    vulnerabilities and fixed them? Or do you rely on others doing that for
    you, or worst yet, believe that because you're running Linux they simply
    dont and *CANT* exist?

    FYI....
    http://www.partyvibe.com/flavour/linux/security.htm
    http://www.linuxsecurity.com/advisories/index.html
    http://www.opennet.ru/base/linux/
    http://www.securityfocus.com/news/19
    http://lists.debian.org/debian-security-announce/

    Open source critics also argue that open source can lead to a false
    sense of security. They say that just because the source code is
    available doesn't guarantee that anyone is reading it. Nor does it mean
    that all the bugs have been found and fixed. Many users install and use
    open source software without ever looking at the code. They assume
    someone else has already scanned it for possible vulnerabilities.
    Undetected bugs have lingered in some popular open source packages for
    years. This is a legitimate concern.
    But make no mistake, simply being open source is no guarantee of
    security.
    Elias Levy, "Wide Open Source"
    http://online.securityfocus.com/news/19

    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke


  3. Re: DDOS attack Microsoft

    > Alan Connor scribbled:

    >> On Sun, 07 Sep 2003 19:42:47 GMT, leslie
    >> http://www.winntmag.com/Articles/Ind...ArticleID=4494
    >> Windows NT and VMS: The Rest of the Story


    > Try posting a synopsis here, please.


    The link/URL is right there Alan; Go and read it for yourself.....

    Before I get flamed for this, please understand that a holy war, "Linux
    uber alles" of sorts, is a self-defeating strategy. I hope that there
    is a healthy "silent majority" of the open source community (that why I
    actually am writing this FAQ) who are just writing code as best they
    can, and/or submitting patches bug reports. But that does not mean that
    we can just ignore the ranting and raving of the zealots. But the public
    tend to define the open source community in terms of its most outspoken
    members which in this particular case means zealots...
    http://www.softpanorama.org/OSS/Bla_...ymondism.shtml



    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke


  4. Re: DDOS attack Microsoft

    "Alan Connor" wrote in message
    news:8%I6b.2581$PE6.2362@newsread3.news.pas.earthl ink.net...
    > On Sun, 07 Sep 2003 15:02:56 GMT, Leythos wrote:
    > >
    > >
    > > In article ,
    > > madodelNOSPAM@ptd.net says...
    > >> On Sun, 7 Sep 2003 11:57:45 UTC, "Manoj Paul Joseph"
    > >> wrote:
    > >>
    > >> -> > Nice to note that it was linux based servers that saved M$ though

    ;-)
    > >> -> Why Linux based servers?
    > >> -> Anyone any idea?

    [snip]
    > > The problem is not MS, it's the way people use the product and the
    > > complete ignorance of it's users/installers. We've been installing
    > > Windows in industrial and office locations for more than 10 years
    > > without a single instance of a virus or compromise in any station. It's
    > > all in knowing how to secure your OS, even if it's Linux, SCO, AIX,
    > > OS/2, Windows, etc...
    > >

    >
    > The above is, simply, garbage.
    >
    > UNIX-like OSs were created to do real work in the real world.
    >
    > M$ Oss were created by self-involved game-players who are STILL trying
    > to turn the computer/internet into a rec-room and shopping mall.
    >
    > (unfortuanetely, too many linux distros are following their lead)
    >
    > Compared to M$, *nix systems are a miracle of efficiency,stability, and
    > securtity.



    [this spam is unintentional - I do not know which group the original poster
    reads]

    This is crap. Try putting a stock RedHat system on the web for a few days
    without modifying anything after the install and see how long it takes until
    it is compromized! Even back on version 6 the machine only lasted 2 days
    without being compramized on a dial up network. Now, with broadband
    allowing much more nefarious activity to occur before you can catch things,
    I would not like to try this experiment but I am told that you can expect to
    be compramized in an hour or two.

    RedHat used to [version 6] install all servers by default and no firewall
    and the "experts" would bag the users for "not securing their systems".

    But if these same users installed a stock Microsoft OS on their computer and
    it was compromized these same RedHat/linux zealots would blame the Microsoft
    for not distributing a secure system rather that the users for not securing
    the system. This demonstrates some of the hypocracy eminaning from some
    people.

    Furthermore I am continually being sent security notices from RedHat for
    bugs found in the various pieces of software in their OS. Yet the critical
    updates from windows seem far fewer. So even though there are heaps more
    people trying to target Microsoft they apparently find fewer holes than
    linux/open source software.

    Don't blame M$ for sys admin errors just as you wouldn't expect people to
    blame RedHat for system admin errors.




  5. Re: DDOS attack Microsoft

    On Sun, 07 Sep 2003 23:50:13 +0000, User wrote:

    > This is crap. Try putting a stock RedHat system on the web for a few days
    > without modifying anything after the install and see how long it takes until
    > it is compromized!


    Pure nonsense from someone totally unfamiliar with Red Hat and too
    ignorant of Linux to even have executed on a fresh RH-9 installation:

    $ netstat -a | grep LISTEN

    And I don't even like Red Hat and won't use it.


  6. Re: DDOS attack Microsoft

    On Mon, 8 Sep 2003 10:47:37 +1200, Max Burke wrote:
    >
    >
    >> Alan Connor scribbled:

    >
    >>> On Sun, 07 Sep 2003 15:02:56 GMT, Leythos wrote:
    >>> Linux is no more secure than Windows, it's just less of a target and
    >>> has less exposure to the people that want to take down MS.
    >>> The problem is not MS, it's the way people use the product and the
    >>> complete ignorance of it's users/installers. We've been installing
    >>> Windows in industrial and office locations for more than 10 years
    >>> without a single instance of a virus or compromise in any station.
    >>> It's all in knowing how to secure your OS, even if it's Linux, SCO,
    >>> AIX, OS/2, Windows, etc...

    >
    >> The above is, simply, garbage.
    >> UNIX-like OSs were created to do real work in the real world.

    >
    > No it isn't.....
    >



    Yes it is. I know LOTS of people who run linux, and they never have any
    problems.

    I know lots of people that run M$ and they are ALWAYS having problems.

    Sorry, but I trust the evidence of my experience over any alleged evidence
    provided by a M$ weenie.


    M$ users are to computers what Bush it to terrorism:

    Their take on the subject is worthless.




    >
    > --
    > mlvburke@#%&*.net.nz
    > Replace the obvious with paradise to email me.
    > See Found Images at:
    > http://homepages.paradise.net.nz/~mlvburke
    >


    Jealosy is a flaw.


    Alan C


    --

    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a



  7. Re: DDOS attack Microsoft

    On Sun, 07 Sep 2003 23:50:13 GMT, User wrote:
    >
    >
    > "Alan Connor" wrote in message
    > news:8%I6b.2581$PE6.2362@newsread3.news.pas.earthl ink.net...
    >> On Sun, 07 Sep 2003 15:02:56 GMT, Leythos wrote:
    >> >
    >> >
    >> > In article ,
    >> > madodelNOSPAM@ptd.net says...
    >> >> On Sun, 7 Sep 2003 11:57:45 UTC, "Manoj Paul Joseph"
    >> >> wrote:
    >> >>
    >> >> -> > Nice to note that it was linux based servers that saved M$ though

    > ;-)
    >> >> -> Why Linux based servers?
    >> >> -> Anyone any idea?

    > [snip]
    >> > The problem is not MS, it's the way people use the product and the
    >> > complete ignorance of it's users/installers. We've been installing
    >> > Windows in industrial and office locations for more than 10 years
    >> > without a single instance of a virus or compromise in any station. It's
    >> > all in knowing how to secure your OS, even if it's Linux, SCO, AIX,
    >> > OS/2, Windows, etc...
    >> >

    >>
    >> The above is, simply, garbage.
    >>
    >> UNIX-like OSs were created to do real work in the real world.
    >>
    >> M$ Oss were created by self-involved game-players who are STILL trying
    >> to turn the computer/internet into a rec-room and shopping mall.
    >>
    >> (unfortuanetely, too many linux distros are following their lead)
    >>
    >> Compared to M$, *nix systems are a miracle of efficiency,stability, and
    >> securtity.

    >
    >
    > [this spam is unintentional - I do not know which group the original poster
    > reads]
    >
    > This is crap. Try putting a stock RedHat system on the web for a few days
    > without modifying anything after the install and see how long it takes until
    > it is compromized!



    Well, Redsnot is hardly representative of linux. That's one of the M$ wannabee
    distros.

    But never-the-less, your statement is pure N nonsense.


    And where could you go from there?


    Alan C


    --

    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a



  8. Re: DDOS attack Microsoft


    "Alan Connor" wrote in message
    news:aDS6b.3063$PE6.2083@newsread3.news.pas.earthl ink.net...
    > On Mon, 8 Sep 2003 10:47:37 +1200, Max Burke wrote:
    > >
    > >
    > >> Alan Connor scribbled:

    > >
    > >>> On Sun, 07 Sep 2003 15:02:56 GMT, Leythos wrote:
    > >>> Linux is no more secure than Windows, it's just less of a target and
    > >>> has less exposure to the people that want to take down MS.
    > >>> The problem is not MS, it's the way people use the product and the
    > >>> complete ignorance of it's users/installers. We've been installing
    > >>> Windows in industrial and office locations for more than 10 years
    > >>> without a single instance of a virus or compromise in any station.
    > >>> It's all in knowing how to secure your OS, even if it's Linux, SCO,
    > >>> AIX, OS/2, Windows, etc...

    > >
    > >> The above is, simply, garbage.
    > >> UNIX-like OSs were created to do real work in the real world.

    > >
    > > No it isn't.....
    > >

    >
    >
    > Yes it is. I know LOTS of people who run linux, and they never have any
    > problems.
    >
    > I know lots of people that run M$ and they are ALWAYS having problems.
    >
    > Sorry, but I trust the evidence of my experience over any alleged evidence
    > provided by a M$ weenie.
    >
    >
    > M$ users are to computers what Bush it to terrorism:
    >
    > Their take on the subject is worthless.


    This kind of comment only demonstrates you perceptions and biases. Your ego
    at your ability is more than a match for windows users. Deriding others
    does not prove your point.

    Tell me what is inherent in the security model used in Linux that makes it
    so much better than windows NT, 2000 etc




  9. Re: DDOS attack Microsoft

    As Noi so eloquently gibbered on Sun, 07 Sep 2003 at 17:55 GMT:

    > On Sun, 07 Sep 2003 15:08:11 +0000, Sinister Midget without thinking
    > wrote:
    >
    >> As Colin Wilson so eloquently gibbered on Sun, 07 Sep 2003 at 11:48 GMT:
    >>

    > [snip]
    >> The trick of hiding behind linux servers was for a later attack. That
    >> was "coincidence"(tm) because it was someone they simply contracted
    >> with, without making any effort to check what they were running.
    >>
    >>

    > I doubt that MS was naive enough that it didn't know the kind of servers
    > they would hide behind.
    >
    > [snip]


    Either I needed to use or you needed to parse the
    next paragraph. And I quote:

    "That's how you make billions in big business: by not checking
    everything you're about to do and the background on those you're about
    to do it with."

    --
    Linux: Because life is too short to spend it rebooting.

  10. Re: DDOS attack Microsoft

    MMMMMmmmmmm .....

    Linux supporter?

    What sort of intallation did you do a netstat on? Server or Workstation?
    Thats right you have to be the network administrator even before you can
    install the operating system.

    You're right though. I haven't installed RedHat 9 (yet). If I spent my
    time reinstalling the operating system each time RedHat came out with a new
    version I wouldn't get any real work done. In fact just the fact that
    RedHat needs to bring out a new version almost yearly demonstrates how easy
    compramises are actually found in each successive version.

    Try it with redhat 6 or 7 (which many people have installed within the last
    two years) and some connectivity [i.e. have some daemons running that allow
    you to actually use the machine on a network]. ssh and apache are your
    friends.

    So are you suggesting that just becuase they have now turned services off
    for default in workstation a linux machine is more secure? In reality what
    it means is I cannot just plug in into my network and run it. I have to act
    like a systems administrator and configure it first.

    I generally do use linux machines as a gateway because I can configure them
    easier. That is only because I know what the services are and how to turn
    them on and off as well as how to do some other basic stuff. I know how to
    turn them on and off in windows too but I don't know what they all are so
    don't use it.

    On the other hand I cannot see anything in the basic security models to
    suggest that linux [in general] is better than windows for security nor is
    there many more security / critical updates for windows than linux which
    would suggest buggier code.



    "Dave Uhring" wrote in message
    newsan.2003.09.08.00.48.35.807084@yahoo.com...
    > On Sun, 07 Sep 2003 23:50:13 +0000, User wrote:
    >
    > > This is crap. Try putting a stock RedHat system on the web for a few

    days
    > > without modifying anything after the install and see how long it takes

    until
    > > it is compromized!

    >
    > Pure nonsense from someone totally unfamiliar with Red Hat and too
    > ignorant of Linux to even have executed on a fresh RH-9 installation:
    >
    > $ netstat -a | grep LISTEN
    >
    > And I don't even like Red Hat and won't use it.
    >




  11. Re: DDOS attack Microsoft


    "Bill Unruh" wrote in message
    news:bjfpsr$hil$1@string.physics.ubc.ca...

    > ]The problem is not MS, it's the way people use the product and the
    > ]complete ignorance of it's users/installers. We've been installing
    >
    > No, it is also MS. The latest blaster worm used a hole in the MS
    > product. If you claim that it is others fault because they did not know
    > about, download and install the patch, how the hell were they supposed
    > to know about it, download and install it? MS did not send and email to
    > all registered uses and send and email and money to all registered
    > Windows dealers to contact their customers to install the patch.



    Actually, you are both quite correct. In an effort to appeal to the
    broadest possible market MS has concocted a stew that has a ton of bells and
    whistles and nothing whatever to cause the "average" user to ask "what does
    this mean?" Unfortunately in doing so they have failed to pay adequate
    attention to security - things like automatically opening files when they
    display in Outlook and not displaying file extensions by default. They are
    finally beginning to give those things some thought (many would say too
    little, too late) but even now not automatically opening files and the like
    are hard to find options that you have to be aware of rather than enabled by
    default.

    Remember, especially in the last 6 or 7 years computer ownership has way
    more than doubled and the profile of the "average" user has changed
    dramatically. Almost no one has ever had the first 1/2 of a class on
    computers - not how they work, not how to operate one, not even where the
    any key is - and many never read the owner's manual at all. What most
    people want is an "out of the box and onto the internet" solution that
    functions much like a radio or TV - turn it on and it goes.

    Microsoft has a big share of the blame (along with Compaq, HP, Sony etc.)
    for the insecurity of its products, but much of that lies in a failure to
    educate.



  12. Re: DDOS attack Microsoft

    On Mon, 08 Sep 2003 04:14:21 GMT, User wrote:
    >
    >
    >
    > "Alan Connor" wrote in message
    > news:aDS6b.3063$PE6.2083@newsread3.news.pas.earthl ink.net...
    >> On Mon, 8 Sep 2003 10:47:37 +1200, Max Burke wrote:
    >> >
    >> >
    >> >> Alan Connor scribbled:
    >> >
    >> >>> On Sun, 07 Sep 2003 15:02:56 GMT, Leythos wrote:
    >> >>> Linux is no more secure than Windows, it's just less of a target and
    >> >>> has less exposure to the people that want to take down MS.
    >> >>> The problem is not MS, it's the way people use the product and the
    >> >>> complete ignorance of it's users/installers. We've been installing
    >> >>> Windows in industrial and office locations for more than 10 years
    >> >>> without a single instance of a virus or compromise in any station.
    >> >>> It's all in knowing how to secure your OS, even if it's Linux, SCO,
    >> >>> AIX, OS/2, Windows, etc...
    >> >
    >> >> The above is, simply, garbage.
    >> >> UNIX-like OSs were created to do real work in the real world.
    >> >
    >> > No it isn't.....
    >> >

    >>
    >>
    >> Yes it is. I know LOTS of people who run linux, and they never have any
    >> problems.
    >>
    >> I know lots of people that run M$ and they are ALWAYS having problems.
    >>
    >> Sorry, but I trust the evidence of my experience over any alleged evidence
    >> provided by a M$ weenie.
    >>
    >>
    >> M$ users are to computers what Bush it to terrorism:
    >>
    >> Their take on the subject is worthless.

    >
    > This kind of comment only demonstrates you perceptions and biases. Your ego
    > at your ability is more than a match for windows users. Deriding others
    > does not prove your point.
    >


    The real world proves my point. See below.



    > Tell me what is inherent in the security model used in Linux that makes it
    > so much better than windows NT, 2000 etc
    >
    >
    >


    Don't need to. I judge from experience and observation.

    M$ users are ALWAYS having security problems, and *nix users rarely have
    them.

    No rational person needs to know more than that.


    Are YOU rational?



    Alan C



    --

    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a



  13. Re: DDOS attack Microsoft

    On Mon, 08 Sep 2003 04:14:21 +0000, User wrote:

    > Tell me what is inherent in the security model used in Linux that makes it
    > so much better than windows NT, 2000 etc


    (Ooh, yummy bunch of crossposts! Hi there, readers of Microsoft groups.)

    Well, you're not going to get much of an answer from Alan, who is
    irritatingly shrill and blindered. I'll give it a shot, though:

    1) Linux is open-source, hence the source code may be reviewed by any
    number of eyes for security holes. Granted this review isn't going
    to take place automatically - it requires a group effort - but it
    is at least *possible*.

    2) Linux is effectively descended from Unix, and as such, it has
    incorporated the concept of "there's root and there's non-root, and
    most things should be done as the latter" from day one. NT/2000
    are (as I understand it) effectively descended from MS-DOS/Win3.1
    and VMS; the former brings with it the concept of "there's only one
    user, and that user has an easy time of doing whatever he damn well
    pleases-- and any programs run on that user's watch have an equally
    easy time of doing whatever *they* damn well please". Yes, there is
    *now* an administrator / non-administrator distinction, but it's a
    relatively late-coming concept.

    3) Linux is geared toward small efficient parts that build up into a
    full solution. Windows is geared toward all-in-one systems; if one
    part needs access to something, then the typical solution is to give
    the whole system access. (Some Linux programs come under fire for
    following the all-in-one approach; I think sendmail is one of them.)

    Many of the issues are not inherent in the security model, but rather
    arise from practices. There are competent users and administrators and
    developers on both sides, but most of the *incompetent* users and
    administrators and developers are using Windows (thus driving down the
    average).

    Windows is easy to get. (Most people get it when they buy a new
    computer.) Linux takes effort to get. (Not much, though.)

    Windows touts itself as easy to use. Taken to an extreme, though, this
    becomes "easy to push buttons without really understanding what you're
    doing, or why". (As Linux's ease of use increases, it will have to deal
    with the same problem - presumably via education.)

    Viruses, in particular, are pretty much a non-issue on Linux, because:

    * A Linux user has to save a file, set it executable, then execute
    it. An Outlook Express user just has to preview a message with the
    file attached. (Okay, OE != Windows, but they're both Microsoft and
    they're both very common. Yes, there's a patch, but how many users
    *still* haven't applied it? Other mail readers have varying levels
    of sanity in this regard.)

    Yes, someone *could* write e-mail software for Linux with all the
    same goofs. However, the community would quickly spot those goofs
    and make a lot of noise, and so it probably wouldn't become popular
    or widely used until things got fixed.

    * Even if the virus gets to run, it's only going to trash that user's
    files. It won't touch any other user's files, and it won't touch
    system files, because it doesn't have permission to. (Any root user
    who would goof up and run a virus, is probably going to goof up and
    blow away the system with a typo first.)

    Linux users *do* have to worry about root exploits, i.e. program bugs
    that allow a non-root user to gain root access. Good Linux users keep
    tabs on patches, just as good Windows users keep tabs on critical
    patches from Windows Update.

    * Linux encompasses a greater variety of hardware and software than
    Windows. A virus that infects one flavor of Linux may have no effect
    on another.

    There, that should be plenty of fodder for all sides to discuss. Discuss.


  14. Re: DDOS attack Microsoft

    On Mon, 08 Sep 2003 04:34:14 GMT, User wrote:
    >
    > On the other hand I cannot see anything in the basic security models to
    > suggest that linux [in general] is better than windows for security nor is
    > there many more security / critical updates for windows than linux which
    > would suggest buggier code.
    >
    >



    Yes. I can well understand why YOU "...cannot see anything in the basic
    security model.....".


    Because you obviously know nothing about *nix.


    Any newbie could tell you that the 'security model' in *nix begins with
    the system of file ownerships and permissions.

    And, perhaps, ends with tools that allow users to access
    the kernel network packet handling system, commonly used to setup firewalls.
    Iptables would be one of the best of these.


    Should you have actually bothered to educate yourself on the matter, rather
    than just posting pure garbage, you would have discovered in short order
    that there are varieties of *nix that basically CANNOT be compromised, that
    are typically used for firewalls. OpenBSD would be one of them.


    The proof is in the pudding, as the old expression goes.


    What percentage of *nix machines were compromised in the last 5 years
    compared to the same figure for M$?



    Enjoy your well-deserved Blue Screen of Death.


    Alan C



    --

    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a



  15. Re: DDOS attack Microsoft

    In article , Alan
    Connor wrote:

    >> Tell me what is inherent in the security model used in Linux that makes it
    >> so much better than windows NT, 2000 etc

    >
    > M$ users are ALWAYS having security problems, and *nix users rarely have
    > them.
    >
    > No rational person needs to know more than that.


    In fact, what makes a person rational is their need to know more. You give
    no proof to back up your argument but gut feeling and more claims,
    demanding more proof, which again you are not willing or able to give.
    _That_ is not very rational.

    You could give several good old Unix strengths like permissions,
    kernel-level firewalling, open source code and peer review etc. etc. to
    argue, but you choose to troll the MS groups instead.

    Followups set, this has no substance for any of the more technical groups.

    --
    Juha Siltala

  16. Re: DDOS attack Microsoft

    > Alan Connor scribbled:

    >> On Mon, 08 Sep 2003 04:14:21 GMT, User wrote:


    > The real world proves my point. See below.


    The real world does nothing of the kind.....

    >> Tell me what is inherent in the security model used in Linux that
    >> makes it so much better than windows NT, 2000 etc


    > Don't need to. I judge from experience and observation.


    Then you have had *at best* very limited experiences, let alone any
    valid observations to justify your beliefs. But then this is how
    zealots behave.....

    > M$ users are ALWAYS having security problems, and *nix users rarely
    > have them.


    BS.

    Have YOU checked to see what vulnerabilities exist in OSS/Linux this
    week?
    Have YOU 'eyeballed' the code this week?
    Have YOU patched this week?

    > No rational person needs to know more than that.


    That effectively removes you from this discussion then..... ;-)

    To repeat:
    FYI....
    http://www.partyvibe.com/flavour/linux/security.htm
    http://www.linuxsecurity.com/advisories/index.html
    http://www.opennet.ru/base/linux/
    http://www.securityfocus.com/news/19
    http://lists.debian.org/debian-security-announce/

    Open source critics also argue that open source can lead to a false
    sense of security. They say that just because the source code is
    available doesn't guarantee that anyone is reading it. Nor does it mean
    that all the bugs have been found and fixed. Many users install and use
    open source software without ever looking at the code. They assume
    someone else has already scanned it for possible vulnerabilities.
    Undetected bugs have lingered in some popular open source packages for
    years. This is a legitimate concern.
    But make no mistake, simply being open source is no guarantee of
    security.
    Elias Levy, "Wide Open Source"
    http://online.securityfocus.com/news/19

    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke


  17. Re: DDOS attack Microsoft

    > Ed Murphy scribbled:

    >> On Mon, 08 Sep 2003 04:14:21 +0000, User wrote:


    > Well, you're not going to get much of an answer from Alan, who is
    > irritatingly shrill and blindered. I'll give it a shot, though:


    > 1) Linux is open-source, hence the source code may be reviewed by any
    > number of eyes for security holes. Granted this review isn't going
    > to take place automatically - it requires a group effort - but it
    > is at least *possible*.


    There are many benefits of open source software unrelated to security.
    And the "many eyeballs" effect does have the potential to make open
    source software more secure than proprietary systems. Currently,
    however, the benefits open source provides in terms of security are
    vastly overrated, because there isn't as much high-quality auditing as
    people believe, and because many security problems are much more
    difficult to find than people realize. Open source programs which appeal
    to a limited audience are particularly at risk, because of the smaller
    number of eyeballs looking at the code. But all open source software is
    vulnerable, and the open source movement can only benefit by paying more
    attention to security.
    http://www.earthweb.com/article/0,,1...6641_2,00.html

    > 2) Linux is effectively descended from Unix, and as such, it has
    > incorporated the concept of "there's root and there's non-root, and
    > most things should be done as the latter" from day one. NT/2000
    > are (as I understand it) effectively descended from MS-DOS/Win3.1
    > and VMS; the former brings with it the concept of "there's only one
    > user, and that user has an easy time of doing whatever he damn well
    > pleases-- and any programs run on that user's watch have an equally
    > easy time of doing whatever *they* damn well please". Yes, there
    > is *now* an administrator / non-administrator distinction, but
    > it's a relatively late-coming concept.


    > 3) Linux is geared toward small efficient parts that build up into a
    > full solution. Windows is geared toward all-in-one systems; if one
    > part needs access to something, then the typical solution is to
    > give the whole system access. (Some Linux programs come under
    > fire for following the all-in-one approach; I think sendmail is
    > one of them.)


    > Many of the issues are not inherent in the security model, but rather
    > arise from practices. There are competent users and administrators
    > and developers on both sides, but most of the *incompetent* users and
    > administrators and developers are using Windows (thus driving down the
    > average).


    > Windows is easy to get. (Most people get it when they buy a new
    > computer.) Linux takes effort to get. (Not much, though.)


    > Windows touts itself as easy to use. Taken to an extreme, though,
    > this becomes "easy to push buttons without really understanding what
    > you're doing, or why". (As Linux's ease of use increases, it will
    > have to deal with the same problem - presumably via education.)


    > Viruses, in particular, are pretty much a non-issue on Linux, because:
    > * A Linux user has to save a file, set it executable, then execute
    > it.


    Sure there are few (if any) viruses or worms currently in the wild for
    OSS/Linux.
    But never say never because ALL these OSS/Linux security sites list the
    exact same types of vulnerabilities and security flaws that occur
    because of the bad programming practices that Microsoft gets blamed
    for....
    It's not because they cant exist, it's mostly because no one is
    bothering to create viruses and worms to exploit these security flaws in
    OSS/Linux *YET*...

    FYI
    http://www.partyvibe.com/flavour/linux/security.htm
    http://www.linuxsecurity.com/advisories/index.html
    http://www.opennet.ru/base/linux/
    http://www.securityfocus.com/news/19
    http://lists.debian.org/debian-security-announce/

    Open source critics also argue that open source can lead to a false
    sense of security. They say that just because the source code is
    available doesn't guarantee that anyone is reading it. Nor does it mean
    that all the bugs have been found and fixed. Many users install and use
    open source software without ever looking at the code. They assume
    someone else has already scanned it for possible vulnerabilities.
    Undetected bugs have lingered in some popular open source packages for
    years. This is a legitimate concern.
    But make no mistake, simply being open source is no guarantee of
    security.
    Elias Levy, "Wide Open Source"
    http://online.securityfocus.com/news/19


    > An Outlook Express user just has to preview a message with the
    > file attached. (Okay, OE != Windows, but they're both Microsoft and
    > they're both very common. Yes, there's a patch, but how many users
    > *still* haven't applied it? Other mail readers have varying levels
    > of sanity in this regard.)


    Outlook Express running on XP is automatically run in the restricted
    zone; It also automatically blocks all attachments by default; It is
    easy to make ALL received, previewed, read, and sent emails and
    newsgroup messages plain text as well....
    It's not Microsoft's fault if users of Outlook Express then complain
    that they can no longer access/view attachments, click on unknown
    weblinks, or want to run unknown html code or scripts in emails that
    they receive from persons unknown.....

    > Yes, someone *could* write e-mail software for Linux with all the
    > same goofs.


    Like Sendmail?

    > However, the community would quickly spot those goofs
    > and make a lot of noise, and so it probably wouldn't become popular
    > or widely used until things got fixed.


    Yeah right.....
    How come so many flaws and vulnerabilities get created in OSS/Linux in
    the first place? Because of sloppy programming, and inattention to code
    full of goofs...
    Ref: See the links to the OSS/Linux security sites above for evidence of
    that reality. Note that some of these sites update their extensive
    security advisories at LEAST once a week.....

    > * Even if the virus gets to run, it's only going to trash that user's
    > files. It won't touch any other user's files, and it won't touch
    > system files, because it doesn't have permission to. (Any root user
    > who would goof up and run a virus, is probably going to goof up and
    > blow away the system with a typo first.)


    > Linux users *do* have to worry about root exploits, i.e. program
    > bugs that allow a non-root user to gain root access. Good Linux
    > users keep tabs on patches, just as good Windows users keep tabs on
    > critical patches from Windows Update.


    > * Linux encompasses a greater variety of hardware and software than
    > Windows. A virus that infects one flavor of Linux may have no
    > effect on another.
    > There, that should be plenty of fodder for all sides to discuss.
    > Discuss.


    So here's what it does mean: Linux is a normal operating system; so is
    XP. Both have bugs, some major, some minor. Anyone who tells you that
    Linux is "inherently more secure" or "much less buggy" than XP simply
    isn't working from current facts. The reality is that bugs happen, even
    in Linux: Get over it.
    http://www.informationweek.com/
    story 2003/01/24


    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke


  18. Re: DDOS attack Microsoft

    User wrote:

    >> Yes it is. I know LOTS of people who run linux, and they never have
    >> any problems.
    >>
    >> I know lots of people that run M$ and they are ALWAYS having
    >> problems.
    >>
    >> Sorry, but I trust the evidence of my experience over any alleged
    >> evidence provided by a M$ weenie.
    >>
    >>
    >> M$ users are to computers what Bush it to terrorism:
    >>
    >> Their take on the subject is worthless.

    >
    >
    > This kind of comment only demonstrates you perceptions and biases.
    > Your ego at your ability is more than a match for windows users.
    > Deriding others does not prove your point.
    >
    > Tell me what is inherent in the security model used in Linux that
    > makes it so much better than windows NT, 2000 etc
    >

    I think the main thing in the security model _that is fairly obvious_ is
    that users are segregated from one another by the OS so no user can
    affect another (except denial of service which seldom affects security,
    but causes only inconvenience) unless the affected user arranges this in
    advance.

    So, for example, if I download an e-mail with a virus in it and it was
    targetted at UNIX or Linux machines by not being some .exe file, I might
    screw myself up, but no one else. Only if I am so stupid as to run
    download programs as root, including ftp, web browser, e-mail, etc.,
    programs, would I be endangered. Unlike Microsoft Windows where everyone
    is root all the time (at least in the systems I have seen). This may not
    apply to newer versions of Microsoftware, if it can be configured to
    separate users in a foolproof manner.

    It _is not so obvious_, though I believe it, that in the Linux
    development community, the code is not changed each year for marketing
    reasons so the stuff never remains the same long enough for the bugs to
    be worked out. Instead, the code is changed mainly for performance or
    security reasons (exceptions, of course).

    It _is a matter of faith_, to me at least, that having the code open
    source means the temptation to provide security-by-obscurity is reduced,
    that more eyes ensure higher level of scrutiny, etc. But while this is
    true enough in principle, I do not really know if more intelligent eyes
    actually scrutenize the code: I sure do not. And I doubt that the
    programmers at Microsoft are stupid or anything; they are probably well
    educated (academically, at least) and may be highly motivated to do good
    work as well. It seems to me that the development environment there, for
    marketing and perhaps legal reasons, is just not conducive to writing
    good secure software.

    Also, though I have not studied the Microsoft software code, it seems
    reasonable to assume that the Linux code is constructed better in that
    concerns are separated and information is hidden better and this tends
    to reduce complexity and reduce errors. Lumping the windowing system in
    with the kernel may increase speed of execution slightly, though unless
    the code is deliberatly constructed to ensure high locality (reduce
    working set size), this may be illusury. Gawd only knows what possible
    benefit there could be by kludging the web browser in there other than
    to enable violating the spirit of anti-trust rulings against the company
    without, seemingly, violating the letter.

    --
    .~. Jean-David Beyer Registered Linux User 85642.
    /V\ Registered Machine 73926.
    /( )\ Shrewsbury, New Jersey http://counter.li.org
    ^^-^^ 6:35am up 17 days, 16:01, 2 users, load average: 2.28, 2.24, 2.15


  19. Re: DDOS attack Microsoft

    "Alan Connor" wrote in message
    news:dDU6b.3318$Yt.492@newsread4.news.pas.earthlin k.net...
    > On Mon, 08 Sep 2003 04:34:14 GMT, User wrote:
    > >
    > > On the other hand I cannot see anything in the basic security models to
    > > suggest that linux [in general] is better than windows for security nor

    is
    > > there many more security / critical updates for windows than linux which
    > > would suggest buggier code.
    > >
    > >

    >
    >
    > Yes. I can well understand why YOU "...cannot see anything in the basic
    > security model.....".
    >
    >
    > Because you obviously know nothing about *nix.
    >
    >
    > Any newbie could tell you that the 'security model' in *nix begins with
    > the system of file ownerships and permissions.


    I guess you have just demonstrated your ignorance of NTFS.




  20. Re: DDOS attack Microsoft

    Ed Murphy wrote (in part):

    > 2) Linux is effectively descended from Unix, and as such, it has
    > incorporated the concept of "there's root and there's non-root, and
    > most things should be done as the latter" from day one. NT/2000
    > are (as I understand it) effectively descended from MS-DOS/Win3.1
    > and VMS; the former brings with it the concept of "there's only one
    > user, and that user has an easy time of doing whatever he damn well
    > pleases-- and any programs run on that user's watch have an equally
    > easy time of doing whatever *they* damn well please". Yes, there is
    > *now* an administrator / non-administrator distinction, but it's a
    > relatively late-coming concept.


    Yes, but let us consider a recent Microsoft OS distribution, Windows XP
    Home. According to "Windows XP in a Nutshell" by Karp, O'Reilly, and
    Mott, page 6, Table 1-1:

    Windows XP Home Windows XP Professional
    User Accounts All users are administrators, Different user levels are
    so there's no way to set up supported. Administrators
    user accounts with limited have unrestricted control,
    privileges or protect files but each user's files can
    from other users. be encrypted and secured
    from other users.

    So unless this is an error in the book, even recent Microsoft
    distributions are lacking in this respect. UNIX OS has had this feature
    since the early 1970s for sure, and probably from day one (or two?).

    --
    .~. Jean-David Beyer Registered Linux User 85642.
    /V\ Registered Machine 73926.
    /( )\ Shrewsbury, New Jersey http://counter.li.org
    ^^-^^ 6:55am up 17 days, 16:21, 2 users, load average: 2.13, 2.17, 2.17


+ Reply to Thread
Page 2 of 10 FirstFirst 1 2 3 4 ... LastLast