DDOS attack Microsoft - Microsoft Windows

This is a discussion on DDOS attack Microsoft - Microsoft Windows ; "Alan Connor" wrote in message news:2zb7b.4111$PE6.549@newsread3.news.pas.earthli nk.net... > On Tue, 9 Sep 2003 14:52:53 +1200, Max Burke wrote: > Linux is inherently more secure than XP. > Linux is much less buggy than XP. > This can be proven so ...

+ Reply to Thread
Page 5 of 10 FirstFirst ... 3 4 5 6 7 ... LastLast
Results 81 to 100 of 195

Thread: DDOS attack Microsoft

  1. Re: DDOS attack Microsoft

    "Alan Connor" wrote in message
    news:2zb7b.4111$PE6.549@newsread3.news.pas.earthli nk.net...
    > On Tue, 9 Sep 2003 14:52:53 +1200, Max Burke wrote:


    > Linux is inherently more secure than XP.
    > Linux is much less buggy than XP.
    > This can be proven so easily that it is laughable.


    All I have heard from you as "proof" is an incorrectly used statistic.

    If its so easily proved then prove it. As you regurgitae - just because you
    repeat it ad nausium does mean its true. Shoe some valid stats to prove you
    assertions on both these statements.

    > Here's a clue, Max Burke: Repeating nonsense over and over will not
    > make it true.




  2. Re: DDOS attack Microsoft

    On Tue, 09 Sep 2003 04:22:11 GMT, Mike Byrns wrote:
    >
    >
    > "Alan Connor" wrote in message
    > news:2zb7b.4111$PE6.549@newsread3.news.pas.earthli nk.net...
    >> Linux is inherently more secure than XP.
    >> Linux is much less buggy than XP.
    >> This can be proven so easily that it is laughable.

    >
    > I'll post this for your own good but you'll neither read it or rebut it as
    > it as it illuminates how folks like you are hurting, not helping your cause.
    > No matter.
    >
    > MSB
    >
    > http://www.softpanorama.org/OSS/bad_...cacy_faq.shtml
    >
    >



    I have no cause but truth.


    I do NOT want linux to become a consumer product.

    I do NOT want linux to become a corporate business.


    To do that, it would have to become like windoze, and unfortunately,
    some distros are doing that.


    I think Windoze, and everything about it SUCKS.


    I have never been so furious in my life than when I discovered that the M$
    version I was using was sending information to M$ without a WORD or a clue
    about it in any of the docs, hardcopy or in the helpfiles.

    Or when I tried to delete the AOL files from MY computer, and they actually
    replicated themselves, which would not be possible without M$ allowing it.


    Or when I just PREVIEWED an email and ended up having to re-install, losing
    massive amounts of important data.


    So, Billy Boy and all your fascist buddies:


    Kiss my ass and get the HELL out of my computer.


    You are HISTORY.


    This was meant to be a joke, but like all good humor, it is basically true.

    (author unknown)

    I sent MANY copies to M$ :-)



    ---------------------------------------------------


    Recently one of my friends, a computer wizard,
    paid me a visit. As we
    were
    talking I mentioned that I had recently installed
    Windows XP on my PC. I
    told him how happy I was with this operating
    system and showed him the
    Windows XP CD. To my surprise he threw it into my
    microwave oven and
    turned it on.

    Instantly I got very upset, because the CD had
    become precious to me,
    but
    he said: 'Do not worry, it is unharmed.'

    After a few minutes he took the CD out, gave it to
    me and said: 'Take a
    close look at it.'

    To my surprise the CD was quite cold to hold and
    it seemed to be heavier
    than before. At first I could not see anything,
    but on the inner edge of
    the central hole I saw an inscription, an
    inscription finer than
    anything
    After a few minutes he took the CD out, gave it to
    me and said: 'Take a
    close look at it.'

    To my surprise the CD was quite cold to hold and
    it seemed to be heavier
    than before. At first I could not see anything,
    but on the inner edge of
    the central hole I saw an inscription, an
    inscription finer than
    anything
    I had ever seen before. The inscription shone
    piercingly bright, and yet
    remote, as if out of a great depth:

    12413AEB2ED4FA5E6F7D78E78BEDE820945092OF923A40EElO
    E5IOCC98D444AA08E324

    'I cannot understand the fiery letters,' I said in
    a timid voice.

    'No but I can,' he said. 'The letters are Hex, of
    an ancient mode, but
    the
    language is that of Microsoft, which I shall not
    utter here. But in
    common English this is what it says:

    One OS to rule them all,
    One OS to find them,
    One OS to bring them all
    and in the darkness bind them.

    It is only two lines from a verse long known in
    System lore:

    "Three OS's from corporate kings in their towers
    of glass,
    Seven from valley lords where orchards used to
    grow,
    Nine from dotcoms doomed to die,
    One from the Dark Lord Gates on his dark throne
    In the Land of Redmond where the Shadows lie.
    One OS to rule them all, one OS to find them,
    One OS to bring them all and in the darkness bind
    them,
    In the Land of Redmond where the Shadows lie."


    ----------------------------------------------------------



    Alan C






    --

    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a



  3. Re: DDOS attack Microsoft

    "Alan Connor" wrote in message
    news:4zd7b.4290$PE6.2538@newsread3.news.pas.earthl ink.net...
    > On Tue, 09 Sep 2003 04:22:11 GMT, Mike Byrns

    wrote:

    > I have no cause but truth.


    That is your truth only - you still have not provided _proof_ of your claims

    > Linux is inherently more secure than XP.
    > Linux is much less buggy than XP.


    They appear to be something you just threw into the forest. In fact many
    linux distros are shipped with (known) bugs in them just to beet other
    distros to the market.

    > I do NOT want linux to become a consumer product.


    So I guess you are saying you do not want users to use the OS. You just
    want it for an elitist little group. Then you want to bag other people who
    give consumers what they want plus you want to bag consumers for asking for
    what they want.

    What world do you live on?

    "I do not want television to be a consumer product".

    > I do NOT want linux to become a corporate business.


    So you do not believe people should be reimbursed for their efforts? Linux
    is ALREADY a corporate business. It get sponshorship from everywhere. Its
    just as corpratized as elite sports.





  4. Re: DDOS attack Microsoft

    In article <7qg7b.90468$bo1.55964@news-server.bigpond.net.au>, User wrote:
    > "Alan Connor" wrote in message
    >
    >> Linux is inherently more secure than XP.
    >> Linux is much less buggy than XP.

    >
    > They appear to be something you just threw into the forest. In fact many
    > linux distros are shipped with (known) bugs in them just to beet other
    > distros to the market.


    "Linux is inherently more secure than XP" is of course bull****. What is
    this "inherent-ness"? I say Linux is secure because it has the age-old
    Unix security features that have always been in there. I also say XP is
    trying to gain on those, and I also say I don't know how well it is doing.
    However, I do know that Linux security is in a much better shape than the
    security of any MS product as of now.

    >> I do NOT want linux to become a consumer product.

    >
    > So I guess you are saying you do not want users to use the OS. You just


    He's just blowing bull. Everyone knows how Linux was born. It became what
    it is because Linus listened to his users and added their additions to the
    source.

    Originally, Linus wrote Linux to be a platform for a simple terminal
    emulator so he could connect to the University's real Unix machines. Then
    he realized that this thing had become "the GNU Emacs of terminal
    emulators" and decided it would become a real operating system. It's all
    about users.

    >> I do NOT want linux to become a corporate business.

    >
    > So you do not believe people should be reimbursed for their efforts? Linux
    > is ALREADY a corporate business. It get sponshorship from everywhere. Its
    > just as corpratized as elite sports.


    Linux can be a very lucrative business if you can handle it. It does by no
    means mean you have to screw it up, like some Linux distributors tend to
    do.

    --
    Juha Siltala
    http://www.edu.helsinki.fi/activity/people/jsiltala/

  5. Re: M$ attack on Common Sense

    In comp.os.linux.misc Alan Connor wrote:
    >>
    >> The sad part is it's not just doctors and other small business users. I
    >> know a national chain of PET stored that used a few Linux machines and
    >> after having reliability problems with them, they have decided to move
    >> the Windows 2000.


    > I think you are lying.


    > Let's see some evidence, please.


    > By-the-way, calling someone who disagrees with you a "troll" is lame
    > indeed.


    > Lying and name-calling do nothing for your cause.


    > But then, what other recourse do you have?


    > Easier than presenting facts and data and responding to those awkward
    > questions, isn't it?


    This from Alan? The master of name calling and not presenting evidence
    for his assertions? That's so ironic it's gone beyond humerous right
    into pathetic.

    Doug


    --------
    Senior UNIX Admin
    O'Leary Computer Enterprises
    dkoleary@attbi.com (w) 630-904-6098 (c) 630-248-2749
    resume: http://home.attbi.com/~dkoleary/resume.html

  6. Re: DDOS attack Microsoft

    In comp.os.linux.misc User wrote:

    >> I have no cause but truth.

    > That is your truth only - you still have not provided _proof_ of your claims


    He never does. If you want some fun reading, do a groups.google.com
    search from comp.os.linux.misc for spam and/or Alan Connor...

    Doug


    --------
    Senior UNIX Admin
    O'Leary Computer Enterprises
    dkoleary@attbi.com (w) 630-904-6098 (c) 630-248-2749
    resume: http://home.attbi.com/~dkoleary/resume.html

  7. Re: M$ attack on Common Sense

    In comp.os.linux.misc Ed Murphy wrote:

    > Well, SCO is a whole other can of worms, seeing as the new owners are
    > waving around lots of lawsuits / threats-of-lawsuits, claiming ownership
    > of millions of lines of Linux source code, and otherwise (in the words of
    > no less an authority than Linus Torvalds himself) "smoking crack".


    I never considered SCO UNIX anyway. Any company that makes you pay
    extra for TCP/IP networking has completely missed the concept of UNIX.

    Doug


    --------
    Senior UNIX Admin
    O'Leary Computer Enterprises
    dkoleary@attbi.com (w) 630-904-6098 (c) 630-248-2749
    resume: http://home.attbi.com/~dkoleary/resume.html

  8. Re: DDOS attack Microsoft

    On Tue, 09 Sep 2003 11:18:22 GMT, Juha Siltala wrote:
    >
    >
    > In article <7qg7b.90468$bo1.55964@news-server.bigpond.net.au>, User wrote:
    >> "Alan Connor" wrote in message
    >>
    >>> Linux is inherently more secure than XP.
    >>> Linux is much less buggy than XP.

    >>
    >> They appear to be something you just threw into the forest. In fact many
    >> linux distros are shipped with (known) bugs in them just to beet other
    >> distros to the market.

    >
    > "Linux is inherently more secure than XP" is of course bull****. What is
    > this "inherent-ness"? I say Linux is secure because it has the age-old
    > Unix security features that have always been in there.



    So you say that I'm posting bull**** and then explain why what I posted
    is true.



    >
    > --
    > Juha Siltala
    > http://www.edu.helsinki.fi/activity/people/jsiltala/




    You need a good dictionary. "Inherentliy" starts with an "i".


    Alan C


    --

    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a



  9. Re: DDOS attack Microsoft

    On Tue, 09 Sep 2003 08:44:51 GMT, User wrote:
    >
    >
    > "Alan Connor" wrote in message
    > news:4zd7b.4290$PE6.2538@newsread3.news.pas.earthl ink.net...
    >> On Tue, 09 Sep 2003 04:22:11 GMT, Mike Byrns

    > wrote:
    >
    >> I have no cause but truth.

    >
    > That is your truth only - you still have not provided _proof_ of your claims
    >
    >> Linux is inherently more secure than XP.
    >> Linux is much less buggy than XP.

    >
    > They appear to be something you just threw into the forest. In fact many
    > linux distros are shipped with (known) bugs in them just to beet other
    > distros to the market.
    >


    Moronic statement #12


    >> I do NOT want linux to become a consumer product.

    >
    > So I guess you are saying you do not want users to use the OS. You just
    > want it for an elitist little group.



    No. I want it to remain a computer, NOT to become a another television, NOT
    to see the greatest communucations tool ever invented become the toy of
    airhead consumers who would waste it playing games, watching videos, and
    listening to music.



    Then you want to bag other people who
    > give consumers what they want plus you want to bag consumers for asking for
    > what they want.
    >
    > What world do you live on?
    >


    Not yours, thank the gods.



    > "I do not want television to be a consumer product".
    >


    ****ing moron.


    >> I do NOT want linux to become a corporate business.

    >
    > So you do not believe people should be reimbursed for their efforts? Linux
    > is ALREADY a corporate business. It get sponshorship from everywhere. Its
    > just as corpratized as elite sports.
    >
    >
    >
    >


    SOME distros are corporate products. Few of them.


    I have no problems with people making a living from linux, but there is a
    vast difference between that and corporate business, where everything is
    controlled by greedy and a-moral stockholders and banks and insurance
    companies.



    I am sick of your stupid posts


    killfiled.


    Alan C


    --

    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a



  10. Re: DDOS attack Microsoft

    On Sun, 07 Sep 2003 19:16:35 GMT, Alan Connor
    wrote:

    [snip]
    >
    >Yes, I always spot bull****ters (your spelling of UNIX as "Unix" gave you
    >away: No UNIX professional would ever do that.)
    >

    I am one, and I do. If you are also one, then name the main players
    consortium who started Unix, and the product that they intended to
    build.

    Then tell us all why it was renamed Unix.
    >and expose them.


    I bet you spell kernel with an a, too.

    Steve
    >
    >
    >Now go bore someone else, Microsoft Weenie.
    >
    >
    >Alan C




  11. Re: DDOS attack Microsoft

    As you say:

    > > In article ,
    > > alanconnor@earthlink.net says...
    > > [snip]
    > >> Alan C

    > >
    > > PLONK
    > >
    > > --
    > > --
    > > spamfree999@rrohio.com
    > > (Remove 999 to reply to me)

    >
    >
    > Run and hide
    >
    > (and good riddance)


    "Run and hide (and good riddance)"

    "Alan Connor" wrote in message
    news:X_l7b.5188$Yt.3119@newsread4.news.pas.earthli nk.net...
    > On Tue, 09 Sep 2003 08:44:51 GMT, User wrote:
    >
    > ****ing moron.
    >
    > I am sick of your stupid posts
    >
    > killfiled.
    >
    > Alan C




  12. Re: M$ attack on Common Sense

    I use both Windows and Linux. This last two weeks have been hell on
    my Windows system. McAfee has a bug, which they won't even
    acknowledge, and I had to switch to Norton Antivirus. Norton's
    running fine for now, but I see from the newsgroups that it too has
    had problems. I look forward to the day when I can move all my stuff
    to Linux, and I expect it will be soon. A little more polish on the
    office and business applications, and the day will come.

    An alternative future is that Windows catches up with Linux on
    security, and then we have a choice of two nice, but fundamentally
    different systems. Why is it taking Microsoft so long? I'm looking
    for intelligent discussion of this issue in the newsgroups and
    websites (search term comp.security). I looked at this thread because
    the title was interesting, and there were 17 replies. What I find
    here is a childish flame war. I sense, however, that there are some
    intelligent people here who can shed some light on this issue.

    Let's see if we can redirect this discussion. Here are some possible
    answers to my question (in order of plausibility):

    1) Technical difficulty. Making Windows as secure as Unix will take
    a major overhaul of the most basic levels of the operating system. In
    Unix, users are isolated from each other (and the system) by a very
    robust access model. All files and processes have an owner. No user
    code (even virus code that is run inadvertently) can alter the files
    of another user. If viruses were to become prevalent in Linux
    systems, users would quickly learn to handle email and surf the
    internet only under a username whose files they don't mind losing.
    The worst a virus can do is destroy all files belonging to that
    username.

    2) Virus writers hate Microsoft. Like Al Queda, these losers attack
    anyone who is successful. If Linux were the dominant OS, they would
    go after Linux instead.

    3) Business inertia. The virus problem just hasn't risen to the
    level where Microsoft will give it serious attention. This last month
    should be a wakeup call.

    4) Conspiracy theory. Microsoft somehow benefits from the current
    situation. Even though they don't sell anti-virus software, they will
    in the future, and they see it as an opportunity to get control of
    everyone's computer.
    http://www.pcmag.com/article2/0,4149,991132,00.asp

    Let's not respond to the flames, and see if we can have a discussion
    that will actually help people understand what is happening.

    - Dave

  13. Re: M$ attack on Common Sense


    "Dave" wrote in message
    news:a3b19517.0309110654.5db832f9@posting.google.c om...

    > 2) Virus writers hate Microsoft. Like Al Queda, these losers attack
    > anyone who is successful. If Linux were the dominant OS, they would
    > go after Linux instead.


    Do virus writers really hate Microsoft or do they just want the biggest bang
    for the buck? [Personally I think it is the later. ] I suspect that if Mac
    or Linux or anything else were the dominant OS, then that would be the
    target, though likely less successfully so.

    > 3) Business inertia. The virus problem just hasn't risen to the
    > level where Microsoft will give it serious attention. This last month
    > should be a wakeup call.


    Probably too little too late - maybe WAY too late. MS has paid virtually no
    attention to security until very recently. Once you've lost the public's
    trust it is really hard to get it back. Combine the DRM of XP, the spyware
    issues, MS statements over the years that their goal is to have all software
    rented from central servers along with the chronic insecurity and you have a
    recipe for a public relations disaster. I have a Linux box, all the
    websites I run/own/control are on some variation of Linux, and several PCs -
    this one happens to be an XP. Linux is great for some things - but not
    children's software and not graphics software and not a bunch of other
    stuff. This thing runs all my very spendy Adobe software BUT I AM SICK AND
    TIRED OF MESSING WITH IT!!!! So even though it isn't a year old it is being
    replaced with an iMac posthaste (have you SEEN those - oh my goodness!
    http://store.apple.com/1-800-MY-APPL....2.1.1.0.0.1.0)


    > 4) Conspiracy theory. Microsoft somehow benefits from the current
    > situation. Even though they don't sell anti-virus software, they will
    > in the future, and they see it as an opportunity to get control of
    > everyone's computer.
    > http://www.pcmag.com/article2/0,4149,991132,00.asp


    Interesting article. Wouldn't doubt it - Bill's tactics for darned near
    forever have seemed to be buy up the competition and freeze what you can't
    buy out of the market. Find a truly fantastic program that competes with
    the MS half-baked version? Buy it and then burn it.

    > Let's not respond to the flames, and see if we can have a discussion
    > that will actually help people understand what is happening.
    >
    > - Dave




  14. Re: M$ attack on Common Sense

    On 11 Sep 2003 07:54:07 -0700, Dave wrote:
    >
    >
    > I use both Windows and Linux. This last two weeks have been hell on
    > my Windows system. McAfee has a bug, which they won't even
    > acknowledge, and I had to switch to Norton Antivirus. Norton's
    > running fine for now, but I see from the newsgroups that it too has
    > had problems. I look forward to the day when I can move all my stuff
    > to Linux, and I expect it will be soon. A little more polish on the
    > office and business applications, and the day will come.
    >
    > An alternative future is that Windows catches up with Linux on
    > security, and then we have a choice of two nice, but fundamentally
    > different systems.



    Why bother? The cost of the effort would make M$ even MORE expensive.



    Why is it taking Microsoft so long? I'm looking
    > for intelligent discussion of this issue in the newsgroups and
    > websites (search term comp.security). I looked at this thread because
    > the title was interesting, and there were 17 replies. What I find
    > here is a childish flame war. I sense, however, that there are some
    > intelligent people here who can shed some light on this issue.
    >
    > Let's see if we can redirect this discussion. Here are some possible
    > answers to my question (in order of plausibility):
    >
    > 1) Technical difficulty. Making Windows as secure as Unix will take
    > a major overhaul of the most basic levels of the operating system. In
    > Unix, users are isolated from each other (and the system) by a very
    > robust access model. All files and processes have an owner. No user
    > code (even virus code that is run inadvertently) can alter the files
    > of another user. If viruses were to become prevalent in Linux
    > systems, users would quickly learn to handle email and surf the
    > internet only under a username whose files they don't mind losing.
    > The worst a virus can do is destroy all files belonging to that
    > username.
    >
    > 2) Virus writers hate Microsoft. Like Al Queda, these losers attack
    > anyone who is successful. If Linux were the dominant OS, they would
    > go after Linux instead.
    >


    Without anywhere near the success they have now, and it would take
    real gurus to write those viruses/worms, and there aren't very many
    sickos with the patience and self-discipline to become gurus.


    > 3) Business inertia. The virus problem just hasn't risen to the
    > level where Microsoft will give it serious attention. This last month
    > should be a wakeup call.
    >
    > 4) Conspiracy theory. Microsoft somehow benefits from the current
    > situation. Even though they don't sell anti-virus software, they will
    > in the future, and they see it as an opportunity to get control of
    > everyone's computer.
    > http://www.pcmag.com/article2/0,4149,991132,00.asp
    >


    Something along those lines is a big part of the truth here.


    > Let's not respond to the flames, and see if we can have a discussion
    > that will actually help people understand what is happening.
    >
    > - Dave



    Discuss what?


    Whether we should bother turning a pathetic OS into one that could never
    be equal to UNIX/linux and would, at the end of the process, be even
    more expensive?

    Whether an essentially fascist/imperialist organization like M$ is
    going to become a "good guy"?


    Sounds like as big a waste of time as the flaming.


    (most of was started by the M$ crowd in an attempt to evade the hard questions)


    Alan C


    --

    take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a



  15. Re: M$ attack on Common Sense

    In message , Dave
    writes
    >websites (search term comp.security). I looked at this thread because
    >the title was interesting, and there were 17 replies. What I find
    >here is a childish flame war. I sense, however, that there are some
    >intelligent people here who can shed some light on this issue.
    >

    Actually, if you look back to the beginning of the thread, things were
    fairly civilised, much more so than the usual MS/Linux state of affairs.
    Try to get hold of the complete thread if you can.
    --
    Joe

  16. Re: M$ attack on Common Sense

    "Dave" wrote in message
    news:a3b19517.0309110654.5db832f9@posting.google.c om...
    > I use both Windows and Linux. This last two weeks have been hell on
    > my Windows system. McAfee has a bug, which they won't even
    > acknowledge, and I had to switch to Norton Antivirus. Norton's
    > running fine for now, but I see from the newsgroups that it too has
    > had problems. I look forward to the day when I can move all my stuff
    > to Linux, and I expect it will be soon. A little more polish on the
    > office and business applications, and the day will come.


    Most linux machines I come across have NO antivirus programs installed (even
    though there are several free versions available (eg F-Prot, OpenScan etc).
    This is not because there are no virii around for linux. Its just that mose
    linux users believe they are safe [and many are because they set their box
    up to do a specific task then just leave it - users realy use linux boxes on
    the desktop].

    I guess if you take all your norton and mcafee stuff off you'll be just like
    the majority of linux machines so long as you don't let any users touch the
    keyboard/mouse!!

    Actually there are a lot more viruses written for Linux than the Radio Shack
    TRS-80 machine. Why don't you move to the TRS-80? I have not heard of a
    single infection in the last half a decade.

    > An alternative future is that Windows catches up with Linux on
    > security, and then we have a choice of two nice, but fundamentally
    > different systems. Why is it taking Microsoft so long? I'm looking
    > for intelligent discussion of this issue in the newsgroups and
    > websites (search term comp.security). I looked at this thread because
    > the title was interesting, and there were 17 replies. What I find
    > here is a childish flame war. I sense, however, that there are some
    > intelligent people here who can shed some light on this issue.


    Its only turned into a flame war by some people who appear to have been
    recently introduced to unix like machines and don't know how easily they are
    compramised.

    > Let's see if we can redirect this discussion. Here are some possible
    > answers to my question (in order of plausibility):


    > 1) Technical difficulty. Making Windows as secure as Unix will take
    > a major overhaul of the most basic levels of the operating system. In
    > Unix, users are isolated from each other (and the system) by a very
    > robust access model. All files and processes have an owner. No user


    Have you seen Windows NT or XP Professional? NTFS supports unix like file
    ownership and permissions.

    > code (even virus code that is run inadvertently) can alter the files
    > of another user. If viruses were to become prevalent in Linux
    > systems, users would quickly learn to handle email and surf the
    > internet only under a username whose files they don't mind losing.
    > The worst a virus can do is destroy all files belonging to that
    > username.


    This is wrong. The goal of many virus programs these days do not destroy
    files. They try to do the following things

    1. Install themselves to run on bootup
    2. Remain hidden (remove zonealarm, Norton processes etc)
    3. Try to spread themselves
    4. Gather information (usually PASSWORDS)

    The worst many of the viruses can do is empty your bank accounts and spend
    your credit to its limit then log into your associates computers and do the
    same for them. Passwords/information are more important than files so virii
    go for them.

    This also defeats the primary security for unix like machines for home
    users. The most malicous viruses install keyloggers (which can be done in a
    user account) and detect passwords [such as the root passsword]. Most ssh
    daemons are set to disallow remote root login and sysadmins are FORCED to
    login as a general user and su to root. [this is the case on all
    monitorless gateways I know of] Great scheme for a keylogger installed on a
    user account. On most linux systems the only way to stop keyloggers from
    getting root access is by logging out of the user accout and logging into
    the root account at the console each time you want to do something. Not
    many people do this because the system allows (and encourages) changing
    users on hte fly.

    Don't forget that in the home user and small business situation [where a
    large proportion of computers reside] the system administrator is also the
    primary user.

    (This is of course assuming the virus didn't take advantage of a system bug
    and used the user web browsing / email etc to install itself as many do)

    The really bad thing with linux is that its far easier for virii to remain
    hidden. Not many home or small business users use antivrus software on
    their linux machines [mainly because the linux zealots promote linux as
    being hard/impossible to crack and are lead into a false sense of security].
    Furthermore there are rootkits easily available from the net that defeat
    most of the linux admin tools. So once its actually installed its far
    easier for a virus to remain hidden on a linux box.

    Because of the many different configurations available to linux (even one
    distributer) if they because as popular as windows it would be difficult to
    detect viral activity once a machine is compramised and to eradicate the
    virus. Difficulties include:

    an inherently network based OS
    multiple methods of installing software - no very good installation tracking
    a large number of start points for malicous code

    further

    To provide the same connectivity as windows many linux machines have Samba
    installed (which appears to be a copy of the windows system). This is just
    as insecure for linux machines as it is for windows as far as speading
    viruses go. While Samba share vunerabilities have not been exploited to
    spread (copy) viruses amongst linux machines this is probably because not
    many linux machines are found on a single subnet these days. (see your next
    comment)

    > 2) Virus writers hate Microsoft. Like Al Queda, these losers attack
    > anyone who is successful. If Linux were the dominant OS, they would
    > go after Linux instead.


    There is a difference between hating microsoft and going for the maximum
    effect from your virus. Most users are Microsoft. Use the TRS80 to be
    virus free.

    > 3) Business inertia. The virus problem just hasn't risen to the
    > level where Microsoft will give it serious attention. This last month
    > should be a wakeup call.


    > 4) Conspiracy theory. Microsoft somehow benefits from the current
    > situation. Even though they don't sell anti-virus software, they will
    > in the future, and they see it as an opportunity to get control of
    > everyone's computer.
    > http://www.pcmag.com/article2/0,4149,991132,00.asp


    On the one hand you say M$ don't give it serious attention then suggest that
    M$ are developing antivirus strategies.

    > Let's not respond to the flames, and see if we can have a discussion
    > that will actually help people understand what is happening.


    Sure. IMHO its a pity that many

    > - Dave




  17. Re: M$ attack on Common Sense

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    OK, I don't usually respond to drivel like this, but I'm board today.

    > "Dave" wrote in message
    > news:a3b19517.0309110654.5db832f9@posting.google.c om...
    > > I use both Windows and Linux. This last two weeks have been hell on
    > > my Windows system. McAfee has a bug, which they won't even
    > > acknowledge, and I had to switch to Norton Antivirus. Norton's
    > > running fine for now, but I see from the newsgroups that it too has
    > > had problems. I look forward to the day when I can move all my stuff
    > > to Linux, and I expect it will be soon. A little more polish on the
    > > office and business applications, and the day will come.

    >
    > Most linux machines I come across have NO antivirus programs installed (even
    > though there are several free versions available (eg F-Prot, OpenScan etc).
    > This is not because there are no virii around for linux. Its just that mose
    > linux users believe they are safe [and many are because they set their box
    > up to do a specific task then just leave it - users realy use linux boxes on
    > the desktop].


    >From the F-Prot web site, these are the numbers of virii it scans for:

    41381 DOS/Windows
    266 Unix/Linux

    So, which OS would you like to be running. I didn't look at the
    definitions, but I'd be willing to bet that most of the 266 Unix/Linux
    (Note that not all Unix virii can effect Linux and vice versa, so there
    are actually less then 266 that could possible effect Linux) exploited older
    versions and would not effect more recent installations.

    More to the point the reason for having F-Prot is to scan for windows
    virii, if you don't run Windows, you don't need to be doing that, now do
    you?

    A google search for `virus OpenScan' Produced 0 results, and one for
    `"Open Scan" virus' Produced nothing relevant, so I'm going to wager you
    were mistaken about that one. OpenScan seems to be scanner drivers.

    I know.... you said etc, so there must be others! To make a long story
    short they mostly scan for windows virii, so that your linux mail server
    can prevent your retarded windows users for even having a chance to infect
    themselves.

    As for use as a desktop I'm sitting at my linux desktop right now (at
    work) and I have one at home as well. I know you'll look at my Headers and
    see that this came from Solaris, but don't get upset. You see in the Unix
    world you can connect to other machines (ssh) and run programs there. Such
    as pine, which I use to check E-mail and read news groups.

    > I guess if you take all your norton and mcafee stuff off you'll be just like
    > the majority of linux machines so long as you don't let any users touch the
    > keyboard/mouse!!


    Flame bait! This statement is nothing but inflammatory.

    > Actually there are a lot more viruses written for Linux than the Radio Shack
    > TRS-80 machine. Why don't you move to the TRS-80? I have not heard of a
    > single infection in the last half a decade.


    More Flame bait.

    > > An alternative future is that Windows catches up with Linux on
    > > security, and then we have a choice of two nice, but fundamentally
    > > different systems. Why is it taking Microsoft so long? I'm looking
    > > for intelligent discussion of this issue in the newsgroups and
    > > websites (search term comp.security). I looked at this thread because
    > > the title was interesting, and there were 17 replies. What I find
    > > here is a childish flame war. I sense, however, that there are some
    > > intelligent people here who can shed some light on this issue.

    >
    > Its only turned into a flame war by some people who appear to have been
    > recently introduced to unix like machines and don't know how easily they are
    > compramised.


    Half of that statement is true. I will admit that there are retarded Linux
    users, just as there are retarded windows users; windows just has more of
    them, but the Linux ones tend to be more vocal. If its so easy to
    compromise, why have I had zero problems in the last five years. I used to
    work in network security, and I can tell you that only about 5% of the
    incidents we got involved Unix or Linux boxes. And most of the ones that
    did were hacked (cracked rather, research the difference if you don't
    know it) into, not infected by the worm de jour.

    > > Let's see if we can redirect this discussion. Here are some possible
    > > answers to my question (in order of plausibility):

    >
    > > 1) Technical difficulty. Making Windows as secure as Unix will take
    > > a major overhaul of the most basic levels of the operating system. In
    > > Unix, users are isolated from each other (and the system) by a very
    > > robust access model. All files and processes have an owner. No user

    >
    > Have you seen Windows NT or XP Professional? NTFS supports unix like file
    > ownership and permissions.


    The hell it does, My Administrator account cannot read the files from my
    user account. Ownership and permission doesn't really matter on a machine
    that is designed to be used my a single user, and that single user usually
    runs with full privileges. (Yes, I did admit to using windows, I have and
    Xpee box as well, so I can play games; it only leaves me feeling slightly
    dirty).

    I would also wager that most Windows users have no idea what to do with
    ownership and permission settings.

    > > code (even virus code that is run inadvertently) can alter the files
    > > of another user. If viruses were to become prevalent in Linux
    > > systems, users would quickly learn to handle email and surf the
    > > internet only under a username whose files they don't mind losing.
    > > The worst a virus can do is destroy all files belonging to that
    > > username.

    >
    > This is wrong. The goal of many virus programs these days do not destroy
    > files. They try to do the following things
    >
    > 1. Install themselves to run on bootup
    > 2. Remain hidden (remove zonealarm, Norton processes etc)
    > 3. Try to spread themselves
    > 4. Gather information (usually PASSWORDS)
    >
    > The worst many of the viruses can do is empty your bank accounts and spend
    > your credit to its limit then log into your associates computers and do the
    > same for them. Passwords/information are more important than files so virii
    > go for them.


    I'll admit this is true, real harm from virii does not come from damaging
    files. But then again, if you are dumb enough to leave all your banking
    information and passwords sitting around in those files, you get what you
    deserve.

    > This also defeats the primary security for unix like machines for home
    > users. The most malicous viruses install keyloggers (which can be done in a
    > user account) and detect passwords [such as the root passsword].


    Granted. Key loggers are quite bad.

    > Most ssh
    > daemons are set to disallow remote root login and sysadmins are FORCED to
    > login as a general user and su to root. [this is the case on all
    > monitorless gateways I know of]


    Gee, since most sysadmins are "forcing" this on themselves, I bet its
    really not a bad thing. In fact I force myself to do this, why had I never
    though of opening up the root logging to the network so I could be more
    vulnerable. Oh, but I do have public-key authentication on for the root
    account (actually that only on the machines behind my firewall, and not on
    the firewall itself), so I can log directly into the root account with no
    password ever typed. Also, people should be in the habit of sudo-ing
    things which still only exposed your password and not the root users. It is
    important to note that you cannot (with just a user privilege) grab the
    password during login, since that process is run by root. So a key grabber
    has to wait for you to login to something else to get your password, if
    you never do that (and there are many ways to avoid it, and still be
    fully productive) you have defeated it.

    Admittedly this takes more time and effort to set up, but in the long run
    you are safer, more secure in your authentication, and actually use your
    password less.

    > Great scheme for a keylogger installed on a
    > user account. On most linux systems the only way to stop keyloggers from
    > getting root access is by logging out of the user accout and logging into
    > the root account at the console each time you want to do something. Not
    > many people do this because the system allows (and encourages) changing
    > users on hte fly.


    There is no venerability in changing users "on the fly". Even XP lets you
    do this, and MacOS 10.3 will as well.

    > Don't forget that in the home user and small business situation [where a
    > large proportion of computers reside] the system administrator is also the
    > primary user.


    And your point here is?
    Actually most computers are in large businesses, banks, insurance,
    airlines, etc. Most windows machines are at home and in small business
    (hopefully this will change in the future).

    > (This is of course assuming the virus didn't take advantage of a system bug
    > and used the user web browsing / email etc to install itself as many do)


    I'm not sure I follow you here. What exactly do you mean by install? In
    general on Unix/Linux you just run programs. "Installation" just means
    putting them in a particular place so they are easy to find (not junking
    up some magic centralized registry). Even so the user could not "install"
    the program system wide (a root thing to do), and even though they could
    set the permissions so that every one could run the program, they would
    still have to run it to be infected/compromised. Any one who just runs
    things haphazardly gets what they deserve.

    > The really bad thing with linux is that its far easier for virii to remain
    > hidden. Not many home or small business users use antivrus software on
    > their linux machines [mainly because the linux zealots promote linux as
    > being hard/impossible to crack and are lead into a false sense of security].
    > Furthermore there are rootkits easily available from the net that defeat
    > most of the linux admin tools. So once its actually installed its far
    > easier for a virus to remain hidden on a linux box.


    Anti-virus dispelled above. There are rootkit checkers available. When
    your system is acting odd, unlike windows this is not expected on
    Unix/Linux, You shut it down, then reboot off known good media, RedHat
    recovery, Knopix, Gentoo, etc.. Then run the rootkit checker, this is
    arguably virus scan for linux, and yes perhaps it should be done routinely
    by more people. Rootkits can only defeat the tools on the system that was
    infected, if you boot from known good media, they are easy to spot.

    The way these root kits work is by overwriting common system utilities so
    that these utilities will not show the existence of the root kit. The
    problem with this is they usually change the metadata of those system
    files, so when certain files that _never_ change are now 30x bigger and
    have a change date of yesterday (instead of the install date of the
    system) you see large red flags waving.

    > Because of the many different configurations available to linux (even one
    > distributer) if they because as popular as windows it would be difficult to
    > detect viral activity once a machine is compramised and to eradicate the
    > virus. Difficulties include:


    These claims make no sense.

    > an inherently network based OS

    This is somehow better then an OS that is kludged onto the internet?

    > multiple methods of installing software - no very good installation tracking

    Installation was covered above. Good users on any system should document
    on their own what they installed and when. There are tools available that
    will show changes in the file system.

    > a large number of start points for malicous code

    What does this mean?!?!?

    > further
    >
    > To provide the same connectivity as windows many linux machines have Samba
    > installed (which appears to be a copy of the windows system). This is just
    > as insecure for linux machines as it is for windows as far as speading
    > viruses go. While Samba share vunerabilities have not been exploited to
    > spread (copy) viruses amongst linux machines this is probably because not
    > many linux machines are found on a single subnet these days. (see your next
    > comment)


    Misleading wording. Samba is what windows supports out of the box, and
    since it is such a pain to add NFS or AFS to it, and most of todays Linux
    distributions support samba out of the box, samba is what is used to
    connect to Windows boxes. This is not and cannot, for any number of
    reasons, be a "copy of the windows system" (however you want to define
    system).

    >From http://us1.samba.org/samba/samba.html

    Samba is an Open Source/Free Software suite that provides seamless file
    and print services to SMB/CIFS clients. Samba is freely available under
    the GNU General Public License.

    It is simply away to communicate. The exploitations happen in Microsoft's
    implementation of the SMB/CIFS protocols. And even if Samba on Linux were
    vulnerable, what good would it do to force it to run windows code?

    > > 2) Virus writers hate Microsoft. Like Al Queda, these losers attack
    > > anyone who is successful. If Linux were the dominant OS, they would
    > > go after Linux instead.

    >
    > There is a difference between hating microsoft and going for the maximum
    > effect from your virus. Most users are Microsoft. Use the TRS80 to be
    > virus free.


    Yes, I imagine a large reason virii are written for Windows, is because
    there in a larger population to infect. I also believe that it even if it
    is not easier to write malware for windows, there are more holes to
    exploit, again a larger target population.

    > > 3) Business inertia. The virus problem just hasn't risen to the
    > > level where Microsoft will give it serious attention. This last month
    > > should be a wakeup call.

    >
    > > 4) Conspiracy theory. Microsoft somehow benefits from the current
    > > situation. Even though they don't sell anti-virus software, they will
    > > in the future, and they see it as an opportunity to get control of
    > > everyone's computer.
    > > http://www.pcmag.com/article2/0,4149,991132,00.asp

    >
    > On the one hand you say M$ don't give it serious attention then suggest that
    > M$ are developing antivirus strategies.


    These were all hypotheses, there is no reason to assume the author believes
    them all to be correct.

    > > Let's not respond to the flames, and see if we can have a discussion
    > > that will actually help people understand what is happening.

    >
    > Sure. IMHO its a pity that many


    Hopefully this will advance a sensible discussion.

    - --Aaron

    - --

    - -=- Aaron Croyle
    - -=- Sysadmin for the NOWLab (http://nowlab.cis.ohio-state.edu)

    "If you don't know where you want to go, we'll make sure you get taken."
    -- Japanese translation of Microsoft's slogan

    Protect yourself from the government:
    http://www.aclu.org/Privacy/Privacy.cfm?ID=11323&c=130

    Get my public GPG key here:
    http://www.cis.ohio-state.edu/~croyle/croyle.cis.asc

    Fingerprint: CFCF 6744 3AE1 98F6 7BC2 4896 06BD 1EB6 FB83 1A86
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SunOS)
    Comment: For info see http://quantumlab.net/pine_privacy_guard/

    iD8DBQE/YdQpBr0etvuDGoYRAouZAJ9iBOH2m94jinZTj3e3JG7i7qtJ8A CdHH8I
    /LkM1Qv7P3UvJhM4Ea3HJMc=
    =qIp/
    -----END PGP SIGNATURE-----


  18. Re: M$ attack on Common Sense

    Hi,

    > As for use as a desktop I'm sitting at my linux desktop right now (at
    > work) and I have one at home as well. I know you'll look at my Headers and
    > see that this came from Solaris, but don't get upset. You see in the Unix
    > world you can connect to other machines (ssh) and run programs there. Such
    > as pine, which I use to check E-mail and read news groups.


    Connecting to other machines and running programs there is not a Unix only
    feature.
    You can do that on Windows too...

    Mac?

    Regards,
    Manoj



  19. Re: M$ attack on Common Sense

    On Fri, 12 Sep 2003 20:04:24 +0530, Manoj Paul Joseph
    wrote:
    >
    >Connecting to other machines and running programs there is not a Unix only
    >feature.
    >You can do that on Windows too...
    >
    >Mac?


    You can do it on anything with a network connection of some sort and at
    least something akin to telnet or better. That pretty much includes all
    machines from old 8bit clunkers upwards (and probably downwards as
    well).

    Of course, being able to be connected to and have programs run on you
    has been much more the preserve of the unix/vms systems until recently.

    Frink

    --
    Doctor J. Frink : 'Rampant Ribald Ringtail'
    See his mind here : http://www.cmp.liv.ac.uk/frink/
    Annoy his mind here : pjf at cmp dot liv dot ack dot ook
    "No sir, I didn't like it!" - Mr Horse

  20. Re: M$ attack on Common Sense

    aaron matthew croyle scribbled:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1


    > OK, I don't usually respond to drivel like this, but I'm board today.


    OK I'll play (and in the 'tone' that you want this debate to head in)
    I'll ignore the spelling mistake for the moment....

    Opps I didn't ignore it..... ;-)

    It's *BORED* That's B O R E D.....

    Doesn't your Linux news reader support a spelling checker?

    >> "Dave" wrote in message
    >> news:a3b19517.0309110654.5db832f9@posting.google.c om...
    >>> I use both Windows and Linux. This last two weeks have been hell on
    >>> my Windows system. McAfee has a bug, which they won't even
    >>> acknowledge, and I had to switch to Norton Antivirus. Norton's
    >>> running fine for now, but I see from the newsgroups that it too has
    >>> had problems. I look forward to the day when I can move all my
    >>> stuff to Linux, and I expect it will be soon. A little more polish
    >>> on the office and business applications, and the day will come.

    >>
    >> Most linux machines I come across have NO antivirus programs
    >> installed (even though there are several free versions available (eg
    >> F-Prot, OpenScan etc). This is not because there are no virii around
    >> for linux. Its just that mose linux users believe they are safe
    >> [and many are because they set their box up to do a specific task
    >> then just leave it - users realy use linux boxes on the desktop].

    >
    >> From the F-Prot web site, these are the numbers of virii it scans
    >> for:


    > 41381 DOS/Windows
    > 266 Unix/Linux


    > So, which OS would you like to be running. I didn't look at the
    > definitions, but I'd be willing to bet that most of the 266 Unix/Linux
    > (Note that not all Unix virii can effect Linux and vice versa, so
    > there
    > are actually less then 266 that could possible effect Linux)
    > exploited older versions and would not effect more recent
    > installations.


    FYI:
    Linux Still Less Secure Than Windows
    On the flip side of the coin, I should point out that Linux still
    suffers from far more security bugs and other vulnerabilities than
    Windows does. Researchers at mi2g Intelligence Unit (http://mi2g.com),
    which has been tracking and verifying computer-based vulnerabilities
    since 1995, say that in August 67 percent of all successful and
    verifiable attacks against servers targeted Linux, compared with just
    23.2 percent that targeted Windows--and August was the month during
    which SoBig.F and MSBlaster hit.

    Furthermore, 12,892 e-business sites running Linux were successfully
    breached during that month, compared with just 4626 sites running
    Windows. Windows vulnerabilities get more press because more people run
    Windows on the desktop, so any Windows-based worms or viruses will
    generally affect a far larger group of individuals.
    But anyone who thinks that jumping to Linux is a cure-all should think
    again. Even if you don't consider the usage numbers, everyone's
    favourite open-source poster boy is still a huge target for attackers.
    An often-irreverent look at some of the week's other stories, by
    [Paul Thurrott http://www.winnetmag.com]

    > More to the point the reason for having F-Prot is to scan for windows
    > virii, if you don't run Windows, you don't need to be doing that, now
    > do you?
    > A google search for `virus OpenScan' Produced 0 results, and one for
    > `"Open Scan" virus' Produced nothing relevant, so I'm going to wager
    > you were mistaken about that one. OpenScan seems to be scanner
    > drivers.
    > I know.... you said etc, so there must be others! To make a long story
    > short they mostly scan for windows virii, so that your linux mail
    > server can prevent your retarded windows users for even having a
    > chance to infect themselves.


    > As for use as a desktop I'm sitting at my linux desktop right now (at
    > work) and I have one at home as well. I know you'll look at my
    > Headers and see that this came from Solaris, but don't get upset. You
    > see in the Unix world you can connect to other machines (ssh) and run
    > programs there. Such as pine, which I use to check E-mail and read
    > news groups.


    From my Network World daily e-mail newsletter:

    NETWORK WORLD NEWSLETTER: JASON MESERVE ON VIRUS AND BUG PATCH ALERT
    09/11/03
    Today's focus: Another Blaster-like vulnerability
    In this issue:

    * Patches from Red Hat, others
    * Beware worm that spreads via P2P networks
    * Sobig's success prompts calls for secure e-mail, and other interesting
    reading
    * Links related to Virus and Bug Patch Alert

    Buffer overflow vulnerability in pine
    iDefense has found a couple of buffer problems in the pine e-mail
    client. Both of the flaws could be exploited to run arbitrary code on
    the affected machine. Pine Version 4.58 fixes the problem. For more, go
    to:
    iDefense advisory:


    How to obtain Pine updates:


    Red Hat update:


    Slackware update:


    Red Hat patches flaw in GtkHTML
    Red Hat is reporting a flaw in GtkHTML, the HTML rendering engine for
    the Evolution e-mail reader. A user could get the application to point
    to a null pointer, causing the system to crash. For more, go to:


    SCO releases Samba update for OpenServer
    A flaw in SCO's Samba implementation for OpenServer could be exploited
    by a remote user to gain root access to the affected machine. The
    updated binaries can be found here:



    Nearly *every day* this e-letter list OSS/Linux vulnerabilities that it
    does for any MS OS or application.....

    Then there are these websites (just a few of many note) which need to be
    *ESSENTIAL and REQUIRED* reading of anyone running OSS/Linux....

    http://www.partyvibe.com/flavour/linux/security.htm
    http://www.linuxsecurity.com/advisories/index.html
    http://www.opennet.ru/base/linux/
    http://www.securityfocus.com/news/19
    http://lists.debian.org/debian-security-announce/

    >> I guess if you take all your norton and mcafee stuff off you'll be
    >> just like the majority of linux machines so long as you don't let
    >> any users touch the keyboard/mouse!!


    > Flame bait! This statement is nothing but inflammatory.


    And your's aren't?

    >> Actually there are a lot more viruses written for Linux than the
    >> Radio Shack TRS-80 machine. Why don't you move to the TRS-80? I
    >> have not heard of a single infection in the last half a decade.


    > More Flame bait.


    From you as well......

    >>> An alternative future is that Windows catches up with Linux on
    >>> security, and then we have a choice of two nice, but fundamentally
    >>> different systems. Why is it taking Microsoft so long? I'm
    >>> looking for intelligent discussion of this issue in the newsgroups
    >>> and websites (search term comp.security). I looked at this thread
    >>> because the title was interesting, and there were 17 replies. What
    >>> I find here is a childish flame war. I sense, however, that there
    >>> are some intelligent people here who can shed some light on this
    >>> issue.


    >> Its only turned into a flame war by some people who appear to have
    >> been recently introduced to unix like machines and don't know how
    >> easily they are compramised.


    > Half of that statement is true. I will admit that there are retarded
    > Linux users, just as there are retarded windows users; windows just
    > has more of them, but the Linux ones tend to be more vocal.


    Far more vocal. Just read COLA (comp.os.linux.advocacy) for a few days
    for evidence of that

    > If its so
    > easy to compromise, why have I had zero problems in the last five
    > years.


    You mean like I have for the last *twelve years running various versions
    of Microsoft OS'es and applications?

    > I used to work in network security, and I can tell you that
    > only about 5% of the incidents we got involved Unix or Linux boxes.
    > And most of the ones that did were hacked (cracked rather, research
    > the difference if you don't
    > know it) into, not infected by the worm de jour.


    Anecdotal experiences are interesting, but hardly count as factual
    evidence that generally applies to everyone.....

    >>> Let's see if we can redirect this discussion. Here are some
    >>> possible answers to my question (in order of plausibility):
    >>> 1) Technical difficulty. Making Windows as secure as Unix will
    >>> take a major overhaul of the most basic levels of the operating
    >>> system. In Unix, users are isolated from each other (and the
    >>> system) by a very robust access model. All files and processes
    >>> have an owner. No user


    >> Have you seen Windows NT or XP Professional? NTFS supports unix
    >> like file ownership and permissions.


    > The hell it does, My Administrator account cannot read the files from
    > my user account. Ownership and permission doesn't really matter on a
    > machine that is designed to be used my a single user, and that single
    > user usually runs with full privileges. (Yes, I did admit to using
    > windows, I have and Xpee box as well, so I can play games; it only
    > leaves me feeling slightly dirty).


    My turn; Flame bait......
    It's interesting that you choose to see using a computer running an OS
    as some sort of 'moral indiscression' on your part.
    It's a typical comment and response of a OSS/Linux zealot.

    It's just a *computer running an OS*........

    > I would also wager that most Windows users have no idea what to do
    > with ownership and permission settings.


    I would wager most Linux users have to set ownership and permissions
    just to make their OS boot.....
    See I can make stupid comments about millions of other people I dont
    know as well. See how easy it is to do things like THAT......

    >>> code (even virus code that is run inadvertently) can alter the files
    >>> of another user. If viruses were to become prevalent in Linux
    >>> systems, users would quickly learn to handle email and surf the
    >>> internet only under a username whose files they don't mind losing.
    >>> The worst a virus can do is destroy all files belonging to that
    >>> username.


    >> This is wrong. The goal of many virus programs these days do not
    >> destroy files. They try to do the following things
    >> 1. Install themselves to run on bootup
    >> 2. Remain hidden (remove zonealarm, Norton processes etc)
    >> 3. Try to spread themselves
    >> 4. Gather information (usually PASSWORDS)
    >> The worst many of the viruses can do is empty your bank accounts and
    >> spend your credit to its limit then log into your associates
    >> computers and do the same for them. Passwords/information are more
    >> important than files so virii go for them.


    > I'll admit this is true, real harm from virii does not come from
    > damaging files. But then again, if you are dumb enough to leave all
    > your banking information and passwords sitting around in those files,
    > you get what you deserve.


    For *anyone* using a computer........

    >> This also defeats the primary security for unix like machines for
    >> home users. The most malicous viruses install keyloggers (which can
    >> be done in a user account) and detect passwords [such as the root
    >> passsword].


    > Granted. Key loggers are quite bad.


    On *any* computer running *any* OS......

    >> Most ssh
    >> daemons are set to disallow remote root login and sysadmins are
    >> FORCED to login as a general user and su to root. [this is the case
    >> on all monitorless gateways I know of]


    > Gee, since most sysadmins are "forcing" this on themselves, I bet its
    > really not a bad thing. In fact I force myself to do this, why had I
    > never though of opening up the root logging to the network so I could
    > be more vulnerable. Oh, but I do have public-key authentication on
    > for the root account (actually that only on the machines behind my
    > firewall, and not on the firewall itself), so I can log directly into
    > the root account with no password ever typed. Also, people should be
    > in the habit of sudo-ing
    > things which still only exposed your password and not the root users.
    > It is important to note that you cannot (with just a user privilege)
    > grab the password during login, since that process is run by root. So
    > a key grabber has to wait for you to login to something else to get
    > your password, if
    > you never do that (and there are many ways to avoid it, and still be
    > fully productive) you have defeated it.


    But it *can* happen right? Right.....

    > Admittedly this takes more time and effort to set up, but in the long
    > run you are safer, more secure in your authentication, and actually
    > use your password less.


    So how many OSS/Linux users do you think take the time to set it up, as
    opposed to those that have bought the 'belief' that, hey they're running
    Linux, they're safe, nothing like that can happen to them......

    >> Great scheme for a keylogger installed on a
    >> user account. On most linux systems the only way to stop keyloggers
    >> from getting root access is by logging out of the user accout and
    >> logging into the root account at the console each time you want to
    >> do something. Not many people do this because the system allows
    >> (and encourages) changing users on hte fly.


    > There is no venerability in changing users "on the fly". Even XP lets
    > you do this, and MacOS 10.3 will as well.


    It's called ease of use, and just like in Linux, if the PC is secure
    then changing users isn't a great security risk....

    >> Don't forget that in the home user and small business situation
    >> [where a large proportion of computers reside] the system
    >> administrator is also the primary user.


    > And your point here is?


    That they are the primary user......

    > Actually most computers are in large businesses, banks, insurance,
    > airlines, etc. Most windows machines are at home and in small business
    > (hopefully this will change in the future).



    >> (This is of course assuming the virus didn't take advantage of a
    >> system bug and used the user web browsing / email etc to install
    >> itself as many do)


    > I'm not sure I follow you here. What exactly do you mean by install?
    > In general on Unix/Linux you just run programs. "Installation" just
    > means putting them in a particular place so they are easy to find
    > (not junking
    > up some magic centralized registry). Even so the user could not
    > "install" the program system wide (a root thing to do), and even
    > though they could set the permissions so that every one could run the
    > program, they would still have to run it to be infected/compromised.
    > Any one who just runs things haphazardly gets what they deserve.


    ANYONE who does.......

    >> The really bad thing with linux is that its far easier for virii to
    >> remain hidden. Not many home or small business users use antivrus
    >> software on their linux machines [mainly because the linux zealots
    >> promote linux as being hard/impossible to crack and are lead into a
    >> false sense of security]. Furthermore there are rootkits easily
    >> available from the net that defeat most of the linux admin tools.
    >> So once its actually installed its far easier for a virus to remain
    >> hidden on a linux box.


    > Anti-virus dispelled above.


    Hardly.... See above.

    > There are rootkit checkers available. When
    > your system is acting odd, unlike windows this is not expected on
    > Unix/Linux, You shut it down, then reboot off known good media, RedHat
    > recovery, Knopix, Gentoo, etc.. Then run the rootkit checker, this is
    > arguably virus scan for linux, and yes perhaps it should be done
    > routinely by more people. Rootkits can only defeat the tools on the
    > system that was infected, if you boot from known good media, they are
    > easy to spot.
    > The way these root kits work is by overwriting common system
    > utilities so that these utilities will not show the existence of the
    > root kit. The problem with this is they usually change the metadata
    > of those system files, so when certain files that _never_ change are
    > now 30x bigger and have a change date of yesterday (instead of the
    > install date of the
    > system) you see large red flags waving.


    See above.
    Open source critics also argue that open source can lead to a false
    sense of security. They say that just because the source code is
    available doesn't guarantee that anyone is reading it. Nor does it mean
    that all the bugs have been found and fixed. Many users install and use
    open source software without ever looking at the code. They assume
    someone else has already scanned it for possible vulnerabilities.
    Undetected bugs have lingered in some popular open source packages for
    years. This is a legitimate concern.
    But make no mistake, simply being open source is no guarantee of
    security.
    Elias Levy, "Wide Open Source"
    http://online.securityfocus.com/news/19


    >> Because of the many different configurations available to linux
    >> (even one distributer) if they because as popular as windows it
    >> would be difficult to detect viral activity once a machine is
    >> compramised and to eradicate the virus. Difficulties include:


    > These claims make no sense.


    Yes they do.....

    >> an inherently network based OS


    > This is somehow better then an OS that is kludged onto the internet?


    What OS would that be?

    >> multiple methods of installing software - no very good installation
    >> tracking


    > Installation was covered above. Good users on any system should
    > document
    > on their own what they installed and when. There are tools available
    > that will show changes in the file system.


    And all OSS/Linux users are 'good' users?
    Or do they (you) just use app get (whatever that command is) and install
    whatever update or patch because you heard it was required without
    having a clue what it is that you're installing....

    >> a large number of start points for malicous code


    > What does this mean?!?!?


    I can understand what he means; Why cant you?.

    >> further
    >> To provide the same connectivity as windows many linux machines have
    >> Samba installed (which appears to be a copy of the windows system).
    >> This is just as insecure for linux machines as it is for windows as
    >> far as speading viruses go. While Samba share vunerabilities have
    >> not been exploited to spread (copy) viruses amongst linux machines
    >> this is probably because not many linux machines are found on a
    >> single subnet these days. (see your next comment)


    > Misleading wording. Samba is what windows supports out of the box, and
    > since it is such a pain to add NFS or AFS to it, and most of todays
    > Linux distributions support samba out of the box, samba is what is
    > used to connect to Windows boxes. This is not and cannot, for any
    > number of reasons, be a "copy of the windows system" (however you
    > want to define system).


    >> From http://us1.samba.org/samba/samba.html


    > Samba is an Open Source/Free Software suite that provides seamless
    > file
    > and print services to SMB/CIFS clients. Samba is freely available
    > under
    > the GNU General Public License.
    > It is simply away to communicate. The exploitations happen in
    > Microsoft's implementation of the SMB/CIFS protocols. And even if
    > Samba on Linux were vulnerable, what good would it do to force it to
    > run windows code?


    See the list of OSS/Linux websites that update at least once a week, if
    not more often, all the vulnerabilities and flaws in Linux/OSS.....
    For a secure OS, and applications, there sure are a LOT of
    vulnerabilities and flaws listed....

    >>> 2) Virus writers hate Microsoft. Like Al Queda, these losers
    >>> attack anyone who is successful. If Linux were the dominant OS,
    >>> they would go after Linux instead.


    >> There is a difference between hating microsoft and going for the
    >> maximum effect from your virus. Most users are Microsoft. Use the
    >> TRS80 to be virus free.


    > Yes, I imagine a large reason virii are written for Windows, is
    > because there in a larger population to infect. I also believe that
    > it even if it is not easier to write malware for windows, there are
    > more holes to exploit, again a larger target population.


    To repeat:
    See the list of OSS/Linux websites that update at least once a week, if
    not more often, all the vulnerabilities and flaws in Linux/OSS.....
    For a secure OS, and applications, there sure are a LOT of
    vulnerabilities and flaws listed....

    >>> 3) Business inertia. The virus problem just hasn't risen to the
    >>> level where Microsoft will give it serious attention. This last
    >>> month should be a wakeup call.
    >>> 4) Conspiracy theory. Microsoft somehow benefits from the current
    >>> situation. Even though they don't sell anti-virus software, they
    >>> will in the future, and they see it as an opportunity to get
    >>> control of everyone's computer.
    >>> http://www.pcmag.com/article2/0,4149,991132,00.asp


    >> On the one hand you say M$ don't give it serious attention then
    >> suggest that M$ are developing antivirus strategies.


    > These were all hypotheses, there is no reason to assume the author
    > believes them all to be correct.


    Hypotheses are generally proposed as something the proposer believes
    will or should happen....

    >>> Let's not respond to the flames, and see if we can have a discussion
    >>> that will actually help people understand what is happening.


    >> Sure. IMHO its a pity that many


    > Hopefully this will advance a sensible discussion.


    You're off to a bad start then Aaron.....

    BTW How come your sig fails to follow the recommended usenet guidelines
    (that so many OSS/Linux users insist everyone has to follow):

    a.. No more than four lines. Occasionally called the "4-line McQuary
    limit".
    b.. Use "-- " as the beginning marker.
    Net etiquette (the "netiquette") and practice dictate about four lines
    at a maximum. This is a sensible and commendable restriction. But
    contrary to the common belief and frequent claims its nature is that of
    a recommendation. For example RFC 1855 Netiquette Guidelines by
    CyberNOTHING state "If you include a signature keep it short. Rule of
    thumb is no longer than 4 lines." (The "-- " beginning marker is not
    counted as one of the four lines.) Likewise A Primer on How to Work With
    the Usenet Community states "Don't Overdo Signatures". [Underlining is
    mine.] Furthermore, on the technical level some programs and ISPs
    automatically limit the signature length to the said four lines.

    http://www.uwasa.fi/~ts/http/signatur.html

    snip bloated, irrelevant sig......
    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke


+ Reply to Thread
Page 5 of 10 FirstFirst ... 3 4 5 6 7 ... LastLast