Microsoft: Windows won't be secure until 2014!

Discussion in 'Computer Support' started by Tech.News, Aug 31, 2004.

  1. Tech.News

    Tech.News Guest

    These days, every Windows computer is a war zone of viruses, Trojans,
    spyware, and other malicious code trying to exploit security holes in
    Internet Explorer. One of the scariest of all, Download.Ject, discovered in
    late June, worked to log keystrokes (usernames, passwords, PINs). All this
    despite Bill Gates' 2002 declaration that security is his top priority. We
    asked Stephen Toulouse, Microsoft's security program manager, if Redmond is
    fighting a war it can't win.

    ...

    [Toulouse admits to using FireFox]


    http://www.wired.com/wired/archive/12.09/view.html?pg=3


    --
    *@*
     
    Tech.News, Aug 31, 2004
    #1
    1. Advertising

  2. Tech.News

    D Guest

    "Tech.News" <> wrote in message
    news:AQOYc.24850$...
    >
    > These days, every Windows computer is a war zone of viruses, Trojans,
    > spyware, and other malicious code trying to exploit security holes in
    > Internet Explorer.


    If Linux was even one tenth as popular as Windows you can be sure those script
    kiddies would be targeting it.
     
    D, Aug 31, 2004
    #2
    1. Advertising

  3. Tech.News

    Duane Arnold Guest

    "D" <> wrote in
    news::

    >
    > "Tech.News" <> wrote in message
    > news:AQOYc.24850$...
    >>
    >> These days, every Windows computer is a war zone of viruses, Trojans,
    >> spyware, and other malicious code trying to exploit security holes in
    >> Internet Explorer.

    >
    > If Linux was even one tenth as popular as Windows you can be sure
    > those script kiddies would be targeting it.
    >
    >
    >


    You got that right!

    Duane :)
     
    Duane Arnold, Aug 31, 2004
    #3
  4. Duane Arnold wrote:

    > "D" <> wrote in

    .....
    >> If Linux was even one tenth as popular as Windows you can be sure
    >> those script kiddies would be targeting it.


    > You got that right!
    >
    > Duane :)


    Probably yes, and servers (apache web servers are the most commonly used)
    are already targets. However, if maintained correctly and updated with
    security fixes (yes there are enough leaks in linux too), they withstand.
    The difference of opensource here is: it might even be easier to find a
    vulnerability due to common availability of the code, but it is also easier
    to fix it, and more people participate in the latter yet. So when the crowd
    of script kids finally will target linux, it already is better prepared for
    that, as, in comparison, win98 was.
    --
    Longhorn error#4711: TCPA / NGSCB VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
     to remove offending incompatible products.  Reactivate your MS software.
    Linux woodpecker.homnet.at 2.6.8reiser4pkt [LinuxCounter#295241]
     
    Walter Mautner, Aug 31, 2004
    #4
  5. begin On Tue, 31 Aug 2004 00:49:30 +0100, D wrote:

    >
    > "Tech.News" <> wrote in message
    > news:AQOYc.24850$...
    >>
    >> These days, every Windows computer is a war zone of viruses, Trojans,
    >> spyware, and other malicious code trying to exploit security holes in
    >> Internet Explorer.

    >
    > If Linux was even one tenth as popular as Windows you can be sure those
    > script kiddies would be targeting it.


    Bullshit. Linux is more secure, & they wouldn't get any satisfation from
    it.

    --
    SuSE 9.1 Pro 64bit
    linux 2.6.5-7.104 i686 athlon
    Reclaim your computer!
    http://linuxnotjustforgeeks.org/
     
    Perce P. Cassidy, Aug 31, 2004
    #5
  6. Tech.News

    xmp Guest


    > begin On Tue, 31 Aug 2004 00:49:30 +0100, D wrote:
    >
    >
    >>"Tech.News" <> wrote in message
    >>news:AQOYc.24850$...
    >>
    >>>These days, every Windows computer is a war zone of viruses, Trojans,
    >>>spyware, and other malicious code trying to exploit security holes in
    >>>Internet Explorer.

    >>
    >>If Linux was even one tenth as popular as Windows you can be sure those
    >>script kiddies would be targeting it.


    Linux is totally different. Linux typically runs at user level for
    desktop, rather than root. Spyware would have to use one exploit to get
    in, plus a local root to actually install itself. The browser exploits
    are totally different, since there is no My Computer Zone. Scripting is
    handled fairly safely.

    In distros like SuSE, there is a tool during install for disabling
    services and firewalling. Very simple to turn everything off. If this
    recommended firewalling is used, then network worms simply can't
    propagate on desktop / workstation systems.

    And script kiddies do target *nix (BSD, solaris, linux) because it
    accounts for half the internet. Unix predates Windows, and linux
    predates NT.

    michael
     
    xmp, Aug 31, 2004
    #6
  7. On Tue, 31 Aug 2004 10:06:59 +0000, xmp wrote:

    >
    >
    >> begin On Tue, 31 Aug 2004 00:49:30 +0100, D wrote:
    >>
    >>
    >>>"Tech.News" <> wrote in message
    >>>news:AQOYc.24850$...
    >>>
    >>>>These days, every Windows computer is a war zone of viruses, Trojans,
    >>>>spyware, and other malicious code trying to exploit security holes in
    >>>>Internet Explorer.
    >>>
    >>>If Linux was even one tenth as popular as Windows you can be sure those
    >>>script kiddies would be targeting it.

    >
    > Linux is totally different. Linux typically runs at user level for
    > desktop, rather than root. Spyware would have to use one exploit to get
    > in, plus a local root to actually install itself. The browser exploits
    > are totally different, since there is no My Computer Zone. Scripting is
    > handled fairly safely.
    >
    > In distros like SuSE, there is a tool during install for disabling
    > services and firewalling. Very simple to turn everything off. If this
    > recommended firewalling is used, then network worms simply can't propagate
    > on desktop / workstation systems.


    Any script would also need to know the root password in order to turn off
    any firewall. There was also an interesting thing that occured not too
    long ago. The Director of Netproject, Eddie Bleasdale, asked Sophos to
    demonstrate their claim that linux viruses exsist, on a Linux computer
    that netproject supplied. Sophos refused. Bleasdale said -
    "We have been working in the Unix area for over 20 years. During this time
    we have never encountered a Unix or Linux virus nor have heard of any
    organisation that has been infected by a Unix / Linux virus. We need to
    stop the fear uncertainty and doubt that the anti virus companies are
    trying to create around Linux." He doesn't doubt that viruses can be
    written for any operating system. What is different about Linux, compared
    with Windows, is that there is no need for anti-virus software because
    controls exist to ensure that \only/ authorised software runs on a
    correctly configured and administered Linux computer. These controls do
    \not/ exist for Windows.
    So far Sophos, despite having claimed that viruses exist for Linux, has refused
    to demonstrate them on any Linux computer that Sophos has not configured.
    Go figure.
    In the meantime Semantec has stopped trying to produce an AV for linux
    viruses. It seems that because there can be \so/ many variations in how a
    linux kernel is compiled, that just one minor change in the kernel
    configuration can render any linux AV useless. It may only work on a
    handful of machines. Similarly any linux virus may affect only a handful
    of machines, simply because a small change in the kernel configuration
    would render the virus impotent. Such a small number if of no value to the
    script kiddies & virus/worm writers.
    I have 3 linux machines, all of which (for various reasons) have different
    kernel configurations. No need to worry about licences either! :)

    > And script kiddies do target *nix (BSD, solaris, linux) because it
    > accounts for half the internet. Unix predates Windows, and linux
    > predates NT.


    With very little success. Actually BSD is acknowledged as being \the/
    most secure *nix product.

    > michael


    --
    SuSE 9.1 Pro 64bit
    linux 2.6.5-7.104 i686 athlon
    Reclaim your computer!
    http://linuxnotjustforgeeks.org/
     
    Perce P. Cassidy, Aug 31, 2004
    #7
  8. Tech.News

    Tech.News Guest

    D wrote:

    >
    > "Tech.News" <> wrote in message
    > news:AQOYc.24850$...
    >>
    >> These days, every Windows computer is a war zone of viruses, Trojans,
    >> spyware, and other malicious code trying to exploit security holes in
    >> Internet Explorer.

    >
    > If Linux was even one tenth as popular as Windows you can be sure those
    > script kiddies would be targeting it.


    This is a very faulty bit of logic. You are equating security with
    popularity, which simply isn't the case.

    The reason Linux is far more secure than Windows is because the OS
    architecture is very different: Unix (and Unix based OS's, such as Linux,
    FreeBSD, et.al.) were designed from the beginning to work in a multi-user,
    networked environment. Whereas Windows was conceived as a single-user,
    non-networked operating system (networking is basically an afterthought).

    As a consequence, Linux divides system 'space' and user 'space' into two
    separate areas, Windows does not. When you buy/download a software program
    and install it, it has the ability to overwrite system dlls and make
    changes to the registry. In other words, third party programs (including VB
    scripts) are able to modify very important files needed by the system.

    The Internet is 75% Open Source based. If it were possible to attack the
    systems with the same ease that Windows is attacked, the Internet would
    cease to exist.

    --
    *@*
     
    Tech.News, Aug 31, 2004
    #8
  9. Tech.News

    Duane Arnold Guest

    Walter Mautner <> wrote in
    news:-berlin.de:

    > Duane Arnold wrote:
    >
    >> "D" <> wrote in

    > ....
    >>> If Linux was even one tenth as popular as Windows you can be sure
    >>> those script kiddies would be targeting it.

    >
    >> You got that right!
    >>
    >> Duane :)

    >
    > Probably yes, and servers (apache web servers are the most commonly
    > used) are already targets. However, if maintained correctly and
    > updated with security fixes (yes there are enough leaks in linux too),
    > they withstand. The difference of opensource here is: it might even be
    > easier to find a vulnerability due to common availability of the code,
    > but it is also easier to fix it, and more people participate in the
    > latter yet. So when the crowd of script kids finally will target
    > linux, it already is better prepared for that, as, in comparison,
    > win98 was.



    Yes, I know that Apache is used and are targets along with IIS. The thing
    is either one can be made secure if securty fixes are applied and the
    the Web service and the O/S on both platforms are secured propely.

    > However, if maintained correctly and
    > updated with security fixes (yes there are enough leaks in linux too),


    I don't disagree with you on that. How can it not be riddled with holes,
    like another O/S(s) out there? I am using SuSE Linux and it seems to me
    that the O/S has the same vulnerabilities as a NT based O/S if not
    secured properly. The only big difference (and let me state that I have
    only been using Linux for a couple of weeks) is the ability not to be
    able to do root commands easily like it's done on the NT based O/S
    because of user Admin account can be given to the user and has root
    privileges while they run on the Internet. I like that part of Linux, but
    that doesn't mean the root psw on Linux cannot be cracked and root
    privileges exploited I would think.

    > they withstand. The difference of opensource here is: it might even be
    > easier to find a vulnerability due to common availability of the code,
    > but it is also easier to fix it, and more people participate in the
    > latter yet.


    I think that the implementation of the .Net solutions which is a Standard
    like JAVA is a Standard, which is controlled by the ISO and ECMA (M$
    doesn't own or control .Net) may help to secure the environment of
    applications/programs running on O/S(s) as the .Net Standard is used by
    more programmers writing more secure applications using the .Net
    technology across platforms and old applications not using the .Net
    technology are phased out.

    Of course, that will take some time (years) to implement. Hopefully, JAVA
    will follow suite and make JAVA use programming languages such as C#.Net
    Perl.Net, C++.Net, Cobol.Net, etc, ect that's running on the .Net
    standard be platform independent with the security features that .Net has
    in it that can be used by a programmer, if JAVA makes the move and most
    likely it will with its version to compete with the .Net Standard.

    > So when the crowd of script kids finally will target
    > linux, it already is better prepared for that, as, in comparison,
    > win98 was.


    Win 9.x and ME were never meant to be on the Internet.

    Duane :)
     
    Duane Arnold, Sep 1, 2004
    #9
  10. Duane Arnold wrote:

    .....
    > I think that the implementation of the .Net solutions which is a Standard
    > like JAVA is a Standard, which is controlled by the ISO and ECMA (M$
    > doesn't own or control .Net) may help to secure the environment of
    > applications/programs running on O/S(s) as the .Net Standard is used by
    > more programmers writing more secure applications using the .Net
    > technology across platforms and old applications not using the .Net
    > technology are phased out.
    >

    Uhm. Well, they can and do take control due to monopol status. Like they did
    with MS VM for java, upon which some applications written around 2000 still
    rely. Making it impossible to install a slipstreamed SP4 image of win2k
    then. We have to install SP3, then some java initiator and afterwards sp4.
    Now there are different java versions necessary to run some oracle stuff, on
    just one pc. No, the newer one doesn't work with the older app. Where the
    heck is the standard now?

    > Of course, that will take some time (years) to implement. Hopefully, JAVA
    > will follow suite and make JAVA use programming languages such as C#.Net
    > Perl.Net, C++.Net, Cobol.Net, etc, ect that's running on the .Net
    > standard be platform independent with the security features that .Net has
    > in it that can be used by a programmer, if JAVA makes the move and most
    > likely it will with its version to compete with the .Net Standard.
    >

    If .Net gets the same proprietary "extensions" as java did, it will be a
    complete mess, as java is.

    >> So when the crowd of script kids finally will target
    >> linux, it already is better prepared for that, as, in comparison,
    >> win98 was.

    >
    > Win 9.x and ME were never meant to be on the Internet.
    >

    Hmmm, after all '98 and ME were equipped with the necessary tcpip stack and
    the well-known bug-ridden browser/email wormcatcher/nonstandard newsreader.
    --
    Longhorn error#4711: TCPA / NGSCB VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
     to remove offending incompatible products.  Reactivate your MS software.
    Linux woodpecker.homnet.at 2.6.8reiser4pkt [LinuxCounter#295241]
     
    Walter Mautner, Sep 1, 2004
    #10
  11. Tech.News

    Duane Arnold Guest

    Walter Mautner wrote:

    > Duane Arnold wrote:
    >
    > ....
    >> I think that the implementation of the .Net solutions which is a Standard
    >> like JAVA is a Standard, which is controlled by the ISO and ECMA (M$
    >> doesn't own or control .Net) may help to secure the environment of
    >> applications/programs running on O/S(s) as the .Net Standard is used by
    >> more programmers writing more secure applications using the .Net
    >> technology across platforms and old applications not using the .Net
    >> technology are phased out.
    >>

    > Uhm. Well, they can and do take control due to monopol status. Like they
    > did with MS VM for java, upon which some applications written around 2000
    > still rely. Making it impossible to install a slipstreamed SP4 image of
    > win2k then. We have to install SP3, then some java initiator and
    > afterwards sp4. Now there are different java versions necessary to run
    > some oracle stuff, on just one pc. No, the newer one doesn't work with the
    > older app. Where the heck is the standard now?


    I don't like to dwell on the past and I suggest you move towards .Net,
    because that's where it's headed like it or not.

    >
    >> Of course, that will take some time (years) to implement. Hopefully, JAVA
    >> will follow suite and make JAVA use programming languages such as C#.Net
    >> Perl.Net, C++.Net, Cobol.Net, etc, ect that's running on the .Net
    >> standard be platform independent with the security features that .Net has
    >> in it that can be used by a programmer, if JAVA makes the move and most
    >> likely it will with its version to compete with the .Net Standard.
    >>

    > If .Net gets the same proprietary "extensions" as java did, it will be a
    > complete mess, as java is.
    >


    It cannot happen as M$ has turned over complete control of the .Net solution
    and Standards over to ISO and EMCA that dictate what happens to the base
    core components of the Server and Client .Net Framework. As with the MONO
    project, they were given the base components to do with what they wanted as
    long as the stay within the base standards when making .NET solutions for
    Linux. The only proprietary element in the .Net solution is VB.Net M$ has
    that and is why C#.Net and C++.Net are the solutions across platforms. And
    there is no if about .Net gets a hold it has already taken hold the
    developers/programmers dictate where things head for program solutions,
    make no mistake about that.

    >>> So when the crowd of script kids finally will target
    >>> linux, it already is better prepared for that, as, in comparison,
    >>> win98 was.

    >>
    >> Win 9.x and ME were never meant to be on the Internet.
    >>

    > Hmmm, after all '98 and ME were equipped with the necessary tcpip stack
    > and the well-known bug-ridden browser/email wormcatcher/nonstandard
    > newsreader.


    The fact that neither O/S has any security to speak of whatsoever should
    indicate that it was a rush to glory. The O/S(s) cannot be made secure.

    Duane :)

    I am an *unregistered* Linux user. Unreg# $$,$$$,$$$,$$9.99
     
    Duane Arnold, Sep 1, 2004
    #11
  12. D wrote:

    >>These days, every Windows computer is a war zone of viruses, Trojans,
    >>spyware, and other malicious code trying to exploit security holes in
    >>Internet Explorer.


    > If Linux was even one tenth as popular as Windows you can be sure those script
    > kiddies would be targeting it.


    The important question is, how successful would they be?
    (I'm guessing, 'Not Very'.)
    --

    BuffNET Technical Support Supervisor
    (BEHOLD! The power of the BOFH!)
     
    BuffNET Tech Support - MichaelJ, Sep 1, 2004
    #12
  13. <veröffentlicht & per Mail versendet>

    Duane Arnold wrote:

    > Walter Mautner wrote:
    >

    ......
    >> Uhm. Well, they can and do take control due to monopol status. Like they
    >> did with MS VM for java, upon which some applications written around 2000
    >> still rely. Making it impossible to install a slipstreamed SP4 image of
    >> win2k then. We have to install SP3, then some java initiator and
    >> afterwards sp4. Now there are different java versions necessary to run
    >> some oracle stuff, on just one pc. No, the newer one doesn't work with
    >> the older app. Where the heck is the standard now?

    >
    > I don't like to dwell on the past and I suggest you move towards .Net,
    > because that's where it's headed like it or not.
    >

    Actually, I am no programmer, just support staff. The java mess already
    makes for enough supprt calls, and our customers are no programmers either.
    So we'll rather wait or sit it out.
    >>
    >> If .Net gets the same proprietary "extensions" as java did, it will be a
    >> complete mess, as java is.
    >>

    >
    > It cannot happen as M$ has turned over complete control of the .Net
    > solution and Standards over to ISO and EMCA that dictate what happens to
    > the base core components of the Server and Client .Net Framework. As with
    > the MONO project, they were given the base components to do with what they
    > wanted as long as the stay within the base standards when making .NET
    > solutions for Linux. The only proprietary element in the .Net solution is
    > VB.Net M$ has that and is why C#.Net and C++.Net are the solutions across
    > platforms. And there is no if about .Net gets a hold it has already taken
    > hold the developers/programmers dictate where things head for program
    > solutions, make no mistake about that.
    >

    I hear the message, but it will take some considerable time to prove. First
    we have to adher to what Oracle/IBM does to get things in order again. Oh,
    and from my private experience, java works fine under linux/mozilla.

    .....
    >> Hmmm, after all '98 and ME were equipped with the necessary tcpip stack
    >> and the well-known bug-ridden browser/email wormcatcher/nonstandard
    >> newsreader.

    >
    > The fact that neither O/S has any security to speak of whatsoever should
    > indicate that it was a rush to glory. The O/S(s) cannot be made secure.
    >

    It's easier with *nix as that type of OS was written for multi-user access
    and strict userspace/system space separation. Windows still is behind in
    that field, keeping a huge amount of backdoors open waiting to exploit.
    Even some Microsoft programs need user write access to %windir$/system32
    or/and some HKLM registry keys. Enough to fiddle when we want these
    programs to run as regular "restricted" users.

    --
    Longhorn error#4711: TCPA / NGSCB VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
     to remove offending incompatible products.  Reactivate your MS software.
    Linux woodpecker.homnet.at 2.6.8reiser4pkt [LinuxCounter#295241]
     
    Walter Mautner, Sep 2, 2004
    #13
  14. Tech.News

    Duane Arnold Guest

    Walter Mautner <> wrote in
    news:-berlin.de:

    > <veröffentlicht & per Mail versendet>
    >
    > Duane Arnold wrote:
    >
    >> Walter Mautner wrote:
    >>

    > .....
    >>> Uhm. Well, they can and do take control due to monopol status. Like
    >>> they did with MS VM for java, upon which some applications written
    >>> around 2000 still rely. Making it impossible to install a
    >>> slipstreamed SP4 image of win2k then. We have to install SP3, then
    >>> some java initiator and afterwards sp4. Now there are different java
    >>> versions necessary to run some oracle stuff, on just one pc. No, the
    >>> newer one doesn't work with the older app. Where the heck is the
    >>> standard now?

    >>
    >> I don't like to dwell on the past and I suggest you move towards
    >> .Net, because that's where it's headed like it or not.
    >>

    > Actually, I am no programmer, just support staff. The java mess
    > already makes for enough supprt calls, and our customers are no
    > programmers either. So we'll rather wait or sit it out.
    >>>
    >>> If .Net gets the same proprietary "extensions" as java did, it will
    >>> be a complete mess, as java is.
    >>>

    >>
    >> It cannot happen as M$ has turned over complete control of the .Net
    >> solution and Standards over to ISO and EMCA that dictate what happens
    >> to the base core components of the Server and Client .Net Framework.
    >> As with the MONO project, they were given the base components to do
    >> with what they wanted as long as the stay within the base standards
    >> when making .NET solutions for Linux. The only proprietary element in
    >> the .Net solution is VB.Net M$ has that and is why C#.Net and C++.Net
    >> are the solutions across platforms. And there is no if about .Net
    >> gets a hold it has already taken hold the developers/programmers
    >> dictate where things head for program solutions, make no mistake
    >> about that.
    >>

    > I hear the message, but it will take some considerable time to prove.
    > First we have to adher to what Oracle/IBM does to get things in order
    > again. Oh, and from my private experience, java works fine under
    > linux/mozilla.


    But JAVA is propitiatory as opposed to .Net that is not propitiatory. Who
    do you think things are going to garvitate towards when money is on the
    line? JAVA has been aced by the .Net solutions for the time being it
    seems. And IBM and Oracle are going to accept the .Net Standards as
    neither one has a choice.

    It would be nice to at least see IBM on the ISO and ECMA .Net Standards
    committee along with Microsoft, Hilliard Packard, Intel, and Sun Micro
    System. I am from the old school too and know IBM's wisdom.

    >
    > ....
    >>> Hmmm, after all '98 and ME were equipped with the necessary tcpip
    >>> stack and the well-known bug-ridden browser/email
    >>> wormcatcher/nonstandard newsreader.

    >>
    >> The fact that neither O/S has any security to speak of whatsoever
    >> should indicate that it was a rush to glory. The O/S(s) cannot be
    >> made secure.
    >>

    > It's easier with *nix as that type of OS was written for multi-user
    > access and strict userspace/system space separation. Windows still is
    > behind in that field, keeping a huge amount of backdoors open waiting
    > to exploit. Even some Microsoft programs need user write access to
    > %windir$/system32 or/and some HKLM registry keys. Enough to fiddle
    > when we want these programs to run as regular "restricted" users.


    The doors will be closed in time with the CLR component of the
    ..Netframework for Server and Client apllications/programs running on O/S
    platforms as old program technology is phased out.

    http://www.intel.com/technology/itj/2003/volume07issue01/art05
    _security/p05_clr.htm

    http://www.phptr.com/articles/article.asp?p=29052&seqNum=4

    http://www.gotdotnet.com/team/clr/about_clr.aspx

    Duane :)
     
    Duane Arnold, Sep 2, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. RMS

    Microsoft I. E. 5.00.2014.02161C

    RMS, Aug 11, 2006, in forum: Computer Support
    Replies:
    6
    Views:
    431
  2. Replies:
    0
    Views:
    617
  3. Replies:
    0
    Views:
    754
  4. Donchano
    Replies:
    31
    Views:
    2,120
    Geopelia
    Aug 24, 2012
  5. Paul Del Fante
    Replies:
    0
    Views:
    464
    Paul Del Fante
    Sep 6, 2013
Loading...

Share This Page