DDOS attack Microsoft

Discussion in 'Computer Security' started by Manoj Paul Joseph, Sep 7, 2003.

  1. Manoj Paul Joseph

    Ed Murphy Guest

    SCO's claims are so unclear and inconstant that it's hard to
    say. They claim ownership of several different concepts, yet
    they refuse to identify the offending code except under a
    career-crippling NDA. The one example that's reached the
    public so far is laughable, because

    a) Out of about 100 lines of source code, about 97 of them were
    written by Dennis Ritchie (one of the proponents of the C
    programming language, in which boatloads of software is
    written - including Windows) in the 1970s, has been published
    in multiple textbooks, and was released to the public domain
    on *two separate occasions* by previous corporate incarnations
    of SCO.

    b) The example pertained only to certain models of SGI
    workstations, so it wasn't even compiled/used on the
    vast majority of computers.

    c) The example was already being removed from the 2.6 kernel
    (because it was redundant, with respect to a different
    block of code, hence "ugly") *before* SCO revealed it!

    Here's a document that dissects SCO's claims in considerable detail:

    http://www.opensource.org/sco-vs-ibm.html
     
    Ed Murphy, Sep 14, 2003
    1. Advertisements

  2. Manoj Paul Joseph

    Alan Connor Guest

    Got 'em good. But they'll pretend the blood is just ketchup.


    AC
     
    Alan Connor, Sep 14, 2003
    1. Advertisements

  3. Manoj Paul Joseph

    Leythos Guest

    Just because it has a MD5 checksum does not mean that it's safe - you
    have no idea if you don't review the source - and you've been blowing
    about usenet posting about how great OS is since it's sooo open to
    review. How can you trust them if you don't check them out first?
    I seem to recall having to compile a great many things when D/L the
    linux distro's that we used a year ago. Even compiled the apps that came
    with it. As I recall, it was not something that even our Linux guru's
    were happy with. I can also recall that it was a pain to get it working
    in a Windows environment and that it took the better part of a day to
    get it all up and running in the mixed environment.
    I guess you've never installed Windows 2000 or Windows XP Professional
    or Windows 2000 Server, cause I do it all the time, and other than
    having to put the CD in with the drivers for special hardware there is
    very little to it - oh, and it comes up without a problem too.
    Contrast that with my neighbor - a 37 Y/O housewife that doesn't
    understand how to plug in a USB printer - has no clue as to anything
    with a technical nature. I gave her a computer yesterday with nothing on
    it (virgin hard drive), gave her the XP Prof CD, and an Office XP Prof
    CD and in 1 hour I came back and it was all running, and she could use
    it to get to the internet, access files from the other computer (after I
    told her how to open network neighborhood), and all the things you found
    sooo hard to do.

    If I were to D/L the Lindows distro it might be as easy for her, but
    there is no MS Office for it. If I were to hand her the CD's for Linux,
    after we downloaded and burned them to CD, she "might" have been able to
    install it, but then her software would not work on it (kids games,
    Office XP, etc...)
    It really seem as though you are the one posting nonsense - I'm posting
    from real world experience with thousands of workstation and hundreds of
    servers (all OS's) under my belt, not to mention supporting my family
    and friends on all their OS's. It sounds like you really should get some
    experience with products newer than 98 or ME.
     
    Leythos, Sep 14, 2003
  4. Manoj Paul Joseph

    Ed Murphy Guest

    OpenOffice is fine for most home users. Kids' games, well, I'll grant
    you that one... there are a few out there, but probably not the ones
    that the kids yammer about after seeing a TV ad.
    Win2K Pro is a decent OS. It sounds like you should get some experience
    with the latest incarnations of Linux, though-- a lot changes in a year.
     
    Ed Murphy, Sep 14, 2003
  5. Manoj Paul Joseph

    User Guest

    I allso assist _some_ people with installing linux. I don't do it often
    because I want to do real work and not be someones *free* system
    administrator. PS I hope you keep their systems fully up to date and
    rectify any problems they have!!!
    Great - installs everyhting you need to do what most people want in 10
    minues?

    Probably doesn't even bother with the X server or GUI. In fact I'll bet
    these so called 10 minute installs are single task installations like a
    router/gateway - where a real solution costs less than a second hand
    dedicated machine, cannot be hacked as easily, uses about 1/10th the power
    and 1/50th the space etc.

    Maybe even a floppy distro :)

    Pity he's not reading my responses and can't answer :)
     
    User, Sep 14, 2003
  6. Manoj Paul Joseph

    User Guest

    The checksum only checks the file has not been tampered with AFTER it was
    released for distibution (MS do this as well you know). It does not check
    to see if the is a deliberate trojan in the software or and accidental
    error. The ONLY way to do that is to review the source. If you have not
    reviewed the source and then compiled from the same source you reviewed then
    any claims about safety from OSS point of view are blasted out of the water.
     
    User, Sep 14, 2003
  7. Manoj Paul Joseph

    User Guest

    RedHat 6 was also said to be user friendly - but a security nighmare. They
    left everything on. Redhat 6 also came with the wrong header versions so
    kernel compilation was difficult. Redhat seven versions came with complete
    source trees missing out of the kernel rpm. This is "user friendly". Its
    difficult just to chose a major version which will compile the kernel
    properly (which they are all supposed to do).

    This is a little misleading. Some of the UI stuff is the same but the
    connectivity that makes windows simply go (and is the same concern for
    security) doesn't work real well yet.

    BTW: Unless OpenOffice has changed in the last year it doesn't support user
    programming like VBA. I'm still trying to find a linux database thats as
    easy to work with as access for small data analysis. - preferably one that
    will open the access files I have been sent.
     
    User, Sep 14, 2003
  8. Manoj Paul Joseph

    Os2user Guest

    Hmmm my last Debian install,with GUI, took 20 minutes.
    You make too many assumptions.


    Proudly bought to you by the letters O & S & the number 2.
     
    Os2user, Sep 14, 2003
  9. As Alan Connor so eloquently gibbered on Sun, 14 Sep 2003 at 01:25 GMT:
    I don't suffer any illusions. There are those who are open to fact.
    There are those who are not. I can usually discern the difference, and
    I base my expectations on experiences with those similar to the ones
    currently being addressed.
     
    Sinister Midget, Sep 14, 2003
  10. Manoj Paul Joseph

    Alan Connor Guest


    It was just a compliment with a tag....

    You obviously know what you are about.

    It amazes me, most of all, to hear them call the *[Nn]*[Xx] Os hard to learn.

    Windoze is so convoluted and complex that people don't even TRY to learn how
    it actually works.

    And I swear they deliberately make it seem even more complex than it actually
    is.

    Give me LDP and the man pages and /usr/share/doc any day.

    I tried to use the so-called MicroSoft-Knowledge-Base during my brief
    experience with Windoze, as well as XP Inside/Out and found them both
    to be almost useless.

    Then there's that crippled DOS commandline, as if DOS isn't limited enough
    to begin with.....



    AC
     
    Alan Connor, Sep 14, 2003
  11. As Leythos so eloquently gibbered on Sun, 14 Sep 2003 at 01:50 GMT:
    That's a fact. And I'm talking about a *home* environment, one I can
    gamble with a bit.

    However, I don't believe there's any requirement that every user review
    every line of code to make sure it's safe. I know lots of users review
    every line of code, and I know I can trust the vast majority of them to
    be thorough in addition to being competent.

    The fact that I *can* review any code I wish, at any time I wish, goes
    a long way toward my trusting things. I download a lot of things and
    dont' always know them to be trusted sources. However, let me repeat:
    *home* environment. I would *never* do the same in a production
    environment.

    Also, I do _NOT_ download things as soon as they come available. So
    there's more time to allow others to go through things and for me to
    get some feedback on things before I ever get the end product.

    While MD5SUM doesn't guarantee that anything is safe, it does offer
    another means of checking the validity of the end product. That is the
    goal. In the end it's a matter of knowing who to trust and who to
    validate prior to trusting, then using the tools at your disposal to
    make sure things are what they say they are.
    Unless you were using Gentoo, that wouldn't be the normal case. If you
    were using Gentoo, take a look in the mirror to see who the culprit is.

    If you decided you needed out of the ordinary software, this can also
    happen. But that is far from the norm.

    The subject I addressed was the falsehoods concerning THE AVERAGE HOME
    USER and what it takes for them to HAVE A DESKTOP. The AVERAGE HOME
    USER doesn't have to compile a ton of stuff just to have a desktop.
    They need a set of CDs and a bootable CD drive. Period.

    If they want Gentoo, they *should* have a clue about what they're
    getting into, knowing it will compile it almost totally from scratch.
    If they don't read just a tiny bit and end up trying Gentoo by mistake,
    shame on them.
    I have installed 2K Pro and XP Pro. Both required addtional drivers.
    That step came *after* the install was ostensibly completed. Both
    required additional steps to get video to a usable state. 2K Pro
    required more work to get sound working properly. Both required me,
    after all of the installs and configuring, to get updates separately
    (Mandrake did it during the install).

    I *did * do an XP Pro install that didn't need anything extra (except
    updates, naturally). But that was OEM and it had everything setup when
    it did the deed.

    I've been spared 2003 Server, thank you very much. I'll let someone
    else do that from hereon in. I'm done with Winders problems (except for
    maintaining my son's 98 machine, which is destined to become obsolete
    when he's 5 or 6).
    Did I use the word hard? Please point it out to me.

    What I was alluding to is the fact that I had to do less to have more
    with linux. Not that any of it was hard, but that some of it was very
    time-consuming. I can install an entire desktop with everything
    configured in about 1/2 hour with linux. With Winders that covers the
    CD. Then there's the drivers. Add another hour (if lucky) and we have
    the updates installed. (I also take a long time to see what the updates
    broke, but I wasn't even calculating that part.)

    In time spent, I'm running linux in a safer environment (i.e. better
    firewalling, updates current, etc) in the same amount of time it takes
    to just install the machine in Winders. To make them somewhat closer to
    the same in safety and security terms (not even possible, but let's
    pretend) takes about 3 times as long with Winders.

    And I still don't know, after 3 times as long, if one of the updates
    broke something with the M$ stuff. The likelihood is pretty high that
    something is bad after that, while the likelihood is everything is in
    good shape with linux. I say this because both have track records. The
    one built up by Micro-Soft hasn't been one that is easily trusted.
    Why would anyone want to operate inferior software (M$ Office) on
    linux? Why not use one of the (better) native products: OpenOffice,
    Abiword, etc?

    The mind boggles!
    See above.

    Let me quote:

    Clearly, that's not in line with your claims about being knowledgeable.
    *YOU* need to check something more recent than kernel 0.1.4.
     
    Sinister Midget, Sep 14, 2003
  12. As User so eloquently gibbered on Sun, 14 Sep 2003 at 03:08 GMT:
    Not so. I put some faith in the process because I know many others
    reveiew the source. I also don't normally download things right when
    they're released. That gives others time to find and report problems.

    Still, even if everything you claim is true, the fact that I *can*
    review the code, and the fact that others *do* review the code gives me
    a safer place to begin than trusting the output from a company that
    hides everything from me *and* from everyone else. How can *anybody*
    know what they're getting if *nobody* has the chance to take a look at
    it?

    In fact, if they'd opened the code to review, the chances of some of
    the patches that caused major problems ever becoming widespread would
    have been much diminished. That it was hidden from view made the
    resulting damage far worse than it needed to be.

    This idea that *every* set of eyes need to look at the code to make it
    safer is a strawman. Compared to the alternative (no eyes can see it),
    having a large number looking at it is far preferable, whether
    everybody does or not.
     
    Sinister Midget, Sep 14, 2003
  13. As User so eloquently gibbered on Sun, 14 Sep 2003 at 03:21 GMT:
    They're getting ready to release 10 or somesuch in about a month. Get
    over 6. It's over you.

    What source trees? I installed all of the 7.x series and found nothing
    missing.

    I also compiled kernels in all of those versions. I was using Redhat
    (the one that has the guy with the red hat). What were you using?
     
    Sinister Midget, Sep 14, 2003
  14. Manoj Paul Joseph

    Max Burke Guest

    Ed Murphy scribbled:
    That would work in Linux without the user knowing it was working?
    Try reading COLA; Try talking to the likes of Alan, sinister midget,
    etc,etc; Try reading the *numerous* websites that advocate Linux....
    ;-)
    They're all vulnerabilities and/or flaws in the OS due to bad
    programming.....
    In Linux itself then.....
    If it's a strawman it's not MY strawman argument. It an 'argument' that
    *every* Linux/OSS advocate users. Strange how it becomes a strawman when
    someone like me uses it huh......
    I dont believe for one minute that every Linux/OSS user 'eyeballs' the
    code to find, report, and/or fix the bugs. I do however believe that a
    *LOT* of Linux/OSS users/advocates rely on others to do that for them,
    and then claim they're safe because *SOMEONE ELSE* is eyeballing the
    code....
    I haven't been mislead by this belief that so many Linux user hold; Just
    by reading numerous Linux/OSS websites stops any belief like that in
    it's tracks. It's a shame so many Linux/OSS users/advocates are blinded
    by their beliefs isn't it......
    Luck has nothing to do with it.
    I know how to maintain my computers and the OS'es I choose to run on
    them. It's basic to using a computer.
    Well if you believe you dont need an anti-virus program then you will
    need a considerable amount of luck.....

    FYI
    http://networking.earthweb.com/netos/article.php/625211
    http://www.viruslist.com/eng/viruslistfind.asp?findWhere=011&findTxt=linux
    http://www.claymania.com/unix-viruses.html
    http://www.zdnet.com.au/itmanager/technology/story/0,2000029587,20275738,00.htm
    http://www.virusbtn.com/magazine/archives/200304/linux.xml
    I'm quite willing pay for products and services that I want/need Ed.....
    For The MS Os'es I have had installed on my computers the *one off*
    purchase price has been very reasonable, especially as I have been using
    some of them for 12+ years....
    BTW you are aware that there is NO monthly payment for using MS OS'es
    and applications.....
    Clueless users again. Cant blame the OS or app for that, especially as
    OE6 automatically runs in the restricted zone, and blocks ALL
    attachments to emails by default.
    It also just takes one tick in a user selectable option to make all
    emails and newsgroup message display as plain (ASCII) text.
    A little bit more work on the part of the user also makes all sent
    emails and newsgroup messages plain (ASCII) text as well.....
    Sometimes?
    The websites I list for Linux have WEEKLY updates. Often they're new
    bugs, otherwise they're variations or repeats of old bugs....
    Then OSS/Linux advocates need to stop demanding that MS has to be
    perfect, while they, Linux/OSS bugs are just because Linux/OSS
    programmers are *only human.*
    Which open vulnerabilities and security holes in the OS and apps......
    That's BS and simply bad OSS/Linux advocacy. What with the attention
    paid to bugs, vulnerabilities, and security flaws in the Windows OS and
    applications (even third party ones) there is a very strong disincentive
    for that to happen. That's not saying it doesn't happen, just that it's
    not a temptation....

    I could suggest that because of the belief that others can read the code
    allows for that to happen; Write the code, let others who read the code
    find the bugs to fix....
    In fact going by the Linux websites that list all the bugs that would
    seem to be the reality.......

    http://www.securityfocus.com/news/19
    http://news.com.com/2100-1001-830130.html
    http://www.developer.com/open/article.php/983621
     
    Max Burke, Sep 14, 2003
  15. Manoj Paul Joseph

    Ed Murphy Guest

    Well, not for very long. A similar "virus" could introduce subtle
    changes to text and/or HTML files; if it were a little smart, then
    it could even use 'touch' to reset the time-last-modified to its
    original value.
    I'm familiar with Alan (unfortunately).
    Alan != many/most (fortunately).
    He may be most of the ones that you notice, though.
    Because lots of someone-elses, you mean.
    So am I - *unless* there exists a free alternative that meets my
    needs. And so there does.
    Windows 3.1[1] or DOS, then?
    There's no monthly payment for using my OS, either. Not even for
    a personal subscription to the Red Hat Network for updates (I just
    fill out a super-brief survey every two months). How much does a
    subscription to MSDN cost?
    Good - they fixed it.
    This is a UI issue.
    And *this* is just plain annoying. Most of the (non-spam) HTML mails
    I get are set to a font size of *2*! And they don't even contain any
    non-ASCII formatting, so there's no reason for them to be HTML! (The
    usual complaint about "bandwidth-wasting stationery" is one that I
    almost never see, although I think it pops up from time to time in
    some of my wife's chattier mailing lists.)

    Sending in ASCII should be the default.
     
    Ed Murphy, Sep 14, 2003
  16. Manoj Paul Joseph

    Max Burke Guest

    Ed Murphy scribbled:
    yes. Also Windows for Workgroups; And Windows 95a. But then I also have
    OS2 from 1994, Linux slackware from 1995, Knoppix (which wont even run
    on my P4 due to not having hardware drivers) IPCop, SmoothWall, and
    Coyote Linux.....
    Dont know. Dont use MSDN.
    And users are whining and bitching that they cant view attachments,
    complaining that links in emails dont work, that they cant see the
    'pretty pictures and fonts (html code) anymore....
    In the preview pane......

    Microsoft (in OE) give users the option......
     
    Max Burke, Sep 14, 2003
  17. Manoj Paul Joseph

    Ed Murphy Guest

    Well, I said "good", not "perfect". It would probably suffice to
    strip executables, warn about zip files (which may contain executables)
    and Office documents (which may contain macro viruses), and launch
    other attachments without complaint. Assuming that you don't re-introduce
    the following bug, present in at least some earlier versions of OE:

    a) Virus lies about its MIME type, claiming to be a graphic or sound file
    b) OE looks at MIME type and says "Windows, launch this!"
    c) Windows says "Okay! It's an executable; I'll execute it."
    Some other programs display ASCII text while still detecting URLs and
    making them clickable. (I consider this acceptable.) Does OE not do
    this? Or does the restricted zone prevent them from launching?
    My mail reader's preview window renders text fonts/styles, and
    placeholders where images should go. You want to see more, you
    right-click and select "view in browser". I think that's a very
    good way to strike a balance.
    I said it should be the *default*, not that it should be locked in. Or
    are you saying that OE allows users to change the default to ASCII? (If
    so, then that's still bad; it should install with default=ASCII, and
    allow users to change it to default=HTML if they're really hung up on
    stationery.)
     
    Ed Murphy, Sep 14, 2003
  18. As Alan Connor so eloquently gibbered on Sun, 14 Sep 2003 at 04:13 GMT:
    Sorry. I realized that'swhat it was about.
    Well, I don't know all, but I know what I know. And I know none (or
    mostly none) of the Windozers has any idea. They read MICROS~1-bought
    reports, and MICROS~1-bought studies, and MICROS~1-bought media. Then
    they read some folderol spewed by some MICROS~1-bought shill and think
    they're knowledgeable. Then along comes someone who shows them how to
    distinguish between shit and Shinola and they think they're dealing
    with someone who has never heard of WinDoze or Micro-Soft before.

    They can't seem to grasp that nearly everyone that has moved away from
    WinDOS did exactly that: moved away.

    I use linux because I've used Windows.
    Again, mostly based on either experience with really old stuff, or
    taking the word of someone who has reason to be less than honest (or
    incredibly inept). Or, someone who views everything through the prism
    of Winders, and can't grasp that One MICROS~1 Way shouldn't be viewed as
    a way of life.
    Point, click, drool. If it can be done, that's how it should be done
    (in their world). Unfortunately, what gets lost to them is that it's
    all based on lowest common denominator (which, up to now, is what it
    took to keep expanding the market).
    I had an XP machine that would boot, flash a quick glimpse of blue,
    then reboot. This went on endlessly. Not only did none of the items in
    the "Knowledgebase" work, none of the cut'n'paste suggestions of the
    MVPs and other gurus did anything either. Even trying to rescue things
    by booting from the CD did nothing. In the end, after several days of
    several people trying to salvage anything from it, after searching all
    over $MONOPOLY's website, after aksing in all sorts of places for any
    ideas, a wiped disk and reinstall fixed the problem.

    Just lucky it was on a network and nothing irreplaceable was lost. Just
    a lot of time trying to rescue what was a royal pain to set up all over
    again.

    *ALL* of the XP machines at work exhibit an odd behavior. At times,
    they get into a mode where the entire screen, or large patches of it,
    turns totally white. This is absolutely reproducible, and I can even
    set up the conditions to make it happen. Obviously, this shouldn't be.
    What does the "Knowledgebase" say? Nothing. What did the MVP geniuses
    and other gurus say? That I was lying. I can't take a screenshot of it
    because the machine is locked up tight during those times. When I
    finally get a digital camera (which I need for other purposes), I'm
    going to put a picture of it on a website to show it. I suspect they'll
    still toss some names about. Such is the state of denial.

    But, still no answers about how to fix it. Just claims that it's all
    imaginary. And nothing official on the "Knowledgebase" to explain it.
    Shame, shame , shame!! DO$ isn't called DO$ any more. Now its official
    name is "CMD" and you won't have any credibility whatsoever if you
    can't call it by the right three-letter name (even though they'll prove
    they know what you're talking about when they correct your
    terminology).
     
    Sinister Midget, Sep 14, 2003
  19. Manoj Paul Joseph

    conover Guest

    But its unclear whether Linux has more bugs, or the OSS peer review of
    code finds more-which are disclosed publicly. However, another
    important URL:

    http://www.cert.org/summaries/CS-2003-03.html

    where the CERT incident response team issued 15 advisories for
    Microsoft products, 3 for Cisco, and 0 for all brands of Unix and
    Linux, in the last 90 days.

    But you are right. Both Linux and Microsoft have far too many security
    bugs, in comparison to the other OSs like Solaris or the BSDs, or even
    OS-X.

    August was not a good month for Linux, either:

    http://www.globetechnology.com/servlet/story/RTGAM.20030911.gtlinuxsep11/BNStory/Technology/

    from a cracked systems POV. (Look at BSD's numbers in that page.)

    John
     
    conover, Sep 14, 2003
  20. Manoj Paul Joseph

    User Guest

    I guess you were not trying to use the stuff I was...
    If you don't know what it was don't let it worry you. They are up to
    version 10 now. I wonder how many idiosyncracies that has in it.
     
    User, Sep 14, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.