Viruses

Discussion in 'Digital Photography' started by opium, Feb 10, 2006.

  1. Thank you. That will save everyone a bit of aggravation.
     
    Eric Schreiber, Feb 13, 2006
    1. Advertisements

  2. Bend over and have Floyd drive you home :)
     
    Eric Schreiber, Feb 13, 2006
    1. Advertisements

  3. opium

    ASAAR Guest

    Which would still be above your level.
     
    ASAAR, Feb 13, 2006
  4. opium

    Bryan Olson Guest

    And be sure to keep up with the firmware revisions. They have
    a history of exploitable bugs, like so many others.
    Ouch. That's discouraging.
    Because many 10-year-olds now know to track bug list, apply
    patches and flash firmware.
    And many others tend to be about as buggy. Be sure and Google-up
    the brand along with "exploit" or "buffer overflow" or other such
    terms.
     
    Bryan Olson, Feb 13, 2006
  5. There are basic differences. Most Windows compromises are on the
    client end, whilst *nix compromises tend to be against server software.
    The average end-user can run without server software, while they can't
    run without email/browser/media-player/etc.

    I've used linux since Redhat 6.2 around 2000. Back then, it was
    *DAMN INSECURE BY DEFAULT*. The "workstation" default was to have
    sendmail and NFS and a whole bunch of other servers running after
    install. Worms like "Li0n" and "Ramen" were all over the place, and
    many people dispaired of ever seeing secure default linux. I used to
    spend over an hour shutting down services, and checking that they were
    *REALLY* shut down, before connecting a fresh Redhat install to the net.
    After a lot screaming, yelling, and downright obscenities from
    security-conscious people, linux distros now come reasonably secure by
    default.

    I've switched to Gentoo linux. The preferred install is to burn the
    minimal installer ISO file (approx 60 megs), boot from that CD and do an
    internet install... without a firewall in place. It manages to install
    without getting compromised. Of course, it does *NOT* have a bunch of
    processes listening to the internet by default. Try installing Windows
    on a PC with a live internet connection, and no firewall.

    The problem with Windows is that so much external code gets excuted
    that you're effectively running a server. The WMF exploit was due to a
    callback method which was designed to run a notification if the file
    failed to print properly. *A GRAPHICS FILE COULD CAUSE ARBITRARY CODE
    TO EXECUTE*!!! Exceedinly dumb, to say the least. Another problem
    occurs with Media Player executing embedded HTML in .wmv and .wma files.
    Rename them to end with .mp3, and Media Player still executes... ouch.

    Active-X controls are native Windows code. Has Microsoft gotten
    around to getting rid of that annoying nag screen you get each time you
    hit a web page with an Active-X control, when you have Active-X turned
    off in IE? That effectively made IE unusable when in its "safest"
    config, i.e. Active-X disabled. Firefox doesn't seem to get hit with
    "drive-by-installs".

    Sircam and similar stuff would execute *WHEN YOU MERELY OPENED AN
    EMAIL IN OUTLOOK OR OUTLOOK EXPRESS*. As for people clicking on
    "textfile.txt.lnk"...
    - why did MS set the default to hide filename extensions?
    - why did MS set Windows to hide certain file extensions *EVEN WHEN
    YOU SET "hide extensions" OFF? Yes, that can over-ridden... if
    you're comfortable with registry hacks.

    To summarize, linux does have some vulnerabilities. They tend to be
    in different areas than Windows vulnerabilities, i.e. server software
    rather than end-user software. The net result is that average Windows
    users are more vulnerable than average linux users. And as for anti-
    virus scanners, they're after-the-fact reactions, and can't anticipate
    new stuff. Check http://isc.sans.org/diary.php?date=2006-02-12 for
    some results of malware scans. Very few anti-virus scanners catch the
    new stuff on day-zero.
     
    Walter Dnes (delete the 'z' to get my real address, Feb 13, 2006
  6. opium

    Neil Ellwood Guest

    Should suit you then.
     
    Neil Ellwood, Feb 13, 2006
  7. opium

    imbsysop Guest

    Dude .. every OS war thread gets braindead answers in the end .. just
    like yours ..
     
    imbsysop, Feb 13, 2006
  8. You're really going to annoy Floyd with that kind of statement :)

    That is true, although more so in the past than now. Like you noted
    with Linux, enough security people screamed that MS finally sat up and
    took notice. The firewall (which didn't used to exist at all) is now on
    my default, and enough security warnings pop up to keep even relatively
    dense users informed. I don't believe it has as many server listener
    processes running by default as it used to, either.

    That one was a pretty strange situation, though it makes more sense
    when you understand how an EMF/WMF file works (not saying you don't
    understand, of course). Unlike bitmaps and JPGs and such (raster files)
    that we normally deal with in photography, EMF files are vector files.
    They are drawn not pixel by pixel, but as a series of commands, like
    "draw a 2 pixel thick blue line from here to there". Hacking this was
    an extremely obscure thing to do. Too bad that it took a third party
    publishing a "how-to" to get MS to patch it.

    Don't know, off-hand. I use Firefox - not for security reasons, but
    because it's simply a better browser.

    Imitating MAC is all I can think of. It is stupid, I agree.

    No argument there at all. The origins of this entire ugly thread were
    not even an argument about which OS is better, but rather a simple
    observation - which you've reiterated here - that Linux is not proof
    against attack.
     
    Eric Schreiber, Feb 13, 2006
  9. And here I thought we were getting along so well.
     
    Eric Schreiber, Feb 13, 2006
  10. opium

    Paul Allen Guest

    I hope not, since it's accurate to note that the Linux distributors
    were slow to ship systems that installed secure by default. I would
    add, however, that my first firewall was based on RH 6.2. It didn't
    run any silly web admin interfaces, didn't run any unnecessary daemons,
    didn't have X installed, and was darn secure. I used Bastille (plug)
    to tighten it up. I'm somewhat more worried about the Linksys WRT54G
    that's taken its place. It may be running a secure OS, but its web
    interface appears to be a bag of bugs.
    I'm reminded of the Code Red fiasco of a few years ago. My employer
    has an extremely large Windows deployment. The enterprise support
    folks thought they knew exactly where all the servers were, and that
    they therefore had a box around the Code Red infection. Much to their
    surprise, IIS was *everywhere*. It turns out that IIS gets installed
    practically any time you look at a Windows box sideways. Most of the
    owners of infected boxes were surprised when the network SWAT team
    showed up to quaranteen and clear their workstation. They had no
    idea IIS was even installed, let alone running.

    The lesson here is to periodically audit your systems for unexpected
    running services. I'm sure Eric knows how to do that. I guess many
    computer users don't have a clue what services are (or should be)
    running on their systems. (Looks like an opportunity for improvement.
    I wonder if Microsoft or the open-source community will implement
    automatic service auditing first?)
    Note that the WMF flaw was not a bug. The ability to execute external
    code was designed into the file format. Microsoft's fix was to disable
    that feature in the code that interprets WMF files. The description of
    the problem and the fix is on Microsoft's web site, where I'm sure
    Google can find it.

    [...]
    It actually started with someone asking if cameras could be harmed
    or infected by viruses on a PC. It quickly morphed into a general
    discussion of the virus problem and then was prolonged when some
    folks tried to assert that Windows is just as secure as Linux. Some
    Linux partisans can't let a provably false claim like that pass
    unchallenged, and the slug-fest was on. I confess to taking part
    in the meelee for a while. <sigh>

    Paul Allen
     
    Paul Allen, Feb 13, 2006
  11. opium

    ASAAR Guest

    We may have been, until you bent over backwards to post your
    ridiculous, somewhat insulting reply. Perhaps you weren't familiar
    with Back Orifice? I'm not sure when it first surfaced, but it
    might have been as much as 8 or 10 years ago, and was quite nasty.
    Useful too, for those that knew how to tame it. I avoided it.
     
    ASAAR, Feb 13, 2006
  12. I do that regularly, because even though my machine is pretty much a
    screamer, I don't like things taking up memory or CPU instructions
    without really good reason.

    Photoshop Elements 3, to my surprise, installed a service that
    apparently scans for graphics files in the background. Since I don't
    really use Elements much (learning CS2 instead) I killed that process.

    The really annoying one is the several processes that iTunes installs.
    My Palm HotSync conduit only runs when I want it to, and synchronizes
    flawlessly when I push a button. iTunes runs junk all the time, and my
    iPod thrashes whenever I plug it in as it tries to find iTunes. I love
    my iPod, but Apple really missed the boat in their USB sync design.

    Gibson over at grc.com suggested that to him, it looked as though it
    was coded specifically to be used as a back door. I find that far
    fetched, as does a lot of the technical community. But still, it makes
    one wonder.

    I guess it depends which side of the fence one is on. From where I'm
    sitting, 'some folks' correctly asserted that Linux is not immune to
    attack, and a certain Linux partisan, completely missing the point,
    took that as an opportunity to practice his profanity and fire up the
    Windows vs. Linux argument.
     
    Eric Schreiber, Feb 13, 2006
  13. I apologize. The insult (and I admit there was one, which I should not
    have made) was not directed in any way at you. It was intended only as
    an off-color joke.

    I was aware of it, but no more so than any geek who reads the technical
    news. I never installed it or even saw it up close.
     
    Eric Schreiber, Feb 13, 2006
  14. opium

    ASAAR Guest

    Ok, no problem. The joke was recognized, but it wasn't clear that
    there wasn't more intended, as it unnecessarily included your linux
    nemesis, Floyd as part of the "joke".
     
    ASAAR, Feb 13, 2006
  15. True, there are half a dozen that have been found. Compare that
    the the thousands for a Windows system.

    What's your point?
     
    Floyd Davidson, Feb 13, 2006
  16. opium

    Bryan Olson Guest

    How many in the firewall part?

    Missed it? Oh, well.
     
    Bryan Olson, Feb 15, 2006
  17. opium

    Paul Allen Guest

    Most appeared to be in the web stuff that implements the admin
    interface. A bunch of bonehead buffer overflows and input
    validation goofs that let the attacker own the box and configure
    it however he wants. Nothing in Linux itself or in iptables.
    It was all problems with what would be called the "application
    software" on a regular computer.

    Google for "linksys exploits". The first page of hits has a
    nice independent summary of all the known problems with firmware
    version numbers.

    Paul Allen
     
    Paul Allen, Feb 15, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.