[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Mystery of chroot



On Sun, 2007-07-22 at 20:55 -0400, monty19@ hotmail.com wrote:
> >Sounds like you have limited experience with doz "security". Malware 
> >that targets its security flaws is extraordinarily easy to acquire
> in 
> >doz, and difficult to eradicate, short of reinstalling the whole OS 
> and >apps. It's even possible (easy, so I hear) 
> 
> So you admit you have no actual experience to counter his 'limited' 
> experience... 
> 
> >to acquire malware in the interval between installation and
> completion 
> >of installing security updates online from M$. 
> 
> Do you really think that given adequate access (i.e. throw it up on
> the 
> internet with no firewall) to a Linux system with known
> vulnerabilities 
> this would not also be possible between the interval you install that 
> system and manage to update it? What makes you believe then that
> Windows 
> should magically behave any better. 
> 
> Of course, you can spin an updated install disk with the latest
> packages 
> so that this is not the case with your Linux system. Of course, you
> can 
> slipstream the install for any of Microsoft's more recent operating 
> systems and expect the same. 
> 
> Look, I am no fan of a lot of Microsoft's business and marketing 
> tactics; Microsoft has been inching it's way out of my computing 
> experience slowly but surely over the last couple years. But this is
> the 
> same kind of FUD Microsoft likes to spread about any of the *nix 
> operating systems. 
> 
> A generic Fedora 7, Fedora 6, Fedora 5, (how far do you want to go 
> back), Solaris, Mac OS X, etc. install is likely to have security
> flaws 
> prior to being updated that are remotely exploitable under the proper 
> circumstances. 
> 
> If you don't use yum or a similar tool to install any security
> updates 
> to your Fedora installation, fail to run a firewall, and carelessly 
> click on links, and open unexpected email attachments then you are no 
> better than the masses of Windows users who fail to install their 
> windows updates, fail to run a firewall, and carelessly click on
> links, 
> and open unexpected email attachments. 
> 
> The difference is that because you are not running Windows you will 
> probably go just a bit longer than them before managing to infect
> your 
> system with one form of malware or another, only because most malware 
> written today is directed at the much larger number of Windows
> computers 
> out there. 
> 
> I run Mac OS X on my laptop and linux on everything else, resorting
> to 
> Windows Vista for only an occasional game that I might want to play
> with 
> friends. i might run Windows once a week tops. 
> 
> However, my wife uses Windows exclusively. She has no real interest
> in 
> Linux, Mac OS X, and so on. She is diligent about installing those 
> Critical and Recommended Windows updates, has the basic Windows
> Firewall 
> set up, and uses common sense when browsing the web and reading
> email. 
> She has NEVER had a problem with viruses, spyware, pop-ups, or any
> other 
> form of malware. 
> 
> Conversely I have seen Linux and even Mac users who believe their
> system 
> is an iron fortress simply for the fact that they are not running 
> Windows, only to find root kits and other nastiness installed on
> their 
> system down the road. 
> 
> And people will cry that the only way in which you can correct an 
> infected Windows system is to reinstall the operating system, but I 
> would argue that from my professional and personal experience that
> 99% 
> of the time this is completely untrue. Again, do you really believe
> that 
> when a system becomes infected with this garbage that there is no
> sound, 
> technical, and methodical manner in which you can remove these
> programs, 
> and restore the system? There are some truely nasty pieces of malware 
> out there that will employ tactics such as attempting to reinstall 
> themselves if all components are not removed, etc. I have had a 
> miserable time cleaning up more than a few of these, but I have never 
> had to give up on a machine and reinstall it, though time wise it may 
> have been just as effective to reinstall one or two of them. 
> 
> Oh, and how does most of this start? User browses to website X and 
> recieves popup Y that says you can get this absolutely nifty free 
> program that installs super cool item Z (instant message icons,
> games, 
> screensavers, and whatever crap), and Joe user thinks hey, what a
> great 
> deal, and goes on and install it beginning the mess... 
> 
> Really, your poorly informed arguments do nothing for improving the 
> cause of Linux. 
> 
> With respect, 
> Jason 
> 
> P.S. I believe the operating systems name is Windows, not 'doz'; 
> demeaning a product or making silly attacks against its name really
> are 
> no way to make your case against the company. 
> 
Worms carrying rootkits for windows don't need you to do anything, and
they are far too frequent.  I know that worms can also inhabit all other
OS's, but in my experience, many decades, and many OS's, only windows
falls often and easily.  This is acknowledged by the range and number of
"security" products that attempt to cover the holes in MS software,
which MS then overrides to open ports for remote access, downloads, and
reading the registry for each and every application they choose to
install on your system.  In addition, there is virtually no disk or file
protection in windows.  The sum effect is vulnerability and is one
reason we continuously hear about the losses of data over windows
networks.  I don't like to lambaste someone like MS, but in reality,
they have had these problems for decades and their answer has been a
succession of bandaids, and patches that have not made very much overall
difference.  I can sympathize with them to a point, but when the buffer
overflow was known in Dos, and remained in Windows until NT, that is
just not right, no matter how you look at it.  And yes, I have committed
the same sin in some cases in my own software, but I am a single
engineer, developing in a specialized environment, and the risk was much
lower, and my total knowledge was not the equivalent of the thousands of
Microsoft Engineers.  No excuse, but the reason none the less.

	I also can look at the costs of development for windows vs virtually
any other OS, and wonder about the time/cost/effectiveness of such work.
Like many maids, I don't do windows.

Regards,
Les H


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]