Simple question about Windows .......

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

Peter Hayes <not_in_use.RemoveThis@btinternet.com> writes:

> In <dcc2vmxysbfa$.dlg@funkenbusch.com> Erik Funkenbusch wrote:
>> On 28 Sep 2006 15:27:25 GMT, Peter Hayes wrote:
>>
>>>> You're inability to follow Eriks explanation is frightening. And
>>>> your last paragrpah made no sense. Maybe you're talking about
>>>> something else?
>>>
>>> I'm talking about Erik's comment, quoted at the top of this post,
>>> that " Hell, a few years back, there were these streams of very
>>> complicated hoaxes going around that asked users to delete various
>>> files from their hard drive, because they were claimed to be
>>> viruses." And I responded that if viruses didn't exist these "delete
>>> virus msvc60.dll" or whatever spoof e-mails wouldn't exist because
>>> nobody would believe them, or even understand them. Now what's
>>> simpler than that?
>>
>> The point was simply that complexity is no deterent.
>
> I know what the point was. I made a slightly flippant observation that
> got blown up out of all proportion.
>
>> Suppose the list
>> of instructions were to instead install a cool screen saver, or view
>> naked pictures of paris hilton, or a great e-card from your grandson,
>> or to show your patriotic support of the troops. Social engineering
>> works because it convinces them to do things they normally wouldn't do.
>
> It works in Windows because there's few if any road blocks in place to
> stop the user following instructions.
>
> It's less likely to work for Linux or OS X because these OSs include
> road blocks like the sudo command. Without the appropriate password sudo
> brings the exploit to a grinding halt no matter how desperate the user
> is to view pictures of paris hilton naked.

sudo generally shares the same password as the user in home
installations. It is no deterrent in that configuration. And when its a
rogue script, the use of sudo totally negates why sudo is used - to
avoid the need to go into an interactive root shell where the user
might inadvertently do things with root privileges.

Also, thankfully, Köhlmann supported me by saying that sudo doesnt exist
in other Linux versions ( no surprise there : distro hell once more) so
the user must go into su mode. Which they will. Because you have to in
order to install stuff.

>
> Hopefully Vista will include similar safeguards, but not if RC1 is
> anything to go by. It pops up boxes at every opportunity asking if I
> really want to do x, y or z, but I've never been asked for a password
> yet. Worrying, that.

--
perfect woman, n.:
Four feet tall, no teeth and a flat head so you can rest
your drink.

[Pistol-grip ears? Ed.]

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

Richard Rasker <spamtrap.RemoveThis@linetec.nl> writes:

> Op Thu, 28 Sep 2006 17:57:11 -0500, schreef Erik Funkenbusch:
>
>> On 28 Sep 2006 15:27:25 GMT, Peter Hayes wrote:
>>
>>>> You're inability to follow Eriks explanation is frightening. And your
>>>> last paragrpah made no sense. Maybe you're talking about something
>>>> else?
>>>
>>> I'm talking about Erik's comment, quoted at the top of this post, that "
>>> Hell, a few years back, there were these streams of very complicated
>>> hoaxes going around that asked users to delete various files from their
>>> hard drive, because they were claimed to be viruses." And I responded
>>> that if viruses didn't exist these "delete virus msvc60.dll" or whatever
>>> spoof e-mails wouldn't exist because nobody would believe them, or even
>>> understand them. Now what's simpler than that?
>>
>> The point was simply that complexity is no deterrent.
>
> In my experience, it absolutely is. When users call me with networking
> problems, I often have to make them enter CLI commands to quickly figure
> out what's wrong (as I have no remote access an more due to the networking
> trouble).
> And boy oh boy, you should see it. It's more often than not like training
> a dog to jump through hoops, requiring endless patience, several attempts
> at every command, often rephrased in different ways. And with every
> error

Shh. We are assured by the regulars here that CLI is obvious to all but
the most "retarded" users.

But most Linus users will have to use them at some time : a brief glance
at the thousands of "how tos" to get sound, opengl, video, multiple
desktops etc working will show you. All it needs is one hack of a
"howto" script which is run using sudo or its equivalent and *bang*.

Script kiddies like scripts.

> message, they get more uncertain too, ready to give up totally. Most are
> very glad when this "geeky stuff" is over. And those who are competent
> enough to carry out the instructions, wouldn't dream of doing it if I
> wasn't explicitly instructing them over the phone.
>
>> Suppose the list of instructions were to instead install a cool screen
>> saver, or view naked pictures of paris hilton, or a great e-card from
>> your grandson, or to show your patriotic support of the troops. Social
>> engineering works because it convinces them to do things they normally
>> wouldn't do.
>
> I don't say it's impossible that people actually fall for these schemes.
> But complexity still is a very good deterrent - and with Linux, there is a
> rather nice gap between the normal, super-easy GUI stuff which offers
> relatively little opportunity to do harm, and the deeper mechanisms which
> *can* cause trouble. People are used to just click on stuff to see *any*
> kind of pictures, or visit a web site displaying e-cards. They click a
> package manager or desktop setup option to install stuff or select a
> screensaver. In Linux, there simply isn't a culture of sending executables
> by mail, as there is/was with Windows. And why is that? Indeed: because
> executing mailed files is rather bothersome. And because there's no need
> at all.
> Add to that the fact that unasked-for stuff is always regarded with more
> suspicion, and no, I don't see your social engineering viruses taking off
> under Linux. Even on bug-infested Windows, the hoaxes of this style are
> few and far between, and to my knowledge, there hasn't been even one
> succesful self-replicating virus of this kind.
>
> Again: it's not impossible to get people to hose their machines, but it's
> tricky all the same. And also as long as Windows doesn't get any better
> than "one click from hell", the malware you describe simply won't come
> into existence on any significant scale. There are vastly more and easier
> ways to crack Windows machines; it's by far the softest target around. And
> that's why Windows will remain the platform of choice for hackers, script
> kiddies and criminals.
>
> Richard Rasker

--
perfect woman, n.:
Four feet tall, no teeth and a flat head so you can rest
your drink.

[Pistol-grip ears? Ed.]

thad01 · External Since: Apr 20, 2005 Posts: 812

Erik Funkenbusch <erik.TakeThisOut@despam-funkenbusch.com> wrote:
> On Fri, 29 Sep 2006 04:40:21 +0000 (UTC), thad01.TakeThisOut@tux.glaci.remove-this.com
> wrote:
>
> Like I said, a suitably subtle back door. I recall a fairly recent patch
> in which the parenthesis were left off a function call, which created a
> root vulnerability (i don't recall if it was local or remote). This
> skipped through a lot of eyes before someone caught it, and even then it
> was because a black had had noticed it first and was activvely using it.
>
> So please spare me the "too many eyes" rhetoric, most eyes see the exact
> same thing and can stare at subtle vulnerabilities and not see them.

Perhaps most, but not all, and that is the thing. Opening your code
doesn't automatically expose all bugs and fix everything, but it does
provide the 'potential' for a much wider pool of eyes then most closed
source projects can ever hope for. If an OSS project does not become
widely used and popular, it may never see that benefit, but there is
no doubt that hugely popular projects like linux or apache have
benefited. I've lurked on the LKML for years and seen the 'many eyes'
principle at work.

Bugs and purposeful back doors happen in both open and closed source
software. They are just harder to hide on the open side of the fence.

> I think we're talking about the same bug. I'm pretty sure it wasn't the =
> vs ==, it was because of the lack of parens on a function call. And it
> wasn't found right away, that was the problem.

No, I don't think we are talking about the same one, because I recall
my example being caught during the submission/vetting process. It was
memorable not because it was a potentially dangerous bug, but because
of the suspicion that it was a purposeful attempt to inject a
vulnerability. This was a few years ago and my memory is not the
greatest, but I expect we could track down the details with a bit of
trawling through the LKML archives if need be.

>>> Who installs nightly builds?
>>
>> In the open source world, anyone who wants to.
>
> The point is, it's pretty rare.

Yup, thats the nice thing about the open source world... it covers
the corner cases as well as the common ones. Cover enough of those
rare circumstances, and it begins to add up to quite the following.

Later,

Thad

Peter KÃ¶hlmann · External Since: Jun 27, 2005 Posts: 1500

Hadron Quark wrote:

> Gregory Shearman <ZekeGregory.RemoveThis@netscape.net> writes:
>
>> Hadron Quark wrote:
>>
>>> JDS <jeffrey.RemoveThis@invalid.address> writes:
>>>
>>>> On Thu, 28 Sep 2006 13:51:11 +0200, Hadron Quark wrote:
>>>>
>>>>> You can be sure as hell that *if* Linux ever gets more than 2% of the
>>>>> desktop share then the virus writers will turn their gaze towards it.
>>>>
>>>> How about the server market share? Most of the websites on the WWW
>>>> run on Apache on Linux. That's a pretty big market share. Where are the
>>>> viruses for those systems?
>>>
>>> They are hacked on a routine basis.
>>
>> Routine?
>>
>> How about you define what you mean about "routine" and supply evidence to
>> support your claims.
>
> Greg, you seem competent enough.
>
> Let me turn this around:
>
> Are web servers running apache and Linux hacked? Yes or no.
>
> Its the denial that freaks me out.
>

In short: You can't back up your claim of "routinely hacked" and resort to
handwaving
--
Microsoft? Is that some kind of a toilet paper?

The Ghost In The Machine · External Since: Aug 04, 2005 Posts: 3878

In comp.os.linux.advocacy, markzoom RemoveThis @digiverse.net
<markzoom RemoveThis @digiverse.net>
wrote
on 28 Sep 2006 18:05:23 -0700
<1159491923.733238.196080 RemoveThis @i42g2000cwa.googlegroups.com>:
>
> The Ghost In The Machine wrote:
>> In comp.os.linux.advocacy, ray
>> <ray RemoveThis @zianet.com>
>> wrote
>> on Thu, 28 Sep 2006 16:15:24 -0600
>> <pan.2006.09.28.22.15.23.218320 RemoveThis @zianet.com>:
>> >
>> >>>
>> >>> IMHO it's irrelevant 'why'. The fact is that MS systems are highly
>> >>> vulnerable whereas others are not.
>> >>
>> >> I must disagree. The reason for the problem is the beginning to finding
>> >> a solution, and is therefore, *extremely* relevant. The fact is that
>> >> the question remains a valid one:
>> >>
>> >> ######################
>> >> Why do rapid spreading, self replicating, successful viruses and
>> >> other malicious code exist for the Windows operating system?
>> >> ######################
>> >>
>> >> This question addresses multiple issues in one sentence, and, as I
>> >> said, is really the bottom line.
>> >
>> > This is a Linux Advocacy group. It is not our responsibility to fix MSs
>> > shortcomings.
>>
>> No, but we do probably need to advocate a solution that
>> might eliminate or work around them for the user. Smile

>>
>> Fortunately for us (and for the users), Linux and many
>> Linux distros do exactly that. How many viruses have
>> infected Linux machines?
>>
>> I can count three:
>>
>> - Bliss
>> - a derivative of Bliss
>> - Li0n
>>
>> and none really propagated all that much -- if at all.
>>
>> http://www.viruslibrary.com/virusinfo/Linux.htm
>>
>> does list a few, however.
>>
>> Linux.OSF.8759 is a true virus; it infects ELF executables. For
>> some reason it skips all files ending in "ps" (not ".ps").
>>
>> Linux.RST is another such virus.
>>
>> The rest are various flavors of worm, attacking system daemons.
>>
>> A scan using the builtin search engine uncovers a few more, a total of
>> 20 in all. One of the more interesting ones is Linux.Zipworm, which
>> searches for zip archives and inserts itself thereinto. This is why
>> md5sums are so important. Smile

>>
>> Yep, better patch our Linux systems. Those 20 viruses
>> look extremely dangerous.
>>
>> Now...
>>
>> Clicking on "Virus Information" suggests 5505 highly active
>> viruses. Three guesses which system, and one *knows* it's
>> bad when one has names such as 92_69.1148, 33.525, AAA.807,
>> I-Worm.NetSky.y, Bleah.c, and Backdoor.Win32.AckCmd
>> through Backdoor.Win32.XRat.j.
>
> Hmmm.... That's about 272 windows viruses for every Linux one, 272-1 is
> not that far from the ratio of Linux users to M$ ones....

Once Linux goes mainstream on the desktop it will have
more viruses than the Windows variant; this is because it's
inherently unsafe. Just ask Scott Nudds. Smile

[rest snipped]

--
#191, ewill3 RemoveThis @earthlink.net
If your CPU can't stand the heat, get another fan.

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2403

On 29 Sep 2006 10:31:23 GMT, Peter Hayes wrote:

> It works in Windows because there's few if any road blocks in place to
> stop the user following instructions.

As I said, those roadblocks are irrelevent to the average user, except in
corporate environements where they have someone knowledgable managing their
system, the same is true of Windows.

> It's less likely to work for Linux or OS X because these OSs include
> road blocks like the sudo command. Without the appropriate password sudo
> brings the exploit to a grinding halt no matter how desperate the user
> is to view pictures of paris hilton naked.

Why wouldn't the person who went out to the store and bought a computer,
then took it home to start sending emails from their kids, know the
passwords? They set it.

> Hopefully Vista will include similar safeguards, but not if RC1 is
> anything to go by. It pops up boxes at every opportunity asking if I
> really want to do x, y or z, but I've never been asked for a password
> yet. Worrying, that.

That's because you're running an administrator account. It reasons that if
you are a member of the administrator group, then what's the difference
between typing in a password and clicking "ok"? Just more opportunity for
your password to get hijacked by a clever trojan if you condition people to
type their password all the time.

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2403

On Fri, 29 Sep 2006 12:44:02 +0100, William Poaster wrote:

> On Fri, 29 Sep 2006 10:54:42 +0000, Peter Hayes wrote:
>
>> In <v0vrqrst9bzr$.dlg@funkenbusch.com> Erik Funkenbusch wrote:
>>> On Thu, 28 Sep 2006 16:42:50 +0200, Richard Rasker wrote:
>
> <snip>
>>>Linux has been largely immune because of it's relative obscurity and
>>>higher than average technical ability of its users.
>
> Hmm...so as there are more linux servers running the internet, than M$
> ones, they're obscure. So *this* is why they haven't been attacked to the
> same extent that windows has.
>
> Spot the flaw....

You have competant administrators (usually) running Linux servers, and when
they're not competant, they get attacked all the time. More so than
Windows on average according to Zone-H, which tracks server compromises.

The Ghost In The Machine · External Since: Aug 04, 2005 Posts: 3878

In comp.os.linux.advocacy, Hadron Quark
<qadronhuark RemoveThis @geemail.com>
wrote
on Fri, 29 Sep 2006 13:31:28 +0200
<87irj6nc33.fsf RemoveThis @geemail.com>:
> William Poaster <wp RemoveThis @suseoss101.eu> writes:
>
>> On Fri, 29 Sep 2006 03:04:40 +0000, Mathew P. wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On 2006-09-29, Tim Smith spake thusly:
>>>> In article <y5dfumy4qch1.dlg RemoveThis @funkenbusch.com>,
>>>> Erik Funkenbusch <erik RemoveThis @despam-funkenbusch.com> wrote:
>>>>> > And one major difference is, that in linux it would *only* corrupt the
>>>>> > user's home partition & not the *whole* frekin' OS, unlike windows.
>>>>>
>>>>> That's not all it can do. For instance, it could send out spam
>>>>> to millions of users, or it could replicate itself, or cause a
>>>>> DDoS. It can steal passwords, harvest email addresses, and a
>>>>> whole host of other tasks... none of which require one iota of
>>>>> special privilege.
>>>>>
>>>>> Of course, that's not taking into account that such viruses or
>>>>> trojans can try to exploit any known local privilege elevation
>>>>> vulnerability as well.
>>>>
>>>> It's also not taking into account the fact that the user's home
>>>> directory is the place where the items of value to the average user are
>>>> kept.
>>>
>>> Explain to me how viruses can execute without being able to infiltrate
>>> or "attach" themselves to user files? They don't automatically get
>>> set with that level of permissions even on intentional download.
>>>
>>
>> Exactly. I for one, will take advice from security experts rather than
>> arguments from a couple of M$ Apologists.
>
> Which "experts" Willy?
>
> You know the problem with most experts don't you? They're not.
>

Exactly. It's far easier and better to take advise from know-nothing
salespeople who have been trained that their product is better. Smile

Microsoft has lots of salespeople. Smile

--
#191, ewill3 RemoveThis @earthlink.net
If your CPU can't stand the heat, get another fan.

markzoom · External Since: Dec 31, 2004 Posts: 143

The Ghost In The Machine wrote:
> In comp.os.linux.advocacy, markzoom.RemoveThis@digiverse.net
> <markzoom.RemoveThis@digiverse.net>
> wrote
> on 28 Sep 2006 18:05:23 -0700
> <1159491923.733238.196080.RemoveThis@i42g2000cwa.googlegroups.com>:
> >
> > The Ghost In The Machine wrote:
> >> In comp.os.linux.advocacy, ray
> >> <ray.RemoveThis@zianet.com>
> >> wrote
> >> on Thu, 28 Sep 2006 16:15:24 -0600
> >> <pan.2006.09.28.22.15.23.218320.RemoveThis@zianet.com>:
> >> >
> >> >>>
> >> >>> IMHO it's irrelevant 'why'. The fact is that MS systems are highly
> >> >>> vulnerable whereas others are not.
> >> >>
> >> >> I must disagree. The reason for the problem is the beginning to finding
> >> >> a solution, and is therefore, *extremely* relevant. The fact is that
> >> >> the question remains a valid one:
> >> >>
> >> >> ######################
> >> >> Why do rapid spreading, self replicating, successful viruses and
> >> >> other malicious code exist for the Windows operating system?
> >> >> ######################
> >> >>
> >> >> This question addresses multiple issues in one sentence, and, as I
> >> >> said, is really the bottom line.
> >> >
> >> > This is a Linux Advocacy group. It is not our responsibility to fix MSs
> >> > shortcomings.
> >>
> >> No, but we do probably need to advocate a solution that
> >> might eliminate or work around them for the user. Smile

> >>
> >> Fortunately for us (and for the users), Linux and many
> >> Linux distros do exactly that. How many viruses have
> >> infected Linux machines?
> >>
> >> I can count three:
> >>
> >> - Bliss
> >> - a derivative of Bliss
> >> - Li0n
> >>
> >> and none really propagated all that much -- if at all.
> >>
> >> http://www.viruslibrary.com/virusinfo/Linux.htm
> >>
> >> does list a few, however.
> >>
> >> Linux.OSF.8759 is a true virus; it infects ELF executables. For
> >> some reason it skips all files ending in "ps" (not ".ps").
> >>
> >> Linux.RST is another such virus.
> >>
> >> The rest are various flavors of worm, attacking system daemons.
> >>
> >> A scan using the builtin search engine uncovers a few more, a total of
> >> 20 in all. One of the more interesting ones is Linux.Zipworm, which
> >> searches for zip archives and inserts itself thereinto. This is why
> >> md5sums are so important. Smile

> >>
> >> Yep, better patch our Linux systems. Those 20 viruses
> >> look extremely dangerous.
> >>
> >> Now...
> >>
> >> Clicking on "Virus Information" suggests 5505 highly active
> >> viruses. Three guesses which system, and one *knows* it's
> >> bad when one has names such as 92_69.1148, 33.525, AAA.807,
> >> I-Worm.NetSky.y, Bleah.c, and Backdoor.Win32.AckCmd
> >> through Backdoor.Win32.XRat.j.
> >
> > Hmmm.... That's about 272 windows viruses for every Linux one, 272-1 is
> > not that far from the ratio of Linux users to M$ ones....
>
> Once Linux goes mainstream on the desktop it will have
> more viruses than the Windows variant; this is because it's
> inherently unsafe. Just ask Scott Nudds. Smile

It will never go "mainstream" until the command line becomes
superfluous. Nobody will regress to Dos/windows 3.11 (I wonder how many
viruses still work with them...)

>
> [rest snipped]
>
> --
> #191, ewill3.RemoveThis@earthlink.net
> If your CPU can't stand the heat, get another fan.

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

Peter Hayes <not_in_use.RemoveThis@btinternet.com> writes:

> In <87ac4inbtp.fsf.RemoveThis@geemail.com> Hadron Quark wrote:
>> Richard Rasker <spamtrap.RemoveThis@linetec.nl> writes:
>>
>>> Op Thu, 28 Sep 2006 17:57:11 -0500, schreef Erik Funkenbusch:
>>>
>>>> On 28 Sep 2006 15:27:25 GMT, Peter Hayes wrote:
>>>>
>>>>>> You're inability to follow Eriks explanation is frightening. And
>>>>>> your last paragrpah made no sense. Maybe you're talking about
>>>>>> something else?
>>>>>
>>>>> I'm talking about Erik's comment, quoted at the top of this post,
>>>>> that " Hell, a few years back, there were these streams of very
>>>>> complicated hoaxes going around that asked users to delete
>>>>> various files from their hard drive, because they were claimed to
>>>>> be viruses." And I responded that if viruses didn't exist these
>>>>> "delete virus msvc60.dll" or whatever spoof e-mails wouldn't exist
>>>>> because nobody would believe them, or even understand them. Now
>>>>> what's simpler than that?
>>>>
>>>> The point was simply that complexity is no deterrent.
>>>
>>> In my experience, it absolutely is. When users call me with
>>> networking problems, I often have to make them enter CLI commands to
>>> quickly figure out what's wrong (as I have no remote access an more
>>> due to the networking trouble). And boy oh boy, you should see it.
>>> It's more often than not like training a dog to jump through hoops,
>>> requiring endless patience, several attempts at every command, often
>>> rephrased in different ways. And with every error
>>
>> Shh. We are assured by the regulars here that CLI is obvious to all
>> but the most "retarded" users.
>>
>> But most Linus users will have to use them at some time : a brief
>> glance at the thousands of "how tos" to get sound, opengl, video,
>> multiple desktops etc working will show you. All it needs is one hack
>> of a "howto" script which is run using sudo or its equivalent and *
>> bang*.
>
> What distro are you running? RedHat 4.2?
>
> The functions you quote usually work "out of the box" on a modern distro,
> the exception that you *should* have quoted is DVD decryption, thanks to
> the greed of Hollywood.

Ubuntu Dapper. But the drivers I use for my card are self compiled each
time I get a new kernel.

Greed of Hollywood? What are you talking about?

--
What's this script do?
unzip ; touch ; finger ; mount ; gasp ; yes ; umount ; sleep
Hint for the answer: not everything is computer-oriented. Sometimes you're
in a sleeping bag, camping out with your girlfriend.
-- Contributed by Frans van der Zande

Gregory Shearman · External Since: Jun 30, 2004 Posts: 492

Hadron Quark wrote:

> JDS <jeffrey RemoveThis @invalid.address> writes:
>
>> On Thu, 28 Sep 2006 13:51:11 +0200, Hadron Quark wrote:
>>
>>> You can be sure as hell that *if* Linux ever gets more than 2% of the
>>> desktop share then the virus writers will turn their gaze towards it.
>>
>> How about the server market share? Most of the websites on the WWW
>> run on Apache on Linux. That's a pretty big market share. Where are the
>> viruses for those systems?
>
> They are hacked on a routine basis.

Routine?

How about you define what you mean about "routine" and supply evidence to
support your claims.

--
Regards,

Gregory.
"Ding-a-ding-dang,My Dang-a-long ling-long"

Peter KÃ¶hlmann · External Since: Jun 27, 2005 Posts: 1500

Gregory Shearman wrote:

> Hadron Quark wrote:
>
>> JDS <jeffrey.TakeThisOut@invalid.address> writes:
>>
>>> On Thu, 28 Sep 2006 13:51:11 +0200, Hadron Quark wrote:
>>>
>>>> You can be sure as hell that *if* Linux ever gets more than 2% of the
>>>> desktop share then the virus writers will turn their gaze towards it.
>>>
>>> How about the server market share? Most of the websites on the WWW
>>> run on Apache on Linux. That's a pretty big market share. Where are the
>>> viruses for those systems?
>>
>> They are hacked on a routine basis.
>
> Routine?
>
> How about you define what you mean about "routine" and supply evidence to
> support your claims.
>

He should also explain why "hacked" is suddenly a "virus"

The difference between a hacked website (which by its very nature is
accessible from the outside) and an infected computer should be even
obvious to widiots like "Hadron"
--
It's sweet to be remembered, but it's often cheaper to be forgotten.

Gregory Shearman · External Since: Jun 30, 2004 Posts: 492

Hadron Quark wrote:

> Peter Kai Jensen <usenet.DeleteThis@pekajemaps.homeip.net> writes:
>
>> Hadron Quark wrote:
>>
>>>> To excuse Microsoft through historical baggage and a lack of
>>>> foresight isn't valid. They had two major opportunities to beef up
>>>> security, the release of Windows 95 and the release of NT4, or
>>>> perhaps even NT3.51.
>>>
>>> Users running executables can have no "security" defense.
>>
>> Mount /home/ with noexec. That should take care of most of the
>> problems.
>
> What part of "users executing program" seems to be flying over peoples
> heads here?

Seems to be striking everyone in the gut to me....

> And, sudo still gets around everything does it not? If there is a build
> script which compiles & installs and is advertised to the user as
> legitimate he must

Oh FFS... sudo rm -rf /

...will take care of most things...

> "sudo sh ./myscript" or something.

If a user can do this then they are an ADMINISTRATOR, not a user.

You are being disingenuous.

> Disabling exec on /home is nothing more than smoke & mirrors over the
> original meaning.

So, 'noexec' on the /tmp partition. 'noexec' on /home... please tell me HOW
IN HADES A USER CAN EXECUTE A PROGRAM?

--
Regards,

Gregory.
"Ding-a-ding-dang,My Dang-a-long ling-long"

Gregory Shearman · External Since: Jun 30, 2004 Posts: 492

Peter Köhlmann wrote:

> Hadron Quark wrote:
>
>> Erik Funkenbusch <erik DeleteThis @despam-funkenbusch.com> writes:
>>
> < snip >
>
>>> Of course, that's not taking into account that such viruses or trojans
>>> can try to exploit any known local privilege elevation vulnerability as
>>> well.
>>
>>
>> The nutjobs are forgetting that magic word "sudo" which accompanies just
>> every single "How to get Linux Working howto" out there.
>>
>
> Interesting. Tell us more about this "magical" sudo
> Whenever I try to use it on a SuSE box, I fail so miserably without
> setting it up (having to resort to root, naturally)

Hmmm.... Gentoo requires the user to be part of the "wheel" group to be able
to "sudo".

Presumably, you give such power only to TRUSTED users and only for SPECIFIC
purposes.

I personally prefer the old

$ su -c "<command>"

--
Regards,

Gregory.
"Ding-a-ding-dang,My Dang-a-long ling-long"

Jim Richardson · External Since: Jan 15, 2005 Posts: 1227

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 29 Sep 2006 15:57:18 -0500,
Erik Funkenbusch <erik.TakeThisOut@despam-funkenbusch.com> wrote:
> On Fri, 29 Sep 2006 12:44:02 +0100, William Poaster wrote:
>
>> On Fri, 29 Sep 2006 10:54:42 +0000, Peter Hayes wrote:
>>
>>> In <v0vrqrst9bzr$.dlg@funkenbusch.com> Erik Funkenbusch wrote:
>>>> On Thu, 28 Sep 2006 16:42:50 +0200, Richard Rasker wrote:
>>
>> <snip>
>>>>Linux has been largely immune because of it's relative obscurity and
>>>>higher than average technical ability of its users.
>>
>> Hmm...so as there are more linux servers running the internet, than M$
>> ones, they're obscure. So *this* is why they haven't been attacked to the
>> same extent that windows has.
>>
>> Spot the flaw....
>
> You have competant administrators (usually) running Linux servers, and when
> they're not competant, they get attacked all the time. More so than
> Windows on average according to Zone-H, which tracks server compromises.

zone H tracks *site* compromises. They make guesses as to servers.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFHdwqd90bcYOAWPYRAnzeAJ9iO0UGto2x/8cqsquLDlq4n/Fv4QCg085A
ckCf4Dxqlu84zxOZW5BrML8=
=Yfob
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
Instruction ends in the schoolroom -- but education
ends only with life. -- Publilius Syrus.

Linonut · External Since: Mar 31, 2006 Posts: 3492

After takin' a swig o' grog, Erik Funkenbusch belched out this bit o' wisdom:

> On Fri, 29 Sep 2006 12:44:02 +0100, William Poaster wrote:
>
>> On Fri, 29 Sep 2006 10:54:42 +0000, Peter Hayes wrote:
>>
>>> In <v0vrqrst9bzr$.dlg@funkenbusch.com> Erik Funkenbusch wrote:
>>>> On Thu, 28 Sep 2006 16:42:50 +0200, Richard Rasker wrote:
>>
>> <snip>
>>>>Linux has been largely immune because of it's relative obscurity and
>>>>higher than average technical ability of its users.
>>
>> Hmm...so as there are more linux servers running the internet, than M$
>> ones, they're obscure. So *this* is why they haven't been attacked to the
>> same extent that windows has.
>>
>> Spot the flaw....
>
> You have competant administrators (usually) running Linux servers, and when
> they're not competant, they get attacked all the time. More so than
> Windows on average according to Zone-H, which tracks server compromises.

I went there and looked at about 11 of 49 pages such as the following:

http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter_de...er,CLaS

Almost all were Linux. A few FreeBSDs. A couple of Win 2003's. A
Solaris.

Seem suspicious? No. The guy (CLaSs-ErrOr) obvious prefers attacking
Linux systems.

There may be a lot more of them running Linux out there, so maybe he has
little choice?

Who knows for sure? It's a self-selecting sample.

Say, Erik, do you have a brag-page at that site?

Maybe this is you?

http://www.zone-h.org/component/option,com_attacks/Itemid,44/filter_de...er,Hi-T

He likes cracking Win 2000 systems.

(Now, before you go nuts, you know of course I'm only funning, and /not/
accusing you of being "Hi-Tech Hate". Wow! Those records go wayyyyy
back.)

--
Apple executive Peter Hoddie asked Microsoft officials, "'Are you asking us
to kill playback? Are you asking us to knife the baby?'" He said Microsoft
official Christopher Phillips responded, "'Yes, we want you to knife the baby.'
It was very clear."

Sinister Midget · External Since: Jun 17, 2006 Posts: 746

On 2006-09-29, Erik Funkenbusch <erik DeleteThis @despam-funkenbusch.com> posted something concerning:

> You have competant administrators (usually) running Linux servers, and when
> they're not competant, they get attacked all the time. More so than
> Windows on average according to Zone-H, which tracks server compromises.

I just spent some time looking on the Zone-H site, I can't find
anything that says incompetent linux admins get compromised more often
than Windows. Where is that exactly?

While you're explaining, maybe you can answer what your claim above has
to do with viruses, trojans, worms and other MALWARE being more
prevalent on Windows servers, with 1/3 the install base of linux, than
they are on linux servers. That was the origin of the thread. And AFAIK
it never really changed direction. Despite your attempts to divert it
away.

--
Windows: The answer to a question nobody asked.

Peter Hayes · External Since: Oct 10, 2005 Posts: 202

In <29vvfnvx9bpi$.dlg@funkenbusch.com> Erik Funkenbusch wrote:
>
> On 29 Sep 2006 10:31:23 GMT, Peter Hayes wrote:
>>
>> Hopefully Vista will include similar safeguards, but not if RC1 is
>> anything to go by. It pops up boxes at every opportunity asking if I
>> really want to do x, y or z, but I've never been asked for a password
>> yet. Worrying, that.
>
> That's because you're running an administrator account. It reasons
> that if you are a member of the administrator group, then what's the
> difference between typing in a password and clicking "ok"? Just more
> opportunity for your password to get hijacked by a clever trojan if
> you condition people to type their password all the time.

Nice spin, Erik, but it also means the user becomes conditioned to
clicking boxes without really taking in what the dialogue says, like
<next> <next> <next> on an installer. The answer is to randomly vary
what the box says so the user learns to stop and read them.

It also means that the user installing Vista is the administrator,
unlike Linux where the install procedure makes the user enter a root
password, then insists the user create an account for their day to day
use.

Maybe by the time Vista is released Microsoft will have included this
additional safeguard, but I somehow doubt it.

--

Peter

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2403

On 30 Sep 2006 08:12:30 GMT, Peter Hayes wrote:

>> That's because you're running an administrator account. It reasons
>> that if you are a member of the administrator group, then what's the
>> difference between typing in a password and clicking "ok"? Just more
>> opportunity for your password to get hijacked by a clever trojan if
>> you condition people to type their password all the time.
>
> Nice spin, Erik, but it also means the user becomes conditioned to
> clicking boxes without really taking in what the dialogue says, like
> <next> <next> <next> on an installer. The answer is to randomly vary
> what the box says so the user learns to stop and read them.

On average, the user will *NOT* stop and read them. Even if you vary what
they say, they'll just try and figure out the quickest way to make it go
away without comprehending what it is trying to tell them.

"This action will destroy youc computer. Are you sure you want to do
this?" [[Destroy Computer]] [[Figure out how to fix it]]

At least 50% of the time they'll click Destroy Computer. People just don't
read that stuff, they just randomly click, unless there's a clear
affirmative. They'll even click yes to something like this:

"This action will give you a painful enema. Do you wish to continue?"
[[Yes]] [[No]]

Frankly, I think the whole sudo/uac thing is a red herring anyways. I
don't think either OSX/Ubuntu's approach or Microsoft's will solve anything
in the long run.

> It also means that the user installing Vista is the administrator,
> unlike Linux where the install procedure makes the user enter a root
> password, then insists the user create an account for their day to day
> use.

You misunderstand. In Vista, being an administrator is basically the same
as being in the wheel group. You don't have admin privs unless you
explicitly approve them. Just like with Ubuntu. The only difference is
that Ubuntu/MacOS require you to type your password again, while Vista
requires you to click Ok, but it does so in a very jarring manner to make
you realize that something is requesting admin privs.

> Maybe by the time Vista is released Microsoft will have included this
> additional safeguard, but I somehow doubt it.

Maybe, by the time vista is released, you'll understand what you're talking
about, but I somehow doubt it.

Linonut · External Since: Mar 31, 2006 Posts: 3492

After takin' a swig o' grog, Jim Richardson belched out this bit o' wisdom:

>>> Hmm...so as there are more linux servers running the internet, than M$
>>> ones, they're obscure. So *this* is why they haven't been attacked to the
>>> same extent that windows has.
>>> Spot the flaw....
>>
>> You have competant administrators (usually) running Linux servers, and when
>> they're not competant, they get attacked all the time. More so than
>> Windows on average according to Zone-H, which tracks server compromises.
>
> zone H tracks *site* compromises. They make guesses as to servers.

It looks like Zone-H does more than track compromises. It looks like a
site where crackers go to *brag* about their work.

Correct me if I'm wrong.

--
It is easier to fix Unix than to live with NT.