Simple question about Windows .......

Peter Hayes · External Since: Oct 10, 2005 Posts: 202

In <1hhxwxhyx297j.dlg.DeleteThis@funkenbusch.com> Erik Funkenbusch wrote:

> Hell, a few years back, there were these streams of very complicated
> hoaxes going around that asked users to delete various files from
> their hard drive, because they were claimed to be viruses.

Of course, had Windows been as secure as Unix and its derivitives these
social engineering exploits wouldn't have worked.

--

Peter

Peter Hayes · External Since: Oct 10, 2005 Posts: 202

In <seesu3-bfk.ln1.TakeThisOut@sky.matrix> [H]omer wrote:

> Linux users are often perceived as people who are generally
> disinterested in commercial ideals (i.e. they do not make a good
> target demographic for sales). This, for the most part, is a
> misconception, however it is enough to convince e.g. spammers that
> targeting FOSS platforms with their Mailware would not be worth the
> effort, quite besides any security considerations.

Whatever the spending power or otherwise of Linux users might be, it's
reasonable to suppose the spending power of the Mac community is higher
than either the Windows or Linux communities. So where are the OS X
viruses?

--

Peter

William Poaster · External Since: Sep 10, 2006 Posts: 125

On Thu, 28 Sep 2006 07:39:06 -0500, chrisv wrote:

> Erik Funkenbusch wrote:
>
>>> Um, there is quite a bit the OS *can* do without overly restricting users;
>>> inmy opinion, the most important one is the x-bit, where files received
>>> via e-mail can't possibly be executed unless the user jumps through
>>> several hoops to make them executable.
>>
>>And what makes you think that the users who execute attachments on Windows
>>wouldn't jump through those hoops EACH AND EVERY TIME on any other OS?
>
> Idiot.

And one major difference is, that in linux it would *only* corrupt the
user's home partition & not the *whole* frekin' OS, unlike windows.

--
Never argue with a wintroll, they drag
you *down* to their level of stupidity,
then beat you with their experience.
-- Paraphrased, with acknowledgement to Dilbert --

thad01 · External Since: Apr 20, 2005 Posts: 812

Erik Funkenbusch <erik.DeleteThis@despam-funkenbusch.com> wrote:
>
> This too is a fallacy. Open Source coders have simply been better at
> hiding when the patches were actually discovered and reported. I've proved
> time and time again in this newsgroup that virtually EVERY TIME someone has
> claimed a fast patch cycle, it's really been weeks or months.

I'm not about to jump in on this argument... too difficult to get
objective measures to ever convince anyone one way or the other.
But this is an opportune time to mention a related anecdote:

Years ago, I used to lurk on the Apache dev mailing list (I was
developing apache modules at the time). One day someone posted that
he had discovered a potential vulnerability. About five minutes
later another developer posted the (rather simple) fix for it
including a patch file for easy installation. I (and others on the
list I expect) immediately compiled and installed it. It was checked
in and part of the nightly build before the day was out.

From discovery to installation on my production system, there was
probably at most a 15 minute turn-around time. For anyone not
subscribed to the public dev list, it was still substantially less
then 24 hours from discovery to released update.

This sort of thing is rare, but not unique. Sure, most people will
never subscribe to the dev list, but the nice thing in open source
is that you can. Smile

Thad

Handover Phist · External Since: May 04, 2005 Posts: 507

Erik Funkenbusch :
> On Thu, 28 Sep 2006 07:42:32 GMT, Mathew P. wrote:
>
>> You see, it should be apparent to everyone once they give the problem
>> consideration, that malicious code, such as worms and viruses, will
>> only be written if a vulnerability exists for the author of the code
>> to exploit.
>
> And you would be wrong.
>
> Lots of viruses exist and propogate through no computer vulnerability
> whatsoever, at least not one that is fixable. They spread through HUMAN
> vulnerability. ie, executing attachments that get sent to them. There is

*zing* It was at this point the thead when from viruses to social
engineering. What you point to here isn't viruses but spam and phishing
scams. They dont meet one of the essential criterial for viruses which
is self-replication.

--
Eighteen goddess-like daughters are not equal to one son with a hump.
-- Chinese Proverb

http://www.websterscafe.com

Peter Hayes · External Since: Oct 10, 2005 Posts: 202

In <87ven8t9bc.fsf.DeleteThis@geemail.com> Hadron Quark wrote:
> Peter Hayes <not_in_use.DeleteThis@btinternet.com> writes:
>
>> In <1hhxwxhyx297j.dlg.DeleteThis@funkenbusch.com> Erik Funkenbusch wrote:
>>
>>> Hell, a few years back, there were these streams of very complicated
>>> hoaxes going around that asked users to delete various files from
>>> their hard drive, because they were claimed to be viruses.
>>
>> Of course, had Windows been as secure as Unix and its derivitives
>> these social engineering exploits wouldn't have worked.
>
> That entire post obviously went right over your head.

My post obviously went right over your head.

If Windows were as secure as Unix and its derivitives there wouldn't be
any viruses. If there are no viruses users wouldn't be tricked into
deleting them so the whole hoax scenario fails.

> If the user is convinced that an attachment is something he wants or
> needs then he will execute it. Maybe a set of new nvidia source files
> with an "install" script which needs to be run as root?

And what has that to do with tricking users into deleting alleged
viruses?

Don't be so naive.

--

Peter

Peter Hayes · External Since: Oct 10, 2005 Posts: 202

In <87mz8kt91i.fsf.TakeThisOut@geemail.com> Hadron Quark wrote:
> Peter Hayes <not_in_use.TakeThisOut@btinternet.com> writes:
>
>> In <pan.2006.09.28.11.08.13.631323.TakeThisOut@linetec.nl> Richard Rasker wrote:
>>
>>> For a large part, Microsoft can't be blamed any more - these design
>>> decisions have a historical background, in that Microsoft didn't
>>> foresee networking going beyond perhaps a handful of trusted
>>> machines on a trusted network; also, they didn't foresee that
>>> people would start making viruses. Their stuff was designed for a
>>> non-networked one- person computer, and now they can't change it,
>>> lest they render most of current, popular software useless in one
>>> stroke.
>>
>> To excuse Microsoft through historical baggage and a lack of
>> foresight isn't valid. They had two major opportunities to beef up
>> security, the release of Windows 95 and the release of NT4, or
>> perhaps even NT3.51.
>
> Users running executables can have no "security" defense.

Users running executables is a small fraction of the Windows exploit
spectrum.

> Why don't you understand this basic issue which Erik has gone to great
> lengths to explain?

No matter how many explanations I see none addresses the question why
Microsoft didn't introduce the basic security requirement of a superuser
password before installing anything. Sure, it won't stop the determined
idiot, but anything is better than nothing.

Microsoft had a major opportunity to tighten up security in 1995. They
did virtually nothing and now they and the rest of the user community
are paying the price.

> And the more I compile from scripts in sudo mode, the more I wonder
> about you people claiming some sort of perfection in the Linux
> security model. Its fundamentally flawed when the end user must
> compile HW drivers in root mode from the command line shell.

I've never claimed any such thing.

--

Peter

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

Peter Hayes <not_in_use DeleteThis @btinternet.com> writes:

> In <1hhxwxhyx297j.dlg DeleteThis @funkenbusch.com> Erik Funkenbusch wrote:
>
>> Hell, a few years back, there were these streams of very complicated
>> hoaxes going around that asked users to delete various files from
>> their hard drive, because they were claimed to be viruses.
>
> Of course, had Windows been as secure as Unix and its derivitives these
> social engineering exploits wouldn't have worked.

That entire post obviously went right over your head.

If the user is convinced that an attachment is something he wants or
needs then he will execute it. Maybe a set of new nvidia source files
with an "install" script which needs to be run as root?

Don't be so naive.

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

Peter Hayes <not_in_use.DeleteThis@btinternet.com> writes:

> In <pan.2006.09.28.11.08.13.631323.DeleteThis@linetec.nl> Richard Rasker wrote:
>
>> For a large part, Microsoft can't be blamed any more - these design
>> decisions have a historical background, in that Microsoft didn't
>> foresee networking going beyond perhaps a handful of trusted machines
>> on a trusted network; also, they didn't foresee that people would
>> start making viruses. Their stuff was designed for a non-networked one-
>> person computer, and now they can't change it, lest they render most
>> of current, popular software useless in one stroke.
>
> To excuse Microsoft through historical baggage and a lack of foresight
> isn't valid. They had two major opportunities to beef up security, the
> release of Windows 95 and the release of NT4, or perhaps even NT3.51.

Users running executables can have no "security" defense.

Why don't you understand this basic issue which Erik has gone to great
lengths to explain?

And the more I compile from scripts in sudo mode, the more I wonder
about you people claiming some sort of perfection in the Linux security
model. Its fundamentally flawed when the end user must compile HW
drivers in root mode from the command line shell.

JDS · External Since: Oct 13, 2006 Posts: 245

On Thu, 28 Sep 2006 15:28:25 +0200, Hadron Quark wrote:

> Its fundamentally flawed when the end user must compile HW drivers in root
> mode from the command line shell.

And when is that?
--
JDS

Bob Hauck · External Since: Aug 25, 2006 Posts: 345

On Thu, 28 Sep 2006 15:28:25 +0200, Hadron Quark
<qadronhuark.RemoveThis@geemail.com> wrote:

> And the more I compile from scripts in sudo mode, the more I wonder
> about you people claiming some sort of perfection in the Linux
> security model.

We don't claim perfection, just that there is one and it is actually
used by default. In contrast to some other popular systems where there
are elaborate security mechanisms that are ignored by default.

> Its fundamentally flawed when the end user must compile HW drivers in
> root mode from the command line shell.

Actually, there's no need to _compile_ the drivers as root, you only
need root to _install_ them.

But what is your complaint, specifically? Is it that you need elevated
privilege to install things on your system? If that is your complaint,
please erase Linux from your computer and install XP Home.

--
-| Bob Hauck
-| A proud member of the unhinged moonbat horde.
-| http://www.haucks.org/

Jim Richardson · External Since: Jan 15, 2005 Posts: 1227

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 28 Sep 2006 15:28:25 +0200,
Hadron Quark <qadronhuark RemoveThis @geemail.com> wrote:
> Peter Hayes <not_in_use RemoveThis @btinternet.com> writes:
>
>> In <pan.2006.09.28.11.08.13.631323 RemoveThis @linetec.nl> Richard Rasker wrote:
>>
>>> For a large part, Microsoft can't be blamed any more - these design
>>> decisions have a historical background, in that Microsoft didn't
>>> foresee networking going beyond perhaps a handful of trusted machines
>>> on a trusted network; also, they didn't foresee that people would
>>> start making viruses. Their stuff was designed for a non-networked one-
>>> person computer, and now they can't change it, lest they render most
>>> of current, popular software useless in one stroke.
>>
>> To excuse Microsoft through historical baggage and a lack of foresight
>> isn't valid. They had two major opportunities to beef up security, the
>> release of Windows 95 and the release of NT4, or perhaps even NT3.51.
>
> Users running executables can have no "security" defense.
>

look into selinux and app-armor (mostly selinux in this context,
app-armor is aimed elsewhere)

> Why don't you understand this basic issue which Erik has gone to great
> lengths to explain?
>

you mean the bit about how having to make a file executable before you
can run it? (ma! I need to make this picture executable so I can view
it!)

> And the more I compile from scripts in sudo mode, the more I wonder
> about you people claiming some sort of perfection in the Linux security
> model. Its fundamentally flawed when the end user must compile HW
> drivers in root mode from the command line shell.
>

who's claimed perfection? we've consistantly claimed (and been able to
back up with evidence, logic, and examples) to be *less* vulnerable, but
that's a whole different kettle of fish. Perfection isn't claimed, no
matter how many times you try and pretend it is.

Linux has several things going for it in the email trojan arena (which
is the focus of this thread)

Heterogeneous environment (no monoculture)

No conflation of open==execute

All mail clients for Linux that I am aware of, don't set x bit on
attachements, they require you to do so.

More stringent user/admin seperation

nd more, but just these four are enough to reduce the chance of
infection, and further spreading of a trojan. Not eliminate it, reduce
it. In Epidemiological terms, Windows is a virgin field, and Linux, a
resistant population.

Even TGReaper's famous hand crafted exploit, which required the user to
chmod +x it, and then run it, failed on most of the machines it was trie
on. From memory, there were two successes. Even on installs which had
the supposedly vulnerably kernel, he had few successes. Diversity adds
defence.

Is Linux immune to viruses? no. Is it far less vulnerable than
MS-Windows? yes. Could this change? yes, it's possible. I don't view it
as likely, but it's possible.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFG/f+d90bcYOAWPYRAncyAJ9GRZKfohQdPtKUjtB2qYqvBVCJVgCg3j/P
+OJktSsxMqQUVccblohGFaw=
=hkIg
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
"There is no reason for any individual to have a computer in their home."
-- Ken Olson, President of DEC, World Future Society Convention, 1977

Kelsey Bjarnason · External Since: Sep 12, 2006 Posts: 1022

[snips]

On Thu, 28 Sep 2006 14:53:40 +0200, Richard Rasker wrote:

> Great. So on the one hand, you have this XP UI seemingly aimed at
> four-year-olds because according to Microsoft, "things would be too
> difficult" otherwise, and on the other hand, you say that users who can
> only handle this "easy" interface will follow detailed instructions to
> install malware, when the occasion arises (which, by my knowledge hasn't
> happened yet)? Naah. No way.

No way indeed.

As a service to our customers, we offer a mechanism which allows them to
report spams to us, such that the filters can be trained and thus block
future, similar spams to everyone. The mechanism is simple: send the
offending email, as an attachment, to an email address.

From there, a script validates the email, the source, etc, extracts the
attachment and updates the training data. All should be good, right?

Easily 80% of the reported spams are _not_ sent as attachments. They're
simply "forwarded". If I ran those through the training, the users would
have their own emails blacklisted. Smile

Something as simple as "forward as attachment" is too damned complicated,
never mind jumping through assorted hoops.

Jim · External Since: Apr 21, 2005 Posts: 996

ray came up with this when he headbutted the keyboard a moment ago in
comp.os.linux.advocacy:

> On Thu, 28 Sep 2006 07:42:32 +0000, Mathew P. wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have something to ask the group. Much has been said, at great
>> length on the topic, with very long and verbose posts. Really,
>> at it's most simple, basic level, it's a very straightforward
>> single sentence that defines the Windows experience:
>>
>> ######################
>> Why do rapid spreading, self replicating, successful viruses and
>> other malicious code exist for the Windows operating system?
>> ######################
>>
>> That's really the basic question, isn't it?
>>
>> You see, it should be apparent to everyone once they give the problem
>> consideration, that malicious code, such as worms and viruses, will
>> only be written if a vulnerability exists for the author of the code
>> to exploit. This vulnerability if found, will only be exploited if
>> there is a return on the investment of the time and effort required
>> to develop the strategy and coding of the malicious software. This
>> leads to the inescapable conclusion that this OS's environment
>> offers significant windows of opportunity (so to speak) for the
>> authors of this kind of code to harvest that return on investment,
>> whatever it may be.
>>
>> Before any voice is given to the argument, "it's because windows
>> is used more than any other system", just set that thought aside
>> for a moment and consider the above paragraph.
>>
>> And reconsider the basic, one line question that leads to all
>> other questions such as why anti-virus software is absolutely essential
>> in a windows system:
>>
>> ######################
>> Why do rapid spreading, self replicating, successful viruses and
>> other malicious code exist for the Windows operating system?
>> ######################
>>
>> This really *is* the bottom line.
>>
>> Regards,
>>
>> Mathew
>>
>>
>>
>
> IMHO it's irrelevant 'why'. The fact is that MS systems are highly
> vulnerable whereas others are not.

<anecdote mode="historical">
The first (truly destructive) computer virus I ever came across wasn't one
for Windows (NT was young). Nor was it a Linux virus (Linux didn't even
exist back then). It was a virus written for an academic OS called RISC OS
3, which ran on the Archimedes RISC (MIPS?) platform. I think it was called
Ghost or something.

I do remember quite a bit of what this virus did. It propagated through
Econet and replicated itself by overwriting the !boot initialisation files
for any and all applications it came across, eventually rendering the
workstation unusable and a hub for the virus to propagate. The only user
way to get rid of it was to take the machine offnet, then chase this thing
down manually. It was exceptionally easy to find, it had a filesize of
precisely 940 bytes. The only problem with the method was that it left the
application base unable to function, so you had to go through and rewrite
the !boot scripts by hand once you had eradicated the virus. The other
option was to send the workstation off to Acorn labs and have the ROM and
the hard drive reimaged.
</anecdote>
--
-*- Linux: Because restarts are for upgrades.
-*- Some people are like Slinkies; they serve no specific purpose,
but they bring a smile to your face when you push them down the stairs.
-*- Linux Desktops & Clustering Solutions -*- http://dotware.co.uk
-*- Registered Linux user #426308 -*- http://counter.li.org
-*- We now return you to your regularly scheduled broadcast.
-*- Contemplating Knife -*- Which end do the bullets go in again?
-*- I can't wait to get to heaven and meet seventy virgins - I've yet to
meet *one* on *Earth*!
-*- For sale: one (1) Fender Phantom air guitar. £500 ONO
-*- For sale: one (1) Italian WWII bolt-action rifle. .303cal, never fired,
only dropped once. Offers.
-*- Hit every key to continue.
-*- That's it. No more coffee for *that* man!

Peter Hayes · External Since: Oct 10, 2005 Posts: 202

In <pan.2006.09.28.12.53.39.524995 RemoveThis @linetec.nl> Richard Rasker wrote:

> So on the one hand, you have this XP UI seemingly aimed at
> four-year-olds because according to Microsoft, "things would be too
> difficult" otherwise,

http://news.bbc.co.uk/1/hi/england/lincolnshire/5379930.stm

--

Peter

Kelsey Bjarnason · External Since: Sep 12, 2006 Posts: 1022

[snips]

On Thu, 28 Sep 2006 06:29:39 -0700, dsteel0 wrote:

>> My understanding is that very few AIDS sufferers actually die of AIDS - my
>> understanding is that they tend to die of other things. These other things
>> tend (I understand) to be diseases which the rest of of just "shrug-off",
>> or which can be treated with antibiotics etc.
>> Why is this?
>
> Because the "I" and the "D" in AIDS stand for "immune" and "deficiency"
> (or Immunodeficiency)
>
> Not quite sure I see your point, unless you are trying to say that
> users are not affected by viruses, but by the effects of viruses...

I believe the point is, if your immune system is healthy, you fight off
most diseases. Once it's compromised, however, the common cold can kill
you. Which, by analogy, means Windows has AIDS by design; its immune
system is very unhealthy.

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

JDS <jeffrey DeleteThis @invalid.address> writes:

> On Thu, 28 Sep 2006 13:51:11 +0200, Hadron Quark wrote:
>
>> You can be sure as hell that *if* Linux ever gets more than 2% of the
>> desktop share then the virus writers will turn their gaze towards it.
>
> How about the server market share? Most of the websites on the WWW
> run on Apache on Linux. That's a pretty big market share. Where are the
> viruses for those systems?

They are hacked on a routine basis.

--
/*
* Buddy system. Hairy. You really aren't expected to understand this
*
*/
-- From /usr/src/linux/mm/page_alloc.cA

Hadron Quark · External Since: Sep 10, 2006 Posts: 1621

JDS <jeffrey.TakeThisOut@invalid.address> writes:

> On Thu, 28 Sep 2006 15:28:25 +0200, Hadron Quark wrote:
>
>> Its fundamentally flawed when the end user must compile HW drivers in root
>> mode from the command line shell.
>
> And when is that?

When I have to. Dont believe me? NVidia and truecrypt. Why do you ask?

--
/*
* Buddy system. Hairy. You really aren't expected to understand this
*
*/
-- From /usr/src/linux/mm/page_alloc.cA

JDS · External Since: Oct 13, 2006 Posts: 245

On Thu, 28 Sep 2006 16:31:46 +0200, Hadron Quark wrote:

> When I have to. Dont believe me? NVidia and truecrypt. Why do you ask?

Because you are making a false blanket statement that "the end user" must
compile stuff as root to install it.

Not true.

Your NVIDIA driver is a perfect example. You can *optionally* compile it
yourself but there are binaries available, from trusted sources, for most
major distros. No compile necessary, just pointy-clicky-install-y.

Just another trip down the "Linux is not ready for the average user" path
of FUD, I guess.

--
JDS

Richard Rasker · External Since: Jul 27, 2005 Posts: 199

Op Thu, 28 Sep 2006 15:28:25 +0200, schreef Hadron Quark:

> Peter Hayes <not_in_use RemoveThis @btinternet.com> writes:
>
>> In <pan.2006.09.28.11.08.13.631323 RemoveThis @linetec.nl> Richard Rasker wrote:
>>
>>> For a large part, Microsoft can't be blamed any more - these design
>>> decisions have a historical background, in that Microsoft didn't
>>> foresee networking going beyond perhaps a handful of trusted machines
>>> on a trusted network; also, they didn't foresee that people would
>>> start making viruses. Their stuff was designed for a non-networked one-
>>> person computer, and now they can't change it, lest they render most
>>> of current, popular software useless in one stroke.
>>
>> To excuse Microsoft through historical baggage and a lack of foresight
>> isn't valid. They had two major opportunities to beef up security, the
>> release of Windows 95 and the release of NT4, or perhaps even NT3.51.
>
> Users running executables can have no "security" defense.

OK, so what you say is that no OS can be intrinsically more secure as
another OS, as soon as users need to start applications? That's the
biggest, stupidest bullshit I've seen here in a long time.

> Why don't you understand this basic issue which Erik has gone to great
> lengths to explain?

Because Erik is plain wrong, both in his assumptions that a) Windows
malware predominantly spreads through social engineering - which it
doesn't; just the text "Click Here!" to get infected is NOT social
engineering; b) mechanisms preventing executables from being started at
the click of a mouse are totally useless.

If he were right, we'd have seen at least a few hundred successful social
engineering Linux viruses by now. We haven't. Not a single one. We haven't
even seen any jump-through-several-hoops Windows viruses postulated by
Erik. And why is that? No, not because Windows is the dominant OS, but
because it's largely trivial to infect a Windows machine, even with lots
of "defenses" in place. One wrong click, and you're buggered, period.
Linux isn't built like that. And because making things difficult *does*
deter most people from doing it.

> And the more I compile from scripts in sudo mode,

Now please explain what it is that you compile in sudo mode? I never
compile in sudo mode - I hardly ever compile stuff anyway. And not a
single one of my ~100 users ever had to compile anything, or even use
sudo. At most, they entered the root password when using the software
installer. Are you a software engineer? Or a tinkerer who always wants the
latest build of any applications?

> the more I wonder about you people claiming some sort of perfection in
> the Linux security model. Its fundamentally flawed when the end user
> must compile HW drivers in root mode from the command line shell.

Now why on earth would an end user need to compile hardware drivers in a
shell? What kind of hardware requires this?
And the Linux security model perhaps isn't perfect, but at least there IS
a functioning and apparently quite effective security model, as opposed to
the Windows situation.

Richard Rasker

--
Linetec Translation and Technology Services

http://www.linetec.nl/