|
WinXP SP2 = security placebo?
<span style="color: lightblue">I hope for MS's sake that this isn't what their security model for Longhorn will be like... smoke and mirrors just won't cut it. [ 01-08-2005, 11:20 PM: Message edited by: LennonCook ] |
Short of disconnecting your computer from the internet, all computer security is smoke and mirrors, it's just a matter of how many mirrors there are, and how dense the somke is.
|
<span style="color: lightblue">Not realy. It isn't possible to elminate the viruses and the spyware, but it's definately possible to reduce the effect it can have. Just look at Linux: most security vulernabilities in it require someone to be physically sitting at your computer, and be logged in. It's not perfect by any means (and in this day and age, it can't realy be), but it's certainly better than Windows.
|
Yawn.. Lennon......... (clears throat) [img]smile.gif[/img]
|
I like you Lennon. It's good to see not everyone will give up the fight against Micrsoft so easily. :D [img]tongue.gif[/img]
Some news on Longhorn, though. It has been delayed for longer, there is now talk of a second XP. Not service pack 2, just a second version of the whole system. This could mean it would include features from Longhorn. Perhaps, threatening the existence of Longhorn altogether. Clearly, Microsoft have realised the many flaws in SP2 and are trying to make up for this by coming up with this idea. |
Can we have a sub forum just for lennon to put Windows faults in... ( so then i can avoid it totaly [img]smile.gif[/img] )
|
I don't know jack about programming, but the way I look at, there's no reason for the types of errors I still get with XP Pro, loading issues etc. We are way too advanced to have these problems.
I can't download my pics from my HP camera on my new PC. I have plug it into my old one, which is 4.5-5 years old, which has the same OS. I don't know how to fix it, but it should know by itself. I still think it's excellent though. |
Quote:
From the standpoint of remote buffer-overruns, all operating systems are vulnerable to sloppy programming. From the standpoint of social engineering e-mail worms, all systems are vulnerable to stupid users. If you can explain why any software that is going to bind to a port 1-1024 needs to be started as root then I might start to belive in some of the mythical security that Linux has. Other then crapy design there is no good reason why something like Apache needs to be started as root, and it provides a nice window of vulnerability that defeats the whole privliges system that Linux security is usually based on. |
Quote:
Quote:
Quote:
Linux gives you some idea of what went wrong, and possible ways to fix it yourself. Linux teaches you to be able to fix simple problems, Windows encourages stupid users. Quote:
Quote:
Quote:
Having things being only startable by root doesn't undermine the priveledge system. It enforces it. To allow anyone to start anything on the other hand would make root almost redundant, and this would undermine the priviledges, as much as people can at the moment by encouraging people to be root all the time. This is the primary mistake Windows makes, and if it fixed this, it would improve alot of things. |
Quote:
|
Quote:
|
ROFLMAO
Lennon, your threads crack me up! [img]graemlins/biggrin.gif[/img] I'm sure I'd appriciate them a lot more if I knew what the hell was going on inside them. :D Your crusade against Microsoft is always good reading. But Longhorn, sp2, wha? Forgive my ignorance, and let this humble yokel laugh at all them funny words. |
<span style="color: lightblue">Dplax: Not so. The Slapper worm was to do with Apache more than Linux (although it only affected Apache on Linux, not Apache on Win32 AFAIK). It is the only major worm Apache has had in it's lifetime, compare to MS IIS which has had many.
Now, which is more popular? On major commerical servers, Apache has around 70% and rising. In other words, Apache is far more popular than IIS, and yet it has had far fewer exploits. Security comes with secure programs, not with smaller user bases. [ 01-09-2005, 05:38 PM: Message edited by: LennonCook ] |
Quote:
</font>[/QUOTE]Actualy, Seraph is right about this. You need root priviledges to bind to a port <1024. Run a ps -A with apache running and you should see the parent process is running as root, with a bunch of non-root children (assuming you actualy had some traffic other than your own testing, which you dont). Which neatly explains why this isn't a problem with apache - the processes doing all the work don't have root priviledge. Other programs get round this by dropping root priviledge after binding to the port. I would have reservations about running anything that kept root priviledges on a process which was listening to a port, since an author that didnt think to work around that probably didn't secure the rest of it properly. But, this is it. Its up to the author to write a secure program, and the admin to choose a secure program. Linux dosent generaly make mistakes for you, and it won't do things like exposing file and print sharing to the internet by default. Or running a messenger service on every machine by default regardless of whether its needed. Or basing a large portion of its local infrastructure on a protocol intended for remote execution of code. |
Longhorn -The next sequel in the best-selling point-and-click adventure, the Windows franchise.
SP2 - an expansion pack for Windows XP. New missions, new levels, new enemies! Debian - a Linux distribution(version) Root - the very top of the hierarchy Buffer overrun - a way to fool a security system into a continual loop. Like you mention the number thirteen to someone who can count up to ten. Any more? [img]tongue.gif[/img] |
Quote:
Longhorn = the next generation of Windows. It was originally going to debut this year (maybe last?), but MS have delayed it. Last I checked, it was going to be atleat 2007 before we even see a glimpse of BETAs. It has alot of security updates (supposedly), and some stuff about digital rights management. That is, preventing you from using CDs or play MPEGs unless you pay the author money and they pay MS money. |
You think wrong. It's 120 MB, 200 if you want the LAN professional edition for installation to other machines. And it actually does do something usefull, if you set it right.
|
Quote:
|
Quote:
|
Quote:
|
Few people... you wanna hear a funny story? There's this group of hackers, and they wanted to hack into Microsoft Complement Database in Redmond. So they got through level one, level two(there are, as the legend goes, 7 levels) and so on, untill level six. And what do they encounter there? A RedHat distro of Linux! So go figure [img]tongue.gif[/img]
|
Quote:
|
I wasn't talking about Apache, I was talking about Linux in general.
|
Quote:
|
Quote:
|
I don't know too much about Linux, what I am saying is that it is targeted less by hackers (meaning succesfull and unsuccesful attempts both) than Windows because less people use it.
|
We understood that the first time. It just isn't true.
http://www.theregister.co.uk/securit...s_linux/#myth1 |
We understood that the first time... we're just crusaders on a cause.
http://www.techweb.com/wire/security/56200327 http://www.informationweek.com/story...cleID=18700097 ON TO THE NEXT WINDMILL! lol. [ 01-09-2005, 06:52 PM: Message edited by: Thoran ] |
My bad then, but let it be said in my defence that I am not very experienced with Linux and heard that argument used many times.
|
Read the articles dplax. ;)
I tend to think that internet articles are like a$$holes, everyone can find one that says what they want it to, especially when you're... A CRUSADER!! bump badda bump bump bumm... [ 01-09-2005, 07:00 PM: Message edited by: Thoran ] |
I posted what I posted upon only having seen andrewas' link. I've now read your links too. I wasn't going to leave windows anyway. I've managed to securise it as much as possible for myself and as far as I can see nothing I don't want is getting past my protections.
|
Quote:
|
Find me an article, not funded by open source... wait... there's no funding in open-source... hmm... Something wrong here, they don't have any legal links, as they're not a company... Meaning all articles about Linux vs Windows that are free are subject to be under the influence of open-source, therefor biased to Linux... Unless they're an indepentend magazine, or a site like tom's Hardware, but for software... Hmm... I've just been to one, mind you it's Croatian, and it has some nice things about Linux, but also about Windows as well. And if I put my heart to it, I think I'm bound to find a few on english as well... but Frankly honey.. I don't give a damn.
This is one of the oldest debates known to man! It will never end, it will never find a conclusion. Why? Microsoft is too powerfull to kill, and open-source is too distributed to be fogotten. And if there is somehow going to be an end, it's not going to be on a forum that's main focus is roleplaying games. Guys, I really do respect the crusades and all, and I do believe that Microsoft has some issues it has to take care of, but this is like "My dad is better than your dad!" |
And for the Mac gang... here's a pro-MAC article that smacks around both Linux AND Windows.
http://www.mi2g.com/cgi/mi2g/framese...ess/051104.php Pretty interesting article actually. Lemmon I find/you find/he finds/she finds... ANYONE can find an article saying just about anything they want on the internet. As I've said all along, I'm glad Linux (and the Mac too for that matter) is out there providing a viable alternative to Windows (A company I'm not overly fond of... very predatory). Just flagging the crusaders who have an agenda to point out every flaw in windows while ignoring the warts in their OS of love. My standard disclaimer - Don't trust the prophets, do the research and come to your own conclusions. For me (a person who doesn't have to pay out of pocket for my OS decisions) Windows is my general use OS, Linux is a toy, and hopefully soon I'll have a Mac to play with. If I was personally paying for my software I'd be using Linux, although on the one system I'd really LIKE to use linux on I can't for lack of drivers (Dual Opteron workstation, of course there are 64 bit Windows drivers missing too) and I'd have to pay for the OS (SuSe 64-bit Enterprise... could not find any free distributions). |
Quote:
</font>[/QUOTE]All I know are the virus and worms that I've been infected with. Windows: 0 Linux: 1 I've been running windows as a home OS for 8 years, I ran Apache on Linux for 6 months and was compromised. Quote:
Quote:
Linux gives you some idea of what went wrong, and possible ways to fix it yourself. Linux teaches you to be able to fix simple problems, Windows encourages stupid users. Quote:
Start some program with root privliges, the program binds the port(s), listens, and then calls setuid() and setgid() and friends to drop root privliges. At this point it should still be able to call accept() on the ports, but it will not still have root privliges. However everytime you start aMSN, Thunderbird, Firefox, xChat, et al. you are opening a hole that could in theory allow someone who has compromised that porgram to do all sorts of nasty things. I suspect that you're undergoing the same thing that you accuse windows users of doing, ignoring things because they are happening outside of plain sight. Like I origionally said, security is all smoke and mirrors. The holes in Linux security are harder to get to, and difficult to exploite, but there are still holes, and I feel it is only a matter of time before someone comes up with a way to get at them. Quote:
|
I just got a new PC and upgraded from W98 to XP w/SP2. Under 98 I never had a virus or suffered from an attack and only had one case of spyware due to user error
So how does a fellow like me who's programing expirience is Basic ( circa 1985) and Scripting for NWN plug these reported holes in Windows XP? Does the firewall with my router and the software firewall I use do the job, in addition to being overly cautious about email attachments and using spyware killers like adaware and SBS&D, ect.? What in reality and in lay-terms should I be worried about? |
Regards the down load of SP2. Just ask Microsoft for a free copy of SP2 and they will send. Three days after asking a nice shiny CD arrived from Hong Kong :D (and I am sure that the CD has been given away free with PC mags before now.)
off topic.... It was funny to see a product from Microsoft telling you to distribute to everyone you know, instead of the usual copy this and we will shoot you [img]tongue.gif[/img] I am about to install SP2 tomorrow, any tips on which (if any) options to choose while installing it would be nice. And on a side note I find the articles you post Lenoncook intresting. Much better than the spam that some posters get away with. |
Quote:
[ 01-09-2005, 09:48 PM: Message edited by: LennonCook ] |
Quote:
Quote:
When I jump to a virt term, and log in as me, then 'ncftp wherever', it is starting with root privaledges even though it is not bieng run as root? Sorry, no. Quote:
Quote:
Certain things do require admin access. Openeing a service that, simply because of what it is rather than how well it has been designed, could potentially be used to take control of your system has to be among them. Quote:
A serious hacker will still get in to a Linux system, yes, but they aren't the most dangerous threat to the average user. The viruses, the worms, the trojans... that isn't the hallmark of someone who wants information. That isn't the behavior of someone who wants specific information from a specific machine. It represents someone who just wants to revel in the damage they can do. The way to stop this is to 1) Limit the number of ways they can get in, and 2) Limit the amount of damage they can do if they achieve this. (spyware is, ofcourse, a different beast) Linux, by virtue of enforcing its multi-user privaledge system, is almost immune in this regard to everything except user error (error to the extent of doing everything as root). Windows, on the other hand, seems to be a script kiddy's dream: easy to get at, plenty of room for damage, and a large user base to boot. And Microsoft don't seem to be doing a thing about it, except reminding the user that they aren't safe. |
Quote:
I'm definitely going to check out Openoffice. Gotta love free stuff that is as good and versatile as the pay stuff! :D We already use Avast, which is also free, quite excellent, and hasn't pulled any of NAV's stupid tricks that caused hours of work installing and reinstalling just for simple protection. Plus Norton actually tried to charge my wife to re-download software we had already paid for in order to jump through the re-install hoops! That's when I finally persuaded her to give it up for Avast. |
| All times are GMT -4. The time now is 09:21 PM. |
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved