Interesting Article on XP SP2

[LennonCook]

WinXP SP2 = security placebo?

I hope for MS's sake that this isn't what their security model for Longhorn will be like... smoke and mirrors just won't cut it.

[ 01-08-2005, 11:20 PM: Message edited by: LennonCook ]

[Seraph]

Short of disconnecting your computer from the internet, all computer security is smoke and mirrors, it's just a matter of how many mirrors there are, and how dense the somke is.

[LennonCook]

Not realy. It isn't possible to elminate the viruses and the spyware, but it's definately possible to reduce the effect it can have. Just look at Linux: most security vulernabilities in it require someone to be physically sitting at your computer, and be logged in. It's not perfect by any means (and in this day and age, it can't realy be), but it's certainly better than Windows.

[Ziroc]

Yawn.. Lennon......... (clears throat) [img]smile.gif[/img]

[Blunderbuss]

I like you Lennon. It's good to see not everyone will give up the fight against Micrsoft so easily. [img]tongue.gif[/img]

Some news on Longhorn, though. It has been delayed for longer, there is now talk of a second XP. Not service pack 2, just a second version of the whole system. This could mean it would include features from Longhorn. Perhaps, threatening the existence of Longhorn altogether. Clearly, Microsoft have realised the many flaws in SP2 and are trying to make up for this by coming up with this idea.

[Azeral]

Can we have a sub forum just for lennon to put Windows faults in... ( so then i can avoid it totaly [img]smile.gif[/img] )

[Variol (Farseer) Elmwood]

I don't know jack about programming, but the way I look at, there's no reason for the types of errors I still get with XP Pro, loading issues etc. We are way too advanced to have these problems.

I can't download my pics from my HP camera on my new PC. I have plug it into my old one, which is 4.5-5 years old, which has the same OS. I don't know how to fix it, but it should know by itself.

I still think it's excellent though.

[Seraph]

Quote:

Originally posted by LennonCook: Not realy. It isn't possible to elminate the viruses and the spyware, but it's definately possible to reduce the effect it can have. Just look at Linux: most security vulernabilities in it require someone to be physically sitting at your computer, and be logged in.

The slapper worm back in 2002 showed just how solid linux systems are.

From the standpoint of remote buffer-overruns, all operating systems are
vulnerable to sloppy programming. From the standpoint of social engineering
e-mail worms, all systems are vulnerable to stupid users.

If you can explain why any software that is going to bind to a port 1-1024 needs to be started as root then I might start to belive in some of the mythical security that Linux has. Other then crapy design there is no good reason why something like Apache needs to be started as root, and it provides a nice window of vulnerability that defeats the whole privliges system that Linux security is usually based on.

[LennonCook]

Quote:

Originally posted by Seraph: quote: Originally posted by LennonCook: Not realy. It isn't possible to elminate the viruses and the spyware, but it's definately possible to reduce the effect it can have. Just look at Linux: most security vulernabilities in it require someone to be physically sitting at your computer, and be logged in.

The slapper worm back in 2002 showed just how solid linux systems are.[/QUOTE]One worm. Three years ago. Nothing prior, nothing since. Compare to... how many for Windows?

Quote:

From the standpoint of remote buffer-overruns, all operating systems are vulnerable to sloppy programming.

Remote buffer overruns are more than sloppy coding. They need bad design for them to be able to be executed remotely, relying only on a computer to be logged in.

Quote:

From the standpoint of social engineering e-mail worms, all systems are vulnerable to stupid users.

OK, now, why are there stupid users? Mainly because when something goes wrong, Windows says "Something went bang! Go tell Microsoft".
Linux gives you some idea of what went wrong, and possible ways to fix it yourself. Linux teaches you to be able to fix simple problems, Windows encourages stupid users.

Quote:

If you can explain why any software that is going to bind to a port 1-1024 needs to be started as root then I might start to belive in some of the mythical security that Linux has.

If that were true, you would need to start a web browser as root since they bind to port 80. FTP clients, mail clients, GAIM and its kin. They all connect to ports, inbound and outbound, and yet they can be started by anyone who can access the executable. I run aMSN, Thunderbird, Firefox, xChat, ncFTP, and GAIM regularly as me. Check your facts.

Quote:

Other then crapy design there is no good reason why something like Apache needs to be started as root,

How about, it is designed specifically to allow other people to connect directly to your computer? That makes it an admin level function. And this is Windows mistake - it not only allows anyone to start something like Apache, it has other servers running by default which most people should not need to care or know about. And yet, if they don't disable them, it can cause major problems. Ever wondered why things like trojan droppers can exist?

Quote:

and it provides a nice window of vulnerability that defeats the whole privliges system that Linux security is usually based on.

If anyone could start Apache, that obvious little problem (Apache by it's very nature allows other people to connect to you without necesarily having your permission) could be opened by anyone. As it stands, it can only be started by root, and - except for home users - the only people with the root password are expected to know this stuff anyway. It is encouraging you to understand what you are doing, and to realise that it isn't necesarily safe.
Having things being only startable by root doesn't undermine the priveledge system. It enforces it. To allow anyone to start anything on the other hand would make root almost redundant, and this would undermine the priviledges, as much as people can at the moment by encouraging people to be root all the time. This is the primary mistake Windows makes, and if it fixed this, it would improve alot of things.

[LennonCook]

Quote:

Originally posted by Variol (Farseer) Elmwood: I don't know jack about programming, but the way I look at, there's no reason for the types of errors I still get with XP Pro, loading issues etc. We are way too advanced to have these problems.

Exactly. Windows is insecure because of bad decisions MS has made. It can, and should, be better than this.