Linux security is a "myth", claims Microsoft

Kp · January 30, 2005, 09:24 PM

Quote from: tA-Kane on January 30, 2005, 08:36 PM
Quote from: quasi-modo on January 30, 2005, 08:22 PMMy one problem with windows, as said before, is that the os files are mixed in with everything else. If a hacker can get in then they can really mess things up.
If the non-admin programs aren't allowed to move, change, delete, or even access the system files, then what vulnerability is there?

Kernel. But that aside, the situation you describe doesn't happen often (in my experience). Far too many tools, both Microsoft-made and third-party wrongly require administrative privilege to function properly. Then there's the issue that most services are run with high privileges too, so exploiting any of those will get you in, etc.

dxoi: have you noticed any degradation of usability from turning those off? The last time I tried shutting down DCOM, Explorer became nearly unusable (even for performing tasks that don't require any network access).

dxoigmn · January 30, 2005, 10:21 PM

Quote from: Kp on January 30, 2005, 09:24 PM
dxoi: have you noticed any degradation of usability from turning those off? The last time I tried shutting down DCOM, Explorer became nearly unusable (even for performing tasks that don't require any network access).

No, nothing unusual. Explorer works fine.

iago · January 30, 2005, 11:10 PM

I think that one of the main problems with Windows is it's ease of use. Windows encourages people who don't know how to use computers to use them, and of course they screw it up. Most viruses/spyware/spam/etc. rely on stupid people using a computer. Of course, a lot of stuff is also caused by a buggy OS. Those two factors combine creating a big problem on Microsoft's products.

dxoigmn · January 30, 2005, 11:55 PM

Quote from: iago on January 30, 2005, 11:10 PM
I think that one of the main problems with Windows is it's ease of use. Windows encourages people who don't know how to use computers to use them, and of course they screw it up. Most viruses/spyware/spam/etc. rely on stupid people using a computer. Of course, a lot of stuff is also caused by a buggy OS. Those two factors combine creating a big problem on Microsoft's products.

So we should make it harder to use? Interesting thought....

EpicOfTimeWasted · January 31, 2005, 12:49 AM

Quote from: dxoigmn on January 30, 2005, 11:55 PMSo we should make it harder to use? Interesting thought....

My way of looking at it is similar to looking at how driver's licenses are handled. In order to legally drive a car, the driver must have a license. The license says that the driver knows how to operate the vehicle without causing harm to other drivers. If you don't know the gas pedal from the brake pedal, you have no business driving a car.

Likewise, if you ask someone what kind of computer they have, and they read you off the model number on the face of their monitor, they have no business using a computer. One person calls it "making it harder to use", another person calls it "forcing people to know what they're doing".

dxoigmn · January 31, 2005, 12:56 AM

Quote from: EpicOfTimeWasted on January 31, 2005, 12:49 AM
Quote from: dxoigmn on January 30, 2005, 11:55 PMSo we should make it harder to use? Interesting thought....

My way of looking at it is similar to looking at how driver's licenses are handled. In order to legally drive a car, the driver must have a license. The license says that the driver knows how to operate the vehicle without causing harm to other drivers. If you don't know the gas pedal from the brake pedal, you have no business driving a car.

Likewise, if you ask someone what kind of computer they have, and they read you off the model number on the face of their monitor, they have no business using a computer. One person calls it "making it harder to use", another person calls it "forcing people to know what they're doing".

You can't really do harm in the same way a car can. You can argue that maybe they're computer will become a zombie for some DDoS attack, but then I'd argue anyone's car could be stolen to be used for a robbery. I don't think the comparison holds, unless you have some sort of argument where operating a computer will cause harm to other computer users.

tA-Kane · January 31, 2005, 01:56 AM

Quote from: dxoigmn on January 31, 2005, 12:56 AM
Quote from: EpicOfTimeWasted on January 31, 2005, 12:49 AM
Quote from: dxoigmn on January 30, 2005, 11:55 PMSo we should make it harder to use? Interesting thought....

My way of looking at it is similar to looking at how driver's licenses are handled. In order to legally drive a car, the driver must have a license. The license says that the driver knows how to operate the vehicle without causing harm to other drivers. If you don't know the gas pedal from the brake pedal, you have no business driving a car.

Likewise, if you ask someone what kind of computer they have, and they read you off the model number on the face of their monitor, they have no business using a computer. One person calls it "making it harder to use", another person calls it "forcing people to know what they're doing".

You can't really do harm in the same way a car can. You can argue that maybe they're computer will become a zombie for some DDoS attack, but then I'd argue anyone's car could be stolen to be used for a robbery. I don't think the comparison holds, unless you have some sort of argument where operating a computer will cause harm to other computer users.

Or worse, it could get infected with a trojan and used to store child porn. That's occured many times; a computer-illiterate person is arrested and charged with federal child pornography crap because his computer had a trojan which allowed a remote hacker to store his 'stuff on the guy's computer unknowningly.

Imagine something similar to your car; drug dealers using a hidden area under your car to hold their goods. When you're asleep or at work or in the store, they secretly go into your car and exchange goods with 'customers'. Then when you're caught with it, you're the one with the federal drug trafficing charges, and he gets away cleanly.

dxoigmn · January 31, 2005, 08:43 AM

Quote from: tA-Kane on January 31, 2005, 01:56 AM
Or worse, it could get infected with a trojan and used to store child porn. That's occured many times; a computer-illiterate person is arrested and charged with federal child pornography crap because his computer had a trojan which allowed a remote hacker to store his 'stuff on the guy's computer unknowningly.

Imagine something similar to your car; drug dealers using a hidden area under your car to hold their goods. When you're asleep or at work or in the store, they secretly go into your car and exchange goods with 'customers'. Then when you're caught with it, you're the one with the federal drug trafficing charges, and he gets away cleanly.

Yes, but that doesn't "hurt" anyone else.

iago · January 31, 2005, 11:34 AM

A computer, in the hands of a moron, can do damage to other comptuers. SQL Slammer used to hit us at work once every two seconds. A new Windows XP computer will have blaster/sasser within a minute. These are because of people who don't know how to operate a computer, and these totally cause damage.

I agree that people should have to have a license to operate their OS. That would be really cool

dxoigmn · January 31, 2005, 02:41 PM

Quote from: iago on January 31, 2005, 11:34 AM
A computer, in the hands of a moron, can do damage to other comptuers. SQL Slammer used to hit us at work once every two seconds. A new Windows XP computer will have blaster/sasser within a minute. These are because of people who don't know how to operate a computer, and these totally cause damage.

I agree that people should have to have a license to operate their OS. That would be really cool

That doesn't hurt people though. If anything, it makes people richer because then those morons need to higher techs to clean up their computers.

iago · January 31, 2005, 05:56 PM

Quote from: dxoigmn on January 31, 2005, 02:41 PM
Quote from: iago on January 31, 2005, 11:34 AM
A computer, in the hands of a moron, can do damage to other comptuers. SQL Slammer used to hit us at work once every two seconds. A new Windows XP computer will have blaster/sasser within a minute. These are because of people who don't know how to operate a computer, and these totally cause damage.

I agree that people should have to have a license to operate their OS. That would be really cool

That doesn't hurt people though. If anything, it makes people richer because then those morons need to higher techs to clean up their computers.

It can hurt people. What if a traffic control system gets shut down?

It can't hurt people physically, but it can hurt mentally and very much financially.

MyndFyre · January 31, 2005, 07:06 PM

Quote from: iago on January 30, 2005, 11:10 PM
I think that one of the main problems with Windows is it's ease of use. Windows encourages people who don't know how to use computers to use them, and of course they screw it up. Most viruses/spyware/spam/etc. rely on stupid people using a computer. Of course, a lot of stuff is also caused by a buggy OS. Those two factors combine creating a big problem on Microsoft's products.

Well, that's why they're called "social engineering" attacks. Unfortunately, while the Linux learning curve remains as steep as it is (even with the nice X-Windows system, and my favorite desktop manager KDE), it's going to be a while before Windows is fixed.

EpicOfTimeWasted · January 31, 2005, 10:11 PM

Quote from: dxoigmn on January 31, 2005, 12:56 AM
You can't really do harm in the same way a car can. You can argue that maybe they're computer will become a zombie for some DDoS attack, but then I'd argue anyone's car could be stolen to be used for a robbery. I don't think the comparison holds, unless you have some sort of argument where operating a computer will cause harm to other computer users.

True, there is no way to directly compare the damage a car can do versus the damage a computer can do, but that wasn't really my point. iago's traffic control system failure is a perfect example of the point I was trying to make.

Another example of computers causing harm: http://www.cincypost.com/2004/12/28/comp12-28-2004.html. 16bit value rolled over, all hell broke loose.

dxoigmn · January 31, 2005, 10:53 PM

What if someone steals a car and uses it to run little kids over? So yeah, I see that home computer users now have computers that control traffic lights and therefore should be required to have a license.

mynameistmp · February 01, 2005, 03:01 AM

QuoteHow secure the server is just depends on how competent the admin is.

How secure the server is depends on who is hacking the server.

QuoteI used to think Linux was super secure.

Then, my friend rooted me with one command. :/

Your friend couldn't hack you for his life. He was given the command to show how easy it was. This example is a tribute to the above statement.

QuoteAn new admin who does not know what he is doing can have his systems exploited no matter what os there is.

Any admin's system can be exploited no matter what os there is.

The theme here is that the OS doesn't matter, the admin doesn't matter, it's the people hacking the OS. When there are millions of vulnerable unix nodes per subnet and entire nations do their online banking via unix PCs, the hacker community will turn their focus (arguably back) to unix.

The Microsoft guy is right, Linux is not ready for critical computing or whatever he called it - but neither is Windows.