How does MS come up with these brilliant ideas?

[El_Zagna]

Every security system I can think of - whether it’s the low- tech locks on your doors or high-tech firewalls - is basicaly a compromise between convenience for the good guys and inconvenience for the bad guys. Most of us are willing to compromise a certain amount of security for the convenience of features, and MS markets to that. Of course, MS should fix the bugs and oversights that lead to security breaches.

I’ll second ntucker’s position that it is not MS security holes that attract hackers, it is MS’s popularity. There is not much bang for the buck in writing viruses for Macs, Linux or Open VMS.

[umop_ap_sdn]

*Originally posted by buttonjockey308 *
**Personally, I applaud MS. good for them, toeing the industry line like that. It’s made Billy a dozen metric tons of cash, and created jobs for all of us, fixing the holes and putting out the fires. **

If it created jobs for all of us, with my skills and experience, I’d be able to go to a programming interview and actually get hired! :mad:

[seal_cleaner]

*Originally posted by ntucker *
**And sure, there are fine reasons for deciding to make Eudora your company-wide email client. It’s a quality product and for all we know, they get a fantastic deal on it. But that doesn’t change my point: it’s not necessarily any more secure than Outlook or Outlook Express when it comes to security exploits. I guarantee you that if Eudora was magically installed on every windows PC in the world, the security holes would be uncovered. **

God point - but I won’t allow Outlook opn any of the machines on my networks.

[seal_cleaner]

Or spellcheck.:smack:

[Cerowyn]

Unix had dozens of hacks and exploits long before Microsoft was a blip on the map. Most successful website hacks are against Linux. The proliferation of worms, virii and hacks for Windows are simply a function of the popularity of that OS. The same effort devoted to Unix & Linux would probably open a huge number of doors in those systems too (although one hopes not quite as many as Windows).

I always shake my head at the poor losers who succumb to the knee-jerk anti-Microsoft spew everytime the Great Evil is mentioned. There are always reasons to dislike individual products, but it is laughable to automatically discount everything Microsoft.

[JeffB]

*Originally posted by Musicat *
…pussies will be wide open…

Just when is this happening?

[Meros]

*Originally posted by bnorton *
**I’ll second ntucker’s position that it is not MS security holes that attract hackers, it is MS’s popularity. There is not much bang for the buck in writing viruses for Macs, Linux or Open VMS. **

The catch with security though is that you have to look at security from the stand-point of your typical end-user, no even the person with an average amount of tech-savvy-ness. Windows is inherently insecure out of the box and that’s the configuration most people use it as. Most flavors of *NIX and OS X take the approach of making the OS locked down or near locked down by default requiring the user to make modifications to enable features that provide for essential security problems (the exception being that the OS X firewall isn’t enabled by default).

Windows, OTOH, instals in a rather insecure mode and requires the user to activate certain features, many in an unintuitive or difficult way (it took me quite a while to actually FIND the XP firewall).

Some Interesting Articles.

Washington Post-Windows: Insecure by Design

Letter to the Dept. of Homeland Security from the CCIA

NY Times (Reg. Required)

Among others. Yes, Linux is the most attacked OS on the Web. Near under it in attacks is BSD (which is the least successfully breached) that’s a fact that can’t be denied. Hackers will go after anything they can find and, despite MS ubiquity on the desktop, the server market is still rather well dominated by various *NIX flavors.

IMHO that makes servers a much juicier market for virus-writers and hackers. After all, why write a virus that will disrupt the desktop machines of the office staff when you can write one that will disrupt the core infrastructure of many corporations (even MS uses UNIX servers for a few mission critical systems). Despite that high-profile the number of *NIX viruses is still considerably lower than the number of Windows viruses. It leads me to believe that there is something inherently wrong with the Windows OS; something far more than just larger market-share.

[Meros]

I forgot to add (oh how nice it would be to be able to edit) the ratio of Linux/UNIX hacks versus Windows hacks is roughly equal to the ratio those OSes hold in the webserver market.

NetCraft Webserver Survey

[Apos]

A funny part about the recent worms has been Microsoft’s Press Release. Basically, it said that only XP systems can be affected. but then it quickly reminded us that 98 and company are no longer supported, and we should upgrade as soon as possible for the sake of security.

That’s right: we should stop using an OS that DOESN’T have these problems so that we can buy one from them that does: problems that they don’t seriously plan on addressing in a permanent way for two years or more.

[SkipMagic]

*Originally posted by ntucker *
**Actually, that’s wrong, too. Eudora has exactly the same potential for causing a security hole as Outlook. It’s just another app dealing with a lot of untrustworthy data. All it takes is a particular type of bug and a Eudora-based email virus can occur. Why hasn’t it happened? I can tell you that it’s not because the Eudora programmers are so much better. It’s because Eudora isn’t a good virus platform until it gets a much bigger market share. **

No, I wasn’t wrong when I mentioned that you won’t have these same problems with Eudora (or Netscape, or even Mac’s Mail), because the majority of Outlook-centered viruses you see out there are the creations of script-kiddies who take advantage of Microsoft’s decision to allow attachments (and certain code) to automatically execute upon either preview or open.

So, while I wasn’t saying that Eudora viruses cannot occur, you probably won’t see one in the same vein as these Microsoft ones, because Eudora doesn’t handle its mail the same way.

That said, I agree: given enough time and interested people, I’m willing to bet any program can be cracked.

Originally posted by a cleaner ex-seal clubber
Does anyone remember the autostart virus from a few years ago?

Yep. It was hell in a school district; although we were up-to-date with our Virex, the staff kept bringing in these damnable floppies from home…

[dylan_73]

*Originally posted by Cerowyn *
Most successful website hacks are against Linux.

Arggh! Didn’t you read where this report was from?! Google for “mi2g” and “D.K. Matai” so that you will know to never quote a report from them again…

I mean, surely it struck you as a little suspect that no-one else produced figures remotely resembling theirs?

[Meros]

I remember there being something else fishy about that study. Thanks dylan

[El_Zagna]

OK, so mi2g are less than reputable. So can someone give us the straight dope on what systems really do get hacked the most?

[Meros]

It’s all going to depend on how we want to define hacked within the scope of the discussion. Basically you can put hacks into the two categories of virii and actual webserver hacks which lead to defacement, data theft, etc. The difference between the two being that virii tend to exploit a flaw in the actual OS of a computer while hacks exploit flaws in the daemon for whichever protocol is being hacked (telnet, ssh, http, etc.).

A discussion of OS integrity should really focus on virii since those are direct attacks against the OS for the most part. OS being defined in this case as the kernel as well as any software written so as not easily removable by a lay-person (like Outlook Express). If using virii as a criterion for OS integrity all one really needs to do is get a list of virii affecting each system take a count and maybe weight the results a bit based upon the potential damage individual virii can have on a given system.

While thinking about this I pulled up the virus list from the AV software on the computer I’m typing this on (a Powerbook running MacOSX) and from one of my NT servers. The results were, astounding.

MacOSX

Number of Virii-4810
Latest Definitions-08/01/2003

WinNT

Number of Virii-65074
Latest Definitions-09/18/2003

Something important to note is that while I was looking through the OSX list I found virii from the early days of System 7 as well as UNIX virii (which can affect it due to the BSD core) while the NT numbers were only for OSes with the NT kernel. Another note is that no virus on the list affected any MacOS later than System 9.2.
Now, the straight dope n which systems get hacked the most. I thought about this for quite a bit last night and I realized that the most reputable sources for such statistics would likely be hacker communities. Namely, those such as Attrition.org where the members post their successes in website defacement and server cracking. Unfortunately, at the moment the only figures I can obtain are from 2001 but they are quite the opposite of mi2g’s statistics.

According to the stats posted at Attrition.org about 58% of all successful defacements were against Windows machines while the OS only held 30% of the web market. I don’t how these relate to statistics for today, it appears that the only study that has been done is that by mi2g and we’ve already determined that those results are, at best, suspect. All we know is that Windows share of the server market has been falling, perhaps as a result of being the most hacked server.

Keep in mind that most of the onus on web-security is on the Administrator as webserver software has a tendency to be insecure in it’s default configuration. There is still, however great pressure on the part of the vendor to release a product that is secure when configured to be so (and given my experiences with supposedly locked down Windows machines MS has failed at this)

Register Article Summing up the Survey.

Attrition.org Study

[umop_ap_sdn]

*Originally posted by several users *
…virii…

Correct me if I’m wrong, but isn’t the computer virus properly pluralized to viruses? (Cite Discover magazine, November 1984, page 92, at the top of the third column.)

I’m always having to tell people that the plural of mouse is mouses, because in the words of an instructor at the college I attended, “it’s not an animal.”

[seal_cleaner]

*Originally posted by aryk29 *
**Correct me if I’m wrong, but isn’t the computer virus properly pluralized to viruses? (Cite Discover magazine, November 1984, page 92, at the top of the third column.)

I’m always having to tell people that the plural of mouse is mouses, because in the words of an instructor at the college I attended, “it’s not an animal.” **

"Two staffs
Make staves.

But two giraffes
Do not make giraves.

One giraffe
Makes me laugh."

-Ogen Nash

[Giraffe]

Yeah, well fuck you, Ogden Nash!! Asshole.

[AHunter3]

Viruses are microorganisms that give people inflammations and sicknesses.

Virii screw up computer boxen.

[SpaceForRent]

As a long-term Mac user, let me just remind you: it isn’t luck, it is just being sensible.

Amen.

[Musicat]

From a message from jjimm, where he corrected me in another thread:

In the interest of fighting ignorance, the plural of “virus” is actually “viruses”.

I think he is right.