+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 47
Mac Thread, So much for Macs being secure in Technical; MS still have a 90-95% lead on desktop systems, but that doesn't translate to all the code on the planet! ...
  1. #31

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    MS still have a 90-95% lead on desktop systems, but that doesn't translate to all the code on the planet!
    I never said it was all code, but it's the single most tested code because of the large user base.

    So do the script kiddies do it because it's an easy target, it's more profitable or just because they are pis*ed off at MS ?
    All three.

    I don't have experience of 2008 server, but 2003 certainly doesn't come with services off by default !
    As quoted from microsoft.com

    To improve performance and security in the Windows Server 2003 family, several services have been disabled by default that were previously enabled on Windows 2000.

  2. #32

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,400
    Thank Post
    636
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    Quote Originally Posted by Michael View Post
    I'm not a virus writer/hacker (and I do not condone it); however if I was, I would put all my effort into attacking Windows.
    The source code is freely available for both Linux and BSD - why not attack those? A lot of people, myself included, believe that security through obscurity is a bad thing. Shown by this recent triumph by open source.

  3. #33

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,528
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822
    One thing that no-one has mentioned is to what extent the machines were hacked. Was it complete root-kit? ie. Did they have complete control of all aspects or did they just have access to user level privileges? If it is the prior, this is worrying for both companies. If the latter, it is not quite as bad...

  4. #34

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    18
    Quote Originally Posted by CyberNerd View Post
    yeah, they keep going 'back to the drawing board', in fact each release is 'written from the ground up' or 'from scratch' so the marketing machine tells us.
    But if they have too drastic a break with the past then they get castigated for breaking legacy apps. Aside from the increased resource requirements, a lot of members on this forum have been given reduced backward compatibility as a reason for not adopting or delaying deploying Windows Vista in their schools.

    The reason linux is more secure is because it is open source. Anybody can read and improve the code.
    Sure, anyone and his dad can fork Red Hat code but few corporate IT departments would deploy the resulting distro.

    Unlike windows or OSX, linux doesn't require a plethora of extra utilities to provide functionality like opening pdf's, xls etc.
    You're joking, right? Last time I checked a PDF reader has not been integrated into the Linux kernel and what about all those Firefox plugins, for that matter. The FOSS movement is also producing its equivalent of Flash ( Gnash?).

    In this case its the closed apps (Safari, ActiveX) that are the security vulnerability.
    It's not the closed source nature which was the problem. There have been vulnerabilities in FireFox and in open source VM frameworks. In the Windows case Microsoft has used unsafe practices such as tight OS integration of its web browser as a way of achieving vendor lock-in to sure up its monopoly in the desktop operating systems market.

    Open Source is does not always prevent problems. As a case in point look at the security issues there were with PHP last year.

    Open source like democracy is not panacea but it does a better job of mitigating the excesses of dominant parties.

  5. #35

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    18
    Quote Originally Posted by CyberNerd View Post
    So do the script kiddies do it because it's an easy target, it's more profitable or just because they are pis*ed off at MS ?
    Script kiddies as their name suggest run ready made exploits. The high level of research interest in Windows by both legal and clandestine forces means there a lot more of these about.

    The many eyes theory of open source is all well and good but if the bragging rights are all in busting Windows then you know where most of the attention is going to go.

    What has helped Linux is that the *nix security model does a better job of mitigating the effect of the compromise of unpatched (either by vendor or admin) software.

    I don't have experience of 2008 server, but 2003 certainly doesn't come with services off by default !
    Now you're being contrary for the sake of it. What Michael was alluding to was that Windows 2003 does not start out any with listening services (daemons) enabled out of the box. You have to deliberately choose to make Windows 2003 act as file or web server. This definitely was not the case with Windows 2000 or NT4 server.

  6. #36

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    The source code is freely available for both Linux and BSD - why not attack those? A lot of people, myself included, believe that security through obscurity is a bad thing. Shown by this recent triumph by open source.
    Because Linux comparatively has a small user base compared to Windows. Hypothetically speaking, even if you did find something to exploit in Linux, you'd have to find a Linux machine to attack first!

  7. #37

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,528
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822
    Quote Originally Posted by Michael View Post
    Because Linux comparatively has a small user base compared to Windows. Hypothetically speaking, even if you did find something to exploit in Linux, you'd have to find a Linux machine to attack first!
    Not in the server market - it is still the leading os for hosting websites on. Google, for example, makes use of Linux... Imagine a hacker taking over their server farm.

  8. #38


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by ITWombat View Post
    Sure, anyone and his dad can fork Red Hat code but few corporate IT departments would deploy the resulting distro.
    Novel customers?

    Quote Originally Posted by ITWombat View Post
    You're joking, right? Last time I checked a PDF reader has not been integrated into the Linux kernel and what about all those Firefox plugins, for that matter. The FOSS movement is also producing its equivalent of Flash ( Gnash?).
    You can't seriously be avocating putting FF/PDF stuff in the kernel .
    Last edited by CyberNerd; 31st March 2008 at 12:28 AM.

  9. #39

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    Not in the server market - it is still the leading os for hosting websites on. Google, for example, makes use of Linux... Imagine a hacker taking over their server farm.
    If I am wrong, why don't we see more attacks on Linux performed/created? I'm sure if someone managed to hack into Google's server farm, they'd have a wealth of information on their hands. No doubt here, but I have no doubts also that Google's servers are going to be behind hardware firewalls too. There are far more Windows exploits created and far more Windows clients to target or attempt to target.

  10. #40

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    18
    Quote Originally Posted by CyberNerd View Post
    Novel customers?
    You're not getting my point. Vendor size or more importantly install base, does have an effect how a threat can be handled. So if Big Linux Co. was tardy in reacting to news of a vulnerability, a remedial fork by a smaller 3rd party would not necessarily get wide adoption.

    Occasionally there are 3rd party patches to Windows vulnerabilities as well but everyone tends to wait for the official Microsoft ones.

    You can't seriously be avocating putting FF/PDF stuff in the kernel .
    No I wasn't. Read my post again. I was just wondering why you were criticising Windows and OSX for having utilities to open PDFs, XLS files etc.
    That's what *nix does too. In fact a major part of the *nix philosophy is the modularization of code so that, as much as possible, particular programs do specific tasks rather than act as jack of all trades.
    Last edited by ITWombat; 31st March 2008 at 12:51 AM.

  11. #41

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    18
    Quote Originally Posted by localzuk View Post
    Not in the server market - it is still the leading os for hosting websites on. Google, for example, makes use of Linux... Imagine a hacker taking over their server farm.
    Most crackers attention is focused against consumer desktops. Even corporate Windows admin are getting better at securing their servers and networks.

    As I have said in other posts, the *nix secuity model is generally better but let's not get complacent. Don't be like those Mac users who thought they were impregnable until last week. One the whole, Mac OS X is still safer than Windows you still have to be careful what you do with it.

  12. #42


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by ITWombat View Post
    You're not getting my point. Vendor size or more importantly install base, does have an effect how a threat can be handled. So if Big Linux Co. was tardy in reacting to news of a vulnerability, a remedial fork by a smaller 3rd party would not necessarily get wide adoption.
    you are not getting the point of how OSS security vulnerabilities are distributed.
    When a problem is discovered it is patched promptly and distros do their job -> test and repackage !

  13. #43

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,528
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822
    Quote Originally Posted by ITWombat View Post
    Most crackers attention is focused against consumer desktops. Even corporate Windows admin are getting better at securing their servers and networks.

    As I have said in other posts, the *nix secuity model is generally better but let's not get complacent. Don't be like those Mac users who thought they were impregnable until last week. One the whole, Mac OS X is still safer than Windows you still have to be careful what you do with it.
    Agreed, complacency is a dangerous thing whatever your OS. However, the point I was making was that Linux use isn't as low as was being made out. I think the overall thought is that Windows gets attacked as it is the most widely used OS in the world. I was simply pointing out that Linux is the most widely used OS in the web server world, yet attacks on it are low.

  14. #44

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24
    Quote Originally Posted by localzuk View Post
    One thing that no-one has mentioned is to what extent the machines were hacked. Was it complete root-kit? ie. Did they have complete control of all aspects or did they just have access to user level privileges? If it is the prior, this is worrying for both companies. If the latter, it is not quite as bad...
    Excellent question, and one that I think we need the answer to before we proclaim anything damned. To gain root access on an OS X system takes a *lot* more than visiting a web site as a user and clicking a link. You have to *enable* root on OS X. Of course I know Apple users who do indeed enable the root account and leave it logged in!

    I agree though- if it were a root-kit access to the system then both Microsoft and Apple need to get it fixed. And quickly. Reminds me of the VMSPLICE exploit found in kernel 2.6 at the start of the year in Linux- a root shell could be started through exploit code because of a bug in the kernel. It was patched *very* quickly- but it was there for all to see :-)

    Paul

  15. #45

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24
    Quote Originally Posted by localzuk View Post
    Agreed, complacency is a dangerous thing whatever your OS. However, the point I was making was that Linux use isn't as low as was being made out. I think the overall thought is that Windows gets attacked as it is the most widely used OS in the world. I was simply pointing out that Linux is the most widely used OS in the web server world, yet attacks on it are low.
    Yes, yes- but if you are a criminal/cracker who wants to exploit bugs in code or otherwise harness information on systems belonging to other people then Windows is the *obvious* choice. So many business and home users have this system that you would target that to get to your main point (wouldn't you?).

SHARE:
+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Sibelius & F-secure
    By pallen in forum General Chat
    Replies: 3
    Last Post: 31st January 2008, 08:04 PM
  2. Secure Printing
    By FreeWill in forum Wireless Networks
    Replies: 2
    Last Post: 9th October 2007, 11:45 AM
  3. How secure is a VLAN?
    By Ben_Stanton in forum Wireless Networks
    Replies: 5
    Last Post: 26th July 2007, 09:15 AM
  4. Making RDP more secure
    By mattx in forum Windows
    Replies: 2
    Last Post: 7th February 2007, 01:52 PM
  5. Secure Folder
    By SimpleSi in forum Windows
    Replies: 17
    Last Post: 5th October 2006, 12:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •