Re: So leaky that a $4 billion industry was built to protect it
- From: "cquirke (MVP Windows shell/user)" <cquirkenews@xxxxxxxxxxxxxxx>
- Date: Mon, 03 Jul 2006 05:01:17 +0200
On Sun, 02 Jul 2006 16:00:56 -0700, NoStop <nostop@xxxxxxxxxx> wrote:
On Sunday 02 July 2006 01:17 pm, cquirke (MVP Windows shell/user)
On Sat, 24 Jun 2006 11:38:48 -0700, NoStop <nostop@xxxxxxxxxx> wrote:
<snip> for brevity.http://www.emailbattles.com/archive/battles/security_aaeajhghdi_jg/
What a moronic article! (yes, I'll explain why I say that...)
:-)
The very use of the mean-nothing word "open" is an indication that MS
has dumbed down the UI to the point that it is no longer possible for
newbies to practice "safe hex".
OTOH, is *NIX any better there? AFAIK, *NIX disregards file name
extensions altogether, and routinely names raw code files without any
extension at all. How does a Linux user predict what "opening" an
unknown file will do, if no type info is displayed?
The file has to be marked as executable by the user. Opening any file,
including a so-called executable file will only "run" that program if the
file was first marked through its permissions as executable and who has
permission to execute it.
OK, now for the big question: Are those permissions settings clearly
and unambiguously visible to the user?
"Yes, if the user does X, Y and Z to query the permissions" is not a
satisfactory answer. A user should be able to predict the possible
impact that "opening" a file can have just by looking at the name and
icon, and the file should not be able to act contrary to the info
shown. It would also be better if the user could automatically think
in terms of "view" vs. "run", knowing that situations where it would
be safe to view data may be unsafe to run code.
On top of this, unlike Windoze, *NIX is designed so that the kernel space
and the user space are totally separate. Some misbehaving application
running in the user space cannot impact or harm the kernel space in any
way. This is one of the main reasons that virus writers haven't been able
to create malware that can bring down a *NIX system, like they can with a
Windoze system where there is no separation between the kernel space and
the user space.
Tell me more about the nature of this "separation"?
Should a *NIX user decide to make a malware application
(virus, trojan, etc) executable and run same, it cannot impact the system
beyond the user's space. To do any real damage to the operating system as a
whole, the root user would need to run the application.
Oh, OK; this is similar to the "limited user rights" concept. It's
not really a solution for the user's requirements, though I can see
how it can reduce software support calls, because users (and thus the
processes that run with their rights) invariably have the right to
alter (thus overwrite with trash) their own data.
*NIX is ahead there, because the *NIX software community has been
familiar with that concept for ages. MS can develop an elegant
implimentation of lowered user rights, but it's culturally seen as a
new-fangled retro-fit by app developers used to MS OSs.
Believe me, there's a LOT of discussion on this, typically going "Why
does dumb-ass game X or accounting application Y require the user to
have admin rights in order to run???" Contrary to popular belief,
vendors often ignore the dictates (OK, "strong recommendations") from
MS when it suits them, and often the platform is poorer for it...
- hardware "XP" device drivers that are STILL unsigned
- printers that don't work via PnP, only via their Setup.exe
- end-user apps that require admin rights
- apps that smash all actions for file types to their own "open"
Eeewww.
Specifically (apropos the article cited above) I'd say the impact of
malware on Microsoft is mainly negative. It significantly boosts the
cost of post-release development and support (remember, patches and
support calls related to malware are free) and provides the biggest
percieved reason to move away from Microsoft products to something
else - revitalizing Mozilla/Netscape/Firefox and stimulating interest
in alternative platforms such as Linux and MacOS.
Precisely! As more and more computer users become fed up with having to
spend so much time trying to protect their systems from malware or fix
problems with malware that has slipped past their latest AV "protection",
the growing trend is to look towards more secure platforms, such as
GNU/Linux or Mac OSX. It is SO nice to be able to just work on ones
computer and not worry about the 100,000 plus viruses out there in the wild
ready to bring down ones system.
Sure - but be realistic as to *why* these choices are currently "more
secure"; it is because they are still minority targets.
Very significant exploitable defects have been found in the examples I
mentioned, but rarely is there a prompt (or pre-existing) exploit ITW.
Even when an ITW exploiter appears, spreading is slower because
there's just less of that target around.
So I expect you'd see the see-saw effect, i.e. as market share tilts
from MS to (say) Linux, so will the attention of malware writers and
those who employ them.
OTOH, on a *NIX, you may have less drive-by vandalism etc. but you may
be up against human attackers with decades of *NIX experience. Sure,
it's great to have the power to edit the kernel, but do I want to pit
my skills against that lot, if I were acting as a sysadmin? In away,
I might rather have the alarm blown on each exploit opportunity by a
prompt rash of PoCs and bots ;-)
--------------- ----- ---- --- -- - - -Never turn your back on an installer program
--------------- ----- ---- --- -- - - -.
- Follow-Ups:
- References:
- Re: So leaky that a $4 billion industry was built to protect it
- From: cquirke (MVP Windows shell/user)
- Re: So leaky that a $4 billion industry was built to protect it
- From: NoStop
- Re: So leaky that a $4 billion industry was built to protect it
- Prev by Date: Re: System/Upgrade recommendation please
- Next by Date: Re: System/Upgrade recommendation please
- Previous by thread: Re: So leaky that a $4 billion industry was built to protect it
- Next by thread: Re: So leaky that a $4 billion industry was built to protect it
- Index(es):
Relevant Pages
|
