Re: Where Can I Buy a Zombie PC?
- From: NoStop <nostop@xxxxxxxxxx>
- Date: Thu, 13 Jul 2006 22:34:18 -0700
On Thursday 13 July 2006 08:18 pm, Ground Cover had this to say in
microsoft.public.windowsxp.general:
Inline:Oh puhleeze ... I use chkrootkit ( http://www.chkrootkit.org/ ). What do you
NoStop wrote:
On Thursday 13 July 2006 08:41 am, Ground Cover had this to say in
microsoft.public.windowsxp.general:
To a great extent that is true.<snipping a long "history" of computers by Gound Cover>
You also forgot a few points.
To be honest, I only ever caught one malware -as far as I know
hahaha ... "as far as you know" ... that's a good one.
It's true. For all I know, all you know, every system beyond the most
simple in your place and mine is "rooted".
use to check your Windoze boxes for rootkits?
MickeyMouse has been notorious for taking its sweet time in making patches
- and that
was when I ignored a call to install a certain patch for if I were
running Windows 2000 with IIS installed. But, otherwise I had
already done some reading etc. and was not one likely to fall for
the "screensaver" in the email. And since I had been involved with
JavaScript, I had decided early on to turn it off [a bit ironic - I
knew how to code it, so I browse default with it off].
Many of Microsoft's problems, security-wise, is its users.
Typical MickeyMouse shill - BLAME THE USER (victim).
Well, to a great extent the user has to share the blame. Maybe not the
user specifically, in some aspect. I jsut cleaned up a computer for a
customer. She had be completely trojaned / compromised / and spywared. She
was also running Windows XP Pro 2002 (RTM) without a single patch ever
applied.
Microsoft made the patches available - but they were not applied. You
canbring a horse to water, but you can't .....
available. In fact, the longest time from discovery to patch of any major
software producer other than Sun. On top of that, some of its security
patches have caused MAJOR problems for many computers that updated, making
users leery about jumping in to pick up a patch until they've gotten
feedback from other users. MickeyMouse's use of a critical update to plant
WGA on users systems adds to the concern.
I was talking about ActiveX as being a MickeyMouse "innovation". Can you
They want
JavaScript ON. They want Java ON .. always.
Can you imagine today's web without javascript?
They want ActiveX ON.
This is a MickeyMouse "innovation" and shouldn't be allowed on the
Web.
JavaScript was developed by Brendan Eich while he was a Netscape:
http://en.wikipedia.org/wiki/Brendan_Eich
follow a thread?
Vulnerabilites get identified and patched, but the user .. the user
wants to see the dancing bunnies - at all costs - and there's not
much can be done.
These same users will undoubtedly be flocking to Vista as it will
offer dancing bunnies and not much else.
A PC owner has the right to run as root.
The Windoze XP installation routine does this by default. Why did
MickeyMouse do this? Probably doesn't make that much difference as
Windoze isn't a true multiuser operating system to start with.
This is why I included the history. There's a historical reason for this.
Microsoft started out supplying the OS for the little PC. The PC XT wasn't
considered a "mainframe"; it most usually did only word processing.
Microsoft did a reasonably good job with DOS - WP worked just fine on the
thing.
The install routine canAbated?
make "users" but at some point the software company has to "hand
over the keys" so to speak. Yet there's no requirement that the PC
owner have ever read even a
magazine article on how to run the thing ..
.. Anway, the storm has abated somewhat.
http://www.thehostingnews.com/article2057.html
"Malware, Worms and Viruses, Increase 240% in 2005
News
The malware authors are having to work more furiously for less. In fact,
the actual number of discovered vulnerabilities has gone way done. PC Mag
has report that more serious vulnerabilities have been discovered for
Linux this past year than for Windows.
Glendale, California - (The Hosting News) - February 22, 2006 -
Internet security and virus alert company, PandaLabs, is reporting a
240% increase in the number of new malware specimens detected in
2005. In all, over 46,000 new threats, including viruses, worms,
Trojans, bots and other types of malware, were detected in 2005,
compared to 13,000 threats detected in 2004. "
But is the actual impact going up .. or down. I suspect it is going down.
Well you suspect wrong.
"Stats from at least three different security vendors make clear the trend,
perhaps even bode well for their businesses: Malware is growing.
Although virus rates themselves may be falling, Trojans are picking up the
slack at an alarming rate, the vendors said.
Another common trend: The growth of malware is almost exclusively targeted
at Windows operating system-based PC's, prompting one security vendor to
advise users to switch to Apple Macs.
They all found similar staggering stats on the amount of malware out there."
http://www.internetnews.com/xSP/article.php/3618381
And once Vista starts weighs in ..
From same article:
"The introduction of new security measures, including some planned for
Vista, may slow down the rate at which machines are impacted by malware,
O'Brien said. But its unlikely the trend will go away. "Vista will be a
hurdle but not an obstacle."
And the trend as pointed out is GROWING not declining.
http://www.computerweekly.com/Articles/Article.aspx?liArticleID=215403&liFlavourID=1
"Therefore, by the end of this year, the number of new variants
detected could exceed 100,000, which is more than the computer
threats detected in the previous 20 years."
ALL directed at Windoze boxes, btw. Because they're so easy to
target!
Rootkits are the up and coming means of attack. Here's a rather
interesting article:
So you know or are you once again surmising? You seem to do alot of that.
"Huge increase in Windows-targeted stealth malware
by Tash Shifrin
Tuesday 18 April 2006
Security experts have warned of a 700% rise in reports of rootkits ?
malware that actively conceals its existence using stealth
technology ? over the past year.
Probably all variations on a theme.
I don't know how you judge "huge". What I'd call "huge" would be something
The most dramatic rise has been in rootkits targeted at Windows
systems, security firm McAfee said in a white paper, with the number
of Windows-based malware stealth components shooting up by 2,300%
between 2001 and 2005.
Over the same period, the number of Linux-based rootkits has fallen
to a ?negligible number?.
McAfee said the open source environment, online collaboration sites
and blogs were ?largely to blame for the increased proliferation and
complexity of rootkit components?.
It added that malware authors found the Windows platform ?an
attractive target? because of its huge installed base and the
technical challenges it posed.
Rootkits are also becoming more far more sophisticated, the white
paper said. Stealth technologies have moved from Trojans to other
forms of malware and potentially unwanted programs (PUPs).
The complexity of rootkits had increasing by 400% between 2000 and
2005, but then shot up by 900% over the past year. "
XP SP2 was released. The number of extememe vulnerabilities
discovered in Windows this past year is way fewer than say found in
2004. Many users are much more circumscript in their behaviour. And
Linux still hasn't found the vendor support it needs for to "take
the desktop" [and it probably never
will]
Your wishful thinking. Linux certainly won't replace Windoze soon,
but there certainly is a growing user-base of new Linux users who
have left Windoze behind because they are sick and tired of the
constant insecurities posed by the toy operating system.
Not really, not anymore. Windows Server 2003 is handling some pretty huge
computer operations.
like Google. Now that's huge!!! Funny, but it runs on Linux.
So looking at "huge computer operations" take a look at the following:
*** "GNU/Linux dominates in supercomputing: it is used in 78% of the world?s
500 fastest supercomputers use GNU/Linux, most of the world?s ten fastest
supercomputers... including the world?s most powerful supercomputer (as of
March and November 2005). By March 2005 Forbes noted that 60% of the
world?s fastest supercomputers use GNU/Linux, using data from Top500 to
determine which computers are the world?s fastest. Of those top 500, the
best available information shows that 301 run GNU/Linux, 189 on Unix, 2 on
FreeBSD (another OSS/FS Unix variant), and one on Microsoft?s Windows. A
few machines? operating systems are unknown, but even so, Forbes says
?Linux clearly is by far the top choice for high-performance computing.?"
*** "Joe Greenseid reported on LWN that this dominance is even more obvious
is the top ten supercomputers as of March 2005; GNU/Linux systems account
for 8 out of the top 10. Six of these ten were made by IBM, including five
Blue Gene systems and one PPC Cluster. Third place is held by an SGI Altix
running GNU/Linux. Thunder, an Intel Itanium2 Tiger4 ?white box? system,
holds seventh place and runs GNU/Linux."
*** "More recent data from November 2005 shows this as an increasing trend.
Jay Lyman?s November 15, 2005 article Linux continues supercomputer
domination notes that on the November 2005 Top500 list, 78% of the world?s
fastest machines (391/500) rely on Linux, far more than anything else.
Seven of the top 10 systems are running GNU/Linux (the other three run AIX,
UNICOS, and Super-UX), and as with the March 2005 survey, the fastest
supercomputer in the world runs on GNU/Linux. In contrast, ?Microsoft
Windows didn?t even turn up on the list.? Erich Strohmaier, co-founder and
editor of the Top500 list, said that the OSS/FS ?Linux is the dominating OS
in the supercomputing community and will keep this role... If anything, it
will only enlarge its prevalence.? In fact, he believes that ?no other
operating system is likely to be used as much as [GNU/]Linux in the
foreseeable Top500 future.? "
http://www.dwheeler.com/oss_fs_why.html
Greater resistance than what? If you're comparing it to IE 6 then you
Suse is now
ready for the desktop without question and has the support of a
major player. IBM has invested $1 billion into Linux. Believe it or
not, Linux is no longer what it was just a few years ago. Today it
is an ALTERNATIVE to the Windoze desktop.
But not a viable one. As per already premised in this sub-thread, Linux
just doesn't have the vendor support.
so Microsoft - not having to look over its shoulder- has been
taking its time with Vista.
Vista will try - and will probably succeed - to rectify the
security situation through an alert system [and without fanfare,
running some of software e.g. Internet Explorer with only user
privileges even if an Adminstrator is logged on]. Vista will
probably substantially reduce the impact of malware much further
than XP SP2.
Personally I have my doubts because with 50 million lines of source
code, the vaste majority coming from earlier versions of Windoze, it
doesn't look to be anything more than XP with new eye-candy. But,
the proof of the pudding will be in the eating. Let's revisit this
particular discussion say 6 months after Vista is released and see
how successful MickeyMouse will be.
Well, Internet Explorer 7+ is already showing greater resistance and it's
still in beta.
certainly aren't setting the bar very high, are you?
How silly. Do you have any idea how open source software is developed and
So there you have it. No matter what Microsoft or Linus TorvaldsLinux users tend to know better and some distros go out of their way
does, someone is going to log on as "root", regardless, and run
/bin/dancing_bunnies and there's nothing anyone can do about it.
to discourage ordinary users from running as root. Eye-candy on its
But if Linux were more popular this would not be the case. Linux as a home
/
small business / gamer platform, isn't having to deal as much with the
user who wants to see the dancing bunnies .. simply because it is not
popular. If it were, it would. Then what? The dancing bunnies would be
dancing. Social engineering emails would instruct hapless victims in how
to log in as root and run /bin/dancing_bunnies and so on. And they would.
Why? They want to see the dancing bunnies.
distributed? Do you think Linux users just come across a piece of software
somewhere and get convinced to install it, like Windoze users always do?
Linux distros have packaging systems and the packages are SIGNED. Sure a
Linux user can go to a place like sourceforge and pickup the source code
and compile an application himself and run it. But code sitting in a
repository like sourceforge is totally vetted.
It's becoming more and more obviously that you really don't understand open
source at all. You're coming at it with a preconceived Windoze-mindset.
Things in the open source world are not like what you're obviously familiar
with and used to, or else you wouldn't be making such silly statements. Go
out grasshopper and learn, then we can carry on an intelligent discussion.
own does not lead to more insecurity if the underlying operating
system itself is constructed to keep the operating system separate
and apart from the user space. The POSIX model does this. The
Windoze model does not.
But with firewalls and care and Vista, the rest of us have a betterYour blind faith in Vista is a bit funny to contemplate, but
chance at mitgating the impact.
expected from a MickeyMouse shill I guess. As I said above, let's
revisit this topic down the road when Vista has had a chance to
expose itself to the Net for a while. :-)
You will be disappointed. Why? Windows Vista will be harder to compromise.
I said we'll see. I said I have my doubts. You are so certain. I'm not,
because I've seen the history of stuff from MickeyMouse.
IE7+ runs with user not admin privileges etc. etc, and so on
But can the malware picked up by IE7 be prevented from writing bits to the
Windoze registry? Have they plugged the ability of any software program run
on Windoze to write what it wants to wherever it wants within the registry?
Will Vista do this? Will all software have to be rewritten to run on Vista
now that it is unable to write to the registry whenever it wants to?
.. My guess
is that overall, fewer people will be less affected less often and the
impact of malware will be reduced.
Your "guess". Just what do you base this on? Because MickeyMouse says its
so? Didn't they say XP was the most secure o/s they ever produced and it
proved to be just the opposite?
Never-the-less, if a user insists onNot so. See above.
seeing the dancing bunnies there will be some systems compromised
regardless - but this would happen with any popular OS.
<chop>
--
WGA is the best thing that has happened for Linux in a while.
The ULTIMATE Windoze Fanboy:
http://video.google.com/videoplay?docid=-2370205018226686613
Is this a modern day equivalent of a Nazi youth rally?:
http://www.ntk.net/media/developers.mpg
A 3D Linux Desktop (video) ...
http://www.youtube.com/watch?v=DUSn-jBA3CE
View Some Common Linux Desktops ...
http://shots.osdir.com/
.
- Follow-Ups:
- Re: Where Can I Buy a Zombie PC?
- From: Gray
- Re: Where Can I Buy a Zombie PC?
- References:
- Where Can I Buy a Zombie PC?
- From: NoStop
- Re: Where Can I Buy a Zombie PC?
- From: NoStop
- Re: Where Can I Buy a Zombie PC?
- From: Grumpy
- Re: Where Can I Buy a Zombie PC?
- From: NoStop
- Where Can I Buy a Zombie PC?
- Prev by Date: How do I reinstall Windows XP from scratch without the disk?
- Next by Date: Re: How do I reinstall Windows XP from scratch without the disk?
- Previous by thread: Re: Where Can I Buy a Zombie PC?
- Next by thread: Re: Where Can I Buy a Zombie PC?
- Index(es):
Relevant Pages
|
