 |
|
| UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
| Reply |
|
|
LinkBack | Thread Tools | Display Modes |
|
#41
|
|||
|
|||
"nightjar .uk.com" nightjar@insert_my_surname_here wrote in message ... "Alan" wrote in message ... In message , nightjar wrote and they usually do not come with automatic installation of security updates when vulnerabilities are found. Is this an advantage? Allowing any third party to automatically update your software is foolish. No doubt you bought Betamax too, or would have if you are too young to recall it. He probably did or would have done, seeing that Betamax was far in-excess a better format than VHS could ever hope to be... |
|
#42
|
|||
|
|||
|
In article ,
Bob Eager wrote: Same here, with ProNews/2! But I started over 20 years ago with 'rn'... Some of us are still using a varient of rn.... (moved to trn and now use strn  )Darren |
|
#43
|
|||
|
|||
|
nightjar nightjar@ wrote:
No doubt you bought Betamax too, or would have if you are too young to recall it. Colin Bignell Somewhat ironic comaprison, since Betamax was technically far superior to VHS  Lee -- Email address is valid, but is unlikely to be read. |
|
#44
|
|||
|
|||
|
|
|
#45
|
|||
|
|||
|
"John Rumm" wrote in message ... It was not a criticism of their choice, just a recommendation they try something different because it may solve the problem they are having. But you didn't. You said: "(Loosing OE would help as well)" You have a point in that there might be other systems which are better for certain uses but you didn't suggest what they were or in what precise ways they were better. Well to an extent, pretty much any of the applications designed as news posting/reading clients will tend to do a better job. However if you would like a specific recommendation, then I would suggest that for people used to OE or Outlook they might like Thunderbird. It has a nice (but not too different) UI, and you get a number of advantages like good junk mail detection, ability to disable running any active content in news/mail messages, support for RSS news feeds etc. If you don't mind paying for usenet software, then "The Bat" gets very good reviews. Ports of traditional Unix usenet software like Tin can also be good. Forte Agent seems popular among many usenet users. If anyone is tempted by these applications, where are they obtained, how much do they cost, how are they installed ... etc. Then people have to learn new skills ... But who was posting to say that s/he was having difficulty with OE? No-one. The OP had a problem with jumbled message ordering. This could have been attributed to OE's limited threading ability - there is an option buried in the later versions to select whether this is done based on posting time or thread IDs. (having found it the other day however, I can't find which dialogue they have hidden it in today!) There are several ways of ordering one's posts in OE ... I am sure you are diligent enough (and sufficiently aware of the issues) to keep your computer patched up to date, run current anti virus and firewall software/hardware, I am. MS helpfully suggests those things. It does, alas many do not even read the suggestions (e.g. the recent very sensible change to turn on the firewall in XP SP2 by default. This was necessary simply because the majority of users did not bother to enable it even though it was installed and ready to go). So you're suggesting applications which don't suggest that users think for themselves? keep your preview pane turned off, I have NEVER used a preview pane, I can't see the point. It's never been the default, I've never even tried to find out how to put it on. Don't bother telling me :-) I was under the impression (certainly for email) that the default window layout in OE still has the message preview turned on. (i.e. the three pane layout, inbox and other folders to the left, message titles top right, preview bottom right). Perhaps my pcs have been the exceptions - although I can't see why they should be. I've been using internet for a few years and have never seen a preview pan. I've only heard about them from people who've droned on boringly (!) about how wonderful they are. I've never a) understood why or b) been tempted to try to discover how to do it. But all these folk have not been OE users, they've been telling me about preview panes as one of the refinements of their own systems. and most importantly be selective as to what emails you open rather than delete. I certainly am. And I block those which I find offensive. But I still read yours G Note to self, must try harder ;-) Don't push your luck! (Sadly the answer is usualy once their computer is spending 90% of its CPU time as a part of a script kiddies botnet, slugging internet performance carrying out DDoS attacks, sending spam, and hosting dodgy porn) I don't understand the construction of that sentence, could you look at it and explain it better, please? It might be interesting. Apologies if you are already aware of some of the stuff that follows, but it gives a fuller description of some of the above mentioned topics: The following does indeed explain what I suppose you meant but if you look at your sentence - in innocence as it were - I think you might be puzzled too. Much of the focus of computer "malware" in general has shifted in the last couple of years. There was a time when computer viruses etc. ranged in their unpleasantness, but they usualy shared a common goal of causing some form of loss or disruption to the computer user, and propagating copies of themselves. I don't pretend to understand the motivation of the people who wrote these things, but I expect recognition among their peer group was a big factor. With peers like that ... More recently things have taken a turn for the more sinister. Organised crime has moved in, and opportunities for developing these technologies into hard cash generating activities have grown. Yes. Fortunately the companies I deal with on-line are extremely security aware. I've reported several spoofs. I think this is important but it's surprising how may people complain about them yet do nothing. As a result, the focus of much malware these days is to install itself on a computer and *not* set out to do it any immediate harm. The desire being to remain undetected. The majority of these applications open up back doors into the computer. They will silently connect to a IRC discussion channel, and await instruction from their master. This is a "botnet". The back door will typically include a trojan downloader. This is a program that can be instructed to download and execute any other software at will. There are several common reasons for doing this: 1) The computers in the botnet can be instructed to perform a Distributed Denial of Service attack. A recent example of this was a Russian organised crime network that was targeting online casino sites. Prior to a large sporting event they would threaten to take down their web site unless it's owners paid up the requested extortion fee. If they refused, they would find their web sites under attack from tens of thousands of infected PCs. This would in effect knock them off the web with their potential customers unable to reach them. DDoS attacks also have a knock-on effect on other internet users as a result of the bandwidth wasted by the attacks. 2) Estimates vary, but it is believed that over half of the worlds spam is now relayed by compromised That's the key word. Computer users should be educated to safeguard their pcs. But they won't. You can't expect the software producers to give 100% protection, users have a responsibility. Compare the situation with car drivers. They are, in theory, taught the legal and safe way to drive. Very many think they know better and that they don't need to follow the guidelines. If they have an accident the car manufacturers can't be blamed. 4) Trojan diallers, another common technique it to compromise dial up users so that there normal ISP connection is surreptitiously replaced with a ISP service operating on a premium rate phone number. I have had a couple of customers recently who had unexpected phone bills of several hundred pounds more than they were expecting as a result of this. I've heard of this and while I'm not smug I'm pleased to have broadband. But that won't be safe forever. Nothing is. 5) Botnets are often assembled by script kiddies (i.e. relatively unskilled "hackers" using tools, and virus construction sets built by more expert developers). They also in themselves have a "value". Botnets are now openly traded much like any other commodity. So if you were a spammer, you could buy the services of say 25,000 computers for a spamming campaign from the botnets "owner". Yes, they've been around for a long time. Many of these activities can carry on undetected for months unless something happens to draw the users attention to the matter. Typically this is when too the computer gets compromised by too many separate threats and is devoting so many of its resources to running these, it no longer does what it's owner wants or expects. Alternatively some other problem like a browser hijack forces the owner to attempt to scan and remove the problem, and they stumble over the other stuff as well. That's why a user should keep a pc clean. My computer is cleaner than my house ... ! Pretty much all the email worms and viruses that I receive have at some time been propagated as a result of a someone using IE/OE. Pretty much isn't exclusive. How on Earth did you receive them with all your protection? :-^ To be fair, I don't get many - most of the direct threats are removed by our ISPs before I get to see them. Some spam still gets through, as do copious bounce messages that indicate someone has got their PC compromised and it is now sending spam pretending to come from one of our domains! Nothing is 100% perfect in any sphere of life. Even you. Even me :-) The few nasties that get as far as the computer run into a compatibility problem, in that the (Non PC, MS, or Intel) email system is not compatible with them! I don't understand that - but I'm willing to be instructed. Every customer I go to see, who is complaining that their computer is running slowly or misbehaving in some other way, has a machine loaded with spyware and trojans that have arrived as a result of a lack of attention to detail on their part, coupled with use of IE/OE. It is sometimes difficult to get their attention, but you can change their software! Can't you educate them? Or is it in your interest to change their software? And you're saying that no-one who has whatever alternatives there are NEVER get such nasties? "No-one" would be going too far, since even if the alternative software was invulnerable (which it isn't), the human element it still a weak link. However I have yet to encounter any PCs that have been thoroughly compromised in the same way, where the users have not been using IE/OE as their primary internet suite. I am not sure how much statistical significance you can draw from this, since if they are savvy enough to actively seek out alternatives, they are already aware of many of the risks. Yes ... You also have to be aware that an unpatched Win2K / XP system can get compromised just being connected to the internet with no firewall. This is irrespective of any software that runs on top for email/web access. That's what firewalls are for ... I support the responsible use of MS, it works well for me. Glad to hear it, so do I. So long as it is not also at the same time doing sterling service for a spotty teenager in Vladivostok, then carry on. Or even in Basildon. Thanks for a full resume of your opinions. They're not wasted. Mary |
|
#46
|
|||
|
|||
|
In message , ":::Jerry::::"
wrote "nightjar .uk.com" nightjar@insert_my_surname_here wrote in message ... "Alan" wrote in message ... In message , nightjar wrote and they usually do not come with automatic installation of security updates when vulnerabilities are found. Is this an advantage? Allowing any third party to automatically update your software is foolish. No doubt you bought Betamax too, or would have if you are too young to recall it. He probably did or would have done, seeing that Betamax was far in-excess a better format than VHS could ever hope to be... No - I followed the crowd and bought on price rather than quality. As with many items the market leader often doesn't have the best product, or even the best product for the price. Why do Microsoft products need so many security updates? Surely after 10 years of development simple programs such as OE and IE should be shipped free of bugs? -- Alan |
|
#48
|
|||
|
|||
|
"Lee" wrote in message ... nightjar nightjar@ wrote: No doubt you bought Betamax too, or would have if you are too young to recall it. Colin Bignell Somewhat ironic comaprison, since Betamax was technically far superior to VHS That was precisely my point. There is little point in having the best product if it does not sell. Colin Bignell |
|
#49
|
|||
|
|||
|
Mary Fisher wrote:
If anyone is tempted by these applications, where are they obtained, how much do they cost, how are they installed ... etc. The simplest to get on with would be Thunderbird: http://www.mozilla.org/products/thunderbird/ Click the download link, run the setup program when done, and then configure much like you would OE. The Bat - easy to setup and use - can also do the MS Exchange integration that usually requires Outlook: http://www.ritlabs.com/en/products/ Forte Agent - a google will turn up loads of versions, but here is one: http://www.forteinc.com/main/homepage.php Tin (not recommended for newbies) in its original versions can be found he http://www.tin.org/ And a windows port he http://two-wugs.net/wintin/ Then people have to learn new skills ... To some degree yes. In the case of Thunderbird then not many. It does, alas many do not even read the suggestions (e.g. the recent very sensible change to turn on the firewall in XP SP2 by default. This was necessary simply because the majority of users did not bother to enable it even though it was installed and ready to go). So you're suggesting applications which don't suggest that users think for themselves? I am not suggesting that users don't think for themselves, but at the same time I do not believe that this is an acceptable get out for software writers to ship fundamentally insecure products. Now MS have started to take these issues more seriously, some of their choices with regard to which default options they use, have been better. However even their best efforts with WinXP SP2 ("the best windows yet" TM MS) still fall way short. It is a big problem, computer security is as you say a boring, techy, and a very complex subject. You are not going to force many people to learn about it. Personally I don't like applications that take control away, and make arbitrary decisions for me. However I also accept that for some, applications of this type are the only way they will be moderately safe. I've been using internet for a few years and have never seen a preview pan. I've only heard about them from people who've droned on boringly (!) about how wonderful they are. I've never a) understood why or b) been tempted to try to discover how to do it. But all these folk have not been OE users, they've been telling me about preview panes as one of the refinements of their own systems. The preview pane is by default "on" in OE and Outlook - it is the standard UI. (Look at the View | Layout... menu option). Many people like it because it makes reading emails/news quick and easy - click on the message title, and the message is displayed. The weakness is that if you have a message that is obviously spam / dodgy, there is no easy way to select it for deletion without it also being previewed. The following does indeed explain what I suppose you meant but if you look at your sentence - in innocence as it were - I think you might be puzzled too. Yup, I accept that. It is always difficult to know where to pitch comments like that, and what level of background knowledge to assume. Yes. Fortunately the companies I deal with on-line are extremely security aware. I've reported several spoofs. I think this is important but it's surprising how may people complain about them yet do nothing. Alas it is not always that simple. Try this quiz:- http://survey.mailfrontier.com/survey/quiztest.html That's the key word. Computer users should be educated to safeguard their pcs. But they won't. You can't expect the software producers to give 100% protection, users have a responsibility. I agree. Software producers can't assume full responsibility, although you may feel they do have some responsibility to at least release software that is not a walking security exploit. However who's job is it to do this education? Compare the situation with car drivers. They are, in theory, taught the legal and safe way to drive. Very many think they know better and that they don't need to follow the guidelines. If they have an accident the car manufacturers can't be blamed. There is difference here. You are required by law to pass a test and obtain certification before your drive. You are also required to carry insurance to protect third parties, and you are also required to have your vehicle periodically inspected (after three years) to verify it is not dangerous. The same can not be said for being charmed by the PC world salesman who will explain how you can be "on the internet in ten minutes" with "no training or previous experience". 4) Trojan diallers, another common technique it to compromise dial up users so that there normal ISP connection is surreptitiously replaced with a ISP service operating on a premium rate phone number. I have had a couple of customers recently who had unexpected phone bills of several hundred pounds more than they were expecting as a result of this. I've heard of this and while I'm not smug I'm pleased to have broadband. But that won't be safe forever. Nothing is. You are safer in that respect, especially if your computers modem (if it has one) is not connected to the phone line. Chances are you would notice the reduction in performance if you suddenly got thrown back to dial up ;-) At the same time because of your permanent connection to the net, your computer is a much prised target for just that reason. Many of these activities can carry on undetected for months unless something happens to draw the users attention to the matter. Typically this is when too the computer gets compromised by too many separate threats and is devoting so many of its resources to running these, it no longer does what it's owner wants or expects. Alternatively some other problem like a browser hijack forces the owner to attempt to scan and remove the problem, and they stumble over the other stuff as well. That's why a user should keep a pc clean. My computer is cleaner than my house ... ! Out of interest, how did you learn about these issues? How do you select what software you are going to run to scan for spyware etc? Pretty much all the email worms and viruses that I receive have at some time been propagated as a result of a someone using IE/OE. Pretty much isn't exclusive. Never suggested it was. The few nasties that get as far as the computer run into a compatibility problem, in that the (Non PC, MS, or Intel) email system is not compatible with them! I don't understand that - but I'm willing to be instructed. My email system is not PC compatible, and does not run PC software, and hence by extension PC targeted malware. This alone would not be good security (i.e. it is just an example of "security by obscurity") but as a final line of defence it helps. Every customer I go to see, who is complaining that their computer is running slowly or misbehaving in some other way, has a machine loaded with spyware and trojans that have arrived as a result of a lack of attention to detail on their part, coupled with use of IE/OE. It is sometimes difficult to get their attention, but you can change their software! Can't you educate them? Or is it in your interest to change their software? Education, depends on the willingness of the customer to a large extent. Some take the issues seriously and are keen to do what they can. Those are easy. Some can't resist clicking on every link in every interesting sounding email they receive! Most are somewhere in the middle ground. It is in my interest to keep them safe by whatever means are most appropriate in the circumstance. That way I get fewer support calls, and more recommendations. We publish a few tips on our web site that can help: http://www.internode.co.uk/qna_internet.htm We also try to guide people toward using a router for broadband access: http://www.internode.co.uk/service_homeadsl.htm You also have to be aware that an unpatched Win2K / XP system can get compromised just being connected to the internet with no firewall. This is irrespective of any software that runs on top for email/web access. That's what firewalls are for ... But how so you download one safely on a Win2K system? Or even in Basildon. shivers don't use that word.... used to work there once! -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#50
|
|||
|
|||
|
Alan wrote:
Why do Microsoft products need so many security updates? Surely after 10 years of development simple programs such as OE and IE should be shipped free of bugs? History mostly. MS dis not "get" the internet until the late 90's, at which point the saw it as a threat (hence the browser wars etc). Their focus was on winning at any cost, and a way to do this was by cramming in "features", and effecting ever closer integration and linking between unrelated products to best exert their monopoly on the desktop OS. Security did not seem to get any consideration (and to be fair the net was a far safer place). -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#51
|
|||
|
|||
|
"Alan" wrote in message ... Why do Microsoft products need so many security updates? Surely after 10 years of development simple programs such as OE and IE should be shipped free of bugs? I'm sure every other product mentioned here has ten times as many security holes. But with so many fewer users, and those that do often have other security measures in place, it is not worth the idiots who write these viruses and so on handling them. And talking of part P, which we weren't for once, I wonder when will writing software become part of the regs :-) |
|
#52
|
|||
|
|||
|
On Thu, 16 Dec 2004 06:41:45 +0000, Mike wrote:
I'm sure every other product mentioned here has ten times as many security holes. But with so many fewer users, and those that do often have other security measures in place, it is not worth the idiots who write these viruses and so on handling them. No this isn't the case at all. There are alternative OS's around that were designed from the ground up to be secure and consequently the programs written for them are so much more secure. -- Regards Tony Hogarty (Take out the garbage to reply) |
|
#53
|
|||
|
|||
|
"Alan" wrote in message ... ..... Why do Microsoft products need so many security updates? Surely after 10 years of development simple programs such as OE and IE should be shipped free of bugs? Because there are a lot more people out there trying to break them than MS can put on making them. While the popular image of the virus writer is a spotty kid working alone, much of the work is funded by the porn industry, which is even richer than Bill Gates. Purely destructive viruses are almost certainly the work of the lone geek, motivated either by a feeling of superiority over anyone who does not use whatever he thinks is the 'right' system or by a desire to be seen by his peers as the geekiest. Malware that exploits weaknesses in the world's most popular programmes to allow the spread of spam, illegal hosting, trojan dialers and the like, has most likely been created by paid employees of the porn industry. Colin Bignell |
|
#54
|
|||
|
|||
|
Bob Eager wrote:
On Wed, 15 Dec 2004 21:25:26 UTC, (dmc) wrote: In article , Bob Eager wrote: Same here, with ProNews/2! But I started over 20 years ago with 'rn'... Some of us are still using a varient of rn.... (moved to trn and now use strn )That's what comes of working in a UNIX hotbed....! (tho' not as hot as it was...) The latest versions of text based newsreaders for Unix/Linux are *better* in many ways than the newer GUI ones. (I use tin). -- Chris Green |
|
#55
|
|||
|
|||
|
In article , Alan wrote:
Why do Microsoft products need so many security updtes? Surely after 10 years of development simple programs such as OE and IE should be shipped free of bugs? Because MS's instinctive answer to the question "Wouldn't it be cool if" [e.g. any old program could grab your email address list] is Yes, whilst pragmatists would answer No -- Tony Bryer SDA UK 'Software to build on' http://www.sda.co.uk Free SEDBUK boiler database browser http://www.sda.co.uk/qsedbuk.htm |
|
#56
|
|||
|
|||
|
|
|
#57
|
|||
|
|||
|
"Tony Hogarty" wrote in message news  an.2004.12.16.07.35.47.483354@tjhpropertygar bage.co.uk...On Thu, 16 Dec 2004 06:41:45 +0000, Mike wrote: I'm sure every other product mentioned here has ten times as many security holes. But with so many fewer users, and those that do often have other security measures in place, it is not worth the idiots who write these viruses and so on handling them. No this isn't the case at all. There are alternative OS's around that were designed from the ground up to be secure and consequently the programs written for them are so much more secure. However, it is their relative obscurity that protects them much better than their relative security. If there were serious money to be made from breaking them, as there is with MS products, it is unlikely that they would fare a great deal better. Colin Bignell |
|
#58
|
|||
|
|||
|
On Thu, 16 Dec 2004 17:01:14 +0000, nightjar wrote:
"Tony Hogarty" wrote in message news an.2004.12.16.07.35.47.483354@tjhpropertygar bage.co.uk...On Thu, 16 Dec 2004 06:41:45 +0000, Mike wrote: I'm sure every other product mentioned here has ten times as many security holes. But with so many fewer users, and those that do often have other security measures in place, it is not worth the idiots who write these viruses and so on handling them. No this isn't the case at all. There are alternative OS's around that were designed from the ground up to be secure and consequently the programs written for them are so much more secure. However, it is their relative obscurity that protects them much better than their relative security. If there were serious money to be made from breaking them, as there is with MS products, it is unlikely that they would fare a great deal better. Colin Bignell No unfortunately you are very wrong in your assumption. There have been attempts to write viruses for *nix sysytems previously and fortunately they come to nothing because they can carry no useful payload and more importantly they cannot propogate. Read this article for a fuller description of the differences http://www.securityfocus.com/columnists/188 -- Regards Tony Hogarty (Take out the garbage to reply) |
|
#59
|
|||
|
|||
|
nightjar nightjar@ wrote:
However, it is their relative obscurity that protects them much better than their relative security. If there were serious money to be made from breaking them, as there is with MS products, it is unlikely that they would fare a great deal better. Not sure that adds up... The large installed base of MS products will make them an attractive target, but I don't think you can cite that as the only reason for their apparent lack of security. MS has only recently jumped on the security bandwagon, prior to that they paid it little attention at all, preferring to concentrate on adding features. Remember that MS do not dominate in the server space. One of the most common OSs about must be IOS from Cisco. As deployed in critical internet routers and gateways the world over. Highly attractive (and profitable) target for the black hat community, but in comparison relatively few compromises despite a massive installed user base. There are far more internet servers out there running Solaris or Dead Rat with Apache, Tomcat, PHP etc, but the vast majority of the compromises affect the less common Windows / IIS setups. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#60
|
|||
|
|||
|
In message , Rob Morley
wrote Microsoft has done very little innovative development on IE, and previous "enhancements" like ActiveX have proved to be something of a liability as far as security is concerned. Have M$ ever done any innovative development? It appears that, in common with many large software companies, it finds something useful produced by a small firm and buys it out. The original M$ product appears to have just been ripped off -- Alan |
|
#62
|
|||
|
|||
|
"Tony Hogarty" wrote in message news an.2004.12.16.17.08.29.773277@tjhpropertygar bage.co.uk....... No unfortunately you are very wrong in your assumption. There have been attempts to write viruses for *nix sysytems previously and fortunately they come to nothing because they can carry no useful payload and more importantly they cannot propogate. Read this article for a fuller description of the differences http://www.securityfocus.com/columnists/188 Essentially, that says that the main differences are that there are too many different programmes out there for one virus to be a problem for everyone and that Linux does not do some of the things that have proved to cause problems with Windows. The first is consistent with my statement about their relative obscurity. The second simply means that the system is not vulnerable to problems that have been identified with an entirely different operating system in the past. Nothing in the article convinces me that, if a multi-billion pound industry, which probably motivates it programmers as much by fear of what happens if they fail as it does by the rewards if they succeed, would not find vulnerabilities to exploit, if it found the desire to do so. The relativly better security probably does protect it from the occasional destructive geek. However, I would need a lot more convincing that it could withstand the sort of highly organised, well funded attacks that MS products are subjected to. Colin Bignell |
|
#63
|
|||
|
|||
|
John Rumm wrote:
The simplest to get on with would be Thunderbird: http://www.mozilla.org/products/thunderbird/ OK, sold! I've finally gone and done it - dumped OE that is - and am posting my first message via Thunderbird. Can't say I can see a whole lot of difference yet; but at least I no longer see that bloody attachment icon which Mr Eager insists on including in all his posts! David |
|
#64
|
|||
|
|||
|
"John Rumm" wrote in message ... nightjar nightjar@ wrote: However, it is their relative obscurity that protects them much better than their relative security. If there were serious money to be made from breaking them, as there is with MS products, it is unlikely that they would fare a great deal better. Not sure that adds up... The large installed base of MS products will make them an attractive target, but I don't think you can cite that as the only reason for their apparent lack of security. MS has only recently jumped on the security bandwagon, prior to that they paid it little attention at all, preferring to concentrate on adding features. I'm not saying that is the reason for their lack of security. I am saying that the lack of similar levels of attack is one factor in other systems appearing to be more secure than they possibly are. Remember that MS do not dominate in the server space. One of the most common OSs about must be IOS from Cisco. As deployed in critical internet routers and gateways the world over. Highly attractive (and profitable) target for the black hat community, but in comparison relatively few compromises despite a massive installed user base. There are far more internet servers out there running Solaris or Dead Rat with Apache, Tomcat, PHP etc, but the vast majority of the compromises affect the less common Windows / IIS setups. The people running servers are likely to be much more computer savvy than the average Windows user and, even if all other things were equal, that alone would make them less attractive targets. As it is, there will be a better return on the time and money spent on finding even more vulnerabilities in Windows, so why bother with other systems? Colin Bignell |
|
#65
|
|||
|
|||
|
John Rumm wrote:
The simplest to get on with would be Thunderbird: http://www.mozilla.org/products/thunderbird/ OK, sold! I've finally gone and done it - dumped OE that is - and am posting my first message via Thunderbird. Can't say I can see a whole lot of difference yet; but at least I no longer see that bloody attachment icon which Mr Eager insists on including in all his posts! David |
|
#66
|
|||
|
|||
|
Lobster wrote:
John Rumm wrote: The simplest to get on with would be Thunderbird: http://www.mozilla.org/products/thunderbird/ OK, sold! I've finally gone and done it - dumped OE that is - and am posting my first message via Thunderbird. Can't say I can see a whole lot of difference yet; but at least I no longer see that bloody attachment icon which Mr Eager insists on including in all his posts! David B*gger - sorry for the dupes: still learning Thunderbird... |
|
#67
|
|||
|
|||
|
"Huge" wrote in message ... "nightjar" writes: .... However, I would need a lot more convincing that it could withstand the sort of highly organised, well funded attacks that MS products are subjected to. Be convinced. It will, it can, and it does. The porn industry does not target Linux, because there is no profit in doing so, so you cannot say that it does resist the sort of highly organised, well funded attacks that Windows is subjected to. Colin Bignell |
|
#68
|
|||
|
|||
|
In message , nightjar
writes "Tony Hogarty" wrote in message news an.2004.12.16.17.08.29.773277@tjhpropertyga rbage.co.uk...... No unfortunately you are very wrong in your assumption. There have been attempts to write viruses for *nix sysytems previously and fortunately they come to nothing because they can carry no useful payload and more importantly they cannot propogate. Read this article for a fuller description of the differences http://www.securityfocus.com/columnists/188 Essentially, that says that the main differences are that there are too many different programmes out there for one virus to be a problem for everyone and that Linux does not do some of the things that have proved to cause problems with Windows. The first is consistent with my statement about their relative obscurity. The second simply means that the system is not vulnerable to problems that have been identified with an entirely different operating system in the past. Nothing in the article convinces me that, if a multi-billion pound industry, which probably motivates it programmers as much by fear of what happens if they fail as it does by the rewards if they succeed, would not find vulnerabilities to exploit, if it found the desire to do so. The relativly better security probably does protect it from the occasional destructive geek. However, I would need a lot more convincing that it could withstand the sort of highly organised, well funded attacks that MS products are subjected to. It's largely a matter of attitude and policy. Microsoft has tried for years to move software out of computers and into its own servers, so you would download Word when you needed it and be charged by the hour. This gets them away from the enormous problem of maintaining a revenue stream by constantly producing new versions of everything. Secondly, Microsoft is trying to make money from third-party content, i.e. entertainment, again as a continuous source of revenue. Both ambitions cause Microsoft to look favourably on downloading and running just about anything from anybody on the Internet, and to downplay the risks, even to themselves. Hence an email program which routinely runs attachments received in emails. For a long time, it was not possible to stop Outlook/Outlook Express running attachments automatically. The preview pane meant that it was not even necessary to explicitly look at an email. This behaviour went on long after it became glaringly obvious that it was a stupid idea. The question is, why was it *ever* considered anything other than a stupid idea? Even after it had been 'stopped', it was possible to include an executable in an email and tell Outlook that it was a harmless audio file. Outlook would swallow this and pass it to Windows. Windows would assume Outlook knew what it was doing, and run the file. I kid you not. Linux descends from Unix, which came into being as a network operating system. Network administrators were basically there to stop users ('lusers') doing stupid things, and Unix was designed with that purpose strongly in mind. Microsoft needs to regularly sell new software with new bells and whistles, *to schedule, not when it's ready*, and its job is done once the computer manufacturer has pre-installed Windows. Neither offers any warranty, but which approach would you objectively expect to result in better security? Remember with viruses, it's not just the number of infections that matter, it's the rate of spread. If the common cold was likely to infect less than one other person during the course of the disease, it would not simply be extinct, it would never have evolved. Linux viruses exist, bugs in Linux program exist, but if an infected installation is unlikely to manage to infect another, the infection doesn't spread. There are still machines infected with the Swen virus (though Demon finally seems to have figured out how to spot the emails), but it will never again spread because most machines are now immune. It's not *just* the variation in Linux installations, not *just* that few people run as root, not *just* that nobody has yet been stupid enough to write a mail client like Outlook. Each of these things keeps the loop gain well below unity, and it would take major changes in all of them to make Linux viruses a problem. Immunity to such viruses simply requires the user to get one of them right. -- Joe |
|
#69
|
|||
|
|||
|
"Tony Hogarty" wrote in message news an.2004.12.16.07.35.47.483354@tjhpropertygar bage.co.uk...On Thu, 16 Dec 2004 06:41:45 +0000, Mike wrote: I'm sure every other product mentioned here has ten times as many security holes. But with so many fewer users, and those that do often have other security measures in place, it is not worth the idiots who write these viruses and so on handling them. No this isn't the case at all. There are alternative OS's around that were designed from the ground up to be secure and consequently the programs written for them are so much more secure. I'm afraid that isn't the case. Source codes for Linux and Unix are available allowing many more holes to be identified. MS's mistake was assuming just because source code wasn't published, peiple wouldn't find the inevitable security holes in their product. Similarly the Java system was designed to be secure yet most parts have been cracked wide open. |
|
#70
|
|||
|
|||
|
"Huge" wrote in message ... "nightjar" writes: "Tony Hogarty" wrote in message news an.2004.12.16.17.08.29.773277@tjhpropertyga rbage.co.uk....... No unfortunately you are very wrong in your assumption. There have been attempts to write viruses for *nix sysytems previously and fortunately they come to nothing because they can carry no useful payload and more importantly they cannot propogate. Read this article for a fuller description of the differences http://www.securityfocus.com/columnists/188 Essentially, that says that the main differences are that there are too many different programmes out there for one virus to be a problem for everyone and that Linux does not do some of the things that have proved to cause problems with Windows. Err, isn't that part of the point? However, I would need a lot more convincing that it could withstand the sort of highly organised, well funded attacks that MS products are subjected to. Be convinced. It will, it can, and it does. Oh come on, take off the rose tinted specticles. There are numerous holes in Unix which every university comp grad knows about. The problem is unless you can get access to the systems it isn't worth the hassle of writing a virus or whatever for them. |
|
#71
|
|||
|
|||
|
On Thu, 16 Dec 2004 21:15:07 +0000, Mike wrote:
Oh come on, take off the rose tinted specticles. There are numerous holes in Unix which every university comp grad knows about. The problem is unless you can get access to the systems it isn't worth the hassle of writing a virus or whatever for them. But isn't that rather the point? -- Regards Tony Hogarty (Take out the garbage to reply) |
|
#72
|
|||
|
|||
|
"John Rumm" wrote in message ... nightjar nightjar@ wrote: However, it is their relative obscurity that protects them much better than their relative security. If there were serious money to be made from breaking them, as there is with MS products, it is unlikely that they would fare a great deal better. Not sure that adds up... The large installed base of MS products will make them an attractive target, but I don't think you can cite that as the only reason for their apparent lack of security. MS has only recently jumped on the security bandwagon, prior to that they paid it little attention at all, preferring to concentrate on adding features. Remember that MS do not dominate in the server space. One of the most common OSs about must be IOS from Cisco. As deployed in critical internet routers and gateways the world over. Highly attractive (and profitable) target for the black hat community, How is it attractive ? They might bring down the Internet but where's the profit line ? In fact the only way to make money from it would be to e-mail a version to Cisco and ask for $n,000 or it gets released. For all we know this happens aleady. |
|
#73
|
|||
|
|||
|
"Huge" wrote in message ... "nightjar" writes: "Tony Hogarty" wrote in message news an.2004.12.16.07.35.47.483354@tjhpropertyga rbage.co.uk...On Thu, 16 Dec 2004 06:41:45 +0000, Mike wrote: I'm sure every other product mentioned here has ten times as many security holes. But with so many fewer users, and those that do often have other security measures in place, it is not worth the idiots who write these viruses and so on handling them. No this isn't the case at all. There are alternative OS's around that were designed from the ground up to be secure and consequently the programs written for them are so much more secure. However, it is their relative obscurity that protects them much better than their relative security. Untrue. Windows has fundamental problems, both in design and implementation, with separation of user space from system space. Jave has that separation built in yet it was breached. |
|
#74
|
|||
|
|||
|
"Mike" wrote in message ... "John Rumm" wrote in message ... snip Remember that MS do not dominate in the server space. One of the most common OSs about must be IOS from Cisco. As deployed in critical internet routers and gateways the world over. Highly attractive (and profitable) target for the black hat community, How is it attractive ? They might bring down the Internet but where's the profit line ? I really don't think you understand how and why most viruses or DoS attacks take place.... Profit is not just about money, credibility amongst other virus writers etc is also a profitable reason to launch a virus or DoS attack for those inclined in these activates. |
|
#75
|
|||
|
|||
|
On Thu, 16 Dec 2004 17:08:30 UTC, Tony Hogarty
wrote: No unfortunately you are very wrong in your assumption. There have been attempts to write viruses for *nix sysytems previously and fortunately they come to nothing because they can carry no useful payload and more importantly they cannot propogate. What about the famous Morris worm? -- Bob Eager begin a new life...dump Windows! |
|
#76
|
|||
|
|||
|
On Thu, 16 Dec 2004 19:28:51 UTC, (Huge) wrote:
Untrue. Windows has fundamental problems, both in design and implementation, with separation of user space from system space. True of Win 9x and ME. But NT, 2000 and XP are fundamentally different and do separate those spaces. -- Bob Eager begin a new life...dump Windows! |
|
#77
|
|||
|
|||
|
"nightjar .uk.com" nightjar@insert_my_surname_here wrote in message news:wp- Essentially, that says that the main differences are that there are too many different programmes out there for one virus to be a problem for everyone and that Linux does not do some of the things that have proved to cause problems with Windows. Now here I'm becoming very confused. What's the relationship between Linux and Windows? I thought the attack was on OE ... .... Nothing in the article convinces me that, if a multi-billion pound industry, which probably motivates it programmers as much by fear of what happens if they fail as it does by the rewards if they succeed, would not find vulnerabilities to exploit, if it found the desire to do so. Yes, I think ... The relativly better security probably does protect it from the occasional destructive geek. However, I would need a lot more convincing that it could withstand the sort of highly organised, well funded attacks that MS products are subjected to. Hmm ... I think I'm getting out of my depth :-( Mary Colin Bignell |
|
#78
|
|||
|
|||
|
"Lobster" wrote in message ... John Rumm wrote: The simplest to get on with would be Thunderbird: http://www.mozilla.org/products/thunderbird/ OK, sold! I've finally gone and done it - dumped OE that is - and am posting my first message via Thunderbird. Can't say I can see a whole lot of difference yet; but at least I no longer see that bloody attachment icon which Mr Eager insists on including in all his posts! Who's Mr Eager? I don't get such posts ... Mary David |
|
#79
|
|||
|
|||
|
"nightjar .uk.com" nightjar@insert_my_surname_here wrote in message ... The people running servers are likely to be much more computer savvy than the average Windows user and, even if all other things were equal, that alone would make them less attractive targets. As it is, there will be a better return on the time and money spent on finding even more vulnerabilities in Windows, so why bother with other systems? .... until other systems are used by more people. Mary Colin Bignell |
|
#80
|
|||
|
|||
|
"Joe" wrote in message ... It's largely a matter of attitude and policy. Microsoft has tried for years to move software out of computers and into its own servers, so you would download Word when you needed it and be charged by the hour. This gets them away from the enormous problem of maintaining a revenue stream by constantly producing new versions of everything. Secondly, Microsoft is trying to make money from third-party content, i.e. entertainment, again as a continuous source of revenue. Both ambitions cause Microsoft to look favourably on downloading and running just about anything from anybody on the Internet, and to downplay the risks, even to themselves. Hence an email program which routinely runs attachments received in emails. For a long time, it was not possible to stop Outlook/Outlook Express running attachments automatically. The preview pane meant that it was not even necessary to explicitly look at an email. This behaviour went on long after it became glaringly obvious that it was a stupid idea. The question is, why was it *ever* considered anything other than a stupid idea? Even after it had been 'stopped', it was possible to include an executable in an email and tell Outlook that it was a harmless audio file. Outlook would swallow this and pass it to Windows. Windows would assume Outlook knew what it was doing, and run the file. I kid you not. You're making these statements as though they are fact, not opinion. If you claim that they re factual you need to support them with evidence. Remember with viruses, it's not just the number of infections that matter, it's the rate of spread. If the common cold was likely to infect less than one other person during the course of the disease, it would not simply be extinct, it would never have evolved. Linux viruses exist, bugs in Linux program exist, but if an infected installation is unlikely to manage to infect another, the infection doesn't spread. But if the MS critics have their way and many more people have Linus the vuruses WILL be able to spread, thus Linux will be as bvulnerable as OE. It's not *just* the variation in Linux installations, not *just* that few people run as root, not *just* that nobody has yet been stupid enough to write a mail client like Outlook. Using words like 'stupid' is offensive and diminishes your credibility. Mary |
| Reply |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Forum | |||
| Computer power supply capacitors - generic question | Electronics Repair | |||
| OT - computer network question... | Metalworking | |||
| computer in the shop | Woodworking | |||
| Computer in the shop | Woodworking | |||
| CNC computer | Metalworking | |||
Linear Mode
