 |
|
| UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
| Reply |
|
|
LinkBack | Thread Tools | Display Modes |
|
#121
|
|||
|
|||
Mary Fisher wrote:
"Joe" wrote in message ... It's largely a matter of attitude and policy. Microsoft has tried for years to move software out of computers and into its own servers, so you snip Outlook would swallow this and pass it to Windows. Windows would assume Outlook knew what it was doing, and run the file. I kid you not. You're making these statements as though they are fact, not opinion. If you claim that they re factual you need to support them with evidence. Well, I can verify what he is saying in this instance... attach whatever significance you wish to that. If you want to get a feeling for the workings of the Microsoft mind, there are two sources I would point you at. The first are the (now famous) "Halloween Documents" - these are internal policy study documents that leaked out of Microsoft. A fully annotated set here make for very interesting reading: http://www.opensource.org/halloween/halloween1.php The second big insight is much of the information placed into the public record as a result of Microsoft's big anti trust trial. Emails from the likes of Gates and Balmer give a good insight to their attitude to a wide range of topics. A good starting place might be he- http://www.theregister.co.uk/1998/10...soft_on_trial/ But if the MS critics have their way and many more people have Linus the vuruses WILL be able to spread, thus Linux will be as bvulnerable as OE. There is an argument of scale here, i.e. more installs of a competing product would lead to more possibility of virus spread. However there are very real architectural differences between windows and most other OSs that make this far harder to happen. Also there is the issue of the MS dominance of the desktop being a monoculture, which provides a largely uniform target. The multitude of variants of the different *nix platforms create a less uniform target and hence harder to exploit even if they had the same penetration on the desktop as Windows. Finally remember that the systems to which you refer *are* already ubiquitous in the servers and infrastructure that run the internet. It's not *just* the variation in Linux installations, not *just* that few people run as root, not *just* that nobody has yet been stupid enough to write a mail client like Outlook. Using words like 'stupid' is offensive and diminishes your credibility. There were undoubtedly some very poor decisions made with regard to OE and outlook. Many of these were driven by a desire for integration with MS Office. Many of these have now been reversed or excised. However the legacy of some is still with us. Take for example the inclusion of the ability to generate and render HTML markup in emails. Prior to MS making this popular, email was predominantly a text only platform. Without HTML, email would be far less attractive platform to spammers/marketers, less suitable for phishing, and about 1/5th the size. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#122
|
|||
|
|||
|
JM wrote:
I know that Apache is the most common webserver 'out there', but I read some time ago (sorry, no links available) that very few Fortune 500 companies use it, instead going with Windows. That seems unlikely somehow... have a look at some of the graphs of Apache Vs the rest he- http://news.netcraft.com/archives/we...er_survey.html -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#123
|
|||
|
|||
|
Mike wrote:
Remember that MS do not dominate in the server space. One of the most common OSs about must be IOS from Cisco. As deployed in critical internet routers and gateways the world over. Highly attractive (and profitable) target for the black hat community, How is it attractive ? They might bring down the Internet but where's the profit line ? You need to think a little bigger! What would be the most reliable way of wiping a corporate web site from the `net; DDoSing it with an army of zombies, or completely isolating it by hacking the core routers? How much could you extort from a major telcoms company if you could take out a slice of their VoIP traffic? What would you rather do, phish somones online banking details, or get a backdoor into the bank's web server instead? Imagine the extortion potential if you had hacked a router to duplicate and deliver a complete copy of all of a multinational's external email and VoIP traffic to you as well? In fact the only way to make money from it would be to e-mail a version to Cisco and ask for $n,000 or it gets released. For all we know this happens aleady. the source for IOS has already been leaked... there was also at e last one competitor accused (but never proven since they settled out of court) of using something very like it on their own range of routers. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#124
|
|||
|
|||
|
Huge wrote:
Untrue. Windows has fundamental problems, both in design and implementation, with separation of user space from system space. Another example of marketing triumphing over engineering. In the case of NT the core OS was originally designed by Dave Cutler and his team (the same people who built the rock solid VMS system for DEC). It was well partitioned with isolation between kernel and other core parts of the system. This made it well suited to being a server OS. Alas the desire to get better performance on the desktop has resulted in conflicting requirements as MS try to make windows all things to all men. With ever more functionality being moved into the kernel space (Win32 API, Graphics sub-system etc), to get a better "user experience". -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#125
|
|||
|
|||
|
Bob Eager wrote:
On Thu, 16 Dec 2004 19:28:51 UTC, (Huge) wrote: Untrue. Windows has fundamental problems, both in design and implementation, with separation of user space from system space. True of Win 9x and ME. But NT, 2000 and XP are fundamentally different and do separate those spaces. Not to the extent they used to. NT3.51 excluded the APIs (Win32, Posix, OS/2) from the kernel along with things like the GDI. Alas these boundaries have been further eroded with each subsequent release as more and more of these have moved into kernel space to get more performance from them. The fact the things like large lumps of the GDI have evolved from the Win9x codebase, and has then been artificially welded to bits of IE should also be cause for concern. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#126
|
|||
|
|||
|
"John Rumm" wrote in message ... nightjar nightjar@ wrote: to do so. The relativly better security probably does protect it from the occasional destructive geek. However, I would need a lot more convincing that it could withstand the sort of highly organised, well funded attacks that MS products are subjected to. I would be very supprised if the systems that build the core of the internet backbone, coupled with those that run the highest profile sites are not subjected to the most deliberate attacks going. If you were a black hat looking to do mischief, what would be a bigger prize.... A big pile of Windows boxes? or eBay, the BBC News site, and Telehouse in docklands? I'm not talking about the mischief makers, who are only a small part of the problem. What I am talking about is the organised attacks by teams of programmers working for criminals, primarily those distributing porn, that are aimed at making money from the computer users. The Windows boxes are both easier to get into and more likely to yield returns, both because the users are less likely to know how to stop the attacks and because there are simply so many of them that even duping a very small percentage of them will bring in lots of money. I don't see any profit for that sector in attacking servers, high profile sites or the internet itself. Colin Bignell |
|
#127
|
|||
|
|||
|
John Rumm wrote:
Mary Fisher wrote: "raden" wrote in message And can I suggest that people at least take a look at http://mcs.open.ac.uk/safecomputing How do I know that it's safe to open this? I'm serious, not being flippant. Good question! In this case the answer is "because you trust the person giving the advice". However normally it would be because you were using a web browser unlikely to be vulnerable to web based exploits, your virus scanner will be running, it's signature files up to date. So to your firewall. You will have installed the Sun JVM as a replacement for the Microsoft one and made it the default. However if you are visiting a site you are unsure about you will have turned off both Java and Javascript, at least initially. If you still have doubts, type the URL into google and see if there are discussions raging about it. Don't be an early adopter, wait for a couple of others to post responses to what they have read. If they are not complaining about an itchy feeling in their bin directory, chances are you will be ok as well! So you do this every time you look at a file? It would make web browsing rather laborious in my opinion. I don't use Windows for any web activities though. -- Chris Green |
|
#128
|
|||
|
|||
|
In article , nightjar
URL:mailto:[email protected]. wrote: No doubt you bought Betamax too, or would have if you are too young to recall it. Betamax and V2000 buyers looked for quality over commonality. This tends NOT to describe the IE/OE/MS brigade. -- AJL Electronics (G6FGO) Ltd : Satellite and TV aerial systems http://www.classicmicrocars.co.uk : http://www.ajlelectronics.co.uk |
|
#129
|
|||
|
|||
|
In article , raden wrote:
Because I posted the URL, that's why Ah, but how do I know you are who you claim to be. You might be a mad hacker/axe murderer/IMM sitting outside of geoffs house having hacked his wireless network... Darren |
|
#131
|
|||
|
|||
|
OK, sold! I've finally gone and done it - dumped OE that is - and am
posting my first message via Thunderbird. Has the news part been updated? I tried Thunderbird 0.9, but I couldn't get it to easily highlight the entire thread of any thread I'd posted in. Does Thunderbird 1.0 offer any advances in this direction? Christian. |
|
#132
|
|||
|
|||
|
nightjar nightjar@ wrote:
If you were a black hat looking to do mischief, what would be a bigger prize.... A big pile of Windows boxes? or eBay, the BBC News site, and Telehouse in docklands? I'm not talking about the mischief makers, who are only a small part of the problem. What I am talking about is the organised attacks by teams of programmers working for criminals, primarily those distributing porn, that are aimed at making money from the computer users. The Windows boxes are I was including all forms of malicious activity in my phrase "do mischief" - not just the script kiddies out for a good time, but the organised criminal as well. both easier to get into and more likely to yield returns, both because the users are less likely to know how to stop the attacks and because there are simply so many of them that even duping a very small percentage of them will bring in lots of money. I don't see any profit for that sector in attacking servers, high profile sites or the internet itself. For a good proportion of attacks I think you are right. Some like premium rate phone scams only work on the small scale. Others like identity theft obviously work well enough on the small scale, even if the stolen identity itself then goes on to fry much bigger fish in the real world. However for the larger organised crime (or even terrorist) bodies, I can also see big value in the larger scale targets. If extortion is your game, it is going to be far more effective if you can interfere with the infrastructure directly (even if you proxy through a pile of zombies to cover your tracks!) As I mentioned in another part of the thread, imagine the mileage in being able to completely isolate a site on the web, or steal/redirect all it's traffic, or wipe out (or just tap) a large part of a multinationals VoIP calls. In many respects this is probably an academic discussion, since even if an alternative OS made big inroads into Windows' market share on the desktop, it is unlikely to result in the same monoculture that would allow like for like comparisons to be made. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#133
|
|||
|
|||
|
In article , Mary Fisher
wrote: Sorry, it was just an irritated, pesonal, throwaway line - but I've been very interested by the replies. So were we when we saw them the first time round. Would you please try to trim to context, at least a bit? -- AJL Electronics (G6FGO) Ltd : Satellite and TV aerial systems http://www.classicmicrocars.co.uk : http://www.ajlelectronics.co.uk |
|
#134
|
|||
|
|||
|
Mary Fisher wrote:
Despite Linux's inherent security model, there is nothing to stop people messing it up if they do stupid things while logged in as root. I wish I understood the language you're using, isn't it possible to say it without using jargon? While I understand the need for jargon among Those Who Know, it's not helpful to those who don't. I take it you mean the bit about "root"? Unix and similar platforms have always been multi user systems. The OS supports a security model that allows the person who administers the computer to control in very fine detail exactly what each user can see and do with the computer (i.e. which files they are able to read, those they can write, applications they can use). This "super user" uses an account that is traditionally called "root". They have root privileges which allow them to do anything they like to any file on the system, irrespective of who it belongs to, or whether it is a critical part of the OS itself. The accepted wizdom in these circles is that ordinary users are given accounts that do not have these privileges. Hence they are unable to access critical system files or files belonging to other users. Even a user with a root account would typically have a separate less privileged one for thier day to day activities, simply as a safeguard against them doing something silly. One of the affects of this is that should a user get duped into running a malitious application, there is still very little it can do to cause harm because the user does not have the privilege to do widespread damage to the system. Versions of windows in the 9x line (i.e. 95, 98, ME) don't support any of these concepts. Anyone sat in front of the computer has complete control over it. Hence any application they run also has free reign. Versions of windows in the NT Line (NT3.5 - 4.0, Win2K, WinXP, Win Server 2003), however do support these concepts. They have a root account that is by default called "administrator". A well setup system can be orgainised in exactly the same way as the typical *nix system. However there is a cultural difference. Very few of the people now using these systems are instructed to create themselves a less privileged account to use for day to day activities. Microsoft don't shout it from the roof tops, even though they know it to be a good thing. In the case of Windows XP Home Edition, they even hide the fact that these capabilities exist, and hence you automatically end up doing everything with administrator privilege. Presumably this is because they feel these concepts would add complexity for the user, especially the one who has graduated from the Win98 system, and is used to being able to install what they want, when they want, without giving it a second thought. However by allowing them to use the system without having to lean some of these security fundamentals, they lay them open to all sorts of future problems. There is a worrying trend with some of the Linux versions that are targeted at Windows users, of them following this same path. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#135
|
|||
|
|||
|
Christian McArdle wrote:
OK, sold! I've finally gone and done it - dumped OE that is - and am posting my first message via Thunderbird. Has the news part been updated? I tried Thunderbird 0.9, but I couldn't get it to easily highlight the entire thread of any thread I'd posted in. Does Thunderbird 1.0 offer any advances in this direction? Create a message filter that looks for a "sender" containing your name or address, and have the filter set the thread to be "watched", and also label the post "personal" or "important". This will cause the colour of the title to be shown in a different colour. That way you can very quickly check the state of all the threads you have participated in simply by selecting "View | Threads | Watched threads with unread". That will then only show threads you have posted to, that also have new posts in them. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#136
|
|||
|
|||
|
In message , Lobster
wrote Look at any post from Bob Eager; in OE you'll see an 'attachment' icon by all his messages, due to a bug in OE which he deliberately exploits for reasons best known to himself I see no attachment with the software I use - only a properly formed signature. Perhaps it's only people with faulty software that have the problem. -- Alan begin again |
|
#137
|
|||
|
|||
|
John Rumm wrote:
wrote: If you still have doubts, type the URL into google and see if there are discussions raging about it. Come to think about it isn't this rather tautological! :-) Don't be an early adopter, wait for a couple of others to post responses to what they have read. If they are not complaining about an itchy feeling in their bin directory, chances are you will be ok as well! So you do this every time you look at a file? It would make web browsing rather laborious in my opinion. Well the things relating to setup and choice of software are fit and forget one off operations. The latter steps would only come into play if I had doubts about the site I was visiting. Since most of the time I am going to recomended sites, or ones I regularly visit however, it is not usualy an issue. Every link you follow is effectively a new site, there is no guarantee at all that it is as 'safe' as the site from which it's linked. I doubt if 1% of the sites I visit are ones I've visited before. Surely you use Google to research things like holidays etc. I've recently been looking for gîtes in morocco, I can just about guarantee that all the sites I visit as a result of a Google search for accomodation in Morocco I will never have visited before. -- Chris Green |
|
#138
|
|||
|
|||
|
John Rumm wrote:
In many respects this is probably an academic discussion, since even if an alternative OS made big inroads into Windows' market share on the desktop, it is unlikely to result in the same monoculture that would allow like for like comparisons to be made. An 'alternative browser' is already doing quite well, even the somewhat biased statistics from sites which simply log the browser ID indicate that Mozilla/Firefox now have a significant and increasing share of the browser 'market'. IE has dropped below 90% and the trend is continuing. I believe this is for a number of reasons:- Peopler *are* listening to discussions like this which air the vulnerabilites of IE. The BBC has been recommending FireFox for a while. Firefox's pop-up blocking is a wonderful feature, when I used IE recently I realised how much I was 'missing' by using FireFox most of the time. FireFox and Mozilla's tabbed browsing is something I really can't live without now. I suspect quite a few other people feel the same way. -- Chris Green |
|
#139
|
|||
|
|||
|
wrote:
Every link you follow is effectively a new site, there is no guarantee at all that it is as 'safe' as the site from which it's linked. True. Surely you use Google to research things like holidays etc. Yup, if you are researching something then you are likely to be browsing many new sites. Hence some of the cautions I mentioned regarding software setup. You can probably save the greatest level of paranoia for when browsing certain categories of sites (i.e. porn, warez, other less mainstream activities shall we say). And obviously never follow links from spam. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#140
|
|||
|
|||
|
In article , "
says... John Rumm wrote: In many respects this is probably an academic discussion, since even if an alternative OS made big inroads into Windows' market share on the desktop, it is unlikely to result in the same monoculture that would allow like for like comparisons to be made. An 'alternative browser' is already doing quite well, even the somewhat biased statistics from sites which simply log the browser ID indicate that Mozilla/Firefox now have a significant and increasing share of the browser 'market'. IE has dropped below 90% and the trend is continuing. I believe this is for a number of reasons:- Peopler *are* listening to discussions like this which air the vulnerabilites of IE. The BBC has been recommending FireFox for a while. Not just them: http://www.theregister.co.uk/2004/09...an_ie_jitters/ |
|
#141
|
|||
|
|||
|
Mary Fisher wrote:
Mary it is obvious that you don't understand the differences between linux and windows. That's true. Nobody's explained it. Ah - a challenge! Let's see if I can do it in under 30 lines. No, this line doesn't count. Nor does this one. The roots of Windows are in providing a graphical user interface layer on top of a small, single-user machine. That single user is/was assumed to have full authority to do anything at all on the machine - access all memory, all disks/files, perform arbitrary input-output operations on all devices. This absence of "privilege separation" was total for all versions of Windows before NT: so, the ol' Windows 3.1 on top of DOS, Win95, Win98, WinME. Importantly, the business model that MS pursued on top of this technology was to offer terms to PC builders which made it financially lunatic for them to offer any other opearting system (OS) alongside Windows, to attract as many third-party developers of hardware and software products to their OS, and to keep the interface specs for Windows technologies changing just fast enough to make it possible to keep up but not to also track other OSes. During this critical market-acqusition phase, stuff which made it harder to develop for Windows or harder to use was *right* *out* - and that included security. The Unix world - where Linux lives - started from a very different place. Its roots are as an OS to let a number of "unprivileged" users share an expensive, well-administered mainframe, while still allowing those individual users to do their own software development. By default, there's little an "ordinary" user running an "ordinary" program under Unix/Linux can do to najjer the whole system or other users on the same machine. Throughout the initial growth period of the PC (1980s/early90s) Unix-on-PC scarcely existed; and the software packages which ran on Unix were specialised "big-iron" things - "serious" databases, and some specialised scientific/engineering stuff. It kept a place in university Computer Science departments because of relatively open licensing conditions for those users. By the early 90s, MS had ambitions for a "grown-up" OS. They devloped the core - the "kernel" - of NT around then. (At least they ripped off a good design - they bought in Dave Cutler and others from DEC, who were shown in a subsequent legal action and settlement to have incorporated chunks of design and actual code from their earlier employer in NT.) NT - on which Win2000, WinXP, and future MS OSes are based - does have "privilege separation". However, it isn't necessarily *used* widely. For concrete examples: in their older 3.51 release of NT, MS left the graphical user interface stuff "outside" the kernel, running at a less privileged level. But this slowed things down too much - made a PC running NT 3.51 fell really sluggish next to a W95 box. So, they yanked all of that code into the kernel - improving performance, but making it a lot easier for poorly-written or malicious software to do Bad Things to the whole system. Similarly, XP "Home Edition" means all the software you run (both "deliberately" and that's run on your behalf) does so as "Administrator", with effectively unlimited rights. Only in the last couple of years have MS started to act to make security be of the same order of importance as ease-of-use. This business of "privilege separation" is the technical heart of why viruses, worms, and the whole clan of malicious software has a significantly easier time spreading under Windows than under Linux or the other Unix-derived OSes (OpenBSD, NetBSD, FreeBSD, and Mac OSX): under the Unix model, the user environment in which some piece of unwanted code gets to run is restricted; under the Windows model, it's significantly less restriced. What's massively frustrating about this to computer professionals is that it's all blindingly obvious and inevitable, and was being warned about throughout the last 15 years and more. And much as it's been economic pressures which have led MS to rationally prioritise features over security, many believe it's only a change in the imposed economic climate - making software producers liable for the foreseeable damage their design decisions cause - which will change the industry's behaviour. Damn, over the 30 line mark. Ah well. Hope it helps someone... Stefek |
|
#142
|
|||
|
|||
|
wrote in message ... .... Peopler *are* listening to discussions like this which air the vulnerabilites of IE. Spyware Blaster includes protection for Mozilla/Firefox, so that cannot be free from vulnerabilities either. The BBC has been recommending FireFox for a while. Firefox's pop-up blocking is a wonderful feature, when I used IE recently I realised how much I was 'missing' by using FireFox most of the time.... There are plenty of third party applications, including freeware, to stop them in IE too. Colin Bignell |
|
#143
|
|||
|
|||
|
"Andy Luckman (AJL Electronics)" wrote in message . .. In article , nightjar URL:mailto:[email protected]. wrote: No doubt you bought Betamax too, or would have if you are too young to recall it. Betamax and V2000 buyers looked for quality over commonality. This tends NOT to describe the IE/OE/MS brigade. I was comparing MS to VHS, not to Betamax and the point is that there is a lot more to a successful product than simply being the best. Colin Bignell |
|
#144
|
|||
|
|||
|
Tony Hogarty wrote:
What about the famous Morris worm? Perhaps I should have said modern nix systems? 1988 is a long long time ago! Maybe, but the types of vulnerabilities the Morris worm exploited are still around - a buffer overflow in fingerd and a privileged debug mode in sendmail, AFAIR. Buffer overflows are still a common method of attack, and sendmail's had 10+ years of after-the-fact "hardening" but still isn't seen as "safe our of the box" by many. The cautious commentator therefore uses words like "significantly harder" when comparing damage and propagation prospects for malicious software under *nix to its prospects under Windows, rather'n "impossible". Unless, of course, they're in marketing ;-) |
|
#145
|
|||
|
|||
|
"nightjar" nightjar@ insert_my_surname_here.uk.com wrote:
wrote in message ... ... Peopler *are* listening to discussions like this which air the vulnerabilites of IE. Spyware Blaster includes protection for Mozilla/Firefox, so that cannot be free from vulnerabilities either. I run it on Linux so that's not really relevant to me. The BBC has been recommending FireFox for a while. Firefox's pop-up blocking is a wonderful feature, when I used IE recently I realised how much I was 'missing' by using FireFox most of the time.... There are plenty of third party applications, including freeware, to stop them in IE too. Yes, but for 'out of the box' usability FireFox wins. As everyone has been saying your average 'man in the street' doesn't want to have to add things on to their basic applications to make them work well. -- Chris Green |
|
#146
|
|||
|
|||
|
JM wrote:
I know that Apache is the most common webserver 'out there', but I read some time ago (sorry, no links available) that very few Fortune 500 companies use it, instead going with Windows. Sorry - but either you read wrong, or you read "Windows Developer" ;-) Month-by-month server surveys are over at www.netcraft.co.uk. As webserver software goes, Apache dominates IIS by over 2:1. Some of that Apache runs on Windows, but more often it's on a *nix - a Linux, Solaris, or BSD most usually. The "by volume of bytes served" surveys I've seen - rather than the "by number of sites" - show an even greater dominance for the non-MS OSes. Of the "top 50 by traffic" Websites, I seem to recall the MS-powered ones being in the single digits. Where MS websites do dominate is in "business enthusiast" sites - SMEs who are either putting their company brochure and "email us!!!" on the free webspace provided by their ISP, or are paying a web-hosting company to do some Web Presence for them. Since most of these companies run MS in the office, it's a more familiar environment for their (possible part-time) IT people to prepare and share content in - FrontPage Is Your Friend. HTH - Stefek |
|
#147
|
|||
|
|||
|
Mike wrote:
Java has that separation built in yet it was breached. Not on anything like the same scale! Yes, there's been at least one documented failure in the *implementation* of the Java sandbox. Contrast that with ActiveX - "sandbox? wot sandbox? you wanna run on my machine? go ahead!". It's almost as if *design* matters, as well as implementation ;-) |
|
#148
|
|||
|
|||
|
On Fri, 17 Dec 2004 15:54:33 UTC, Stefek Zaba
wrote: The Unix world - where Linux lives - started from a very different place. Its roots are as an OS to let a number of "unprivileged" users share an expensive, well-administered mainframe, while still allowing those individual users to do their own software development. Well, it's roots were actually to let two or three unprivileged users play a space war game, on a small minicomputer...! By the early 90s, MS had ambitions for a "grown-up" OS. They devloped the core - the "kernel" - of NT around then. (At least they ripped off a good design - they bought in Dave Cutler and others from DEC, who were shown in a subsequent legal action and settlement to have incorporated chunks of design and actual code from their earlier employer in NT.) It's interesting that the earlier design was VMS (developed in the mid 1970s). Go to the next letter in the alphabet in each case..... Shades of HAL, the computer in '2001'. In both cases the derived initials are said to be an accident, though. -- Bob Eager begin a new life...dump Windows! |
|
#149
|
|||
|
|||
|
nightjar nightjar@ wrote:
wrote in message ... ... Peopler *are* listening to discussions like this which air the vulnerabilites of IE. Spyware Blaster includes protection for Mozilla/Firefox, so that cannot be free from vulnerabilities either. Moz is certainly not free from problems and indeed has some unique ones of its own (the current flaw with tabbed browsing spoofed popups spring to mind). However the list of known issues is far shorter, and more importantly many of the default actions are by design inherently safer. Something to remember with the term "spyware" is that it encompases all the privacy invading things like tracking cookies. If you enable any form of cookies on a browser then you are vulnerable to these. I am not aware of any nasty spyware browser hijacks for Moz like CoolWebSearch though. There are plenty of third party applications, including freeware, to stop them in IE too. Filtergate is one I quite like - very good at removing ads of all types from web pages without breaking too many of them. Only when I use someone else's computer do I realise just how much clutter there is on some of the web sites I use that I never usualy see! -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
|
#150
|
|||
|
|||
|
Bob Eager wrote:
It's interesting that the earlier design was VMS (developed in the mid 1970s). Go to the next letter in the alphabet in each case..... Shades of HAL, the computer in '2001'. In both cases the derived initials are said to be an accident, though. S'far as I know (but I should ask the old VMS crew who after the HP-Compaq merger are now colleagues ;-) the "VMS - WNT" Ceasar-1 was an after-the-fact observation rather than a deliberate construction. I'd always believed the "IBM - HAL" thing was deliberate (and of course WNT has a HAL as the machine-dep/machine-indep interface layer, right? ;-) The afu FAQ gives the IBM-HAL thing as a "U*", i.e. Unknown and Unknowable; it acknowledges that Arthur C Clarke has publicly denied the derivation, but also gives airplay to reasons why such a denial need not be the last and final word on the subject. I'm reminded of the engineering codenames for the first PowerPC Apple Macs - in reaction to their own marketing department's tendency to hype, they'd named the three models after great scientific hoaxes - Piltdown Man (or PDM), Cold Fusion, and Sagan. Apparently, the pre-eminent then-living astronomical populariser considered it a gross slur on his reputation - worth Billions and Billions of dollars ;-) - to be associated with hoaxes, and set his legal eagles onto the Apple Corporation. Who withdrew the codename. And replaced it with BHA. Which did not, not, *not* in any way shape or form, stand for "Butt Head Astronomer". No siree. |
|
#151
|
|||
|
|||
|
"Stefek Zaba" wrote in message ... Mary Fisher wrote: Mary it is obvious that you don't understand the differences between linux and windows. That's true. Nobody's explained it. Ah - a challenge! Let's see if I can do it in under 30 lines. No, this line doesn't count. Nor does this one. The roots of Windows are in providing a graphical user interface layer on top of a small, single-user machine. That single user is/was assumed to have full authority to do anything at all on the machine - access all memory, all disks/files, perform arbitrary input-output operations on all devices. This absence of "privilege separation" was total for all versions of Windows before NT: so, the ol' Windows 3.1 on top of DOS, Win95, Win98, WinME. Importantly, the business model that MS pursued on top of this technology was to offer terms to PC builders which made it financially lunatic for them to offer any other opearting system (OS) alongside Windows, to attract as many third-party developers of hardware and software products to their OS, and to keep the interface specs for Windows technologies changing just fast enough to make it possible to keep up but not to also track other OSes. During this critical market-acqusition phase, stuff which made it harder to develop for Windows or harder to use was *right* *out* - and that included security. The Unix world - where Linux lives - started from a very different place. Its roots are as an OS to let a number of "unprivileged" users share an expensive, well-administered mainframe, while still allowing those individual users to do their own software development. By default, there's little an "ordinary" user running an "ordinary" program under Unix/Linux can do to najjer the whole system or other users on the same machine. Throughout the initial growth period of the PC (1980s/early90s) Unix-on-PC scarcely existed; and the software packages which ran on Unix were specialised "big-iron" things - "serious" databases, and some specialised scientific/engineering stuff. It kept a place in university Computer Science departments because of relatively open licensing conditions for those users. By the early 90s, MS had ambitions for a "grown-up" OS. They devloped the core - the "kernel" - of NT around then. (At least they ripped off a good design - they bought in Dave Cutler and others from DEC, who were shown in a subsequent legal action and settlement to have incorporated chunks of design and actual code from their earlier employer in NT.) NT - on which Win2000, WinXP, and future MS OSes are based - does have "privilege separation". However, it isn't necessarily *used* widely. For concrete examples: in their older 3.51 release of NT, MS left the graphical user interface stuff "outside" the kernel, running at a less privileged level. But this slowed things down too much - made a PC running NT 3.51 fell really sluggish next to a W95 box. So, they yanked all of that code into the kernel - improving performance, but making it a lot easier for poorly-written or malicious software to do Bad Things to the whole system. Similarly, XP "Home Edition" means all the software you run (both "deliberately" and that's run on your behalf) does so as "Administrator", with effectively unlimited rights. Only in the last couple of years have MS started to act to make security be of the same order of importance as ease-of-use. This business of "privilege separation" is the technical heart of why viruses, worms, and the whole clan of malicious software has a significantly easier time spreading under Windows than under Linux or the other Unix-derived OSes (OpenBSD, NetBSD, FreeBSD, and Mac OSX): under the Unix model, the user environment in which some piece of unwanted code gets to run is restricted; under the Windows model, it's significantly less restriced. What's massively frustrating about this to computer professionals is that it's all blindingly obvious and inevitable, and was being warned about throughout the last 15 years and more. And much as it's been economic pressures which have led MS to rationally prioritise features over security, many believe it's only a change in the imposed economic climate - making software producers liable for the foreseeable damage their design decisions cause - which will change the industry's behaviour. Damn, over the 30 line mark. Ah well. Hope it helps someone... Stefek So do I ... more confused than ever but that says more about me than about you Mary |
|
#152
|
|||
|
|||
|
Mary Fisher wrote:
more confused than ever but that says more about me than about you No - the fault is mine. Let me try a boil-down version. Windows starts with the idea that all programs are benign. It expects they're all acting in the interests of the single person who owns and operates the PC. If anyone finds a way of sneaking some program or piece of program onto the machine, that malicious software will have the right to access and change any existing information anywhere on the PC, and do anything a legitimate program could. For example: it can search for files which have sixteen digits in a row in them (maybe with spaces at every 4th position); it can then connect to some other machine Out There and send a copy of that file, which contains a likely credit card number and maybe other information which makes it easier to use that card number fraudelently. Or it can launch a program which will accept an incoming connection from a Bad source of control, which causes the PC to send spam or other nasty traffic to other machines. And it can attach these bits of program to all the existing programs - because it has the right to write to any file, including the ones where programs are stored. Unix starts with the other idea: that there's a restricted set of things which "ordinary" users can do using "ordinary" programs, and only when they explicitly say "I'm acting as the Administrator of this system right now" - typically by logging in under a different username - can they write to program files, scan the contents of all files, or add "always launch this program when starting the system" entries. It's not an absolute defence - the example of setting up a "listen for commands from Out There" program isn't forbidden under most Unixes[1]. But it is a fundamental difference in the way the two systems are designed and run in practice. Later versions of Windows have the capability to be better-defended, but typically aren't set up to take broad advantage of those capabilities. Future versions of Windows will further increase the amount of defence - including using some new hardware features developed under the "Trusted Computing" banner. Unfortunately for the industry at large, as a consequence of MS's legally proven abuse of their dominant market position, there's much suspicion of the motives behind their adoption of this technology... HTH - Stefek [1]On my OpenBSD boxes, I run /home mounted with the "noexecute" option, so "by default" when running as ordinary-mortal I can only execute programs from partitions which I don't have write-access to, such as / and /usr. But it's still not an absolute defence, merely another hurdle for a determined attacker to overcome. As with physical security, the (unmutual ;-) aim is not to make one's computer/house impregnable, but to make it harder than other peoples' computers/houses to break into! I adopt a similar discipline on my XP box - the user under which I log in normally doesn't have Admin rights, has only read access to most of the files in the directory where I install programs, and so on. It's a pain to run this way - far too many programs assume they can scribble in their install directories, and it's a PITA to track down which file they'd like to write to and open up that particular one. MS Office sins this way, even though it's supposedly "Win XP compatible" - having first installed it as God, every time I ran an Office app as Mortal it spent about 4 dialogue boxes trying to install/customise something or other in the place-I-install-programs directory. I only managed to shut it up by upping the privileges of my "ordinary" user to Godlike status briefly, to allow it to do its Magick Customisation or whatever, and having returned the Ordinary user to Mere Mortal status the Office apps no longer whinge on startup. But the effort to run in this reduced-privilege way is well beyond the "can I be arsed" threshold for sensible people... |
|
#153
|
|||
|
|||
|
"Stefek Zaba" wrote in message ... Mary Fisher wrote: more confused than ever but that says more about me than about you No - the fault is mine. Let me try a boil-down version. Windows starts with the idea that all programs are benign. It expects they're all acting in the interests of the single person who owns and operates the PC. If anyone finds a way of sneaking some program or piece of program onto the machine, that malicious software will have the right to access and change any existing information anywhere on the PC, and do anything a legitimate program could. For example: it can search for files which have sixteen digits in a row in them (maybe with spaces at every 4th position); OK, I'm lost already. Look, I'm saving all these posts and promise I shall read, mrk and whoatnot when I get back. At the moment my brain hurts just trying to remember how many socks to take to Wales ... Mary it can then connect to some other machine Out There and send a copy of that file, which contains a likely credit card number and maybe other information which makes it easier to use that card number fraudelently. Or it can launch a program which will accept an incoming connection from a Bad source of control, which causes the PC to send spam or other nasty traffic to other machines. And it can attach these bits of program to all the existing programs - because it has the right to write to any file, including the ones where programs are stored. Unix starts with the other idea: that there's a restricted set of things which "ordinary" users can do using "ordinary" programs, and only when they explicitly say "I'm acting as the Administrator of this system right now" - typically by logging in under a different username - can they write to program files, scan the contents of all files, or add "always launch this program when starting the system" entries. It's not an absolute defence - the example of setting up a "listen for commands from Out There" program isn't forbidden under most Unixes[1]. But it is a fundamental difference in the way the two systems are designed and run in practice. Later versions of Windows have the capability to be better-defended, but typically aren't set up to take broad advantage of those capabilities. Future versions of Windows will further increase the amount of defence - including using some new hardware features developed under the "Trusted Computing" banner. Unfortunately for the industry at large, as a consequence of MS's legally proven abuse of their dominant market position, there's much suspicion of the motives behind their adoption of this technology... HTH - Stefek [1]On my OpenBSD boxes, I run /home mounted with the "noexecute" option, so "by default" when running as ordinary-mortal I can only execute programs from partitions which I don't have write-access to, such as / and /usr. But it's still not an absolute defence, merely another hurdle for a determined attacker to overcome. As with physical security, the (unmutual ;-) aim is not to make one's computer/house impregnable, but to make it harder than other peoples' computers/houses to break into! I adopt a similar discipline on my XP box - the user under which I log in normally doesn't have Admin rights, has only read access to most of the files in the directory where I install programs, and so on. It's a pain to run this way - far too many programs assume they can scribble in their install directories, and it's a PITA to track down which file they'd like to write to and open up that particular one. MS Office sins this way, even though it's supposedly "Win XP compatible" - having first installed it as God, every time I ran an Office app as Mortal it spent about 4 dialogue boxes trying to install/customise something or other in the place-I-install-programs directory. I only managed to shut it up by upping the privileges of my "ordinary" user to Godlike status briefly, to allow it to do its Magick Customisation or whatever, and having returned the Ordinary user to Mere Mortal status the Office apps no longer whinge on startup. But the effort to run in this reduced-privilege way is well beyond the "can I be arsed" threshold for sensible people... |
|
#154
|
|||
|
|||
|
wrote in message ... ... your average 'man in the street' doesn't want to have to add things on to their basic applications to make them work well. He does it for almost everything else in his life ... Mary -- Chris Green |
|
#155
|
|||
|
|||
|
In message , Mary
Fisher writes "Joe" wrote in message ... Hence an email program which routinely runs attachments received in emails. For a long time, it was not possible to stop Outlook/Outlook Express running attachments automatically. The preview pane meant that it was not even necessary to explicitly look at an email. This behaviour went on long after it became glaringly obvious that it was a stupid idea. The question is, why was it *ever* considered anything other than a stupid idea? Even after it had been 'stopped', it was possible to include an executable in an email and tell Outlook that it was a harmless audio file. Outlook would swallow this and pass it to Windows. Windows would assume Outlook knew what it was doing, and run the file. I kid you not. You're making these statements as though they are fact, not opinion. If you claim that they re factual you need to support them with evidence. 1. Google for: iframe midi virus You don't really need to follow any links, some of which look a bit dubious, the few lines Google shows you should be enough. Add klez to the list to see a specific example. 2. Go to an AV vendor's site and search for 'klez'. Read the specifications. Klez is just the best-known of the viruses that used that particular exploit, there were others. 3. http://www.microsoft.com/technet/sec.../MS01-020.mspx This site is fairly safe. Usually. Remember with viruses, it's not just the number of infections that matter, it's the rate of spread. If the common cold was likely to infect less than one other person during the course of the disease, it would not simply be extinct, it would never have evolved. Linux viruses exist, bugs in Linux program exist, but if an infected installation is unlikely to manage to infect another, the infection doesn't spread. But if the MS critics have their way and many more people have Linus the vuruses WILL be able to spread, thus Linux will be as bvulnerable as OE. It's not just numbers of installations, as several people have said. Most of the world's servers, permanently connected to the Internet, run Linux or a BSD variant, or Solaris. When servers crash in bulk, it's almost always the minority Microsoft ones, and almost always the Microsoft web server software that's responsible. Apache (the world's most popular web server) running on Windows is much safer than Microsoft's IIS, and Apache running on Linux or Unix is safer still. Not completely safe, but then nothing is. This is harder to document. See http://news.netcraft.com/archives/we...er_survey.html for popularity of web servers. Google for 'Code Red' and 'Nimda' for various analyses of these worms. I don't know of a site which offers quick side-by-side comparisons of Windows and *nix vulnerabilities. I've supported a Windows server (not, thank the Lord, an Internet-facing one, but an Internet-connected one) for the last five years, so I am personally aware of the relative virus threats, having had to stay informed of them. The two operating system families are built from different starting points. It's a bit like two cars, one designed from scratch with safety in mind and the other having big soft bumpers and extra airbags bolted onto a standard chassis. Better, but still not as good as one designed right. It's not *just* the variation in Linux installations, not *just* that few people run as root, not *just* that nobody has yet been stupid enough to write a mail client like Outlook. Using words like 'stupid' is offensive and diminishes your credibility. Not in connection with something like Outlook. I'm fairly certain that nobody has ever written an email client running under Linux which allows the user to immediately execute code received in emails, let alone does it automatically. It is certainly possible to do such a thing, and not very difficult. I think the word 'stupid' is the very least that could be applied to someone who did it deliberately (opinion). The Outlook designers did (fact). -- Joe |
|
#156
|
|||
|
|||
|
In message , John
Rumm writes Versions of windows in the 9x line (i.e. 95, 98, ME) don't support any of these concepts. Anyone sat in front of the computer has complete control over it. Hence any application they run also has free reign. Versions of windows in the NT Line (NT3.5 - 4.0, Win2K, WinXP, Win Server 2003), however do support these concepts. They have a root account that is by default called "administrator". A well setup system can be orgainised in exactly the same way as the typical *nix system. However there is a cultural difference. Very few of the people now using these systems are instructed to create themselves a less privileged account to use for day to day activities. Microsoft don't shout it from the roof tops, even though they know it to be a good thing. In the case of Windows XP Home Edition, they even hide the fact that these capabilities exist, and hence you automatically end up doing everything with administrator privilege. Presumably this is because they feel these concepts would add complexity for the user, especially the one who has graduated from the Win98 system, and is used to being able to install what they want, when they want, without giving it a second thought. However by allowing them to use the system without having to lean some of these security fundamentals, they lay them open to all sorts of future problems. Another factor is that many Windows-only software writers don't really understand permissions, and some software (even when 'designed' for XP) will not run without administrator permissions. Indeed, Microsoft-trained professionals have been known to advise that users be given admin privileges on workstations on Small Business Server networks, to make SBS itself run properly. -- Joe |
|
#157
|
|||
|
|||
|
"Joe" wrote in message ... I think the word 'stupid' is the very least that could be applied to someone who did it deliberately (opinion). The Outlook designers did (fact). Evidence? -- Joe |
|
#158
|
|||
|
|||
|
Mary Fisher wrote:
OK, I'm lost already. Look, I'm saving all these posts and promise I shall read, mrk and whoatnot when I get back. At the moment my brain hurts just trying to remember how many socks to take to Wales ... Mary, Stefek has spent a great deal of time trying to explain the basics - I think you could at least thank him for his efforts! -- Grunff |
|
#159
|
|||
|
|||
|
On Fri, 17 Dec 2004 22:21:16 UTC, Joe wrote:
The two operating system families are built from different starting points. It's a bit like two cars, one designed from scratch with safety in mind and the other having big soft bumpers and extra airbags bolted onto a standard chassis. Better, but still not as good as one designed right. I can recommend a particular book - not 'techie' which uses this metaphor - also online at: http://www.spack.org/wiki/InTheBegin...TheCommandLine -- Bob Eager begin a new life...dump Windows! |
|
#160
|
|||
|
|||
|
On Fri, 17 Dec 2004 22:37:22 +0000, Joe strung
together this: Another factor is that many Windows-only software writers don't really understand permissions, and some software (even when 'designed' for XP) will not run without administrator permissions. Indeed, Microsoft-trained professionals have been known to advise that users be given admin privileges on workstations on Small Business Server networks, to make SBS itself run properly. I've had trouble with various MS programs on 2000 that don't work unless you're logged in as admin. If MS can't get them to work then no wonder no-one else can....... -- SJW Please reply to group or use 'usenet' in email subject |
| Reply |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Forum | |||
| Computer power supply capacitors - generic question | Electronics Repair | |||
| OT - computer network question... | Metalworking | |||
| computer in the shop | Woodworking | |||
| Computer in the shop | Woodworking | |||
| CNC computer | Metalworking | |||
Linear Mode
