"Fred the Red Shirt" wrote in message
...


Well I am sure that every thing you say here is true, today. But
security
be design is going to be cracked by some one. The strong point to all
the
other systems security is that 99% of the people spamming and sending out
viruses are concentrating on the easy target.


No, the strong point to all of the other systems is that they
_have to be cracked_.

And again I'll say that if Microsoft disappeared tomorrow the attention of
the spamers would be dirrected at cracking the security on the other OS
systems. I do not contest the fact that Microsoft created the Spammers
paradise but having to crack the security of an OS is not going to make the
millions of spamers go away.


Abusers didn't have to crack Windows, they just used the
available plug-ins.

Yes that is true. Path of least resistance. Take that target away and the
tens of thousands or more people that make their living doing this now will
look for the next easiest target.



Using Windows on the internet was like walking into a gay bar
at closing time with your pants down around your ankles.

I would know nothing about that. I'll take your word on that one, BIG BOY.
;~)



... To
think that your set up is impenetrable is to be a bit naive.

False dichotomy--like 'safe' or 'unsafe' in a woodshop.

"Larry Blanchard" wrote in message
news
On Fri, 04 Apr 2008 01:25:46 +0000, Leon wrote:

Until
another OS gets the attention that Windows does by the spammers no really
knows what holes of methods can be devised in the future to cause havoc.
To
think that your set up is impenetrable is to be a bit naive.

Leon, the point he's trying to make is that spammers didn't have to devise
any methods to get into Windows - Microsoft provided them :-).

I totally agree and am not defending Microsoft at all. They created this
problem. But like "nukes" the problem is not going to go away. An industry
has been created and will continue with or with out an easy target.



AFAIK, that is not the case with any of the Unix variants. I wrote code
to control, among other things, smelters, rolling mills, radio
telescopes, and computer aided dispatch. All of them were concerned about
security for obvious reasons, especially the highway patrol :-).

To put it another way, setting up an insecure Unix box takes a fair amount
of work. Work that can only be done by someone with superuser authority.
Setting up a secure Windows box takes a great amount of work and the
result is a crippled system because many features must be disabled.


If Unix became the next OS in every home like Microsoft is now, do you think
that "everyone" would be able to do that fair amount of work to insure its
security against spammers?
I am only saying that Unix is strong because it does not appeal to the
masses, a target not worth the time needed to crack it, today. If Unix
replaced Windows in the future you have thousands and thousands of spammers
that will have reason to go after the next easiest target. I suspect that
Apple would be that target. I remember when Apple had no virus problems.
Had Unix been the first OS to be in every ones homes perhaps Spammers would
not exist today but now they do and they probably are not going to go away
simply because the target becomes harder to get into.

On Fri, 04 Apr 2008 13:50:42 +0000, Leon wrote:






If Unix became the next OS in every home like Microsoft is now, do you think
that "everyone" would be able to do that fair amount of work to insure its
security against spammers?

To put it another way, setting up an insecure Unix box takes a fair
^^^^^^^^

I think you read that one backwards, Leon :-).


I am only saying that Unix is strong because it does not appeal to the
masses, a target not worth the time needed to crack it, today.

I don't doubt that dedicated hackers could get into Unix. They have
before, albeit most intrusions were of the "worm" and not the "virus"
species.

But when every process runs in its own protected memory space, it does
limit the opportunities for system-wide damage. And at least one Unix,
OpenBSD, was designed specifically for security.

But your point is valid. There would surely be more hacking attempts, and
successes, were Unix the predominant OS. I just don't think they'd be as
frequent or as severe.

On Apr 4, 7:08 am, "J. Clarke" wrote:
Maxwell Lol wrote:
Fred the Red Shirt writes:

It sounds like you never heard of the "Join the Crew Virus"
or Windows XP. All of the Linuxes, Unixes, and OSX are
more secure BY DESIGN.

Except when you screw up. The iPhone runs as superuser, and not
an
unpriviledged user. This is one reason why it was so easy to hack.

According to McAfee (and a large number of other sources) the "Join
the Crew Virus" was a hoax.


That's the point.

You can't get a virus just by reading email.

Or rather you couldn't until Microsoft began
writing email clients.

--


FF

On Apr 3, 10:39 pm, Maxwell Lol wrote:
Fred the Red Shirt writes:

You forgot to mention the versions of XP home that required the
user to connect to MS over the internet and without any firewall or
other protections in order to complete the installation.

I had the same problem with Linux years ago. It was a new install,
and while downloading hte latest patches, it was compromised.


Out sysadmin found out (the hard way) that a patch from HP
reset our mailserver to an open relay.

Of course the documentation from HP didn't warn about that,
it was obvious--to them.

--

FF

"Larry Blanchard" wrote in message
news
On Fri, 04 Apr 2008 13:50:42 +0000, Leon wrote:

If Unix became the next OS in every home like Microsoft is now, do you
think
that "everyone" would be able to do that fair amount of work to insure
its
security against spammers?

To put it another way, setting up an insecure Unix box takes a fair
^^^^^^^^

I think you read that one backwards, Leon :-).


Probably so. I have been on medication all week fighting an upper
respitory infection transfered to me my my wife. She sent me an unsecured
e-mail and I read it. ;~)

"Leon" wrote in message
...


I totally agree and am not defending Microsoft at all. They created this
problem. But like "nukes" the problem is not going to go away. An
industry has been created and will continue with or with out an easy
target.

If Unix became the next OS in every home like Microsoft is now, do you
think that "everyone" would be able to do that fair amount of work to
insure its security against spammers?
I am only saying that Unix is strong because it does not appeal to the
masses, a target not worth the time needed to crack it, today. If Unix
replaced Windows in the future you have thousands and thousands of
spammers that will have reason to go after the next easiest target. I
suspect that Apple would be that target. I remember when Apple had no
virus problems. Had Unix been the first OS to be in every ones homes
perhaps Spammers would not exist today but now they do and they probably
are not going to go away simply because the target becomes harder to get
into.


You are correct Leon. So much so, that CERT came into being over a hacked
UNIX environment - not hacked Microsoft environments. Virus', worms, trojan
horses, etc. were all very real threats in the UNIX world. One of the
problem with open source environments like UNIX is that it is indeed easy to
create malicious code. Apple has already seen the attention of the hacker
community as well. Not to the degree that Microsoft has, but for all of the
reasons you've listed.

--

-Mike-

On Apr 4, 9:38 am, "Leon" wrote:
"Fred the Red Shirt" wrote in ...

...


No, the strong point to all of the other systems is that they
_have to be cracked_.

And again I'll say that if Microsoft disappeared tomorrow the attention of
the spamers would be dirrected at cracking the security on the other OS
systems. I do not contest the fact that Microsoft created the Spammers
paradise but having to crack the security of an OS is not going to make the
millions of spamers go away.


Millions of spammers? On what planet?

80% of spam is sent by one hundred spammers. The ROKSO
list has even shrunk in recent years down to to only 112 this week
from about 200 a while back.

Spamhaus doesn't allow deep linking, but you'er welcomed
to go in the front door here http://www.spamhaus.org. Exploring
their site can be quite educational.

Of the top ten spammers, seven are Russian/Ukrainian
organized crime, dominated by former KGB personnel.

Yambo Financials, (ROKSO #9) for example. They have
been hosted by Verizon for several years, maybe even
from before the Worldcon/MCI/UUNet pruchase.

Here's their ROKSO description:

9 Yambo Financials Ukraine
Huge spamhaus tied into distribution and billing for
child, animal, and incest-porn, pirated software, and
pharmaceuticals. Run their own merchant services
(credit-card "collection" sites) set up as a fake "bank."

Currently hosted he

SBL54087
63.81.154.248/31 verizon.com
01-May-2007 03:01 GMT Yambo Financials
Yambo botnet nameservers/webhosts (compromised systems)

Wanna bet those compromised systems are Windows PCs?

Contrary to popular belief the ISPs know who the spammers
are and where they are hosted. While it is easy for a spammer
to hide the identification of his hosting iSP from a typical
recipient,
ISPs have their system logs and people who can read them.

Just after the turn of the millenium the threat of blacklisting of
spam-friendly ISPs had been used to herd most of the ROKSO
spammers onto two ISPs, UUNET (or whatever it was then called)
and one Chinese ISP.

The stage was set to deliver a crippling blow to the worl'd
spammers.
Then the botnets, zombies, and anonymizing servers emerged
not only allowing the spammers to expand their spew, but also to
counter-attack with DDOS attacks against several blacklisters.

Microsoft made that possible. While Leon is correct, that harder
targets can be cracked, it takes more skill, time, and effort to do
so, while the time and effort to close off those security is far less
than that required to 'patch' millions of PCs.

If Microsoft had not thrown the doors to those PCs wide open
to abusers, the opportunities for abuse would have been orders
of magnitude less numerous and that abuse much more easily
curbed.

Yes, if Microsoftware had to be cracked there would have been
more attacks directed at Macs, Unix, and VMS boxes. But the
success rate of those attacks would have been much much lower
and the response to close those security holes much much
faster and more effective.

It would have been much harder for any spammer to aquire any
money, let alone for scores to steal millions.

--

FF

On Apr 4, 9:38 am, "Leon" wrote:
"Fred the Red Shirt" wrote in ...


...

Abusers didn't have to crack Windows, they just used the
available plug-ins.

Yes that is true. Path of least resistance. Take that target away and the
tens of thousands or more people that make their living doing this now will
look for the next easiest target.


While 'tens of thousands' is not as wildly incorrect as 'millions' it
is still
way of the mark. There may have been a total of a few tens of
thousands
of email spammers since the inception of the practice, but the
overwhelming
number of those were chicken boners who almost certainly lost money
by spamming. E.g. they paid for spamware and/or affiliate membership
is some internet-based pyramid scheme, made no sales and got malletted
within hours or days of sending their first spam. Almost every ISP
will
terminate the account of a spammer who isn't paying them a lot extra
(e.g. the notorius 'pink' contracts with ATT and others.) The number
making
a living off spam today are no more than two or three hundred and
never were
any more than that.

There may be fewer today than at any time in the last ten years due
in
no small measure to organized crime offering deals their competition
couldn't refuse.

--

FF

On Apr 4, 1:12 pm, "Leon" wrote:
"Larry Blanchard" wrote in message

news
...

To put it another way, setting up an insecure Unix box takes a fair
^^^^^^^^

I think you read that one backwards, Leon :-).

Probably so. I have been on medication all week fighting an upper
respitory infection transfered to me my my wife. She sent me an unsecured
e-mail and I read it. ;~)


Next time read your email while
wearing a condom...


--

FF

On Apr 4, 2:20 pm, Steve wrote:

...

I believe that Unix would be just as insecure if it was as commercially
successful as Windows. I think Unix is secure because it has remained in
the hands of informed and educated administrators and developers,
mostly.

Big commercial success means lots of uninformed users who would demand
whiz-bang applications like games. Programmers who crank out that stuff
aren't particularly concerned with security -- they're concerned with
getting the code out the door by the Christmas sales season and making
pretty pictures, so they take hardware and software shortcuts.

The basic internet applications bundled with a typical Unix
application,
are relatively (compared to Msoftware) secure. Maintaining that
scurity
does require routine effort, but to downgrade to a Microsoft level of
insecurity would require great additional effort and cost to the
user.
'Good' marketing would no doubt convince many to do so.

In contrast Microsoft OSes come bundled with grossly insecure
applications.
It takes additional effort to add security.

IOW, it takes additional effort to **** up a Unix installation.
Windows comes
pre-****ed as a convenience to the spammers and other crackers.

--

FF

Fred the Red Shirt wrote:
....
a living off spam today are no more than two or three hundred and
never were any more than that.
....

Question I've never understood--how does anybody actually make any
money? I can see the possibility (however remote) that somebody
responds to the phishing, etc., but 98% of what I get is simply
machine-generated gibberish it appears. What's up w/ that?

--

On Apr 4, 3:23 pm, "Mike Marlow" wrote:
"Leon" wrote in message

...

You are correct Leon. So much so, that CERT came into being over a hacked
UNIX environment - not hacked Microsoft environments. Virus', worms, trojan
horses, etc. were all very real threats in the UNIX world. One of the
problem with open source environments like UNIX is that it is indeed easy to
create malicious code. Apple has already seen the attention of the hacker
community as well. Not to the degree that Microsoft has, but for all of the
reasons you've listed.


Yes.

But if you go back 20 some odd years ago when Unix boxes still
outnumbered machines on the internet running microsoftware, what
was the percentage of each that was compromised at any give time?

Despite the fact that the Unix machines were more lucrative targets,
having faster connections and greater bandwidth, as well as
outnumbering
Microsoft PCs, wasn't the percentage of infected PCs much, much,
higher?

It certainly jumped when Microsoft released its first OS/ email
client combination that allowed a sender to install software onto
the recipient's computer without notifying the recipient. That
upswing was pretty much entirely a product of the technical aspects
of the microsoftware and had almost nothing to do with it's
popularity.

--

FF

On Apr 4, 9:03 am, "Swingman" wrote:

...Add to the mix the fact that sloppy coding inherent in a
rush-to-market mentality (notably manifested in the infamous "buffer
overruns") has been responsible for most of the known virus/malicious code
exploits with MSFT products.
...


As a matter of curiosity, do you know if MS has begun using Code Data
Separation?

--

FF

dpb wrote:
Fred the Red Shirt wrote:
...
a living off spam today are no more than two or three hundred and
never were any more than that.
...

Question I've never understood--how does anybody actually make any
money? I can see the possibility (however remote) that somebody
responds to the phishing, etc., but 98% of what I get is simply
machine-generated gibberish it appears. What's up w/ that?

Most of the machine-generated crap you see is virus/bot software trying
to infect your computer and turn it into a spam zombie--some of the spam
out there is phishing (as you've seen), some is for Viagra and random
penis enlargement stuff (nearly all medical spam is actual for "herbal
viagra" or what have you, which has nothing in common with the original),
and some of the zombies are just there waiting to be called into action
to DoS a company that isn't paying protection money. Yep, vulnerable
computers are being used for big-money extortion, some of it against the
major world banks and such corporations.

Colin

"Fred the Red Shirt" wrote

IOW, it takes additional effort to **** up a Unix installation.
Windows comes
pre-****ed as a convenience to the spammers and other crackers.

LOL ... pretty much what Larry B said, but with a bit more delicacy.


--
www.e-woodshop.net
Last update: 3/27/08
KarlC@ (the obvious)

"Fred the Red Shirt" wrote in message
On Apr 4, 9:03 am, "Swingman" wrote:

...Add to the mix the fact that sloppy coding inherent in a
rush-to-market mentality (notably manifested in the infamous "buffer
overruns") has been responsible for most of the known virus/malicious
code
exploits with MSFT products.
...


As a matter of curiosity, do you know if MS has begun using Code Data
Separation?

I'm not sure I understand the question ... do you mean the OS taking
advantage of processor functionality, like NX, to prevent stack overflows,
or their .net/xml content management/code/data separation?


--
www.e-woodshop.net
Last update: 3/27/08
KarlC@ (the obvious)

"Fred the Red Shirt" wrote

IOW, it takes additional effort to **** up a Unix installation.
Windows comes
pre-****ed as a convenience to the spammers and other crackers.

Reminds me of this girl I used to know...

Bull****. After using OE for many years, listening to others
recommendations I tried other newsreaders. I'm back to using OE and I'm
sticking with it. Does everything I want it to do and at no cost. I like
it so much I may just send Bill Gates a $20 bill as a thank you.


As usual, I agree with you EP. But I think I'll stop short of the $20 part.

Just think, if Bill Gates had a nickel for every PC that ever crashed.....Oh
wait, he does!!!

"Fred the Red Shirt" wrote in message
...


But if you go back 20 some odd years ago when Unix boxes still
outnumbered machines on the internet running microsoftware, what
was the percentage of each that was compromised at any give time?

But... I maintain that this is because the world of hacking, creating viri,
etc. had not reached the level of interest that is has today.


Despite the fact that the Unix machines were more lucrative targets,
having faster connections and greater bandwidth, as well as
outnumbering
Microsoft PCs, wasn't the percentage of infected PCs much, much,
higher?

Law of large numbers. Once the phenonena became publicized, interest,
copy-cats, etc. skyrocketed and the PC was the obvious target for reasons of
(both) securitiy issues and popluation.


It certainly jumped when Microsoft released its first OS/ email
client combination that allowed a sender to install software onto
the recipient's computer without notifying the recipient. That
upswing was pretty much entirely a product of the technical aspects
of the microsoftware and had almost nothing to do with it's
popularity.


I believe it was due to both.

--

-Mike-

On Sat, 5 Apr 2008 06:08:13 -0400, "Buck Turgidson"
wrote:

Bull****. After using OE for many years, listening to others
recommendations I tried other newsreaders. I'm back to using OE and I'm
sticking with it. Does everything I want it to do and at no cost. I like
it so much I may just send Bill Gates a $20 bill as a thank you.


As usual, I agree with you EP. But I think I'll stop short of the $20 part.

Just think, if Bill Gates had a nickel for every PC that ever crashed.....Oh
wait, he does!!!

I like Free Agent, or Agent.

--
Posted via a free Usenet account from http://www.teranews.com

On Apr 4, 7:18 pm, "Swingman" wrote:
"Fred the Red Shirt" wrote in message

On Apr 4, 9:03 am, "Swingman" wrote:

...Add to the mix the fact that sloppy coding inherent in a
rush-to-market mentality (notably manifested in the infamous "buffer
overruns") has been responsible for most of the known virus/malicious
code
exploits with MSFT products.
...

As a matter of curiosity, do you know if MS has begun using Code Data
Separation?

I'm not sure I understand the question ... do you mean the OS taking
advantage of processor functionality, like NX, to prevent stack overflows,
or their .net/xml content management/code/data separation?


Yes.

Several years ago, round about when W2k came out a
person whose expertise I respect pointed out that Windows
stored data and code interspersed in memory so that an
overflow in the data could overwrite elements of a program,
or maybe even the OS. Sounds to me like he was explaining
the infamous 'buffer overflow exploits' as well as why Windows
crashed so much.

That type of problem was solved by pretty much everyone
BUT Microsoft decades earlier by segregating data and
programming in memory--Code Data Separation (CDS).
I remember CDS as a compiler option for our HP a-900
(I think it was a 900) circa 1987.

So, which of those was I talking about?

--

FF

Fred the Red Shirt wrote in
:

On Apr 4, 7:18 pm, "Swingman" wrote:
I'm not sure I understand the question ... do you mean the OS taking
advantage of processor functionality, like NX, to prevent stack
overflows, or their .net/xml content management/code/data separation?


Yes.

Several years ago, round about when W2k came out a
person whose expertise I respect pointed out that Windows
stored data and code interspersed in memory so that an
overflow in the data could overwrite elements of a program,
or maybe even the OS. Sounds to me like he was explaining
the infamous 'buffer overflow exploits' as well as why Windows
crashed so much.

That type of problem was solved by pretty much everyone
BUT Microsoft decades earlier by segregating data and
programming in memory--Code Data Separation (CDS).
I remember CDS as a compiler option for our HP a-900
(I think it was a 900) circa 1987.

So, which of those was I talking about?

--

FF

Some of this isn't an OS issue. It's a processor architectural issue.
The x86 processors use a von Nuemon (sp?) architecture, where both data
and instructions are transmitted on the same bus and stored in the same
memory. The PIC, for example, uses a Harvard architecture where data and
instructions are kept seperate.

There are x86 options now (like the NX bit) to try to solve some of the
problems, but it will take a LONG LONG time to get everyone switched
over. It took 10 years to get everyone switched over from the DOS-based
9x kernals to the superior NT kernal.

Oh, and don't underestimate the resourcefulness of crackers. If they
post "please send me teh codez" enough, someone's bound to do it! (Just
adding a bit of humour.) :-)

Puckdropper
--
You can only do so much with caulk, cardboard, and duct tape.

To email me directly, send a message to puckdropper (at) fastmail.fm

"Buck Turgidson" wrote in message
...
Bull****. After using OE for many years, listening to others
recommendations I tried other newsreaders. I'm back to using OE and I'm
sticking with it. Does everything I want it to do and at no cost. I like
it so much I may just send Bill Gates a $20 bill as a thank you.


As usual, I agree with you EP. But I think I'll stop short of the $20
part.

Just think, if Bill Gates had a nickel for every PC that ever
crashed.....Oh wait, he does!!!


Dear Mr. Gates

Enclosed is $30 cash (cash so we can keep the IRS out of this) to show my
appreciation for giving us Outlook Express for reading newsgroups. It is a
fine program and does everything I could ever want.

Use the $30 to take the family out for a nice dinner. You can even super
size your meal with this much money.

I was going to send you $20 and suggested to my friend Buck that he send you
twenty also. Well, turns out Buck is just a cheap SOB and he didn't want to
help you out. So, I'm sending extra. Maybe Buck will be shamed into
sending you the other 10 dollars this way. I doubt it thought. Last time I
have Buck a nickel to hold the buffalo started to cry because Buck squeezed
so hard. He sure is tight with money.

Thanks again Mr. Gates and I'm looking forward to more of your free
software. So is Buck but he won't write you.

Your friend
Ed

"Edwin Pawlowski" wrote in message
Use the $30 to take the family out for a nice dinner. You can even super
size your meal with this much money.

Bill is visiting my place right now. Send me the check for $30 and I'll take
him out for dinner. He's kind of skinny so I'll only need to supersize my
meal if that's ok with you.

"Fred the Red Shirt" wrote
As a matter of curiosity, do you know if MS has begun using Code Data
Separation?

Yes:

http://i29.tinypic.com/10gidzr.jpg

--
www.e-woodshop.net
Last update: 3/8/08
KarlC@ (the obvious)