Operating Systems and Security Against Viruses

This is a discussion on Operating Systems and Security Against Viruses within the A Brief History of Cprogramming.com forums, part of the Community Boards category; Originally Posted by Elysia I would also like to add that even if reviewing the code (and how do you ...

  1. #16
    Internet Superhero
    Join Date
    Sep 2006
    Location
    Denmark
    Posts
    964
    Quote Originally Posted by Elysia View Post
    I would also like to add that even if reviewing the code (and how do you do that anyway with so much code?), you don't realize something is broken until it breaks. Do you know how much time is spent debugging and finding out how hackers are eating their way into the system? Yes, that's right. We aren't geniuses.
    So...
    1) With so much code, it's very difficult to scan and sniff out every part.
    2) Programmers differ in experience, so someone less experienced may scan a part of a code and miss vulnerabilities.
    3) You don't know it's a vulnerability until someone utilizes it.

    All of this applies to Windows Vista aswell, the only difference being that they don't have nearly as many people working on it...
    How I need a drink, alcoholic in nature, after the heavy lectures involving quantum mechanics.

  2. #17
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,791
    The idea under Vista is that applications should ask for administrator privileges when they need 'em and not otherwise. In other words, you should be able to run apps as non-admin and they should only ask if they do some thing as setting a system-wide setting.

    Quote Originally Posted by Neo1 View Post
    All of this applies to Windows Vista aswell, the only difference being that they don't have nearly as many people working on it...
    Ah, but we don't see Microsoft sitting and browsing their Windows source, do we?
    No, they act upon the security problems they see. Investigate & fix.
    It sure is a lot easier than trying to think how code can create problems. Only the downside is that it isn't very healthy for those who have been exposed...
    Last edited by Elysia; 02-25-2008 at 01:59 PM.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  3. #18
    Internet Superhero
    Join Date
    Sep 2006
    Location
    Denmark
    Posts
    964
    Quote Originally Posted by Elysia View Post
    Ah, but we don't see Microsoft sitting and browsing their Windows source, do we?
    No, they act upon the security problems they see. Investigate & fix.
    It sure is a lot easier than trying to think how code can create problems. Only the downside is that it isn't very healthy for those who have been exposed...
    And what makes you think that Linux programmers doesn't act upon security problems, only difference being that not alot of worms and trojans are made for Linux. I still think that all of this is just speculation, with no evidence to back it up..
    How I need a drink, alcoholic in nature, after the heavy lectures involving quantum mechanics.

  4. #19
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,791
    Yes, the problem is that they receive far less security vulnerabilities to take care off. That's the point.
    So less vulnerabilities found = less bugs/security problems fixed.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  5. #20
    Internet Superhero
    Join Date
    Sep 2006
    Location
    Denmark
    Posts
    964
    Quote Originally Posted by Elysia View Post
    Yes, the problem is that they receive far less security vulnerabilities to take care off. That's the point.
    So less vulnerabilities found = less bugs/security problems fixed.
    I understand that, but when claiming something that is against the general consensus you've got to have something to back it up with, other than "it makes sense". I still maintain that the Linux kernel and OSes are less vulnerable due to the vast amount of developers working with the code on a daily basis, besides, alot of servers use Linux, so it's not like none of them never gets attacked...
    How I need a drink, alcoholic in nature, after the heavy lectures involving quantum mechanics.

  6. #21
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,893
    Anti-virus software is important because most malware spreads not through software bugs, but through social engineering. The worms that exploit real bugs spread rapidly and gain a lot of popularity quickly, like the Blaster worm, which is still around in large enough numbers to bring down an unprotected, net-connected Windows within minutes. But they are just as quickly immunized against - the security hole is identified, patched, a hotfix is released and it's effectively over.
    You can't fix people. One of the best-known worms of all time - and, according to Wikipedia, the one that caused the most damage, with an estimated $5.5 billion of total losses - was ILOVEYOU, an extremely simple and stupid VBScript that relied on social engineering only to spread. It was effective due to one major and one minor reason. The minor reason was that Windows hides file extensions by default, making the LOVER_LETTER_FOR_YOU.TXT.vbs look like it was just a text file. But the major reason was simply that people had no idea that attachments are dangerous. The average internet user is smarter now, but not very much.
    Last edited by CornedBee; 02-25-2008 at 03:10 PM.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  7. #22
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,791
    Quote Originally Posted by Neo1 View Post
    ...besides, alot of servers use Linux, so it's not like none of them never gets attacked...
    But that is mostly apache, and there are many flavors of servers and there are exploits created specifically for servers and yada yada yada, all those details...
    But anyway, I'm not asking you to believe me. I simply stated that Linux might not be as safe as you think it is just because it receives less attacks and exploits...
    There is no 100% safe guaranteed source to back that claim up.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  8. #23
    Internet Superhero
    Join Date
    Sep 2006
    Location
    Denmark
    Posts
    964
    Quote Originally Posted by Elysia View Post
    But anyway, I'm not asking you to believe me. I simply stated that Linux might not be as safe as you think it is just because it receives less attacks and exploits...
    Maybe time will tell, we can only hope that Linux will get more popular with time...
    How I need a drink, alcoholic in nature, after the heavy lectures involving quantum mechanics.

  9. #24
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,791
    Yes we can. I do agree with you on that one.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  10. #25
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,183
    The idea under Vista is that applications should ask for administrator privileges when they need 'em and not otherwise. In other words, you should be able to run apps as non-admin and they should only ask if they do some thing as setting a system-wide setting.
    That is what Linux and other Unixes have been doing for the past > 20 years (the idea of "su" and "sudo"). Microsoft finally learned from it in Vista, that is certainly a good thing for Vista.

    I have to disagree that people want to exploit Windows more than other OSes. Yes, it is true that Windows is run on >90% of all PCs, but it is also true that nearly all mission-critical systems run Linux or other flavours of UNIX (Google servers for example, I think they run BSD last time I checked). If you were a virus programmer, would you like to target 10 Windows PCs and have their msn messengers send random messages to each other, or would you target 1 single server of a major bank?

    Yes, the problem is that they receive far less security vulnerabilities to take care off. That's the point.
    So less vulnerabilities found = less bugs/security problems fixed.
    You don't think people would want to break into HSBC servers?

    I run a Linux server myself. Judging from the log, there are people trying to break into my system via ssh literally every minute. And this is not even an important server, just a web server and mail server for a <1000 people company.

    I totally agree with the point on social engineering. I guess it is also a factor that computer illiterate people tend not to use Linux...

  11. #26
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,511
    Quote Originally Posted by cyberfish View Post
    I totally agree with the point on social engineering. I guess it is also a factor that computer illiterate people tend not to use Linux...
    Or that Linux contributed to the increase of computer literate people.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  12. #27
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,596
    The day Linux is as compatible with games as Windows is it will gain a huge market share. The main reason I know that people do not use it as their primary OS is b/c their games won't run on it. When that day comes I will completely dump Microsoft OS's.

    Vista is a HUGE step in the wrong direction so I'm looking to abandon the MS ship the first chance I get.

  13. #28
    Registered User whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    7,742
    You don't think people would want to break into HSBC servers?

    I run a Linux server myself. Judging from the log, there are people trying to break into my system via ssh literally every minute. And this is not even an important server, just a web server and mail server for a <1000 people company.

    I totally agree with the point on social engineering. I guess it is also a factor that computer illiterate people tend not to use Linux...
    That's not the direction for this thread to take I think. Respect must be paid to the person attacking and their motives. I would wager that if the real threat to your security is another person, they are most likely interested in corrupting or obtaining data contained on something like a Linux server. The fact that, like a phoenix, it rises out of the ashes from time to time would validates your point.

    Similarly, to a point about philosophy, "If a claim piques my interest, I will investigate it myself no matter what else the claimant does." The point seems to be that it takes a vast working knowledge to secure a server or a home computer with confidence, but I wouldn't blame Microsoft or some other mainstream software vendor for trying to insulate the user from security worries: That creates the whole notion of user friendliness, blah blah. But I'm sure that no matter where the information is stored, with sufficient interest, a cracker will find the way.

    But (most of?) the security threats that malware and viruses could take advantage of unfortunately seem to be beasts of our own creation. A number of half-baked ideas have been put into practice by lesser vendors (DLL injection, running processes in the data area of the computer) that put users at risk no matter their intelligence or the reasons behind their purchase.
    Last edited by whiteflags; 02-25-2008 at 06:30 PM.

  14. #29
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,511
    Looking at the release notes from several Apache versions, for instance, won't be any different from what one would expect; bugs being fixed, improvements in code, new functionality and... security issues being handled.

    It is a fact that the Linux community benefits from a sober community that doesn't start hollering and initiate a stampede every time a new exploit is found or a bug is detected. Announcements are quick, fixes come shortly after, and everything is accepted as another day in the life of a penguin.

    Windows, on the other hand, benefits from a much larger user base that displays the usual behavior of an angry mob that doesn't really now why they are breaking windows on every street, but do it the same because everybody else is. Meanwhile fixes arrive usually not that far in schedule when compared with the Linux community. But it just doesn't seem to increase the mood of anyone. It's the price Microsoft pays for its business model. Meanwhile, they don't lament it.

    If anyone asks me, I'd say Microsoft isn't doing a good service to anyone. But that has nothing to do with security issues but with my wallet. Microsoft is a - and promotes - business. In a world that was advertised as "1 PC on every house", software is increasingly more expensive, its requirements force us to ever more expensive hardware and the barrage of marketing based on consumer weaknesses seems unstoppable. And all these for what? The same bugs over and over again, the same >200MB service packs over and over again, the same performance hits over and over again and, yes, the same security flaws over and over again.

    Quiet frankly, I'm feed up. And since i'm not a gamer... shouldn't take me long to figure it out once and for all.
    Last edited by Mario F.; 02-25-2008 at 07:27 PM.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  15. #30
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459
    > Vista is a HUGE step in the wrong direction so I'm looking to abandon the MS ship the first chance I get.
    It's a shame ReactOS development is so slow, I was considering ditching XP for ReactOS -- never happend.

Page 2 of 3 FirstFirst 123 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Windows virus?
    By cyberfish in forum A Brief History of Cprogramming.com
    Replies: 99
    Last Post: 07-20-2008, 05:46 AM
  2. Viruses error code!!
    By Yarin in forum Windows Programming
    Replies: 7
    Last Post: 10-06-2007, 02:23 AM
  3. Software Engineering
    By Cii in forum A Brief History of Cprogramming.com
    Replies: 21
    Last Post: 06-11-2004, 04:00 PM
  4. Security on automated home
    By stimpyzu in forum A Brief History of Cprogramming.com
    Replies: 4
    Last Post: 04-11-2004, 01:14 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21