The idea under Vista is that applications should ask for administrator privileges when they need 'em and not otherwise. In other words, you should be able to run apps as non-admin and they should only ask if they do some thing as setting a system-wide setting.
Ah, but we don't see Microsoft sitting and browsing their Windows source, do we?
No, they act upon the security problems they see. Investigate & fix.
It sure is a lot easier than trying to think how code can create problems. Only the downside is that it isn't very healthy for those who have been exposed...
How I need a drink, alcoholic in nature, after the heavy lectures involving quantum mechanics.
I understand that, but when claiming something that is against the general consensus you've got to have something to back it up with, other than "it makes sense". I still maintain that the Linux kernel and OSes are less vulnerable due to the vast amount of developers working with the code on a daily basis, besides, alot of servers use Linux, so it's not like none of them never gets attacked...
How I need a drink, alcoholic in nature, after the heavy lectures involving quantum mechanics.
Anti-virus software is important because most malware spreads not through software bugs, but through social engineering. The worms that exploit real bugs spread rapidly and gain a lot of popularity quickly, like the Blaster worm, which is still around in large enough numbers to bring down an unprotected, net-connected Windows within minutes. But they are just as quickly immunized against - the security hole is identified, patched, a hotfix is released and it's effectively over.
You can't fix people. One of the best-known worms of all time - and, according to Wikipedia, the one that caused the most damage, with an estimated $5.5 billion of total losses - was ILOVEYOU, an extremely simple and stupid VBScript that relied on social engineering only to spread. It was effective due to one major and one minor reason. The minor reason was that Windows hides file extensions by default, making the LOVER_LETTER_FOR_YOU.TXT.vbs look like it was just a text file. But the major reason was simply that people had no idea that attachments are dangerous. The average internet user is smarter now, but not very much.
Last edited by CornedBee; 02-25-2008 at 04:10 PM.
All the buzzt!
CornedBee
"There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
- Flon's Law
But that is mostly apache, and there are many flavors of servers and there are exploits created specifically for servers and yada yada yada, all those details...
But anyway, I'm not asking you to believe me. I simply stated that Linux might not be as safe as you think it is just because it receives less attacks and exploits...
There is no 100% safe guaranteed source to back that claim up.
That is what Linux and other Unixes have been doing for the past > 20 years (the idea of "su" and "sudo"). Microsoft finally learned from it in Vista, that is certainly a good thing for Vista.The idea under Vista is that applications should ask for administrator privileges when they need 'em and not otherwise. In other words, you should be able to run apps as non-admin and they should only ask if they do some thing as setting a system-wide setting.
I have to disagree that people want to exploit Windows more than other OSes. Yes, it is true that Windows is run on >90% of all PCs, but it is also true that nearly all mission-critical systems run Linux or other flavours of UNIX (Google servers for example, I think they run BSD last time I checked). If you were a virus programmer, would you like to target 10 Windows PCs and have their msn messengers send random messages to each other, or would you target 1 single server of a major bank?
You don't think people would want to break into HSBC servers?Yes, the problem is that they receive far less security vulnerabilities to take care off. That's the point.
So less vulnerabilities found = less bugs/security problems fixed.
I run a Linux server myself. Judging from the log, there are people trying to break into my system via ssh literally every minute. And this is not even an important server, just a web server and mail server for a <1000 people company.
I totally agree with the point on social engineering. I guess it is also a factor that computer illiterate people tend not to use Linux...
The day Linux is as compatible with games as Windows is it will gain a huge market share. The main reason I know that people do not use it as their primary OS is b/c their games won't run on it. When that day comes I will completely dump Microsoft OS's.
Vista is a HUGE step in the wrong direction so I'm looking to abandon the MS ship the first chance I get.
That's not the direction for this thread to take I think. Respect must be paid to the person attacking and their motives. I would wager that if the real threat to your security is another person, they are most likely interested in corrupting or obtaining data contained on something like a Linux server. The fact that, like a phoenix, it rises out of the ashes from time to time would validates your point.You don't think people would want to break into HSBC servers?
I run a Linux server myself. Judging from the log, there are people trying to break into my system via ssh literally every minute. And this is not even an important server, just a web server and mail server for a <1000 people company.
I totally agree with the point on social engineering. I guess it is also a factor that computer illiterate people tend not to use Linux...
Similarly, to a point about philosophy, "If a claim piques my interest, I will investigate it myself no matter what else the claimant does." The point seems to be that it takes a vast working knowledge to secure a server or a home computer with confidence, but I wouldn't blame Microsoft or some other mainstream software vendor for trying to insulate the user from security worries: That creates the whole notion of user friendliness, blah blah. But I'm sure that no matter where the information is stored, with sufficient interest, a cracker will find the way.
But (most of?) the security threats that malware and viruses could take advantage of unfortunately seem to be beasts of our own creation. A number of half-baked ideas have been put into practice by lesser vendors (DLL injection, running processes in the data area of the computer) that put users at risk no matter their intelligence or the reasons behind their purchase.
Last edited by whiteflags; 02-25-2008 at 07:30 PM.
Looking at the release notes from several Apache versions, for instance, won't be any different from what one would expect; bugs being fixed, improvements in code, new functionality and... security issues being handled.
It is a fact that the Linux community benefits from a sober community that doesn't start hollering and initiate a stampede every time a new exploit is found or a bug is detected. Announcements are quick, fixes come shortly after, and everything is accepted as another day in the life of a penguin.
Windows, on the other hand, benefits from a much larger user base that displays the usual behavior of an angry mob that doesn't really now why they are breaking windows on every street, but do it the same because everybody else is. Meanwhile fixes arrive usually not that far in schedule when compared with the Linux community. But it just doesn't seem to increase the mood of anyone. It's the price Microsoft pays for its business model. Meanwhile, they don't lament it.
If anyone asks me, I'd say Microsoft isn't doing a good service to anyone. But that has nothing to do with security issues but with my wallet. Microsoft is a - and promotes - business. In a world that was advertised as "1 PC on every house", software is increasingly more expensive, its requirements force us to ever more expensive hardware and the barrage of marketing based on consumer weaknesses seems unstoppable. And all these for what? The same bugs over and over again, the same >200MB service packs over and over again, the same performance hits over and over again and, yes, the same security flaws over and over again.
Quiet frankly, I'm feed up. And since i'm not a gamer... shouldn't take me long to figure it out once and for all.
Last edited by Mario F.; 02-25-2008 at 08:27 PM.
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
> Vista is a HUGE step in the wrong direction so I'm looking to abandon the MS ship the first chance I get.
It's a shame ReactOS development is so slow, I was considering ditching XP for ReactOS -- never happend.