PDA

View Full Version : Operating Systems and Security Against Viruses



cyberfish
02-24-2008, 04:44 PM
Another way would be to intercept the O/S I/O requests on any file(s) and/or folder(s) to be hidden. Thus, bypassing the item to be hidden.

And your program will now be qualified as a virus =). AFAIK, there is no "normal" way of doing this.

Elysia
02-24-2008, 05:05 PM
And your program will now be qualified as a virus =). AFAIK, there is no "normal" way of doing this.

That depends on what it does. Many AV & security software solutions use this method to protect the system.
No, it's not a normal way and it's bound to break with new versions of Windows. Many security companies were hooking calls to the kernel, but Microsoft stopped that with their KernalGuard (for x64 XP/Vista).

BobS0327
02-24-2008, 05:29 PM
And your program will now be qualified as a virus =). AFAIK, there is no "normal" way of doing this.

You had better start notifiying such companies as Mikko Technologies (File Protector) (http://www.mikkotech.com/fpnew.html) and other companies that market Folder Hider, Folder Castle and similar products to cease and desist their marketing immediately since they're only selling a virus. These companies and more use the same principle that I outlined above to hide files and folders. I would suggest you start immediately since there are a lot of commercial and shareware entities markieting this "virus". I think we may have a pandemic.

cyberfish
02-24-2008, 07:47 PM
well, I guess in the windows world people are used to have third parties "fixing" windows bugs. Viruses work by exploiting Windows vulnerabilities (bugs in Windows). I always find it funny when I see how Microsoft "recommend" people install antiviruses (basically Windows bug fixing packages), instead of fixing those bugs themselves. In the UNIX world, if you tell someone that has never heard of Windows about the concept of antivirus softwares... he/she would think you are joking. A program that does what antiviruses do, on Linux, would be most certainly considered a virus. I guess Windows changes the definition of virus...

Elysia
02-25-2008, 02:00 AM
Well, no, not all... Anti-virus software stop spread of malicious software, for one. That has nothing to do with the operating system.
Many security companies add extra security to Windows, not fix bugs... They aren't bugs, it's more like it's missing security features.
But then, if they tried to add it, they would probably find EU breathing down their necks.

cyberfish
02-25-2008, 01:41 PM
Well, no, not all... Anti-virus software stop spread of malicious software, for one. That has nothing to do with the operating system.
Many security companies add extra security to Windows, not fix bugs... They aren't bugs, it's more like it's missing security features.
But then, if they tried to add it, they would probably find EU breathing down their necks.

I am not saying anti-virus programs are viruses. People need anti-viruses to stop spread of malicious software only because Windows is inadequate at protecting itself. Malicious softwares work by exploiting software vulnerabilities (aka bugs). In a well-designed OS, no anti-virus is needed. Take, for example, Mac OS X or Linux. There was once a proof-of-concept virus written for Linux a few years ago, just to prove that Linux security is not perfect, and it was recognized as a bug in Linux, and was fixed by the Linux people (where Microsoft would irresponsibly recommend users to install an anti-virus to combat that). IMHO, that is the level of security an OS should seek to achieve. Also worth noting that Windows is the only OS out of hundreds currently in use today that requires an anti-virus for normal operation.

Elysia
02-25-2008, 01:54 PM
I think you misunderstand.
Linux is probably more insecure than Vista.
"What!?" you say.
Windows has long been exposed to all kinds of attacks and therefore has always needed better security. Linux and Mac OTOH are not so much exposed to attacks and therefore do not need so much security. Believe me, there are probably thousands of security holes in the Linux kernel that no one knows of. There may just be 100 in Windows, since Microsoft is patching them all since hackers are exploiting them.

However, it may not even be bugs or security holes. It may just be the way it was designed. People can always get around it, even if it's secure. Even if no one can break in.
So if your computer would be unbreakable if they didn't have the password... well, if they got the password somehow, then your computer wouldn't be unbreakable, would it? No, no, no. There's no such thing as a bug here. Just the way it was designed.

Microsoft is right to recommend AV & Firewall to everyone, including Linux & Mac people because it adds extra security around everything. Is it a bug to run software? No? Then Windows breaks no rule when it executes malicious software, which is, after all, software.

Linux & Mac users may not need a firewall and av software simply because the OSes are simply less exposed to attacks.

laserlight
02-25-2008, 01:59 PM
This thread was moved from rehan's File hide in C++ (http://cboard.cprogramming.com/showthread.php?t=99444) thread.

Mario F.
02-25-2008, 02:23 PM
Malware availability in windows has probably more to do with a business decision then Microsoft's always advertised inability to deal with security issues.

I know I'm stretching it, but I can't stop thinking the large quantity of $$$ that characterizes the industry that thrives with Microsoft "invulnerabilities".

What would happen to this industry if tommorow Microsoft launched the successor to Vista with a new file security system similar to that of Linux?

laserlight
02-25-2008, 02:27 PM
Linux is probably more insecure than Vista.
"What!?" you say.
Windows has long been exposed to all kinds of attacks and therefore has always needed better security. Linux and Mac OTOH are not so much exposed to attacks and therefore do not need so much security. Believe me, there are probably thousands of security holes in the Linux kernel that no one knows of. There may just be 100 in Windows, since Microsoft is patching them all since hackers are exploiting them.
I would like to buy that reasoning, but it requires actual statistics, otherwise it is mere speculation. This old article on Windows v Linux security: the real facts (http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/) points out that even if such statistics are provided, they may be a victim of bias.


Linux & Mac users may not need a firewall and av software simply because the OSes are simply less exposed to attacks.
I believe firewalls are a standard installation on Linux servers.


What would happen to this industry if tommorow Microsoft launched the successor to Vista with a new file security system similar to that of Linux?
What's so special about Linux's file security? It seems to me that with Vista users are less likely to run as administrators unless absolutely necessary, and that has been one of the strengths of these Unix-like systems.

Neo1
02-25-2008, 02:31 PM
I think you misunderstand.
Linux is probably more insecure than Vista.
"What!?" you say.
Windows has long been exposed to all kinds of attacks and therefore has always needed better security. Linux and Mac OTOH are not so much exposed to attacks and therefore do not need so much security. Believe me, there are probably thousands of security holes in the Linux kernel that no one knows of. There may just be 100 in Windows, since Microsoft is patching them all since hackers are exploiting them.

However, it may not even be bugs or security holes. It may just be the way it was designed. People can always get around it, even if it's secure. Even if no one can break in.
So if your computer would be unbreakable if they didn't have the password... well, if they got the password somehow, then your computer wouldn't be unbreakable, would it? No, no, no. There's no such thing as a bug here. Just the way it was designed.

Microsoft is right to recommend AV & Firewall to everyone, including Linux & Mac people because it adds extra security around everything. Is it a bug to run software? No? Then Windows breaks no rule when it executes malicious software, which is, after all, software.

Linux & Mac users may not need a firewall and av software simply because the OSes are simply less exposed to attacks.

Linux is open source, there might be thousands of people going through the code every day, which is hardly the case with Vista, so how could there be more security holes in the Linux kernel? Unless you have something to proove your point, i'd say you're wrong...

Elysia
02-25-2008, 02:31 PM
What would happen to this industry if tommorow Microsoft launched the successor to Vista with a new file security system similar to that of Linux?
Oh, if it increases security, you bet EU will be breathing down their necks and security companies screaming foul and Microsoft would find themselves in many more lawsuits than already.


I would like to buy that reasoning, but it requires actual statistics, otherwise it is mere speculation. This old article on Windows v Linux security: the real facts (http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/) points out that even if such statistics are provided, they may be a victim of bias.
Indeed, but I would point out that just because an OS is safer to use doesn't mean that it has fewer vulnerabilities.
A typical example of that is Firefox which is actually more insecure in the code that Internet Explorer but they can get away with it due to the smaller install base.

laserlight
02-25-2008, 02:42 PM
Linux is open source, there might be thousands of people going through the code every day, which is hardly the case with Vista, so how could there be more security holes in the Linux kernel?
As Ken Thompson has pointed out, you can't trust code that you did not totally create yourself (http://cm.bell-labs.com/who/ken/trust.html).

(And then you may not even be able to trust the code that you did create, heheh.)


Indeed, but I would point out that just because an OS is safer to use doesn't mean that it has fewer vulnerabilities.
I agree, but you have given numerical estimates that posit that Vista is about 100 fold less vulnerable than Linux, based solely on the relative number of known attacks.


A typical example of that is Firefox which is actually more insecure in the code that Internet Explorer but they can get away with it due to the smaller install base.
I think that all the major web browsers are insecure, but saying "Browser X more insecure in the code than Browser Y" requires substantiation.

Elysia
02-25-2008, 02:48 PM
Linux is open source, there might be thousands of people going through the code every day, which is hardly the case with Vista, so how could there be more security holes in the Linux kernel? Unless you have something to proove your point, i'd say you're wrong...
I would also like to add that even if reviewing the code (and how do you do that anyway with so much code?), you don't realize something is broken until it breaks. Do you know how much time is spent debugging and finding out how hackers are eating their way into the system? Yes, that's right. We aren't geniuses.
So...
1) With so much code, it's very difficult to scan and sniff out every part.
2) Programmers differ in experience, so someone less experienced may scan a part of a code and miss vulnerabilities.
3) You don't know it's a vulnerability until someone utilizes it.


I agree, but you have given numerical estimates that posit that Vista is about 100 fold less vulnerable than Linux, based solely on the relative number of known attacks.
Hmmm. I'm guessing more it's due the security they've built around the OS and the number of patches. But yes, it's a stab in the dark. A stab in the dark that may actually surprise many as it goes against some logical thinking.


I think that all the major web browsers are insecure, but saying "Browser X more insecure in the code than Browser Y" requires substantiation.
There was a report on how FF was actually more insecure than IE some time ago. It's funny, yet true, and yet still FF is more secure even though there are more vulnerabilities.

Mario F.
02-25-2008, 02:49 PM
What's so special about Linux's file security? It seems to me that with Vista users are less likely to run as administrators unless absolutely necessary, and that has been one of the strengths of these Unix-like systems.

I surely hope you are right, L.
Because under Windows XP, despite the earlier advertisements, you can't really expect to be productive under non admin privileges.

Neo1
02-25-2008, 02:56 PM
I would also like to add that even if reviewing the code (and how do you do that anyway with so much code?), you don't realize something is broken until it breaks. Do you know how much time is spent debugging and finding out how hackers are eating their way into the system? Yes, that's right. We aren't geniuses.
So...
1) With so much code, it's very difficult to scan and sniff out every part.
2) Programmers differ in experience, so someone less experienced may scan a part of a code and miss vulnerabilities.
3) You don't know it's a vulnerability until someone utilizes it.



All of this applies to Windows Vista aswell, the only difference being that they don't have nearly as many people working on it...

Elysia
02-25-2008, 02:57 PM
The idea under Vista is that applications should ask for administrator privileges when they need 'em and not otherwise. In other words, you should be able to run apps as non-admin and they should only ask if they do some thing as setting a system-wide setting.


All of this applies to Windows Vista aswell, the only difference being that they don't have nearly as many people working on it...
Ah, but we don't see Microsoft sitting and browsing their Windows source, do we?
No, they act upon the security problems they see. Investigate & fix.
It sure is a lot easier than trying to think how code can create problems. Only the downside is that it isn't very healthy for those who have been exposed...

Neo1
02-25-2008, 03:10 PM
Ah, but we don't see Microsoft sitting and browsing their Windows source, do we?
No, they act upon the security problems they see. Investigate & fix.
It sure is a lot easier than trying to think how code can create problems. Only the downside is that it isn't very healthy for those who have been exposed...

And what makes you think that Linux programmers doesn't act upon security problems, only difference being that not alot of worms and trojans are made for Linux. I still think that all of this is just speculation, with no evidence to back it up..

Elysia
02-25-2008, 03:13 PM
Yes, the problem is that they receive far less security vulnerabilities to take care off. That's the point.
So less vulnerabilities found = less bugs/security problems fixed.

Neo1
02-25-2008, 03:21 PM
Yes, the problem is that they receive far less security vulnerabilities to take care off. That's the point.
So less vulnerabilities found = less bugs/security problems fixed.

I understand that, but when claiming something that is against the general consensus you've got to have something to back it up with, other than "it makes sense". I still maintain that the Linux kernel and OSes are less vulnerable due to the vast amount of developers working with the code on a daily basis, besides, alot of servers use Linux, so it's not like none of them never gets attacked...

CornedBee
02-25-2008, 04:04 PM
Anti-virus software is important because most malware spreads not through software bugs, but through social engineering. The worms that exploit real bugs spread rapidly and gain a lot of popularity quickly, like the Blaster worm, which is still around in large enough numbers to bring down an unprotected, net-connected Windows within minutes. But they are just as quickly immunized against - the security hole is identified, patched, a hotfix is released and it's effectively over.
You can't fix people. One of the best-known worms of all time - and, according to Wikipedia, the one that caused the most damage, with an estimated $5.5 billion of total losses - was ILOVEYOU, an extremely simple and stupid VBScript that relied on social engineering only to spread. It was effective due to one major and one minor reason. The minor reason was that Windows hides file extensions by default, making the LOVER_LETTER_FOR_YOU.TXT.vbs look like it was just a text file. But the major reason was simply that people had no idea that attachments are dangerous. The average internet user is smarter now, but not very much.

Elysia
02-25-2008, 04:23 PM
...besides, alot of servers use Linux, so it's not like none of them never gets attacked...

But that is mostly apache, and there are many flavors of servers and there are exploits created specifically for servers and yada yada yada, all those details...
But anyway, I'm not asking you to believe me. I simply stated that Linux might not be as safe as you think it is just because it receives less attacks and exploits...
There is no 100% safe guaranteed source to back that claim up.

Neo1
02-25-2008, 04:32 PM
But anyway, I'm not asking you to believe me. I simply stated that Linux might not be as safe as you think it is just because it receives less attacks and exploits...

Maybe time will tell, we can only hope that Linux will get more popular with time...

Elysia
02-25-2008, 04:33 PM
Yes we can. I do agree with you on that one.

cyberfish
02-25-2008, 05:38 PM
The idea under Vista is that applications should ask for administrator privileges when they need 'em and not otherwise. In other words, you should be able to run apps as non-admin and they should only ask if they do some thing as setting a system-wide setting.

That is what Linux and other Unixes have been doing for the past > 20 years (the idea of "su" and "sudo"). Microsoft finally learned from it in Vista, that is certainly a good thing for Vista.

I have to disagree that people want to exploit Windows more than other OSes. Yes, it is true that Windows is run on >90% of all PCs, but it is also true that nearly all mission-critical systems run Linux or other flavours of UNIX (Google servers for example, I think they run BSD last time I checked). If you were a virus programmer, would you like to target 10 Windows PCs and have their msn messengers send random messages to each other, or would you target 1 single server of a major bank?



Yes, the problem is that they receive far less security vulnerabilities to take care off. That's the point.
So less vulnerabilities found = less bugs/security problems fixed.

You don't think people would want to break into HSBC servers?

I run a Linux server myself. Judging from the log, there are people trying to break into my system via ssh literally every minute. And this is not even an important server, just a web server and mail server for a <1000 people company.

I totally agree with the point on social engineering. I guess it is also a factor that computer illiterate people tend not to use Linux...

Mario F.
02-25-2008, 06:23 PM
I totally agree with the point on social engineering. I guess it is also a factor that computer illiterate people tend not to use Linux...

Or that Linux contributed to the increase of computer literate people.

VirtualAce
02-25-2008, 06:59 PM
The day Linux is as compatible with games as Windows is it will gain a huge market share. The main reason I know that people do not use it as their primary OS is b/c their games won't run on it. When that day comes I will completely dump Microsoft OS's.

Vista is a HUGE step in the wrong direction so I'm looking to abandon the MS ship the first chance I get.

whiteflags
02-25-2008, 07:20 PM
You don't think people would want to break into HSBC servers?

I run a Linux server myself. Judging from the log, there are people trying to break into my system via ssh literally every minute. And this is not even an important server, just a web server and mail server for a <1000 people company.

I totally agree with the point on social engineering. I guess it is also a factor that computer illiterate people tend not to use Linux...

That's not the direction for this thread to take I think. Respect must be paid to the person attacking and their motives. I would wager that if the real threat to your security is another person, they are most likely interested in corrupting or obtaining data contained on something like a Linux server. The fact that, like a phoenix, it rises out of the ashes from time to time would validates your point.

Similarly, to a point about philosophy, "If a claim piques my interest, I will investigate it myself no matter what else the claimant does." The point seems to be that it takes a vast working knowledge to secure a server or a home computer with confidence, but I wouldn't blame Microsoft or some other mainstream software vendor for trying to insulate the user from security worries: That creates the whole notion of user friendliness, blah blah. But I'm sure that no matter where the information is stored, with sufficient interest, a cracker will find the way.

But (most of?) the security threats that malware and viruses could take advantage of unfortunately seem to be beasts of our own creation. A number of half-baked ideas have been put into practice by lesser vendors (DLL injection, running processes in the data area of the computer) that put users at risk no matter their intelligence or the reasons behind their purchase.

Mario F.
02-25-2008, 08:15 PM
Looking at the release notes from several Apache versions, for instance, won't be any different from what one would expect; bugs being fixed, improvements in code, new functionality and... security issues being handled.

It is a fact that the Linux community benefits from a sober community that doesn't start hollering and initiate a stampede every time a new exploit is found or a bug is detected. Announcements are quick, fixes come shortly after, and everything is accepted as another day in the life of a penguin.

Windows, on the other hand, benefits from a much larger user base that displays the usual behavior of an angry mob that doesn't really now why they are breaking windows on every street, but do it the same because everybody else is. Meanwhile fixes arrive usually not that far in schedule when compared with the Linux community. But it just doesn't seem to increase the mood of anyone. It's the price Microsoft pays for its business model. Meanwhile, they don't lament it.

If anyone asks me, I'd say Microsoft isn't doing a good service to anyone. But that has nothing to do with security issues but with my wallet. Microsoft is a - and promotes - business. In a world that was advertised as "1 PC on every house", software is increasingly more expensive, its requirements force us to ever more expensive hardware and the barrage of marketing based on consumer weaknesses seems unstoppable. And all these for what? The same bugs over and over again, the same >200MB service packs over and over again, the same performance hits over and over again and, yes, the same security flaws over and over again.

Quiet frankly, I'm feed up. And since i'm not a gamer... shouldn't take me long to figure it out once and for all.

zacs7
02-25-2008, 11:51 PM
> Vista is a HUGE step in the wrong direction so I'm looking to abandon the MS ship the first chance I get.
It's a shame ReactOS development is so slow, I was considering ditching XP for ReactOS -- never happend.

CornedBee
02-26-2008, 05:37 AM
It's interesting to note that the 3 most destructive bug-exploiting worms of recent time all attacked security vulnerabilities that a fix was released for two to four weeks earlier. This suggests that even these worms really targeted people - in this case, the inability or unwillingness to keep the software updated. Two of these worms targeted servers, so inability is not an excuse. Only Blaster attacked consumer systems. MS reacted to this worm by enabling automatic updates by default in subsequent updates.