Slashdot Mirror

The former, in the ones I've got (ie, the whole thing slides in and out of an assembly). I've got flash drives which are physically too small for the whole 'cable' approach. Also, the cable approach is likely more expensive to boot.

I've got one of these (red adata mini-usb): it's roughly the size of an SD card, and is missing the traditional USB connector - but it still works. Slides in and out with minimal effort (but not so little that it falls out). It's been on my keychain now for about 1.5 years. Only shortcoming is that it doesn't 'fit' snugly in some USB ports, but it's not such an issue that it's unreadable/unusable.

However, their current generation laptop selection sucks. No DDR3 yet, and they won't let me get a laptop with a 7900gs in it from their previous generation, they're pushing the inferior 8600. SO, I went to craigslist and picked up an Inspiron e1705/9400 for $500. 17", overclocked 7900gs(7900gs vs 8600gt), 500gb SATA, 2ghz core2duo, 3gb of DDR2. This model had issues with thermal death, but only because they use the worst thermal compound ever, which was simply fixed with AS5. It made A 20c difference at idle.

Dell: Shape up. I love your products, when you take the time to make decent ones. I've owned a CPX latitude, two c610s, a c640, a d610, an inspiron 1200, and now my e1705. They're all solid machines and they all still work.

However, their current generation laptop selection sucks. No DDR3 yet, and they won't let me get a laptop with a 7900gs in it from their previous generation, they're pushing the inferior 8600. SO, I went to craigslist and picked up an Inspiron e1705/9400 for $500. 17", overclocked 7900gs(7900gs vs 8600gt), 500gb SATA, 2ghz core2duo, 3gb of DDR2. This model had issues with thermal death, but only because they use the worst thermal compound ever, which was simply fixed with AS5. It made A 20c difference at idle.

Dell: Shape up. I love your products, when you take the time to make decent ones. I've owned a CPX latitude, two c610s, a c640, a d610, an inspiron 1200, and now my e1705. They're all solid machines and they all still work.

Somehow most previews don't even mention power consumption.

Had you RTFA properly, folks have mentioned that card is not yet officially out and nVidia asked to withheld further details as BIOS might still get tweaked.

By that logic everything which does not start to burn is power efficient...

This is not an absolute metric (or is it "yardic" in US?). I presume they compare it to 4870 on which the infamous DDR5 alone - even when idle - draws whooping 40W. 4870x2 has already tweaked factory BIOS and yet twice more DDR5 still consumes same 40W. Yes - RAM alone consumes 40W.

I've got one too and was wondering exactly the same thing. From what I can tell the 8600GT has an 80nm process size, so it should be safe. Which is good, I really like this card.

"We're living in the Matrix! And the Matrix runs Windows!" - by urcreepyneighbor (1171755) on Tuesday August 12, @10:32AM (#24568283)

Yes, it does:

APK Matrix ScreenSaver:

http://www.techpowerup.com//downloads/390/APK_Matrix_ScreenSaver.html

----

"No wonder my life is a pile of shit. :)" - by urcreepyneighbor (1171755) on Tuesday August 12, @10:32AM (#24568283)

Well, because that screensaver above is written in Borland Delphi 3-7x code (was recompiled thru each as they released)? It can be ported to LINUX quite easily (since it does no work on Tcp/IP (where Linux & Win32 have SOME small diff.'s), diskdrive letters (MS stuff) vs. mounted devices (Linux) work (well, some would have to be done here to compensate for detecting %windir% as I do on Win32 (because screensavers are housed typically in %windir%\system32 by default, I did so), NOR does it use 3rd party VCL controls that may or may not have ports on the LINUX platform into CLX statically inlined compiled libs/addons (like .OCX/ActiveX, but needs no externally distributed component or runtime (true standalone executables produced, the default)).

APK

If it gets /.'d

http://www.fileplanet.com/182564/180000/fileinfo/Warmonger-Gold-Install-(Free-Game)
http://files.filefront.com/Warmonger+Operation+Downtown+Destruction/;9142023;/fileinfo.html
http://files.totalgamingnetwork.com/file/4835/Warmonger.exe/
http://www.techpowerup.com/downloads/863/Warmonger_-_Operation:_Downtown_Destruction_Full_Game.html
http://www.gamershell.com/news_43755.html
http://www.chip.de/downloads/Vollversion-Warmonger_29641300.html

Not only is the power retarded, but ATI already can do 100% native ray tracing which crushed intel bigtime.

I welcome intel trying to push for marketshare but it's going to be many generations before intel can play catchup on graphics cards...specifically when we get around to 32+GB of ram and you can afford a couple gigs for graphics (at which point we'll need 4+ gigs for graphics probably), the performance of an integrated solution will still be lacking. Graphics bandwidth and needs increases far exponentially beyond that of processing needs for anything graphics intensive by definition (currently).

3870x2 is the only ATI card I am aware of with 1GB of memory that can actually make good use of it. (maybe the 2900XT with some hefty OCing too) 1gb of memory on a crappy 3650 is a horrible waste of money. The thing is too weak to take advantage of even 512mb. 400mhz memory clock...!?!? http://www.techpowerup.com/reviews/Diamond/HD_3650_1GB

"Parallelism has been around for ages and has been used commercially for a couple of decades." - by Nursie (632944) on Friday March 28, @10:50AM (#22893630) Homepage True, & NOT JUST IN COMMERCIALWARE (freeware/shareware too, for a LONG time):

APK Registry Cleaning Engine 2002++ SR-7:

http://www1.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

or

http://www.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

(Either link SHOULD work fine to see it)

Above ALL else:

SCREENSHOT:

http://www1.techpowerup.com/downloads/screenshots/389.jpg

or

http://www.techpowerup.com/downloads/screenshots/389.jpg

(Again - either link URL should work to check this out as an example of what you state, that multithreaded (& thus, SMP ready code) has been around for decades, since that app began its life in 1997 in fact, in freeware no less... so, it's NOT just present in commercialware apps either, but also shareware/freeware also).

Hey - I am just a SINGLE example of a guy that's been doing "multithreaded apps", since 1995 or so, online: & there are TONS of others that do also!

(In fact, anyone can examine their windows machine for the presence of multithreaded code, & see that MOST of what you use today IS multithreaded in fact - I run 30 processes here, & 28 of those ARE MULTITHREADED & thus, SMP-ready code!)

Multithreaded code is taken advantage of by the kernel portion memmgt subsystems of today's MODERN OS for better MULTITASKING (getting more done, by more cores/arms to do work with, so overall MORE GETS DONE (think of Gantt charts).

(Microsoft isn't alone here either - BSD variants & Linux variants too also do this (which Linux's original single kernel thread/round-robin usermode/Ring 3/RPL 3 "threads" were only sent thru the SINGLE kernel mode/RPL 0/Ring 0 one)...

In fact? That fact held Linux back from the "Enterprise ready class OS" acceptance for a LONG time, until they built a REAL SMP ready setup (iirc, around kernel 2.2 build or so on Linux kernels (but, I could be off here on the specifics))).

APK

P.S.=> Granted, what I use is "coarse grained" multithreaded design, which amounts to doing diff. tasks that process/touch DIFF. DATA, as they operate (rather than "fine-grained multitheading", which is taking a single data set & running portions of its processing on diff. threads BUT, on the SAME DATA (harder to do & NOT everything lends itself to it)).

E.G.=>

A=B+C
B=A-C
C=B+A

You cannot put this type of thing into threaded design, & expect gains out of it... simply because B has to WAIT on the completion of A, first... no point in placing A or B onto diff. threads, in other words... apk

"Parallelism has been around for ages and has been used commercially for a couple of decades." - by Nursie (632944) on Friday March 28, @10:50AM (#22893630) Homepage True, & NOT JUST IN COMMERCIALWARE (freeware/shareware too, for a LONG time):

APK Registry Cleaning Engine 2002++ SR-7:

http://www1.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

or

http://www.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

(Either link SHOULD work fine to see it)

Above ALL else:

SCREENSHOT:

http://www1.techpowerup.com/downloads/screenshots/389.jpg

or

http://www.techpowerup.com/downloads/screenshots/389.jpg

(Again - either link URL should work to check this out as an example of what you state, that multithreaded (& thus, SMP ready code) has been around for decades, since that app began its life in 1997 in fact, in freeware no less... so, it's NOT just present in commercialware apps either, but also shareware/freeware also).

Hey - I am just a SINGLE example of a guy that's been doing "multithreaded apps", since 1995 or so, online: & there are TONS of others that do also!

(In fact, anyone can examine their windows machine for the presence of multithreaded code, & see that MOST of what you use today IS multithreaded in fact - I run 30 processes here, & 28 of those ARE MULTITHREADED & thus, SMP-ready code!)

Multithreaded code is taken advantage of by the kernel portion memmgt subsystems of today's MODERN OS for better MULTITASKING (getting more done, by more cores/arms to do work with, so overall MORE GETS DONE (think of Gantt charts).

(Microsoft isn't alone here either - BSD variants & Linux variants too also do this (which Linux's original single kernel thread/round-robin usermode/Ring 3/RPL 3 "threads" were only sent thru the SINGLE kernel mode/RPL 0/Ring 0 one)...

In fact? That fact held Linux back from the "Enterprise ready class OS" acceptance for a LONG time, until they built a REAL SMP ready setup (iirc, around kernel 2.2 build or so on Linux kernels (but, I could be off here on the specifics))).

APK

P.S.=> Granted, what I use is "coarse grained" multithreaded design, which amounts to doing diff. tasks that process/touch DIFF. DATA, as they operate (rather than "fine-grained multitheading", which is taking a single data set & running portions of its processing on diff. threads BUT, on the SAME DATA (harder to do & NOT everything lends itself to it)).

E.G.=>

A=B+C
B=A-C
C=B+A

You cannot put this type of thing into threaded design, & expect gains out of it... simply because B has to WAIT on the completion of A, first... no point in placing A or B onto diff. threads, in other words... apk

"Parallelism has been around for ages and has been used commercially for a couple of decades." - by Nursie (632944) on Friday March 28, @10:50AM (#22893630) Homepage True, & NOT JUST IN COMMERCIALWARE (freeware/shareware too, for a LONG time):

APK Registry Cleaning Engine 2002++ SR-7:

http://www1.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

or

http://www.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

(Either link SHOULD work fine to see it)

Above ALL else:

SCREENSHOT:

http://www1.techpowerup.com/downloads/screenshots/389.jpg

or

http://www.techpowerup.com/downloads/screenshots/389.jpg

(Again - either link URL should work to check this out as an example of what you state, that multithreaded (& thus, SMP ready code) has been around for decades, since that app began its life in 1997 in fact, in freeware no less... so, it's NOT just present in commercialware apps either, but also shareware/freeware also).

Hey - I am just a SINGLE example of a guy that's been doing "multithreaded apps", since 1995 or so, online: & there are TONS of others that do also!

(In fact, anyone can examine their windows machine for the presence of multithreaded code, & see that MOST of what you use today IS multithreaded in fact - I run 30 processes here, & 28 of those ARE MULTITHREADED & thus, SMP-ready code!)

Multithreaded code is taken advantage of by the kernel portion memmgt subsystems of today's MODERN OS for better MULTITASKING (getting more done, by more cores/arms to do work with, so overall MORE GETS DONE (think of Gantt charts).

(Microsoft isn't alone here either - BSD variants & Linux variants too also do this (which Linux's original single kernel thread/round-robin usermode/Ring 3/RPL 3 "threads" were only sent thru the SINGLE kernel mode/RPL 0/Ring 0 one)...

In fact? That fact held Linux back from the "Enterprise ready class OS" acceptance for a LONG time, until they built a REAL SMP ready setup (iirc, around kernel 2.2 build or so on Linux kernels (but, I could be off here on the specifics))).

APK

P.S.=> Granted, what I use is "coarse grained" multithreaded design, which amounts to doing diff. tasks that process/touch DIFF. DATA, as they operate (rather than "fine-grained multitheading", which is taking a single data set & running portions of its processing on diff. threads BUT, on the SAME DATA (harder to do & NOT everything lends itself to it)).

E.G.=>

A=B+C
B=A-C
C=B+A

You cannot put this type of thing into threaded design, & expect gains out of it... simply because B has to WAIT on the completion of A, first... no point in placing A or B onto diff. threads, in other words... apk

"Parallelism has been around for ages and has been used commercially for a couple of decades." - by Nursie (632944) on Friday March 28, @10:50AM (#22893630) Homepage True, & NOT JUST IN COMMERCIALWARE (freeware/shareware too, for a LONG time):

APK Registry Cleaning Engine 2002++ SR-7:

http://www1.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

or

http://www.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

(Either link SHOULD work fine to see it)

Above ALL else:

SCREENSHOT:

http://www1.techpowerup.com/downloads/screenshots/389.jpg

or

http://www.techpowerup.com/downloads/screenshots/389.jpg

(Again - either link URL should work to check this out as an example of what you state, that multithreaded (& thus, SMP ready code) has been around for decades, since that app began its life in 1997 in fact, in freeware no less... so, it's NOT just present in commercialware apps either, but also shareware/freeware also).

Hey - I am just a SINGLE example of a guy that's been doing "multithreaded apps", since 1995 or so, online: & there are TONS of others that do also!

(In fact, anyone can examine their windows machine for the presence of multithreaded code, & see that MOST of what you use today IS multithreaded in fact - I run 30 processes here, & 28 of those ARE MULTITHREADED & thus, SMP-ready code!)

Multithreaded code is taken advantage of by the kernel portion memmgt subsystems of today's MODERN OS for better MULTITASKING (getting more done, by more cores/arms to do work with, so overall MORE GETS DONE (think of Gantt charts).

(Microsoft isn't alone here either - BSD variants & Linux variants too also do this (which Linux's original single kernel thread/round-robin usermode/Ring 3/RPL 3 "threads" were only sent thru the SINGLE kernel mode/RPL 0/Ring 0 one)...

In fact? That fact held Linux back from the "Enterprise ready class OS" acceptance for a LONG time, until they built a REAL SMP ready setup (iirc, around kernel 2.2 build or so on Linux kernels (but, I could be off here on the specifics))).

APK

P.S.=> Granted, what I use is "coarse grained" multithreaded design, which amounts to doing diff. tasks that process/touch DIFF. DATA, as they operate (rather than "fine-grained multitheading", which is taking a single data set & running portions of its processing on diff. threads BUT, on the SAME DATA (harder to do & NOT everything lends itself to it)).

E.G.=>

A=B+C
B=A-C
C=B+A

You cannot put this type of thing into threaded design, & expect gains out of it... simply because B has to WAIT on the completion of A, first... no point in placing A or B onto diff. threads, in other words... apk

"Old programmers don't want to learn new things -- trust the tried and true." - by gustolove (1029402) on Tuesday March 25, @03:45AM (#22854458)

Some don't, I do - knowledge, IS POWER, real earning power in this field. One you feel pretty OK about, as you actually create things to help others, ontop of being paid well (more as you go, with more experience + current skills & tools etc. et al)...

So... that all said & aside:

Well, IF an "Old Programmer" wants to keep PROGRAMMING? He had best prep for change, & learning...

AND - it never ends!

Constant change @ high velocity man...

HOWEVER - that's what actually makes it FUN! Imo, @ least, & keeps me from pursuing mgt. type jobs in this field (I've got 2++ yrs. in actual mgt. though from another career in loss prevention mgt. (top of my chain of 218 units in fact, 9 months in a row (aids my forensics/security background today on contracts for that)) I had though prior to computer sciences + an MIS Busienss Bachelors as well, topped off w/ Associates in Comp. Sci. (best choice I have made in my LIFE to date, was going back to school, I highly recommend it, because life will show you, in time working, what you LIKE, & DO NOT LIKE, on the job, the best - you find yourself, via experience))

Yea, it IS that, more than anything: I'll always "have the skills", to get the job done - real skills, not b.s.!

PLUS - I actually ENJOY MY JOB/WORK in coding... so much so, it is a hobby (evidence thereof below) & paid off many times on many things having just done so since 1995 online... leading into commercial products work & more, just from doing what I LIKE to do. Makes work, & the b.s. everyone has to deal w/ sometimes THAT MUCH EASIER, lol!

Anyhow... onwards & upwards (well, in THIS case, downwards):

========

"Young bucks want to be on the cutting edge to get the jobs that the old people already have." - by gustolove (1029402) on Tuesday March 25, @03:45AM (#22854458)

Probably, so what? It takes TIME, lots of it, to get "truly good" @ this stuff, & that means a heck of a lot more than JUST coding. Knowing techstuff & networking is something that is an absolute, as well as webmastery + browser coding ontop of batch/shell or scriptengine scripting too. All done SECURELY too.

Jack of ALL trades, & MASTER OF ALL - that's the goal. It pays in more than just monies, it pays in having a confidence of mastery of your field ~ peace-of-mind on the job is what that means, & liking what yuo do (not being or feeling incompetent, ever): MOST important benny there is.

========

"Oh, and the people see the benefit in the other countries more than those in the U.S.? Probably not, we're just lazy American's though." - by gustolove (1029402) on Tuesday March 25, @03:45AM (#22854458)

LOL! Show a U.S. Worker a buck, the RIGHT BUCK? He'll give you the most important & valuable thing he has - HIS TIME/LIFE, & skills.

Put it THIS way:

I know, firsthand, putting out ON AVERAGE, more than 70 hr. weeks for months @ a time this past yr. on the job (& being RADICALLY underpaid too, mind you, vs. the current prevailing wage for what I do in this field for a living vs. the rest of this nation)....

AND, about "Old folks" are this & that, vs. "Young Folks" are this & that?

This is evidence to the contrary:

http://www1.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

OR

http://www.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

It's Win32 API code, + Inline Assembler in combination with Borland Delphi 7.1 code HIGHLY optimized by compiler AND BY HAND (p

"Old programmers don't want to learn new things -- trust the tried and true." - by gustolove (1029402) on Tuesday March 25, @03:45AM (#22854458)

Some don't, I do - knowledge, IS POWER, real earning power in this field. One you feel pretty OK about, as you actually create things to help others, ontop of being paid well (more as you go, with more experience + current skills & tools etc. et al)...

So... that all said & aside:

Well, IF an "Old Programmer" wants to keep PROGRAMMING? He had best prep for change, & learning...

AND - it never ends!

Constant change @ high velocity man...

HOWEVER - that's what actually makes it FUN! Imo, @ least, & keeps me from pursuing mgt. type jobs in this field (I've got 2++ yrs. in actual mgt. though from another career in loss prevention mgt. (top of my chain of 218 units in fact, 9 months in a row (aids my forensics/security background today on contracts for that)) I had though prior to computer sciences + an MIS Busienss Bachelors as well, topped off w/ Associates in Comp. Sci. (best choice I have made in my LIFE to date, was going back to school, I highly recommend it, because life will show you, in time working, what you LIKE, & DO NOT LIKE, on the job, the best - you find yourself, via experience))

Yea, it IS that, more than anything: I'll always "have the skills", to get the job done - real skills, not b.s.!

PLUS - I actually ENJOY MY JOB/WORK in coding... so much so, it is a hobby (evidence thereof below) & paid off many times on many things having just done so since 1995 online... leading into commercial products work & more, just from doing what I LIKE to do. Makes work, & the b.s. everyone has to deal w/ sometimes THAT MUCH EASIER, lol!

Anyhow... onwards & upwards (well, in THIS case, downwards):

========

"Young bucks want to be on the cutting edge to get the jobs that the old people already have." - by gustolove (1029402) on Tuesday March 25, @03:45AM (#22854458)

Probably, so what? It takes TIME, lots of it, to get "truly good" @ this stuff, & that means a heck of a lot more than JUST coding. Knowing techstuff & networking is something that is an absolute, as well as webmastery + browser coding ontop of batch/shell or scriptengine scripting too. All done SECURELY too.

Jack of ALL trades, & MASTER OF ALL - that's the goal. It pays in more than just monies, it pays in having a confidence of mastery of your field ~ peace-of-mind on the job is what that means, & liking what yuo do (not being or feeling incompetent, ever): MOST important benny there is.

========

"Oh, and the people see the benefit in the other countries more than those in the U.S.? Probably not, we're just lazy American's though." - by gustolove (1029402) on Tuesday March 25, @03:45AM (#22854458)

LOL! Show a U.S. Worker a buck, the RIGHT BUCK? He'll give you the most important & valuable thing he has - HIS TIME/LIFE, & skills.

Put it THIS way:

I know, firsthand, putting out ON AVERAGE, more than 70 hr. weeks for months @ a time this past yr. on the job (& being RADICALLY underpaid too, mind you, vs. the current prevailing wage for what I do in this field for a living vs. the rest of this nation)....

AND, about "Old folks" are this & that, vs. "Young Folks" are this & that?

This is evidence to the contrary:

http://www1.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

OR

http://www.techpowerup.com/downloads/389/APK_Registry_Cleaning_Engine_2002++_SR-7_.html

It's Win32 API code, + Inline Assembler in combination with Borland Delphi 7.1 code HIGHLY optimized by compiler AND BY HAND (p

Years back, Gigabyte released a RAM based SATA drive - the iRAM. This is why folks were excited about it - just honking fast. It had limitations, however. 4x1G max capacity per drive, used (relatively spendy)DDR1 RAM, and apparently did not work nicely in a RAID-0 config when trying to bump the storage capacity. Still, RAM rather than flash is what I was looking for as a primary OS drive.

The next generation of IRAM fixed my major pain point - allowing dirt cheap DDR2 RAM and allowing 8G max storage per drive. ... but it never released... (if anyone here knows of such a device, please post or email) Other drives are on the market, but they want 4 figure price tags. I don't get it. For those of us who can deal with having a hard drive that could 'evaporate' if it ran out of juice for one reason or another (disk images)...trading performance for the hassle... why did the DDR2 drives never make it out? Seagate wielding the patent stick would explain much.

"UAC is basically SEWindows" - by ctr2sprt (574731) on Sunday November 18, @06:48PM (#21401669)

No, this is more like it (& the 12 steps it uses to make Windows 2000/XP/Server 2003, & yes, even VISTA in many of its principles, more secured):

http://forums.techpowerup.com/showthread.php?s=f4b0388085f46ffe45bbc0c4acf7b358&p=500261#post500261

It works.

APK

P.S.=> It's as secure as I can make a Windows machine, & I hope you all try it (those of you that use Windows) & gain the same as I have... I would also add this onto it (stopping Java/JavaScript/ActiveX usage on the public internet since unfortunately, they are used against you @ times, even in adbanners the past few years now):

AN IMPORTANT POINT:

STOP JAVASCRIPT USAGE IN YOUR BROWSERS (along with ActiveX & JAVA) On the PUBLIC internet, PERIOD!

Why? Well, read on:

Fact is, that today? Well... Javascript's dangerous & can be used AGAINST you, as well as help you... it truly is, or can be, a 'double-edged sword'...

(For example - if you follow security related news, you will see that JavaScript is the key avenue being used against you in today's attacks (even thru adbanners!)). Some examples:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick

&

http://apcmag.com/5382/microsoft_apologises_for_serving_malware_to_customers

If you MUST use Javascript (for instance, on a particular site like banking or shopping oriented ones)?

Try "NoScript" (the .xpi addon for FireFox/Mozilla/NetScape 9 etc.) & let it let YOU decide sites to use it on, & then DISABLE JAVA/JAVASCRIPT globally...

(& if you use IE, trying to do the same can be a nightmare (as IE will "nag you to death" if you turn off javascript on sites that use it)).

Opera has similar functionality, ALBEIT, built into it by default as a NATIVE tool!

I.E.-> The ability to GLOBALLY block scripting tools like Javascript, BUT... to also allow it for sites you MUST use it on as exceptions to the GLOBAL rule set in Tools, Preferences menus it has on its menubar.

Opera has the NATIVE BUILT IN ABILITY to allow you to use it on sites you visit IF you must, via rightclicks on the page & "EDIT SITE PREFERENCES" popup menu submenu item that appears.

Either way? It works, & I STRONGLY recommend this. I also recommend Opera for these reasons (less security holes period, & the 1 it had yesterday? Patched yesterday too... fast!)

SECUNIA DATA ON BROWSER SECURITY (dated 10/20/2007):

Opera 9.24 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

* NETSCAPE 9.0.0.3 also qualifies here, as does Opera, with 0% unpatched known bugs/issues!

FireFox 2.0.0.9 security advisories @ SECUNIA (25% unpatched):

http://secunia.com/product/12434/

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (40% unpatched):

http://secunia.com/product/12366/

Those %'s are the latest for FireFox 2.0.0.8, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.24... all latest/greatest models.

So, as you can see?

Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does, & is probably the MOST sta

"Vista is a not an epic disaster because of:

1. Performance.
2. Security." - by aldheorte (162967) on Sunday November 18, @02:50PM (#21399733) -----

Take a peek @ this information, & get even MORE out of VISTA (on both fronts noted/quoted above):

http://forums.techpowerup.com/showthread.php?s=e69d112292ea1a83aaaa81f58f47e5da&p=500261#post500261

The principals there can not only speed up performance, and security - & those principals noted still apply in VISTA as well largely in a good 95% of them).

APK

P.S.=> From that which I quote from you, well, I agree on the SECURITY end (VISTA's got some good ideas there you DON'T see, like ASR (address space randomization) for executables for instance, & a more protected mode than XP has for IE7 (even more than the -extoff one in XP, & even more than Windows Server 2003's versions of IE have in secured mode))

However, I can't agree on the performance part (mainly, & certainly not without feeding the VISTA OS in its default setup that is, a lot more RAM than XP needs for instance, & more than Windows Server 2003 in its defaults of workstation/pro on install).

The new networking stuff in VISTA is touchy I have found (networking VISTA to VISTA oddly enough, but not VISTA to XP for instance) & also some drivers for Logitech equipment (vidcams - I saw once where they don't do their video WITH sound, without init. sound first & THEN, video functions of the camera on VISTA (this is a fault of Logitech though is my guess)...

Anyhow, room for improvement exists. It's got 1 thing going for it I like - That's that VISTA is built off the Windows Server 2003 codebase foundations, & they put ASRL onto that (this is stability & security related).

I don't like the DRM stuff either... who does, other than the RIAA etc.? The filecopying performance issues when networking or doig multimedia iirc, are another I hear tell about, & hopefully this patch SP1 DOES fix that as stated... apk

IF the original link for securing a Windows 2000/XP/Server2003/VISTA system does not work for you, this should:

http://forums.techpowerup.com/showthread.php?s=9717b49a6f03fb3785d81d27ec523633&p=500261#post500261

APK

"5. Security without annoyances" - by webmaster404 (1148909) on Tuesday November 13, @07:21PM (#21343909)

Answer = http://forums1.techpowerup.com/showthread.php?s=9717b49a6f03fb3785d81d27ec523633&p=500261#post500261

It works.

1-2.5 hours of work, for YEARS of solid, safe, & fast uptime (with security & proofs + tools & tests to use to help you do it, that make it as simple as it gets).

Simpler than SeLinux, & FAR BETTER than its defaults.

And yes... On Windows 2000/XP/Server 2003 & even VISTA, using the same principals (the least on 2k, it's too "old & different" @ varying levels (including the recent RND function issue) from the others, but it still helps it even, a hell of a lot).

Enjoy those of you that use Windows based OS once you apply it ALL fully...

APK

P.S.=> Add this to it? You're as safe as is needed on s single system (or, networked nodes even) online today, with good practices & secure softwares (especially browsers):

AN IMPORTANT POINT:

STOP JAVASCRIPT USAGE IN YOUR BROWSERS (along with ActiveX & JAVA + FLASH too) On the PUBLIC internet, PERIOD!

Why:

Fact is, that today? Well... Javascript's dangerous & can be used AGAINST you, as well as help you... it truly is, or can be, a 'double-edged sword'...

(For example - if you follow security related news, you will see that JavaScript is the key avenue being used against you in today's attacks).

If you MUST use Javascript?

Try "NoScript" (the .xpi addon for FireFox/Mozilla/NetScape 9 etc.) & let it let YOU decide sites to use it on, & then DISABLE JAVA/JAVASCRIPT globally...

(& if you use IE, trying to do the same can be a nightmare (as IE will "nag you to death" if you turn off javascript on sites that use it)).

Opera has similar functionality, ALBEIT, built into it by default as a NATIVE tool!

I.E.-> The ability to GLOBALLY block scripting tools like Javascript, BUT... to also allow it for sites you MUST use it on as exceptions to the GLOBAL rule set in Tools, Preferences menus it has on its menubar.

(Banking sites is a good example that DEMANDS you use javascript)

Opera has the NATIVE BUILT IN ABILITY to allow you to use it on sites you visit IF you must, via rightclicks on the page & "EDIT SITE PREFERENCES" popup menu submenu item that appears.

Either way? It works, & I STRONGLY recommend this. I also recommend Opera for these reasons (less security holes period, & the 1 it had yesterday? Patched yesterday too... fast!)

SECUNIA DATA ON BROWSER SECURITY (dated 10/20/2007):

Opera 9.24 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

FireFox 2.0.0.8 security advisories @ SECUNIA (25% unpatched):

http://secunia.com/product/12434/

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (40% unpatched):

http://secunia.com/product/12366/

Those %'s are the latest for FireFox 2.0.0.9, IE7 after TODAY, "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.24... all latest/greatest models.

So, as you can see?

NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does, & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:

http://www.ho

'I'd feel a lot safer if you could get selinux to work on Windows..." - by flyingfsck (986395) on Thursday November 08, @08:54PM (#21289459) SeLinux is pretty cool, except I have heard it can be a "beyotch" to setup & "security-harden" more than its defaults are on, for example, SeLinux bearing distros like KUbuntu etc. et al!

(AND, it's not that simple on Windows either as far as securing it, but I have done a tutorial & guide that helps make it simpler)

APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA)):

http://forums1.techpowerup.com/showthread.php?s=096913265fc1542f05f8d28c3370af7a&p=500261#post500261

That's how to secure a Windows rig (or, @ least, as best as I know how to)...

I've seen the results of what SeLinux can do here (for Linux distros that have it "baked in", but were run under VMWare which some feel actually LESSEN security due to 'complexity weaknesses due to more moving parts in the mix' so-to-speak)... it's not bad!

There, I also saw that Linux seems to get lower scores than Windows XP SP2 &/or Windows Server 2003 SP2 do by default from their default security policies setup...

(I.E.-> Linux's seem to tend to increase more when hardened & also that Windows systems cannot reach 90% or better scores, ever, due to a bug in the Windows model on the CIS Tool tests used in the math calc used to score you, & I have proven that some areas I was scored down in are DEAD WRONG too (as did the Linux person here in Bert64, a slashdot poster here, on LINUX), which are a great "guide" to securing your machine & tell you more on how to do it)

APK

P.S.=> I also listed stopping Java/JavaScript/ActiveX usage on the public internet there, but for SOME REASON, they edited it out there (that sort of amazed me a bit, & got me banned when I questioned it, which is odd)... apk

"I'm surprise to you can still use the web today without javascript... or at least you are missing a great part of it." - by JcMorin (930466) on Monday October 29, @04:01PM (#21160875)

I can use the web just fine without scripting (unless its a banking site, or shopping site), & doing that in addition to what's here:

http://forums1.techpowerup.com/showthread.php?s=13257d4e042c172538d3aa73872bc7e2&p=500261#post500261

Allows me to do so, virus/spyware free, 110%... for more than a decade now.

----

"I think the solution is to have secure browser... nothing more." - by JcMorin (930466) on Monday October 29, @04:01PM (#21160875)

See my P.S., & ask, and ye shall receive... fastest one too!

APK

P.S.> Been saying this for years now:

STOP JAVASCRIPT USAGE IN YOUR BROWSERS (along with ActiveX & JAVA) On the PUBLIC internet, PERIOD!

Why? Well, read on:

Fact is, that today? Well... Javascript's dangerous & can be used AGAINST you, as well as help you... it truly is, or can be, a 'double-edged sword'...

(For example - if you follow security related news, you will see that JavaScript is the key avenue being used against you in today's attacks).

f you MUST use Javascript?

Try "NoScript" (the .xpi addon for FireFox/Mozilla/NetScape 9 etc.) & let it let YOU decide sites to use it on, & then DISABLE JAVA/JAVASCRIPT globally...

(& if you use IE, trying to do the same can be a nightmare (as IE will "nag you to death" if you turn off javascript on sites that use it)).

Opera has similar functionality, ALBEIT, built into it by default as a NATIVE tool!

I.E.-> The ability to GLOBALLY block scripting tools like Javascript, BUT... to also allow it for sites you MUST use it on as exceptions to the GLOBAL rule set in Tools, Preferences menus it has on its menubar.

(Banking OR shopping sites are good examples that DEMAND you use javascript)

Opera has the NATIVE BUILT IN ABILITY to allow you to use it on sites you visit IF you must, via rightclicks on the page & "EDIT SITE PREFERENCES" popup menu submenu item that appears.

Either way? It works, & I STRONGLY recommend this. I also recommend Opera for these reasons (less security holes period, & the 1 it had yesterday? Patched yesterday too... fast!)

----

SECUNIA DATA ON BROWSER SECURITY (dated 10/20/2007):

Opera 9.24 security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

FireFox 2.0.0.8 security advisories @ SECUNIA (25% unpatched):

http://secunia.com/product/12434/

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (40% unpatched):

http://secunia.com/product/12366/

Those %'s are the latest for FireFox 2.0.0.8, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.24... all latest/greatest models.

So, as you can see?

Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does, & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:

http://www.howtocreate.co.uk/browserSpeed.html

AND, yes others (most recently in Javascript parsing speeds, oddly enough, lol... given the topic of my post here that is), right here:

"Windows can be secured" - by Torvaun (1040898) on Sunday October 21, @03:47PM (#21065357) Yes, they can be, with about 1-2 hours of your time, for a lifetime of seture uptime (with some common-sense added regarding email attachments, email formats, & adbanner + scripting protection in browsers/webbased apps):

HOW TO REALLY SECURE A WINDOWS MACHINE STEP-BY-STEP:

http://forums1.techpowerup.com/showthread.php?s=9f10ad9cc96c1f2f089f1b55061d4c4b&p=500261#post500261

"Yes, those systems are more secure than Windows" - by Torvaun (1040898) on Sunday October 21, @03:47PM (#21065357) Actually, if you look on the SAME PAGE as that 12-step guide for securing Windows, just a few posts up from it?

Well, there, you'll see the DEFAULT CIS TOOL score for Linux (SuSE Enterprise) is around 46/100 scores... that is FAR BELOW the default possible score for Windows XP SP #2, which iirc, scores around 76/100 by default.

APK

P.S.=> Is this a gauge/indicator? I'd say so. The CIS TOOL tests security access to things like IP Communications, configuration files, critical system files/folders & more (both of which have analogs on ANY OS today)... your last points are the most important though imo - the user themselves making mistakes online for example, trusting any ware or link, is a major problem that operates DEFINITELY in favor of those operating botnets, creating virus/malware/trojans etc. et al... apk

These guys have some pretty fast mirrors up for the UT3 demo:

http://www.techpowerup.com/downloads/794/mirrors.php

"Contrast with the windows API which differs hugely between releases, but also keeps the old incompatible APIs on newer versions, and cant easily be removed even if people don't intend to run older programs." - by Bert64 (520050) on Friday October 12, @03:10PM (#20958433) ?

Looking @ the Win32 API @ least (not the "native undercore" like NT-based OS' NtAPI/ZwAPI stuff)& my having used it over the past 15 years now coding??

Well, MOST OF IT (a good 95% or more in fact) WORKS ON SAY, Win9x-> NT -> 2000 -> XP -> Windows Server 2003 -> VISTA just fine & has VERY FEW DIFFERENCES IN IT between the 9x calls & NT-based OS ones (in other words, the majority of the Win32 API works across ALL MS OS & yes, even VISTA)...

In fact, this app of mine is proof of that:

APK REGISTRY CLEANING ENGINE 2002++ SR-7:

http://www1.techpowerup.com//downloads/389/foowhatevermakesgooglehappy.html

& so does this one:

APK Matrix ScreenSaver:

http://www1.techpowerup.com//downloads/390/APK_Matrix_ScreenSaver.html

BOTH are written in Delphi (Object Pascal, which works on Linux too, via KYLIX, more on this below)!

----

"The backwards compatibility cruft is only necessary because the original system it's intended to be backwards compatible with was so poorly designed to begin with.." - by Bert64 (520050) on Friday October 12, @03:10PM (#20958433) Well, it depends on WHAT Os from MS you mean - DOS, for example, especially around 5.0 - 6.22 models?? Solid as a ROCK... I only completely "floored" DOS maybe 3 times in using it from 1991-1993... that's pretty reliable, but it was only designed to be a SINGLE task / single user machine too.

The point I was making is that some companies STILL use DOS based stuff (the place I am @ now, for instance, uses a FoxPro DB engine to track call center stuff... & FOXPRO FOR DOS (2.6 version iirc)). They are "welded" to it, because they are unable to find a suitable replacement, WITHOUT a rewrite (and, the BOSS wrote it, so it stays (ego thing)).

Thus, being backwards compatible can be a blessing (in diff. circumstances like I noted, where no "turnkey instant solution" via a replacement app exists for Windows for example, OR they are unwilling/unable to foot the bill for a total REWRITE INTO WINDOWS FOR AN APP).

----

"I have C code that was originally written for old unixes running on vax systems which can still be compiled and executed on modern linux, because the source API for unix has largely remained compatible." - by Bert64 (520050) on Friday October 12, @03:10PM (#20958433) With CHARACTER MODE/TTY/DOS mode (using this last term loosely) apps, usually this is easy enough to do, provided the .h files are completely ported for ALL functions called, between platforms.

Thing is here though?

Well, MOSTLY, it's much the same for Windows stuff too!

I.E.-> As long as the .h files called between platforms ported to work fully & don't overlook things like registry vs. config files under etc. for instance, or sockets diff.'s that exist between diff. OS (how they use them), OR drive letters (Ms stuff) vs. mounted devices (NIX for example).

Personally, for single stand-alone .exe files (not runtime interpreted stuff, which is slower)?

I like Delphi/Kylix the BEST for "insta-ports" of the SAME codebase, between LINUX (Qt libs based shell stuff on KDE) & Win32.

I.E./E.G.-> The same code can be used, ports instantly, allows statically compiled single monolithic exe's that are FAST, from the exact same codebase in Object Pascal/Delphi/Kylix (easier done than on C/C++ even imo, no .h files to DIRECTLY usually worry about, as long as you obey what to look out for that I noted above).

APK

"Contrast with the windows API which differs hugely between releases, but also keeps the old incompatible APIs on newer versions, and cant easily be removed even if people don't intend to run older programs." - by Bert64 (520050) on Friday October 12, @03:10PM (#20958433) ?

Looking @ the Win32 API @ least (not the "native undercore" like NT-based OS' NtAPI/ZwAPI stuff)& my having used it over the past 15 years now coding??

Well, MOST OF IT (a good 95% or more in fact) WORKS ON SAY, Win9x-> NT -> 2000 -> XP -> Windows Server 2003 -> VISTA just fine & has VERY FEW DIFFERENCES IN IT between the 9x calls & NT-based OS ones (in other words, the majority of the Win32 API works across ALL MS OS & yes, even VISTA)...

In fact, this app of mine is proof of that:

APK REGISTRY CLEANING ENGINE 2002++ SR-7:

http://www1.techpowerup.com//downloads/389/foowhatevermakesgooglehappy.html

& so does this one:

APK Matrix ScreenSaver:

http://www1.techpowerup.com//downloads/390/APK_Matrix_ScreenSaver.html

BOTH are written in Delphi (Object Pascal, which works on Linux too, via KYLIX, more on this below)!

----

"The backwards compatibility cruft is only necessary because the original system it's intended to be backwards compatible with was so poorly designed to begin with.." - by Bert64 (520050) on Friday October 12, @03:10PM (#20958433) Well, it depends on WHAT Os from MS you mean - DOS, for example, especially around 5.0 - 6.22 models?? Solid as a ROCK... I only completely "floored" DOS maybe 3 times in using it from 1991-1993... that's pretty reliable, but it was only designed to be a SINGLE task / single user machine too.

The point I was making is that some companies STILL use DOS based stuff (the place I am @ now, for instance, uses a FoxPro DB engine to track call center stuff... & FOXPRO FOR DOS (2.6 version iirc)). They are "welded" to it, because they are unable to find a suitable replacement, WITHOUT a rewrite (and, the BOSS wrote it, so it stays (ego thing)).

Thus, being backwards compatible can be a blessing (in diff. circumstances like I noted, where no "turnkey instant solution" via a replacement app exists for Windows for example, OR they are unwilling/unable to foot the bill for a total REWRITE INTO WINDOWS FOR AN APP).

----

"I have C code that was originally written for old unixes running on vax systems which can still be compiled and executed on modern linux, because the source API for unix has largely remained compatible." - by Bert64 (520050) on Friday October 12, @03:10PM (#20958433) With CHARACTER MODE/TTY/DOS mode (using this last term loosely) apps, usually this is easy enough to do, provided the .h files are completely ported for ALL functions called, between platforms.

Thing is here though?

Well, MOSTLY, it's much the same for Windows stuff too!

I.E.-> As long as the .h files called between platforms ported to work fully & don't overlook things like registry vs. config files under etc. for instance, or sockets diff.'s that exist between diff. OS (how they use them), OR drive letters (Ms stuff) vs. mounted devices (NIX for example).

Personally, for single stand-alone .exe files (not runtime interpreted stuff, which is slower)?

I like Delphi/Kylix the BEST for "insta-ports" of the SAME codebase, between LINUX (Qt libs based shell stuff on KDE) & Win32.

I.E./E.G.-> The same code can be used, ports instantly, allows statically compiled single monolithic exe's that are FAST, from the exact same codebase in Object Pascal/Delphi/Kylix (easier done than on C/C++ even imo, no .h files to DIRECTLY usually worry about, as long as you obey what to look out for that I noted above).

APK

"I doubt they would care about vmware, while it is emulation of a kind it emulates the hardware so the os can run unmodified. Perhaps paravirtualization like xen, or even higher level virtualization like virtuozzo would have more of an impact. Even so, vmware esx is very commonly used in server deployments these days so it is a perfectly valid configuration to test." - by Bert64 (520050) on Friday October 12, @10:50AM (#20953889) I don't know if they will care if you used VMWare or not, but, we'll find out one way, or the other. I often use VirtualPC @ work to test wares on 9x/ME/98-98SE/NT 3.x/NT 3.5x, so I am fairly familiar how-why these are used, @ least for software testing.

----

"The windows test is much larger, this is mostly to do with windows itself being a far more complex beast." - by Bert64 (520050) on Friday October 12, @10:50AM (#20953889) It is more complex than Linux, by far, & I have seen the diagrams of the comparison of their system call interface mappings, & I agree.

----

"It has layers upon layers of backwards compatibility cruft, many instances where multiple APIs do the same thing in slightly different ways or with slightly different options" - by Bert64 (520050) on Friday October 12, @10:50AM (#20953889) This "cruft" for 'backward compatibility' has a BRIGHT-SIDE though: That backward compatibility helps to NOT have to either:

1.) Rewrite old software for older MS OS' (costs money bigtime depending on the size & complexity of the project, & the project I noted earlier in our discussion here, as far as code I've written on contracts for various companies, went over 1 million lines of handwritten VB6 & Oracle stored procs, to replace a FoxPro app (all of them ended up talking to ORACLE via ADO (reads)/OO40 (writes), using both middlewares, because of the performance gains possible read vs. write)

OR

2.) Having to buy new software for purpose & adapting it (always the case in MIS/IS/IT environs usually, because nobody does business EXACTLY the same, or structures their data the same as other companies do).

----

"This also brings up another point against closed source, had windows and the apps running atop it being open source, the old backwards compatible apis could have been removed long ago as programs could easily have been updated to use the newer apis instead." - by Bert64 (520050) on Friday October 12, @10:50AM (#20953889) Well, see the reasons above, in favor of "CLOSED SOURCE" & backward compatibility + WHY it's helped MS succeed, imo @ least.

----

"Unix by contrast runs off a simple philosophy, everything is a file " - by Bert64 (520050) on Friday October 12, @10:50AM (#20953889) It's the SAME in MS' NT-based OS: EVERYTHING is a file... even device interfaces (like your monitor/screen pallet object) -> You Open them, Read/Write them, & close them (just like files).

APK

P.S.=> ANYHOW - I think we've concluded all we needed to @ this point, good discussion, & I am glad we could salvage it from being an argument, into a productive session, bouncing ideas off one another! apk

MY TEST SCORES ARE HERE FOR YOUR FUTURE REF. IF YOU NEED THEM:

http://forums1.techpowerup.com//showthread.php?s=e4a37b9066c132b9556af1b2b848f3cd&t=16097&page=2

apk

"Microsoft has been telling bald-faced lies about their security for at least a decade. What's different this time?" - by jcr (53032) on Friday September 21, @11:08AM (#20696607)

I see you say "Microsoft lies", well... what about you "Pro *NIX" Penguins & "bsd devils" here on slashdot?

It was hilarious in this thread also where others from the "Pro-*NIX" camp here @ /. tried to say "Apache is more secure than IIS" &, lo and behold in the 2 url's below:

----

APACHE UNPATCHED KNOWN VULNERABILITIES LIST (9%):

http://secunia.com/product/73/?task=statistics

IIS 6.x UNPATCHED KNOWN VULNERABILITIES LIST (0%):

http://secunia.com/product/1438/?task=statistics

----

Let's also move onto & take a look @ SQLServer 2005 also, shall we??

SQLServer 2005 UNPATCHED KNOWN VULNERABILITIES LIST (0%):

http://secunia.com/product/6782/

----

Let's NOT stop there either... take a peek @ Microsoft Office 2007!

Microsoft Office 2007 UNPATCHED KNOWN VULNERABILITY LIST (0%):

http://secunia.com/product/13228/

----

Given all that data (& yes, IE sux, & IE7 even needs more work in terms of security, but that is what Opera & FireFox are for imo)? It amazes me the b.s. you people here @ /. often spout, like "Windoze blows" etc. when clearly, it is a fine set of products MS produces for the MOST part...

IE is really the LAST area/product from MS that need some work it seems/is all!

APK

P.S. => Also, see this URL where over 30++ /.'ers ran from a challenge regarding Windows vs. Linux security, in a thread post here on /., regarding "Hardening Linux" no less:

SLASHDOT POST ABOUT "HARDENING LINUX":

http://it.slashdot.org/comments.pl?sid=267599&threshold=-1&commentsort=0&mode=thread&cid=20203061

(That's where no *NIX person here on this site @/., & other sites oriented around both LINUX &/or BSD could not do a better job on a valid multi-platform test of security (based on best practices for each OS platform than a Windows Server 2003 user could!))

The *NIX folks were challenged on this site, who stated things along the lines of:

"(Insert *NIX variant here) is more secure OR securable than Windows"

& that's when I simply challenged them to that test in CIS TOOL... not a single one exceeded my score on Windows Server 2003 fully custom hardened for security. See this image which backs my score:

http://img.techpowerup.org/070828/APK_AToutLeMonde_85.185CISToolScorePhotoProof.jpg

"CIS TOOL" (by the center for internet security) has been noted as a tool to help secure yourself by BOTH Computerworld & SANS (sites often cited here on /. no less, regarding security data):

Here is the outline for achieving that 85.185 score on CIS TOOL, for Windows users:

http://forums.techpowerup.com/showthread.php?p=375355#post375355

It works & so much so, it tends to "silence the F.U.D." spreaders here on /. about Windows vs. Linux (even SeLinux &/or BSD variants as well) regarding securability of them all!

Again, for all their 'talk', not a single *NIX person here beat that score, failing to "put up, or shut up". Nobody from /. has exceeded that score a Windows Server 2003 user achieves on i

"I might use a HOSTS file to direct requests for that domain to 0.0.0.0 just to protect myself from any inadvertent requests I may make." - by mcmonkey (96054) on Tuesday September 11, @01:34PM (#20557241)

Agreed, 110% - & there are many benefits to doing it for the end-user, in both speed AND security no less... read on:

DOWNLOAD LINK for a good custom HOSTS file that blocks over 27,000 known adbanner servers:

http://forums.techpowerup.com/attachment.php?s=7cbf6b5496c42c57137f9a1383375223&attachmentid=6540&d=1172567412

(PURPOSE DESCRIPTIONS, INSTALLATION DIRECTIONS & EDITING DIRECTIONS BELOW)

1st of all, it's my (and YOUR) monthly bandwidth I/you/we all pay for, so I demand all of it be MINE, & not for downloading adbanner content I do not want (or, do not want to be infected by (& THIS HAS HAPPENED, via malicious script in some of them the past few years now in fact)):

Why use an ADBANNER BLOCKING HOSTS file? Here is why!

CHECK THIS, DATED TODAY 02/21/2007:

Microsoft apologises for serving malware

http://apcmag.com/5382/microsoft_apologises_for_serving_malware_to_customers

This is by no means, a first either... it's happened QUITE A FEW TIMES the past few years!

The attached custom HOSTS file here in the first URL above IS A DOWNLOADABLE WORKAROUND attached as a zipfile (hosts.zip), w/ install directions a few posts beneath that (easy) THAT SECURES YOU AGAINST THIS & ALSO SPEEDS YOU UP AS A BONUS

It also secures you against times your routers are under attack, or IF YOUR ISP/BSP's DNS SERVERS GO DOWN (per this URL from another thread here & from SLASHDOT DATA AS WELL)

Computer Routers face Hijack Risk:

http://forums.techpowerup.com/showthread.php?t=25734

SLASHDOT - DNS Root Server under attack:

http://it.slashdot.org/article.pl?sid=07/02/06/2238225

Keep reading...

AND, sorry webmasters: Yes, I know many of you do NOT like this file of mine & others like it, but this is a BIG part of why I use one!

(Mine blocks nearly 27,000 known adbanner servers & allows users to speed up access to their fav. sites - THIS latter part though, speed up of access to fav. sites, the user has to setup, himself, but, not loading the banners does as well AND secures you against this very type of threat!)

I comment out an example of it in the file so the users have a template how to do it... & it's FULLY documented internally in my 'custom HOSTS file', on how to get around when a site changes its URL/IP equation too - very easy, ping & notepad.exe!

It is also FULLY alphabetized in addition to being organized into diff. sections, so hunting down servers that may already exist in it for blocking adbanners is easier!

(this was done via a program I wrote up for myself that is noted near the top, which automates checks for me of existing vs. non-existing servers for adbanner blocks in its content - you don't have that, but the program sorted them all this way - this is so you can add new ones easily IN alphabetical order, or find them so you do NOT have 'double entries' (no big deal, because once it is loaded by your local dns cache, it removes those, but the shorter it is, the faster it is loaded!))

* HOWEVER, THIS is an example of part of why I use this file!

That, & the fact I pay for my linetime, & want ALL the speed possible out of it... meaning no calls to DNS servers w/ fav. sites you add to it, & YOU add them, not I (takes more time than using this file by FAR) & no calling out to adbanner

"I might use a HOSTS file to direct requests for that domain to 0.0.0.0 just to protect myself from any inadvertent requests I may make." - by mcmonkey (96054) on Tuesday September 11, @01:34PM (#20557241)

Agreed, 110% - & there are many benefits to doing it for the end-user, in both speed AND security no less... read on:

DOWNLOAD LINK for a good custom HOSTS file that blocks over 27,000 known adbanner servers:

http://forums.techpowerup.com/attachment.php?s=7cbf6b5496c42c57137f9a1383375223&attachmentid=6540&d=1172567412

(PURPOSE DESCRIPTIONS, INSTALLATION DIRECTIONS & EDITING DIRECTIONS BELOW)

1st of all, it's my (and YOUR) monthly bandwidth I/you/we all pay for, so I demand all of it be MINE, & not for downloading adbanner content I do not want (or, do not want to be infected by (& THIS HAS HAPPENED, via malicious script in some of them the past few years now in fact)):

Why use an ADBANNER BLOCKING HOSTS file? Here is why!

CHECK THIS, DATED TODAY 02/21/2007:

Microsoft apologises for serving malware

http://apcmag.com/5382/microsoft_apologises_for_serving_malware_to_customers

This is by no means, a first either... it's happened QUITE A FEW TIMES the past few years!

The attached custom HOSTS file here in the first URL above IS A DOWNLOADABLE WORKAROUND attached as a zipfile (hosts.zip), w/ install directions a few posts beneath that (easy) THAT SECURES YOU AGAINST THIS & ALSO SPEEDS YOU UP AS A BONUS

It also secures you against times your routers are under attack, or IF YOUR ISP/BSP's DNS SERVERS GO DOWN (per this URL from another thread here & from SLASHDOT DATA AS WELL)

Computer Routers face Hijack Risk:

http://forums.techpowerup.com/showthread.php?t=25734

SLASHDOT - DNS Root Server under attack:

http://it.slashdot.org/article.pl?sid=07/02/06/2238225

Keep reading...

AND, sorry webmasters: Yes, I know many of you do NOT like this file of mine & others like it, but this is a BIG part of why I use one!

(Mine blocks nearly 27,000 known adbanner servers & allows users to speed up access to their fav. sites - THIS latter part though, speed up of access to fav. sites, the user has to setup, himself, but, not loading the banners does as well AND secures you against this very type of threat!)

I comment out an example of it in the file so the users have a template how to do it... & it's FULLY documented internally in my 'custom HOSTS file', on how to get around when a site changes its URL/IP equation too - very easy, ping & notepad.exe!

It is also FULLY alphabetized in addition to being organized into diff. sections, so hunting down servers that may already exist in it for blocking adbanners is easier!

(this was done via a program I wrote up for myself that is noted near the top, which automates checks for me of existing vs. non-existing servers for adbanner blocks in its content - you don't have that, but the program sorted them all this way - this is so you can add new ones easily IN alphabetical order, or find them so you do NOT have 'double entries' (no big deal, because once it is loaded by your local dns cache, it removes those, but the shorter it is, the faster it is loaded!))

* HOWEVER, THIS is an example of part of why I use this file!

That, & the fact I pay for my linetime, & want ALL the speed possible out of it... meaning no calls to DNS servers w/ fav. sites you add to it, & YOU add them, not I (takes more time than using this file by FAR) & no calling out to adbanner

APK Registry Cleaning Engine 2002++ SR-7:

http://www.techpowerup.com/downloads/389/foowhatev ermakesgooglehappy.html

It is a multithreaded single executable design in Borland Delphi and does a great job on cleaning the registry safely and I have compared it to others like it, per what the program download description states, in other registry cleaners. I found it does the job more safely and thoroughly because it finds more entries than others do. Most importantly this proggie does not expose users to the dangers of registry cleaning in that other ones expose (Class Identifiers/CLSIDs, and when the wrong ones are removed, things stop working or blow up). This one does not do that.

I have also found it is a useful tool for security in 2 capacities:

1 being in hiding the tracks of files I used to have laying around but do not anymore, and it removes their tracks that remain in the registry.

The second being that I have conversely also found that it is an extremely useful as a forensics tool for hunting down what users have actually had on their systems, even though they deleted them and defragged their drivers to stop undelete tools from recovering said files.

****

APK Matrix ScreenSaver:

http://www.techpowerup.com/downloads/390/APK_Matri x_ScreenSaver.html

The smallest and coolest looking "matrix" screensaver I have found to date, by the same author as the program above. If you liked this film, this one rocks.

****

WinRar (current build):

Who can say enough about this program? It may have "ripped off" the style of the Winzip interface (the original archiver) but it is lighter on memory & system resources and does more compression formats natively (without using external archivers) than Winzip does.

APK Registry Cleaning Engine 2002++ SR-7:

http://www.techpowerup.com/downloads/389/foowhatev ermakesgooglehappy.html

It is a multithreaded single executable design in Borland Delphi and does a great job on cleaning the registry safely and I have compared it to others like it, per what the program download description states, in other registry cleaners. I found it does the job more safely and thoroughly because it finds more entries than others do. Most importantly this proggie does not expose users to the dangers of registry cleaning in that other ones expose (Class Identifiers/CLSIDs, and when the wrong ones are removed, things stop working or blow up). This one does not do that.

I have also found it is a useful tool for security in 2 capacities:

1 being in hiding the tracks of files I used to have laying around but do not anymore, and it removes their tracks that remain in the registry.

The second being that I have conversely also found that it is an extremely useful as a forensics tool for hunting down what users have actually had on their systems, even though they deleted them and defragged their drivers to stop undelete tools from recovering said files.

****

APK Matrix ScreenSaver:

http://www.techpowerup.com/downloads/390/APK_Matri x_ScreenSaver.html

The smallest and coolest looking "matrix" screensaver I have found to date, by the same author as the program above. If you liked this film, this one rocks.

****

WinRar (current build):

Who can say enough about this program? It may have "ripped off" the style of the Winzip interface (the original archiver) but it is lighter on memory & system resources and does more compression formats natively (without using external archivers) than Winzip does.

It seems ATI/AMD's new professional graphics cards are going to perform a lot better than Nvidia's current offerings.
They would need good Linux drivers for these cards to eat into NV's pro/workstation market share.

http://www.theinquirer.net/?article=42127
http://www.techpowerup.com/index.php?38812

http://forums.techpowerup.com/attachment.php?s=b05 c46a8779d67f610afc096711dc388&attachmentid=6540&d= 1172567412

27,000 adbanner servers blocked, fully alphabetized internally (for easier seeks when adding/deleting entries when needed )

This file helps protect against lags online calling out to your DNS to resolve web addresses of your fav sites (since you can speedup your favs in it, documented inside, look with notepad.exe to see on how to do this & why)

This file helps speed you up, in resolving bannerads IP/UNC to the DNS also

This file helps speed you up, by stopping the loading & running banner material from adbanner servers, slowing yourself down

This file provides protection vs. malicious javascript bearing banners

====

INSTALLATION DIRECTIONS:

1.) To replace the one you use now, simply first backup your original one located here:

%WinDir%\system32\drivers\etc

TO HOSTS.OLD, & then unzip this one into that same subfolder!

----

2.) On Windows 2000, you will need to reboot for it to take effect... but, on Windows XP/Server 2003, the IP stack is 'dynamically loaded/reloaded' & "plug-N-play" driver design, so it takes effect nearly immediately.

----

3.) NOTES ON HOW IT WORKS & HOW TO FULLY USE IT - It is FULLY internally documented on HOW to use it. You can examine & edit it using notepad.exe & add your favorite sites to it to speedup access to them & be able to reach them even IF your DNS 'goes down' @ your ISP/BSP as well.

A.) ACTIVATING, EDITING, & UPDATING THE INACTIVE FAVORITE SITES TO SPEEDUP SECTIONS:

The ping command is used for this with notepad.exe... this is noted inside the file, with step-by-step examples thereof.

I mention this, because I leave the section where you add in your favorite sites # "Unix Style" commented off & they MAY be out of date in terms of the IP Address currently used for that particular site, if you use the ones I have in there now commented off!

(Ms' IP stack IS based off the BSD model & thus, why the UNIX comments exist & work in it)

That is so you can add your own personal favorites.

B.) NOTES on "AS IS" FUNCTIONALITY (USING IT AS IT SHIPS, W/ FAV. SITES INACTIVE):

The adbanner blocking portion IS active however, the moment you start using it. This leaves it flexible for folks in both capacities.

Again - It is also FULLY internally alphabetized in addition to being organized into diff. sections, so hunting down servers that may already exist in it for blocking adbanners is easier!

This is so you can add new ones easily IN alphabetical order, or find them so you do NOT have 'double entries' (no big deal, because once it is loaded by your local dns cache, it removes those, but the shorter it is, the faster it is loaded!))

Nice part of this is, you go faster resolving URL-> IP address equations, far faster than calling out to your DNS from your ISP/BSP when you use it, & if that server goes down? You STILL can reach them!

====

(Again - Step-by-Step examples are in the file of all things it can do & how/why it does them, & how YOU can add to it easily!)

Enjoy a faster & safer internet experience using this file... it DOES help on both security & speed accounts!

APK

"Fuck off spammer, nobody wants to hear about your shitty security site." - by Anonymous Coward on Wednesday August 15, @02:47PM (#20239851)

First of all: CIS Tool is not "my shitty security site", it's a program that's been noted by SANS & COMPUTERWORLD, as legit/valid & yes, useful.

I found it INCREDIBLY useful, in helping me to secure my Windows Server 2003 SP #2 system here (above where I had it initially, around a 60.500 score, up to 76.500 iirc, later & FINALLY, to an 84.735/100 score)...

In fact, I found it SO useful?

That I did a post @ a widely travelled forums (techpowerup.com) to show Windows users HOW TO GET THE SAME SCORE & LEVEL OF SECURITY I HAVE, right here:

APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA):

http://forums.techpowerup.com/showthread.php?s=4e8 acd2823a55216081bf694304b09df&p=375355#post375355

(What's in that thread, is FAR MORE COMPREHENSIVE than you find in most articles on "how to secure windows" by FAR... & it just works & much of its based on what CIS TOOL had me do, though it helps only SO FAR, you can figure out the rest, based on that post of mine @ techpowerup.com!)

PROOF OF MY SCORE ON CIS TOOL, a multiplatform test of security (noted by SANS & COMPUTERWORLD):

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

(& I would like to see *NIX folks' results on CIS TOOL as well (it IS multiplatform & java driven - it runs on Solaris, FreeBSD, Linux of many kinds, & yes, Windows NT-based OS'))...

A fair challenge & it is one, that EVERYONE here can learn by, in fact...

"Kudos for pretending your spam is some sort of hardcore throwdown." - by Anonymous Coward on Wednesday August 15, @02:47PM (#20239851)

No pretending @ all: Just facts... ones you can SEE/VERIFY, per my last post (parent to yours I am replying to now in fact), yourself & yes, above in THIS reply to you.

As to others here who have used various evasions in taking the CIS TOOL test?

Heh, want a list of over 27-30 of them by now??

I can produce it, with relative ease (via my bookmarks/favs)... just ask!

APK

P.S.=> Yea, "great reply" that, full of technical know-how &/or insight... not (more like an exercise in profanity)!

Ah... you're just "#31" in my list of evaders of taking the CIS Tool multiplatform test of security (by yet another *NIX user @ /.)... not unexpected @ all!... apk

"The specific example you cite is not relevant to my chroot jail. There is, in fact, no reason I can think of why I'd give your security tool access to my printer." - by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879)

You're missing the point, it is an example of buffer overflow exploitation, to use it for privelege escalation (via programmatic impersonation, like Su/SuDo can do) to raise userrights to the levels of ROOT (or possibly, better).

"Yes, it is theoretically possible that a buffer overflow could be found. It's also possible that a flaw could be found in SELinux itself. Right now, there are no such known vulnerabilities in either SELinux or in the software which was available inside the chroot." - by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879)

Yes it is possible, but... You're missing the POINT, mainly of the mechanics involved:

E.G.-> If there is a buffer overflow in the APP ITSELF (not chroot, or SeLinux)? It can be exploited to perform privelege escalation, & impersonate ROOT (or possibly better, IF it exists), to do anything that ROOT can do (which is call chroot directly, OR the api's chroot uses to escape it)... EVEN IF YOU DO NOT RUN THE VULNERABLE APP AS "ROOT"/SuperUser!

----

"You first. Where, specifically, did I say that what you said about race conditions was false?" - by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879)

Here:

http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&cid=20188339

"I wonder if you know what a race condition is."by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

And, here was my reply to you:

http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&cid=20190031

****

"ON Race conditions??

I know what they are, & thank God, I don't code them! See this app here in fact (best in the business for what it does, & it's MINE):

APK REGISTRY CLEANING ENGINE 2002++ SR-7:

http://www.techpowerup.com/downloads/389/foowhatev ermakesgooglehappy.html

SCREENSHOT:

http://www.techpowerup.com/downloads/screenshots/3 89.jpg

(I have though, only a couple times, when two-N threads try requests for the SAME resources (data), & that type of design "fine grained multithreading" is a LOT tougher & finding problems that fit it properly are rare as well).

I.E.-> I generally do "coarse multithreading" in apps (working on TOTALLY diff. data in threads, like e.g.-> Updating the application interface with a child thread, while running a loop in the parent thread)... code multithread design this way? You don't HIT race conditions!"

****

UHM - what EXACTLY is wrong in my reply regarding multithreaded programming methods I use & what race conditions are? See, I actually DO THIS FOR A LIVING (code & admin networks)... do you?

----

"Irrelevant. It is NOT an apples-to-apples comparison. Getting as high a score as possible isn't even the goal -- from the FAQ:

When I run the system testing tool, should all of my systems score a perfect "10"? No. Different sites will have different operational requirements, and may choose to leave certain services running or choose not to configure certain security-related parameters. The benchmark documents merely give sites information to make informed decisions about certain availa

"The specific example you cite is not relevant to my chroot jail. There is, in fact, no reason I can think of why I'd give your security tool access to my printer." - by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879)

You're missing the point, it is an example of buffer overflow exploitation, to use it for privelege escalation (via programmatic impersonation, like Su/SuDo can do) to raise userrights to the levels of ROOT (or possibly, better).

"Yes, it is theoretically possible that a buffer overflow could be found. It's also possible that a flaw could be found in SELinux itself. Right now, there are no such known vulnerabilities in either SELinux or in the software which was available inside the chroot." - by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879)

Yes it is possible, but... You're missing the POINT, mainly of the mechanics involved:

E.G.-> If there is a buffer overflow in the APP ITSELF (not chroot, or SeLinux)? It can be exploited to perform privelege escalation, & impersonate ROOT (or possibly better, IF it exists), to do anything that ROOT can do (which is call chroot directly, OR the api's chroot uses to escape it)... EVEN IF YOU DO NOT RUN THE VULNERABLE APP AS "ROOT"/SuperUser!

----

"You first. Where, specifically, did I say that what you said about race conditions was false?" - by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879)

Here:

http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&cid=20188339

"I wonder if you know what a race condition is."by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

And, here was my reply to you:

http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&cid=20190031

****

"ON Race conditions??

I know what they are, & thank God, I don't code them! See this app here in fact (best in the business for what it does, & it's MINE):

APK REGISTRY CLEANING ENGINE 2002++ SR-7:

http://www.techpowerup.com/downloads/389/foowhatev ermakesgooglehappy.html

SCREENSHOT:

http://www.techpowerup.com/downloads/screenshots/3 89.jpg

(I have though, only a couple times, when two-N threads try requests for the SAME resources (data), & that type of design "fine grained multithreading" is a LOT tougher & finding problems that fit it properly are rare as well).

I.E.-> I generally do "coarse multithreading" in apps (working on TOTALLY diff. data in threads, like e.g.-> Updating the application interface with a child thread, while running a loop in the parent thread)... code multithread design this way? You don't HIT race conditions!"

****

UHM - what EXACTLY is wrong in my reply regarding multithreaded programming methods I use & what race conditions are? See, I actually DO THIS FOR A LIVING (code & admin networks)... do you?

----

"Irrelevant. It is NOT an apples-to-apples comparison. Getting as high a score as possible isn't even the goal -- from the FAQ:

When I run the system testing tool, should all of my systems score a perfect "10"? No. Different sites will have different operational requirements, and may choose to leave certain services running or choose not to configure certain security-related parameters. The benchmark documents merely give sites information to make informed decisions about certain availa

"Apache, at least, enjoys quite a bit of market share [netcraft.com], and Linux is probably still at at least 20-30%, if not 50% of web servers." - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)

Apache? It's run by folks looking to spend as little as possible is why. Nothing's wrong with that though... but, that's the point.

"It may still be a smaller target than desktop Windows" - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)

It IS... Far, FAR smaller!

"but the fact that it has had close to ZERO compromises in the wild, even with a decent amount of marketshare on the server, says something about its security." - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)

'Close to zero', eh?

Well, by way of comparison??

Go to SANS, & find out what the compromises are on say, oh... SQLServer 2005 (thru its entire duration in this version no less) are.

Hint/Clue: "0"/zero/nada/none/zip vulnerabilities in SQLServer 2005 in its entire history thusfar, no less, lol... l

(Last time I looked @ least, & that was like a month ago or so)

APK

P.S.=> "Sorry, not by much. I imagine you've gotten about as many people to lock down their systems as I've gotten people to switch to Linux" - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)

From the Windows world, put it this way:

E.G. #1 -> I've gotten MORE than just a few emails from folks for HOSTS files & .reg files for security, & that I know of?

E.G. #2 -> So far - Around 7,500 views on the very topic I post for Windows users in a URL, a "sticky permanent @ the top of section's page, thread" here in the URL below:

I think those are decent numbers, & they grow, daily, which is GOOD: "if you can reach just 1 person..." geometric progression, really!

(Information, for, How to in effect, get the 84.735/100 score on the multiplatform CIS Tool security test, that runs on Solaris, FreeBSD, Linux variants, & Win32), right here:

APK "12 step program" to securing a modern Windows NT-based OS (2000/XP/Server 2003/VISTA):

http://forums.techpowerup.com/showthread.php?s=611 9352099fca3907e8fc400352826c2&p=375355#post375355

AND, via the results I achieve on it:

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

It appears to be a test & challenge, that EVERY *NIX fiend here avoids taking no less, 30 times now... & we ALL know why!

They simply & obviously cannot secure even their FreeBSD &/or SeLinux kernel addon hooks (for layered ACL analog security via MAC, Linux distros that have OR work with it), enough to exceed my score, much less equal it!

(Who cares though - really! I just wish to see a screenshot of someone's results with it)!

Even though each of their objections are overcome, such as yours feeling it is malware of somekind, yet SANS.ORG notes it as valid?

"This is a truly moronic statement. If there were no "Hacker/Crackers" in the world, wouldn't there also be no need for security?" - by SanityInAnarchy (655584) on Monday August 13, @12:16AM (#20208255)

Unfortunately, it is a harsh reality, & more than a few folks out there would agree, they DO DRIVE SECURITY IMPROVEMENTS! apk

"84.736/100 on Ubuntu. whoop de dooo." - by Anonymous Coward on Sunday August 12, @11:16AM (#20203099)

Ok, but... Do you have a legitimate, unfaked photo (yes, someone in those 26 url challenges to take the CIS TOOL did insinuate he could do that) of your proof of your score?

Thanks!

Because I did state I would like that type of evidence, here (in the post that is parent to your own no less):

http://it.slashdot.org/comments.pl?sid=267599&cid= 20203061

----

"Yes, I would preferably like to see a result photo (legit/unfaked, because I had someone insinate they would or could do that here once @ this site) someone using FreeBSD or SeLinux kernel hook addon bearing distros of LINUX (Ubuntu 7.04 onwards has this 'baked in' no less, & it's pretty widely used)."

----

That I would like to see, mainly because I want to see the areas tested (analogs to ones tested in Windows NT-based OS really) & discuss the areas YOU may feel it is "in error" in (as I found in the Windows Server 2003 model of this test, where I am 99% convinced the test "erred" on me, & owes me some points (minor areas))!

PLUS, discussion of techniques you use on your *NIX variant that that test MAY NOT ACCOUNT FOR!

(Things like these, which CIS Tool does not check: For LinkSys NAT true firewalling stateful packet inspecting hardware firewalls, OR even software firewalls &/or antivirus-antispyware programs (which are useful for security, LAYERED SECURITY, today/nowadays, especially online))!

Examples from the "*NIX FIEND WORLD", thereof/such as, perhaps:

----

1.) Using NetConfig to create a NAT "firewalling" subnet for you, from a dual homed/dual NIC bearing LINUX rig

2.) Using SeLinux's SOCKETS LEVEL CONTROL above & beyond IPTables usage

3.) Using SeLINUX "MAC (mandatory access control) label based security (analog to Windows ACL's & POSIX ACL's) usage for comparison to Windows' ACL level controls on the registry & filesystems via userrights assigned, above & beyond using std. *NIX tools like chmod/chown & yes, chroot (because programmatic "impersonation" as it is called in Windows can be used to circumvent & 'break out of' chroot jails for instance)

----

(That's for some examples I'd like to discuss with *NIX fiends here, & to see "layered security" in place on a *NIX rig (like I use on Windows Server 2003 here) above & beyond what say, for example, the *NIX hardening link urls I posted in my last reply here give folks & yes, myself).

----

HOWEVER, above all else - I do have a photo proof of my score, again here, for your reference which I provide, & expect the same from you *NIX guys as well, per my quoted statement above (from myself in the posting parent to THIS one):

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

AND, here are the steps I used on Windows Server 2003 SP #2 to get that score (95% of it applies to older Windows NT-based OS' (2000/XP) too, & it can even IMPROVE VISTA'S SCORE as well, when its techniques & concepts are applied):

APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA):

http://forums.techpowerup.com/showthread.php?s=3e7 8ea52bc119fb94a59e51abf7c47a5&p=375355#post375355

(I made that as easy of a "guide/roadmap" as possible, using tools native to Windows, so Windows users could be secure online, per the gauging done by the multiplatform test of online security, in CIS TOOL, noted by SANS no less as to its validity & intended purpose per proof of that I submitted in the post paren

"Microsoft is not the "necessary evil" of the computing industry. I fervently believe that the industry has been stifled in the long run because of what Microsoft has done in being predatory and killing off competition while being a monopoly." - by HermMunster (972336) on Saturday August 11, @11:59PM (#20200179)

By them BUILDING A BETTER MOUSETRAP? That IS how they did it, after all... a more flexible, versatile, ubiquitous presence, with great OS products (especially since 2000/XP/Server 2003 & lately, VISTA, which is getting GOOD feedback on performance improvements in the next URL below, mind you):

http://apcmag.com/6929/vista_sp1_in_depth

"It used its power in a criminal way and has created a path down which we may never be able to recover. The hopes are that we can branch and have a 50-50 choice in software or even a 30-30-30. But being 90-10 is not the way to go for any industry." - by HermMunster (972336) on Saturday August 11, @11:59PM (#20200179)

See my subject line/title of my reply here to you again, please... some criminal activity! The world's made a choice & that's to use the BEST OVERALL SOLUTION FOR HOME & BUSINESS - Windows!

(95% of the world's PC's use it from the home up to the business LAN/WAN environs, for every conceivable purpose, after all!)

AND, despite what "nerds/geeks" may think?

People look around, & see different things, & make their choices & ARE NOT STUPID: They go with what just works, & with the most peripheral hardware & document formats (& again, that's Windows!)

"Only through competition with lots of car companies have we been able to produce some exceptional cars that are praised world-wide. Having only one software company essentially stifles all that." -

Man, the "hacker/cracker" types out there CREATE IMPROVEMENT in this field, for one thing, so they don't let MS "just sit there & not innovate", because in a BIG WAY, I feel they "force them to", & this works out in the long haul, excellently - with they acting as MS' biggest & best security researchers!

PLUS, I have watched Windows become FAR MORE SECURE & STABLE than it ever was in the Win9x days & prior...

----

1.) Partially due to better development techniques in use now & better tools for it, ala:

E.G. #1 - CODE AUDITING THE DEFCON WAY:

http://it.slashdot.org/comments.pl?sid=158231&cid= 13257227

----

2.) Partially because of security ideas & techniques becoming stronger, not only @ the perimeter defenses & server levels, but also @ the network client/single user PC level, ala:

E.G. #2 - APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA):

http://forums.techpowerup.com/showthread.php?s=3e7 8ea52bc119fb94a59e51abf7c47a5&p=375355#post375355

----

3.) Lastly/IN BIG "Partially" because of Microsoft initiating their "feedback" on crashdump analysis as well, via remote communications back to their servers with that info. & issuing patches via "Windows Update" &/or corporate homepages for direct downloads for multiuser scenarios distribution by network admins/engineers/techs.

"The good thing is that in the short and long term IP will eventually begin to stifle Microsoft because clearly their employees can only produce so much IP each year" - by HermMunster (972336) on Saturday August 11, @11:59PM (#20200179)

Not with the "hacker/cracker/phisher" types out there... they FORCE change, due to holes they find... improvements in the product result. See the above where I stated this, for examples thereof...

"The rest of the industry is producing a

"If you want to compare security, collect data on actual attacks and compromises. And as the other poster says, Windows has been compromised far more than we'd like, even considering its market share." - by SanityInAnarchy (655584) on Sunday August 12, @12:38AM (#20200365)

Of course - this shows you are not some "hacker/cracker" type thief, which is good though, in that, you personally don't THINK how they do from what you're saying now... & what is that?

Well, a serious "hacker/cracker" is into "industrial espionage", & "information stealing" for profit, who wants to make MONEY @ it!!!

How to do that, with computers? The EASIEST way/path of least resistance??

SIMPLE - Attack the most used platform there is: Windows, where 95% of the world's PC's are today, where the MOST POTENTIAL SUCKERS ARE (heck, they're even doing it via phishing & email scams, proving my point)...

2 good things comes of it though, imo:

1.) Not only do the "evil machinations" of malware/spyware/virus/trojan-wares keep network techies in jobs, working to fix their attacks, LOCALLY (employment in doing so)... BUT, in the LONG HAUL?

2.) Those same "hacker/cracker" types are getting their attack surface areas ROBBED by techniques like I list in this URL below, @ a client node/single user computer level:

APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA):

http://forums.techpowerup.com/showthread.php?s=3e7 8ea52bc119fb94a59e51abf7c47a5&p=375355#post375355

(... & also by patches by MS & soon, IPv6 as well, in even more things like the INTEL IXP1200 technology I was involved in as a programmer for a partner of Network Associates for, & IT WORKS + more in the world of security, learning all the time & getting BETTER @ it, CONSTANTLY!)

I.E.-> Hacker/Cracker machinations, once discovered OR USED & reverse engineered? ARE DOING THE WORLD A FAVOR, SPOTTING A WEAKNESS & THUS, FORCING IMPROVEMENTS VIA PATCHES OEM'S LIKE MS & ALL OTHERS CAN & DO HAVE TO ISSUE! Heck, they're the world's best security researchers, really... THINK ABOUT IT!

I think that in 5-7 years time in fact, you will see almost NO OS or BROWSER LEVEL/APPLICATION LEVEL attacks anymore (& coders are becoming aware of GOOD defensive coding too, more & more), ala:

Code Auditing the Defcon Way:

http://it.slashdot.org/comments.pl?sid=158231&cid= 13257227

As well!

Folks on the "GOOD SIDE OF THINGS" are learning & making progress against an essentially invisible enemy that had one advantage: It is EASY to destroy, quite another to create, & thus: THE DUAL ADVANTAGES OF SURPRISE, & EASE OF DESTRUCTIVE ACTION VS. CREATIVE.

----

Plus, my correllary in my posts now are correct (& there is a definite correlation between Windows usage % dominance worldwide & how many virus/malware/spyware/trojans etc. et al run on it (BOTH = 95%!))...

My correllary also about *NIX? Correct it seems as well (equal proportions yet again)!

It states that 5% of remaining virus/malware/spyware/trojans etc. et al out there, are running on *NIX platforms is correct as well, & how much of the PC market it owns as well, & NOT by coincidence.

APK

Take your typical botnet. How many of its nodes are Windows? How many botnets are entirely Windows-based? How many have ANY Linux or OS X nodes?

Prove it then... take this challenge:

http://linux.slashdot.org/comments.pl?sid=267219&c id=20198711

"The worlds most secure operating system" should not be susceptible to 95% of the worlds malware and viruses" - by realdodgeman (1113225) on Saturday August 11, @08:52PM (#20199199)

Well, there IS that "other 5%", & WHAT ARE THEY FOUND ON?

*NIX's, perhaps??

Then, the percentage of 'dominance to subordinate' for usage of Windows over *NIX's is in proportion too, isn't it???

I.E.-> "95% of the world's computers from home environs to business ones DO RUN WINDOWS"... commonly acknowledged fact!

(And, when you're as popular as Windows is? You get targetted - & this concept ONLY MAKES SENSE FOR VIRUS WRITERS TO TARGET THE MOST USED PLATFORM, for greater surface area of attack!)

However, "security by obscurity", in *NIX's being less used on PC's????

That is not much of a thing to brag about, nor is it truly security - hence, the "remaining 5% of virus'" running on them are on *NIX variants... in keeping with their % of proportion of the PC market & how much of it really uses *NIX variants as well.

"Nor should it have a password hashing standard that can be broken in less than 20 minutes." - by realdodgeman (1113225) on Saturday August 11, @08:52PM (#20199199)

Do you think that cannot be done on other systems? Hey - come on!

(And, I can break it faster using NTLocksmith, & tools by SysInternals to automate doing work on SAM copies between machines too (manual way)).

" And it should not bug the user with questions for "extra security"" - by realdodgeman (1113225) on Saturday August 11, @08:52PM (#20199199)

Do you mean VISTA's "UAC"? I agree!

HOWEVER? It can be turned off, & with assuredness/confidence that you are secure!

How?? Well, simply by following what is in this "12 step easy" program list for securing a modern Windows PC using a modern Windows NT-based OS variant (2000/XP/Server 2003):

APK "12 step program" 4 a secure Windows NT-based OS (2000/XP/Server 2003/VISTA):

http://forums.techpowerup.com/showthread.php?s=3e7 8ea52bc119fb94a59e51abf7c47a5&p=375355#post375355

AND, after applying its tricks/tips/techniques, you really never have to worry about virus/trojan/malware/worm/etc. et al, & be secure online also, on a Windows based OS.

APK

P.S.=> Which all, of course, leads to my challenge to yourself, & ANY *NIX person to run the multiplatform CIS Tool, noted by SANS & COMPUTERWORLD AS LEGIT & DECENT, in the 1st url I posted here to you... download CIS Tool, install & RUN IT, + post your score there... go for it! I will post my score obtained on Windows (tests common areas to both OS types, *NIX's & Windows) after & we can compare...

OTHERWISE? All I hear is all this "(Insert *NIX variant here) is more secure than Windows", but NO PROOF... just "hot air & hearsay"... apk

"However, it is completely ridiculous to ever run Windows on a server." - by pyite69 (463042) on Saturday August 11, @01:37PM (#20196457)

http://www.microsoft.com/sql/bigdata/default.mspx

There are HOW MANY COMPANIES running Microsoft Windows (of modern NT-based varieties today (2000/XP/Server 2003/VISTA) + SQLServer 2003 on that page, & doing so successfully mind you, that will tend to disagree with you?

Quite a lot!

Guys, I KNOW you guys "love your LINUX" here @ /., but - don't underestimate Windows used in servers, OR for security either!

Windows of modern builds based on NT (2000/XP/Server2003/VISTA)? They're VERY securable as well, above & beyond their default configuration "out-of-the-box/oem stock"...

Really easily as well, via 12 basic simple steps anyone can use (inclusive of Windows admins, & at the DESKTOP CLIENT NODE LEVELS as well as on the server), per this guide:

http://forums.techpowerup.com/showthread.php?s=731 6c98c36e75835f964972f246c3eaf&p=375355#post375355

SCORE ON THE MULTIPLATFORM CIS TOOL (by the CENTER FOR INTERNET SECURITY) PHOTO:

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

This multiplatform test runs on SOLARIS, BSD variants (sorry, no OpenBSD or MacOS X versions are available yet, but for example: FreeBSD has a version), Linux, & yes, Windows & has been noted by SANS & other notables/respectable sources, such as these:

COMPUTERWORLD:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

SANS: CIS to Release Windows Configuration Assessment Tool (May 1, 2007)

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302

(That's there for folks that have tried to "object to this program" because they did not know who "THE CENTER FOR INTERNET SECURITY" is, & attempted to say this program is "rogueware" etc. such as in the URL below):

http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&pid=20176577#20185 057

The sad part is this - I have posted the challenge to take this test (especially from SeLINUX bearing distros & users of them, & BSD variant users like FreeBSD) here @ /., around 25 times now - NO TAKERS, but plenty of evaders & spinmasters trying to avoid taking it, for b.s. reasons (saying in others, vs. the URL above's reason, that "there is no registry in LINUX"... & so what? There are other areas in the *NIX family tree that DO (such as the /etc & its subnodes)).

APK

P.S.=> And, don't get me wrong: I like Linux, especially on KUbuntu 7.1, because I LIKE KDE!

(AND, with SeLinux in place + configured on it ontop of the usual methods for helping to secure Linux (chmod/chroot/chown legwork + IPTables (perhaps Packet Filtering built into Linux as well via IPChains oldschool methods (but they BOTH offer things over one another), & even NetConfig to create a "NAT" system too - plus more things I am learning about for security in LINUX that are pretty neat)!

I did that CIS Tool multiplatform test in the URL above

"I simply choose not to. There's no need for more advanced SELinux than the default policy -- I simply don't let things into my computer which don't need to be there." - by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

LOL, I thought you said you did not have SeLinux in place, & did not want to learn its complexities here:

----

EVIDENCE:

"When did I say that? No, I don't have it compiled or installed. And since I don't normally run programs I don't trust, I see no reason to compile it and learn its intricacies (and very possibly cripple the rest of my system) just to satisfy your curiosity" - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

----

?

So, what is it? Ah, suddenly?? HE HAS SeLINUX in place, it's "just not configured right"... ok, same with me having to suggest chroot/chmod/chown & IPTables or IPChains for packet filtering (a feature that LINUX's kernel has built in, no less) to overcome your objections here.

Man... You EVEN ADMITTED those tools allow for the overcaming of your "objections" - yet you refuse to post a screenshot of your test score on a MULTIPLATFORM TEST FOR ONLINE SECURITY, in a "Windows vs. SeLINUX shootout"... gee, I wonder why?

Maybe, because you are NOT SECURE ENOUGH & DO NOT UNDERSTAND SeLINUX Fully, which you admitted also? Maybe because WITHOUT IT, you cannot score higher than 84.735/100 on a multiplatform test for online security??

Yea... I think (KNOW) so!

ALL OF YOUR OBJECTIONS WERE OVERCOME, you HAVE THE TOOLS FOR THIS... why not test?

(Dude, I KNOW why - you can't beat my score of 84.735/100 on this test, on your SELinux rig, is why... and we ALL know it!)

"Run, Forrest: RUN!!!"

"You also have no idea how iptables works -- and ipchains hasn't been the default since the 2.2 kernel. Come back when you do. (Short story? There's not an easy way to run untrusted software and deny it access to the Internet, without also denying access to the rest of my system. SELinux may allow for this, but SELinux is a much more complex approach that is simply overkill for the vast majority of systems.)" - by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

Funny - with windows? You run a firewall like ZoneAlarm, you HAVE APPLICATION LEVEL CONTROL... via an easy point & click GUI interface no less!

SeLINUX has SOCKETS LEVEL CONTROL - use it! Whatever ports/sockets this tool uses? MONITOR FOR IT, & CUT THEM OFF, via this method (or, a tool that does so on LINUX, like ipchains &/or iptables, which I had to bring up here to overcome your objections, alongside chmod/chroot/chown AND SeLINUX!)

" pointed out a security flaw in it, which took TWO ATTEMPTS before you even understood what it was -- and I still doubt it; you haven't addressed the race condition. I wonder if you know what a race condition is." - by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

Which one did the tools I MENTIONED HERE FIRST, not overcome?

ON Race conditions??

I know what they are, & thank God, I don't code them! See this app here in fact (best in the business for what it does, & it's MINE):

APK REGISTRY CLEANING ENGINE 2002++ SR-7:

http://www.techpowerup.com/downloads/389/foowhatev ermakesgooglehappy.html

SCREENSHOT:

http://www.techpowerup.com/downloads/screenshots/3 89.jpg

(I have though, only a couple times, when two-N threads try requests for the SAME resources (data), & that type of design "fine grained multithreading" is a LOT tougher & finding problems that fit it properly are rare as well).

I.E.-> I generally do "coarse multithreading" in apps (working on TOTALLY diff. dat

"I simply choose not to. There's no need for more advanced SELinux than the default policy -- I simply don't let things into my computer which don't need to be there." - by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

LOL, I thought you said you did not have SeLinux in place, & did not want to learn its complexities here:

----

EVIDENCE:

"When did I say that? No, I don't have it compiled or installed. And since I don't normally run programs I don't trust, I see no reason to compile it and learn its intricacies (and very possibly cripple the rest of my system) just to satisfy your curiosity" - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

----

?

So, what is it? Ah, suddenly?? HE HAS SeLINUX in place, it's "just not configured right"... ok, same with me having to suggest chroot/chmod/chown & IPTables or IPChains for packet filtering (a feature that LINUX's kernel has built in, no less) to overcome your objections here.

Man... You EVEN ADMITTED those tools allow for the overcaming of your "objections" - yet you refuse to post a screenshot of your test score on a MULTIPLATFORM TEST FOR ONLINE SECURITY, in a "Windows vs. SeLINUX shootout"... gee, I wonder why?

Maybe, because you are NOT SECURE ENOUGH & DO NOT UNDERSTAND SeLINUX Fully, which you admitted also? Maybe because WITHOUT IT, you cannot score higher than 84.735/100 on a multiplatform test for online security??

Yea... I think (KNOW) so!

ALL OF YOUR OBJECTIONS WERE OVERCOME, you HAVE THE TOOLS FOR THIS... why not test?

(Dude, I KNOW why - you can't beat my score of 84.735/100 on this test, on your SELinux rig, is why... and we ALL know it!)

"Run, Forrest: RUN!!!"

"You also have no idea how iptables works -- and ipchains hasn't been the default since the 2.2 kernel. Come back when you do. (Short story? There's not an easy way to run untrusted software and deny it access to the Internet, without also denying access to the rest of my system. SELinux may allow for this, but SELinux is a much more complex approach that is simply overkill for the vast majority of systems.)" - by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

Funny - with windows? You run a firewall like ZoneAlarm, you HAVE APPLICATION LEVEL CONTROL... via an easy point & click GUI interface no less!

SeLINUX has SOCKETS LEVEL CONTROL - use it! Whatever ports/sockets this tool uses? MONITOR FOR IT, & CUT THEM OFF, via this method (or, a tool that does so on LINUX, like ipchains &/or iptables, which I had to bring up here to overcome your objections, alongside chmod/chroot/chown AND SeLINUX!)

" pointed out a security flaw in it, which took TWO ATTEMPTS before you even understood what it was -- and I still doubt it; you haven't addressed the race condition. I wonder if you know what a race condition is." - by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

Which one did the tools I MENTIONED HERE FIRST, not overcome?

ON Race conditions??

I know what they are, & thank God, I don't code them! See this app here in fact (best in the business for what it does, & it's MINE):

APK REGISTRY CLEANING ENGINE 2002++ SR-7:

http://www.techpowerup.com/downloads/389/foowhatev ermakesgooglehappy.html

SCREENSHOT:

http://www.techpowerup.com/downloads/screenshots/3 89.jpg

(I have though, only a couple times, when two-N threads try requests for the SAME resources (data), & that type of design "fine grained multithreading" is a LOT tougher & finding problems that fit it properly are rare as well).

I.E.-> I generally do "coarse multithreading" in apps (working on TOTALLY diff. dat

EVERY ONE OF YOUR POINTS/OBJECTIONS, noted below, & COUNTERED!

(Via your own shortcomings/words, & YES, those of LINUX/SeLinux, in useability, especially)

"FORREST" (lol)? Here goes:

"This was meant to be an object lesson for you." - by SanityInAnarchy (655584) on Thursday August 09, @07:14PM (#20176577)

Then, "here endeth the lesson", lol... for YOU (with evidences of that below in the 2 url's posted):

Right here below, because you SanityInAnarchy, can't even setup your system using SELinux(or chmod/chown/chroot + IPTables/IPChains usages) IN LAYERED SECURITY, for securing yourself, evidenced ESPECIALLY with details, here:

http://slashdot.org/comments.pl?sid=264303&cid=201 82847

& here also, vs. your objections in both places, & overcoming them via showing you methods of securing LINUX in layered security methods no less on many levels

(Mainly SELinux layered security control over sockets, folders, files, etc. & via its MAC (mandatory access control based) control of them, layering it in, ontop of std. chroot/chmod/chown + IPTables/IPChains methods in most *NIX's & certainly LINUX with SELinux added for layered security)):

http://slashdot.org/comments.pl?sid=264303&cid=201 80939

Where you tried to apply a SINGLE method of security only & I KNEW YOU WOULD, & I also KNEW & stated what the faults are in it, programmatically via a technique commonly referred to as impersonation (programmatic impersonation & privelege level escalation thereof)!

(That being chroot jails which I had to suggest to you no less as a detail of your 'sandbox', & I KNEW NO LESS HOW THEY ARE BROKEN PROGRAMMATICALLY (via using "impersonation" knowing you'd try only a SINGLE LAYER of security vs. layered no less) & that you'd 'fall into that trap' as I knew you would!)

All that, vs. your only saying "sandbox" no less + other methods of "layered security" (the BEST way) for LINUX I had to suggest to you, to overcome your objections (running from a fair test gauge of online security on a multiplatform test of it no less)?

BAD MOVES, On your part - In name tossing, impersonating me here, insinuating you'd post a fake result image photo, not knowing how to secure your rig vs. nearly ANYTHING no less, & YES, insecure, because of a lack of layered security in place on your LINUX/SeLinux equipped rig.

Nuff said!

Especially when I can show Windows folks how to do a LAYERED SECURITY SETUP, and IN DETAIL via an easy to use & implement 12 step guide here that WORKS for an 84.735/100 score on a multiplatform security test gauge in CIS Tool 1.x (by the center for internet security):

http://forums.techpowerup.com/showthread.php?s=67a 42847a48f0b563e321121355dd438&p=375355#post375355

Well... proof's in the pudding!

I.E.-> I was talking to the WRONG MAN FOR THE JOB in you, in those 1st 2 URL's above (in my being a "windows guy" having to point out what secures what & HOW in a layered security method/pattern, on LINUX no less, from me for you) & especially evidenced by the 1st URL I posted in this reply, above... no doubt about it @ this point.

----

"And your "visual traceroute" won't cover anonymizing proxies" - by SanityInAnarchy (655584) on Thursday August 09, @07:14PM (#20176577)

LOL! Ummmm - when it shows one post coming from USA (mine, & the REAL ME, because I am in the states), & say, another from Brazil, not even a few minutes later?

OH, I think otherwise, lol...

NO administrator worth his salt would be fooled by THAT first of all!

(but, IP address AND Media Access Control (MAC), in combination

"They left out Eset NOD32 as well." - by Southpaw018 (793465) * on Thursday August 09, @09:16PM (#20177583)

Funny that, eh?

NOD32 is THE BEST ONE OVERALL too, per tests myself & others investigated (vs. my former fav. in NORTON CORPORATE PRODUCTS NO LESS) + noted results on via comparisons done on most all, if NOT all, commercially available antivirus products for Windows, here:

http://forums.techpowerup.com/showthread.php?s=aed b3b4e4ca35cdd452e78f4a0c22c3f&t=26400&highlight=NO D32

(Where I was a BIG fan & propoent of Symantec's 10.2 "corporate client" model of their antivirus no less, vs. NOD32... & I HAD MY VIEWS CHANGED after that, per the above url's tests, no less!)

Not the "MOST COMPREHENSIVE TEST" on our parts (mostly memory residency & bloat comparisons as well as number of 'moving parts'/'active ingredients' so-to-speak)... but, for that? We used the MOST COMPREHENSIVE & CURRENT DATA FOR THAT WE COULD FIND, from sites that DID test efficacy vs. virus databases & samples they had as referential evidence thereof.

LINUX SECURITY?

Well when challenged head-to-head by myself on a FAIR MULTIPLATFORM test of the gauge of security online in CIS Tool by the center for internet security, vs. one of your users here @ /., in SanityInAnarchy? Here were his evasions, & lack of know how (including insinuating he'd post a faked image of his result score):

http://slashdot.org/comments.pl?sid=264303&cid=201 82847

Hmmm... Well, you read that, you judge!

APK

P.S.=> Smart of you, investigating the "test data set sample", because "4/5 dentists do NOT necessarily chew Trident", regardless of "F.U.D." spreading commercials, trying the OLDEST TRICK IN THE STATISTICS BOOK (a skewed sampleset of data sampled & used)... apk

As far as setting up UBUNTU, & doing this test here already? HOW DO YOU KNOW I HAVEN'T?? You don't... I may just be looking for someone more "expert" in LINUX security methods than myself to post a result is all...

Apparently, based on the quotes of yours below & work-arounds OR details I give you (me, the "windows guy", not a "linux expert" here by ANY means)? You are NOT THE PERSON I AM LOOKING FOR - read on:

"(This also would not have prevented it from sending spam, now that I think of it -- shouldn't have even gone that far.)" - - by SanityInAnarchy (655584) on Friday August 10, @12:52AM (#20178969)

Ok, lol... & YOU CALLED ME. the "Windows guy here" a "NEWBIE" (but, I am constantly the one here pointing out the actual tools/details of setting up your "sandbox" for you, & more... read on:)

Can't you setup "iptables firewalling rules" against that on your end? SELinux gives you SOCKETS LEVEL ACCESS CONTROL TOO, mind you... you have ways around that "potential complaint" too here, mind you!

(Hell, there is even ipchains on LINUX, but haven't used them myself AND PACKET FILTERING (a technique I use here on Windows & have for more than a decade too) is built into your LINUX kernel as well)

IN FACT? I show Window users how to do all that, via analogs in modern Windows versions (2000/XP/Server 2003 & VISTA) here, in an EASY 12 step program:

http://forums.techpowerup.com/showthread.php?s=67a 42847a48f0b563e321121355dd438&p=375355#post375355

(SO, if Windows folks can do it, like I have & others have? Are you saying LINUX folks, can't??)

IF this is all "too much for you", though YOU called ME "newbie" and prove who the noob here is??

(OR, is that setting up SELinux. IPChains, Packet filterings, OR IPtables "too hard" or too un-userfriendly, like setting up & configuring SeLinux would be for you too?? These complaints of yours, do NOT 'bode well' for userfriendliness/ease of use, on Linux, period... that, or your skills are weak, & YOU CALLED ME A NOOB, as regards security & setting it up right?? Please...)

BOTTOM-LINE - Can't you just run it, without being online IF NEED BE as well, @ least as a test??? Is this beyond you for a test???? IF IT FAILS TO RUN THIS WAY - there are always the techniques & tools listed above, as well as further onwards below.

"Alright, correction: I do, in fact, have selinux installed. Apparently it comes out of the box on Ubuntu, along with ACLs and all the rest. It's still not something I look forward to learning about, for a single-user system." - by SanityInAnarchy (655584) on Friday August 10, @12:52AM (#20178969)

Do you, OR don't you? Make up your mind man... I strongly suggest that IF you do? Learn it then. Until you set it up right?? You won't score as high as you can, & you certainly are not as secure as you might think, period.

First of all: Access Control Lists (ACL's) & ACE's (Access Control Entries) are terms used on Windows (VMS variants, & Mac too iirc)... SELinux calls this "label based security", & via MAC (mandatory access control (still just POSIX ACL stuff though, how do YOU like the 'word semantics' game played on YOU, by the way?)).

STILL - They are the SAME base idea though, regardless of the terms being used, but being specific for YOU, by OS types & terms typically assigned them BY THE OS PLATFORM in question, here is all.

(Why bother even test security scores vs. you, especially after you said you might fake a test score result & accused ME of it (I would have put up a perfect 100/100 if so, think about it & made myself UNBEATABLE, period))

Bottom-line, based on your statements:

YOU ARE NOT SECURED FULLY ANYHOW & apparently, though YOU called me a "noob", you don't even understand your OS' potentials for sec