Slashdot Mirror

← Back to Stories (view on slashdot.org)

Don't Forget That Worms Happen Everywhere

Posted by CmdrTaco on from the stuff-to-think-about dept.

friday2k writes "Securityfocus has a nice column on Worms and their origin in 1988. It explains what everybody should never forget. We have dealt with *NIX worms (Sadmind, li0n, ...) and they will come back again. Maybe then the MS fanatics will laugh and say: didn't we always tell you Open Source is insecure (too?) ..."

14 of 391 comments (clear)

  1. Re:Microsoft + Worm = MCSE ? by foo+fighter · · Score: 2, Informative

    I once had an MCSE ask me, in all seriousness, why he couldn't type a fully-qualified hostname to choose a DNS server. It's a paper qualification; it implies no real skill or insight into the system's operation, or any sort of reasoning into consequences of limited design.

    The Microsoft Certfied Systems Engineer certification does not claim to certify any knowledge of planning, implementing, configuring, or supporting DNS.

    It tests a limited and well defined check list of skills, most having to do with installation and configuration. Only with the Windows 2000 series did the tests begin to measure planning and design skills.

    The Windows 2000 and XP/.NET required tests - and the skills measured by each - are listed here:
    http://www.microsoft.com/trainingandservices/defau lt.asp?PageID=mcp&PageCall=requirements&SubSite=ce rt/mcse&AnnMenu=mcse

    --
    obviously no deficiencies vs. no obvious deficiencies
  2. not exactly an MS fanatic, but... by circletimessquare · · Score: 3, Informative

    Take a look at the SANS Institute's "Ten Most Critical Internet Security Threats" here.

    Notice that the level of representation of MS products is quite low. Consider that the Open Source Community's conventional wisdom is that closed source leads to insecurity. I am risking the almighty flame when I say so, but here it is: Monoclonal OS prevalence is the issue, not open source versus closed source.

    What I am saying is that the OS with the greatest market share attracts the hackers the most because they get the most "bang for the buck."

    But two conclusions can be drawn about this observation, one good, one bad:

    The good: the move towards an "OS ecosystem" of various flavors of OS is the healthiest for the Internet. Because if something like Code Red were to reappear, only a minority portion of the pie chart of OS prevalance would succumb, as opposed to the majority slice. I use the biological allegories "monoclonal" amd "ecosystyem" because you can say the same thing about crop resistance to insect/ bacterial/ fungal/ viral pests: the more the genetic similarity of crops, the greater the risk of one solitary biological pest taking out all of the Midwest as opposed to one cornfield.

    The bad: Microsoft, having the greatest exposure to exploits now, is getting the most experience with dealing with exploits. Dealing with them at a business, PR, and technical level. The more you fight a war, the better you get at it, and Microsoft will only get better and better at it, the general public will only grow more and more confident with their fight, and less and less exploits will be discovered. Other OSs haven't borne the brunt of the kind of hacker attention yet that fosters this kind of improvement, unfortunately for us all, who live in the ecosystem of the Internet.

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  3. Re:Worm Thoughts. by Anonymous Coward · · Score: 1, Informative
    Well, with microsoft machines, patches require a reboot, and often break other things. I've heard that applying patches in certain order is necessary to ensure that things work correctly. One person at my institution mentioned that they downloaded the code red patch, then applied a different patch, but were still vulnerable to code red. The second patch somehow reversed the first, and the code red patch had to be reapplied.

    So, it's a nice thought, but I would be pissed if someone rebooted my server when I was working on it, or changed binaries on my system without my permission. Even if they meant well....

  4. Re:Let's also not forget by nm42 · · Score: 2, Informative
    IIS doesn't run as system(root) by default.
    I forget the user name, but it's equivelent to nobody on *nix. You have to go screw it up yourself before it runs as root.

    If you're gonna spread FUD, at least get it right!

  5. Re:Cmdr Taco? by MakinWaves · · Score: 2, Informative
    Why the fuck is it that everybody assumes I have multiple accounts?
    Because this particular comment is -1 Offtopic and -1 Flamebait, yet it shoots right up to +5 insightful? Quantity does not equal quality. And you know what? I'm not a M$ zealot. I'm a truth zealot.
    Ya right, that would explain your complete ignorance here
    --

    ---Most Definitely not a Karma Whore---

  6. Re:Worm Stats by Anonymous Coward · · Score: 1, Informative
    http://incidents.org/

    That should answer your question.

  7. Re:Microsoft products seem to be of very low quali by SuiteSisterMary · · Score: 2, Informative
    No Linux email programs or word-processing programs have the authority to take over the entire operating system.
    Really? Great! I'm going to email you a new version of vim. Make sure you run it as root. Don't worry, it won't have the authority to take over the entire operating system.
    --
    Vintage computer games and RPG books available. Email me if you're interested.
  8. Re:Secure by Default by jeffy124 · · Score: 2, Informative
    yeah, i realize by using OS-X that it has a FreeBSD core. Very nice thing is that I'm able to take programs written for Linux/BSD/Other Unix and compile them on my machine to have it work like any other unix app. All the good gnu and unix stuff is there, and Apple even made gui warppers for some tools, like traceroute, ping, and top, which is very cool. A co-worker has set up his machine for OS-9, -X, and Linux.

    I use OS-X at work for networks research. I have a PowerBook G4 laptop w/ dual monitors (a regular monitor + the laptop screen), 500 MHz, 256 MB ram, 20 GB HD, 10/100 ethernet, 2 USB ports, 1 firewire port, 56K modem (which is thus far unused).

    if you want to get a powerbook, wait about a month. OS-X.1 is in beta, and is expected in September. I work a company Apple considers a "Primier Developer," hence we get pre-releases and betas and all the other good stuff, and X.1 delivers on what it promises. X.1 makes a ton of serious improvements over X.0.4, the current patch. They made a lot of improvements to the GUI allowing the OS and programs running on it to be more responsive to user interactions. Plus several other enhancements like DVD support (which I have not yet tried)

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
  9. The Point Is by Catskul · · Score: 3, Informative

    I think there are 2 real points to the fact that *NIX systems are more secure. First of all, UNIX is more mature than MS software, therefore they have already been through the more trivial problems with holes. The second point is that because of Open Source customers get to choose what part of the software gets the most development. Security gets attention when those affect by bad securty get to decide.

    --

    Im not here now... Im out KILLING pepperoni
  10. *nix admins better than NT admins? by Curien · · Score: 3, Informative

    I have read a lot of posts in this discussion (and similar discussions in the past) talk about how *nix is better than NT. Then, some of the more level-headed among us pipe up and remind us that no OS is truly secure, and that the difference lies not with the system itself but with the system administrators. Thus, it follows that *nix admins are better than NT admins.

    I most heartily disagree. Sure, there are *some* *nix admins that mop the floor with NT admins... but the opposite is also true.

    I think we are all forgetting exactly what an "admin" is. An admin is *not* any JoeBlow@aol.com that stands up a web server! A system administrator is an IT professional who researches his work and prides himself on keeping his machines running smoothly.

    If you think about it a little, I believe that you'll agree that the major cause of the whole Code Red problem is not the NT admins out there, but rather the JoeBlow@aol.com's who really don't know what they're doing. Ignorance, people... ignorance is our enemy! Not Bill Gates, not MS, not closed source! It's ignorance and apathy.

    --
    It's always a long day... 86400 doesn't fit into a short.
  11. Difference btw. Unix and Windows Worms? by Jailbrekr · · Score: 2, Informative

    It would be easy to say that "Open source provides faster fixes!", but that is not true. Alot of the *NIX worms were designed to exploit closed source *NIX systems (Solaris, VAX, etc).

    The difference is in the technical competency of the systems administrators. A UNIX administrator is far more capable of detecting and fixing a compromise, whereas an NT administrator, for the most part, is far less literate when it comes to dealing with a security compromise.

    Please note that this is a generalization, and holds true due to the fact that administering a UNIX server requires a higher level of competence than an NT server.

    --
    Feed the need: Digitaladdiction.net
  12. They ALL Suck by Detritus · · Score: 3, Informative
    Debating whether Windows, Linux, BSD or UNIX is more secure is a waste of time. From a security point of view, they all suck. It's just a matter of degree.

    Windows (NT/2000) has some good security features in the kernel, the problem is that they are not properly used by the operating system as distributed by Microsoft. Locking things down would break too much stuff.

    UNIX/Linux has an archaic security model that hasn't changed in decades.

    Both operating systems suffer from being implemented in C, an unsafe language. It is possible to write secure code in C, but most people have neither the expertise nor time to do it correctly.

    --
    Mea navis aericumbens anguillis abundat
  13. NO NO NO NO NO NO NO NO NO NO NO NO NO NO NO! by leonbrooks · · Score: 4, Informative
    No matter what OS you are supporting and using if you as an Admin dont have the proper service packs and updates installed then your OS will be a victim sooner or later.

    "Sooner or later" is effectively a LIE because whether it's sooner or it's later makes a huge difference in securityville. You're also ignoring the ``quality'' of the intrusion (such as carte blanche versus mere DoS).

    Me for later, much later. While I could do even better, I use Mandrake 8.0 for production work. It's a bit bleeding edge in some ways - and I pay for that - but it comes with two massive advantages over many Linux distros: it installs reasonably securely unless you tell it not to (warns you when you install world-visible services and if you choose a "high security" install even disables those), and it can automagically update itself. Debian users in particular have long had these comforts.

    All Linuces have at least five huge additional advantages over Windows:

    1. There are significantly less holes to start with, because (among other reasons) they are generally implementation mistakes rather than systemic design flaws; and
    2. If a hole opens, the damage that can be done is less because you don't automatically get ring-zero (better than administrator/root) privs; and
    3. Patches tend to come out sooner and often involve no more than restarting a single service rather than downing the whole machine; and
    4. Tricks like chrooting the whole service, and/or using the immute bit (chattr +i) plus running with a kernel incapable of removing it (patch or capabilities) and a chattr program/syscall that rings bells and flashes lights instead of ch'ing the attrs, and/or one-way capabilities patches are simple to do; and
    5. Most distros arrive with secure remote administration, so dealing with a widespread attack (successful or not) is much easier; and (-:
    6. for Win 9X/ME in particular :-) distinction is actually made between superuser and mere mortals

    Yes, administration makes a big difference, but all OSes are a loooooong way from interchangeable when it comes to vulnerability.

    --
    Got time? Spend some of it coding or testing
  14. Re:Microsoft + Worm = MCSE ? by tlhf · · Score: 2, Informative
    Both Asus Probe and Nero needs administration privilidges because it has access directly to the hard disk for some of their more powerful functions.

    Granted, they could work with limited functionality under lesser accounts, but even then it's their decision to do that. You can hardly blame Microsoft for that.