Slashdot Mirror
Gates on Winsecurity
xandroid writes "Just a couple days after talking about free hardware, Bill Gates has sent an email to customers saying that Microsoft will continue to focus on security, titled 'A Microsoft Progress Report: Security' (MSNBC story, PC Magazine story, Google News' related stories). The email mentions that fast-spreading and destructive viruses and worms are 'threatening the potential of technology to advance business productivity, commerce and communication', but says that to counter the threats, Microsoft will make 'major investments in customer education and partnerships that will help make the computing environment safer and more secure'. He also talks about the XP Service Pack 2, and says that Microsoft is 'working with microprocessor companies, including Intel and AMD, to help Windows...support hardware-enforced data execute protection (also known as NX, or no execute)'." Reader Zephyr_in writes "Macworld reports that the beta-release of Longhorn is likely to be postponed to early 2005 because Microsoft is concentrating first on a security-focused update (SP2) to Windows XP. Earlier this week Gates said Longhorn is 'not a date-driven release.' and said the speculation that the operating system will come out in 2006 is 'probably valid.'"
The email mentions that fast-spreading and destructive viruses and worms are 'threatening the potential of technology to advance business productivity, commerce and communication',
:-)
I don't know about that.......seeing as how I use OS X, I have yet to experience downtime or hassles due to viruses or worms. Of course there are problems with an increased number of emails from Windows machines containing worms and such, but they are simply filtered out via the spam filter. So this statement from Gates only really applies unless you are using something other than OS X, Linux, IRIX, Solaris, BSD, etc....
Earlier this week Gates said Longhorn is 'not a date-driven release.' and said the speculation that the operating system will come out in 2006 is 'probably valid.'"
Windows is Microsoft's cash cow and from an investor perspective, there may be push from the shareholders.I have sold off most of my Microsoft stock on principle after watching their abuse of the PC market for the last few years, but I still own some and this is not encouraging.
Visit Jonesblog and say hello.
I seem to remember this site used to focus on Linux, with only the occasional Microsoft-bashing article. Nowadays, it's completely the opposite.
Maybe perhaps michael and the editors are just trying to generate the extra pagehits and flamewars that Microsoft brings.
SIG:Slashdot: indymedia for nerds.
Excuse me, but Intel's ripped off 64-bit system has no sort of NX bit on it. That is the primary difference between AMD and Intel's 64 bit x86 implementation.
What I'm curious about is if this statement from Gates is a forward statement. Does this mean that Intel will adopt the NX bit within the next year or so? Hopefully this will be the case.
I can imagine with this in place, I imagine a lot more of the script kiddies will be doing "Nuke" style attacks rather than full-on hacks. In this case, say if Apache were to have a buffer overrun exploit, the most that would happen is the service would be shut down. Still a pain in the ass for anyone trying to run a web server, but better than running a service that potentially grants access to your machine.
That and worms will hopefully not be so rampant anymore, provided that people stop opening exe email attachments. Don't we wish.
Gates said Longhorn is 'not a date-driven release.' and said the speculation that the operating system will come out in 2006 is 'probably valid.'"
Well, what exactly is the one "must-have" feature in Longhorn that makes it necessary today? Nothing really. A database-driven file system is not necessary. Internet Explorer 7 is not necessary (at least if you have Firefox it isn't). More DRM? Not necessary. What's necessary today are security fixes. And as long as Microsoft keeps patching WinXP, Longhorn is not needed anytime soon.
What is necessary now is SP2. And the sooner they release that, the better.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
telling me what I can and cannot run.
--------
Create a WAP server
Tell gates not to forget about lowering prices. This will help slow the move from Windows to Linux as well.
Price and security both need to be priorities for Microsoft. Both price and security are BIG TIME negative aspects of owning Windows.
Windows Longhorn: We'll release it "When It's Done".
char sig[120] = "\0"
How the hell can anyone who actually read this garbage mod it interesting? Hello people, this comment is a great example of how to use a lot of words and say absolutely nothing.
Yes, we know you don't get as many Viruses, Worms, Computer Herpes, Computer sores, etc.. as us Windows users.
Yes I know, I'm a diseased peice of trash for using Windows. Now, can we dicuss Gates' email?
Why does a protected stack need hardware modification ? IANACE, but doesn't OpenBSD do this on standard hardware? As much as I don't like substanceless MS criticism, and as much as I want the status quo's platform to be secure; I really think that actions speak louder than words, and while SP2 is a big step in the right direction, how about: 1. Ditching ActiveX, does anyone actually use this for anything other than malware anymore? 2. Disabling the (Outlook) preview pane by default 3. Higher SSL Verbosity with IE 4. IE URL-bar and statusbar should go into an "extra careful verbose mode" when it encounters hexadecimal encoding ( % ). IMO, these are all obvious things that should have been changed LONG ago, why are they still defaults?
...they're going to carry on making buzzword-laden empty talk with vague references to current security holes? Sounds like business as usual at Micro$oft. Maybe when they actually produce a secure operating system I'll be less incredulous. The record of Windows' consumer and enterprise operating systems has been little better than abysmal, to be frank.
What wasn't said
"....and if anyone makes a workaround for the NX feature to install Linux we will be able to use the DMCA to thwart them."
With Longhorn only coming out in 2006, hopefully Linux will make a huge push over the next couple of years to cement itself as a serious 'business desktop' platform.
Because the fact remains that many businesses will be reluctant to upgrade their existing systems to Longhorn if there isn't some huge productivity increases. Hence Linux can be promoted as the solution for business's existing systems. Dump Windows. Install Linux.
In order for this to happen there needs to be a lot more education to the pointy-haired people of this world. These are the ones that control the purse strings and most of them don't know what Linux is or what benefits it provides over Windows.
Someone/some company needs to take the initiative and educate the non-Slashdot readers about the security issues that Windows currently has and the benefits that Linux provides.
Funtage Factor: Purple
He sent that out a few days late.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Linux/*BSD will have a better GUI than Windows, more application and driver support than Windows, and an infinitely better design and development process.
OK, two out of four isn't bad. But Microsoft must be scared of something. Why is one of the wealthiest corporations in the world and its army of developers having so much trouble getting something out the door, and why is Bill going out of his way to appear to tow the line? Kind of spooky.
I read Gates's comments a few days ago and noted that at no point does he even come close to admitting that every virus, worm, or other exploit that hits Windows is able to do so because Windows own code has made it possible. "Windows security" should be used as a perfect example for a dictionary definition of an oxymoron.
Seriously, with approximately sixty billion dollars in the bank, exactly what prevents M$ from producing a secure OS ?
And I suppose that all the people who buy Macs because they're a better solution for their needs are just victims of the reality distortion field, and should be first against the wall in the New Purge. All those scientists who are transitioning to OSX as their research environment are just ignorant.
You, sir, are an asshat.
A properly designed system is not harmful to other properly designed systems. Windows is not properly designed. OSX (and BSD and arguably Linux) are properly designed.
Why yes, I AM a rocket scientist!
I'm rather surprised that my earlier comment was modded down. Sure it likly will be useful for preventing viruses from running but think of some of the other implications of a hardware non-execute permission. Could this also be used as a restrictive form of DRM or another form of software de-activation? In some ways I see this as a means of taking control of software away from the end user. I do however recognize that Microsoft is trying to plug the holes in it's software and applaud them for taking steps to minimize the impact of exploits, malicious programs and viruses.
...as if there is no other computing platform out there.
Tell you what, Bill, we've got this stuff called "Linux" and "Mac OS X" out there, among others.
My only concern when the Windows worm du jour is making its rounds is that my company's Windows guys will be swamped and me, the Mac guy, will have to go to some of the Windows clients and pitch in to clean up Bill's messes. Otherwise, I just laugh and go about my business unaffected on my G4 or iBook, as Windows machines fall over like dominos.
I KNOW how to spend all day trying to configure various things and optimize them for security and use. However, sometimes, I don't feel like reading through piles of security docs just to make sure I can feel safe plugging my computer into a cable line. It's nice to have things just work, and work securely, right out of the box. Apple, however, has provided an operating system whereby I can spend endless hours tinkering with settings, in both a CLI and GUI environment; but by no means do I have to do this in order to get my computer working securely. The best thing you can do for a clueless user who just wants to check e-mail is get them an eMac or iMac. No fancy cables to plug in, no massive suite of security software to install -- just turn on OS X's firewall (built on that rock solid BSD standard ipfw), set up mail.app for their e-mail and get Safari or Mozilla Firebird to start blocking popups. Instantly, they're secured against anything except a direct, targeted attack against their computer. Worms, trojans, spyware... not a problem.
IAALS.
a) Hardware will become nearly free and
b) If Microsoft security becomes hardware-based, it may even work!
Now, seriously, I'm your average M$-basher and could take this opportunity to make some mocking remarks.
But, you know what?
I find it sad when some software monopoly says things like "our systems are not engineered for security" and "our security will improve because we will resort to hardware" -- while still keeping a 95% desktop share.
*sigh*
Well I run several *nix servers, my home and office machine are both Win XP. I ave *never* been infected by a virus. Never.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
You really had me up until the license thing. That would be a political mess, with arbitrary revocations for violating some obscure rule that's only valid in California for example. Sorry guy, until somebody drives the internet across the median and rams it into a "station wagon full of nuns", we must never let anybody decide who gets access or not. I do agree however that everything went to hell when AOL'ers got access:-)
What?
I disagree, and, as opposed to modding you down, I will reply. I'm an intelligent, well-versed, apple user. I've been working with x86-based machines seriously since I was in 7th grade. I'm now about to graduate high school. Last year, I ""switched", as it were. I went out and found myself an old tibook. It's a good, solid, stable machine. I run linux and many versions of windows via work or at school. However, I like to come home to my Mac. Why? It just works. I putz around with pcs all the time, I am paid to do simple repairs and upgrades. Pcs are a hassle, and I spend a lot of my time working on them. I don't have to fool with my mac. It does exactly what I want, it's rock-steady, it's unix (I know this!), and most of all; It's pretty! Not all mac users are net-incompetent. Very few that I've met, in fact, are. That is a false assumption.
Apple computers are created for, and solely used by people who know, and want to know nothing about computers, the "proudly ignorants".
Ah, but they are also used by the most advanced computer users out there. Those that use them for a variety of fields in science from quantum chemistry to astrophysics, medicine and computer science. Pretty impressive that.
This is a dangerous mindset to encourage. Their computers are set up to do everything for you, to treat the user with a kind of benevolent contempt.
What is a dangerous mindset? Allowing people to be connected? Allowing them access to information? What are you going to say next......That people should not be able to vote for whom they want?
As to doing things for you, yeah, when I want to plug in a hard drive, it is automatically mounted and I don't have to type in the CLI two or three lines of commands to get it mounted and shared. There are many other examples of this and why you perceive this as benevolent contempt completely escapes me.
Some recent pricing of upgrades illustrates the kind of attitude Apple has to its customers.
This leap of logic is confusing. And what recent pricing are you referring to? Can they not expect to make a profit on their investment? Be thankful Microsoft has some minor competition, or else you might be paying more than you might think.
Visit Jonesblog and say hello.
About freaking time. IBM's mainframe and midrange server architectures have been doing this for years. In OS/400, for example, the only things the processor will execute are program objects. Memory blocks marked as data cannot be executed, even in the event of a buffer overflow. The OS and hardware work together to ensure this.
and thus, it is interesting.
You are right, it says absolutely nothing, makes up quotes attributed to made up people, and comes to no real conclusion. It feels like it was auto-generated. Off topic, maybe, but interesting nonetheless.
--H
MS will continue to talk about Longhorn to ensure nobody else can grab mindshare. I swear Longhorn stories are on sites like Slashdot and .com.com.com everyday and yet there is no end of talking about a product that won't be out for years.
Security is nice and all, but Longhorn is starting to remind me of heaven - a long way off with no concensus on what it is really like. A lot of faith that things will get better someday is almost required, just as faith is required for the religious minded.
Hmm... GNAA version 2? :^\
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Slashdot posts every single letter, lecture, and little throwaway statement Bill Gates in order to give the "M$"-bashers something to froth over.
Absolutely nothing new will be offered in the discussions for this article.
Meanwhile, Gentoo, Debian, GNU (twice!), and Gnome have all been hacked in the span of the last six months, and LinuxSecurity reports dozens of vulnerabilities for each distro every week alone.
It will always boil down to this--security as a criticism against Windows will always be something that's only valid to other Slashdotters. Most of the rest of the world doesn't see it that way, and the rational of us see it as an admin and user ignorance problem. When Slashdot posts articles with titles like "Another New Microsoft Hole" and it turns out to be a user-ran executable attachment worm (yes, this was a real article), or "Microsoft Violates Human Rights In China" simply because Windows is used by the government there (never mind that China has its own custom Linux distribution, but I doubt we'll ever see "OSS Violates Human Rights In China"), I can only shake my head and just wait for the next cool technology article.
Becuase that's why I first started coming to Slashdot--the cool tech news. Not "let's fill our daily quota of one 'bash M$' article per day." I used to go to K5 as an alternative because of the interesting tech articles that didn't get posted here, but at some point K5 became a liberal anti-Bush administration site. This place has become an anti-RIAA, anti-M$ site. I miss when there was no agenda other than being a cool site for nerds to get news on the latest Stallman lecture, Linux kernel technology, or programmer interview.
You troll .. and to the mods your no better.
I think most people will agree most security problems boil down to one simple thing, the stupidity of the user
Your missing the whole point. The users aren't stupid - they don't care. Computers are not an integral part of their life as they are probably are for you. Hence implying they are stupid because they can't spot a virus is just plain rude.
I have to ask if you know exactly what happens and what to do if your car suddenly stops for no reason. Does it make you an idiot if you have to ask for help ? No because for most cars are a tool not a lifestyle - just like computers.
Apple computers are created for, and solely used by people who know, and want to know nothing about computers, the "proudly ignorants".
Now that Apple is *nix based I find this kind of statement quite suprising. What a bunch of proudly ignorant people.
Apple computers yes do have the obscurity security benefit, however they also have intelligent default settings. Windows with XP SP2 will finally set the defaults to what they should have been from the start.
You are the ignorant one not the non-techie users.
Funtage Factor: Purple
Whatever Gates may say, I think most people will agree most security problems boil down to one simple thing, the stupidity of the user. When I say stupidity, I do not mean it as an insulting term as it applies in every day life.
Coming from someone else, this is perhaps a valid comment. However, when Bill Gates says that Microsoft will address the major security flaws that they as a company had designed into their software through more user education, that's insulting. Third parties are welcome to discuss the extent to which users have contributed to their own misery. When Microsoft makes that suggestion, the only viable response is that the users were obviously stupid because they used Microsoft products. Once Microsoft closes their security holes, I'll consider revising that statement.
For all of those people that scolded me and told me that Longhorn was a sure 2004 release, I say... HA HA!
I hate Apple with a passion so I'd really like to agree with you ... but Windows claim to fame was it was easy to use compared to DOS. The thought was now that users don't have to manipulate the command line, more people would be able to do more with computers.
Remeber the two things they sold Windows 95 on? It's easy to format a disk, and easy to install programs. They lowered the bar but users as a whole responded by becoming even stupider. You know how many millions of windows users out there can't do either of those things? -- LET ALONE -- update their virus defs, craft a reasonable firewall policy, and update their machine on a regular basis.
Religion is a gateway psychosis. -- Dave Foley
But, here's an idea! What if the email program DIDN'T EXECUTE SCRIPTS WRITTEN IN BASIC!
Hey, Bill, here's some code that will kill worms dead:
How long will it take until Microsoft dips into the Outlook code and stops the running scripts in message attachments?
Maybe never. They'll just build rarely updated "after the fact" virus scanning in the next XP service pack! Yeah, that'll do it.
I won't need it. I use Thunderbird and Mozilla Mail.
Ever dream you could fly? Get up from the Flight Sim. I Fly
Sure, it was easier to write an assembler program adding it's own code to a software, while keeping the infected program executable, than scripting 15 lines of VB Script.
Oh, those poor and innocent individual users. What a wonderful way to make them think they are only victims, and never responsible of the spread of a virus, even if they don't make any effort to secure their system.
Of course, the idea that a malicious program shouldn't be able to do much damage, because it has very restrictive rights is a strong innovation.
Wonderful ! Microsoft OSs will (at last) have memory protection ! Let me remember, how old is Unix ? Nearly 40, isn't it ?
Could someone explain me how Microsoft can be seen innovative by so many people ? And how they can so proudly try to make us believe they always were (and will be) on the right way ?
-----
is like osama on world peace
//bite.
I'd really love it if the Mac operating system could be used on any hardware. *love* it.
Sadly, this is not the case, and I can't afford to use it, since most of my machines (lab or otherwise) are all old-parts boxen.
By the way, it's one command to mount a harddrive. =)
Interesting points, wonder why you got modded down?
I'd like to add to what you've said and point out that there is a difference between stupidity and ignorance. Stupidity is not being able to learn somethiing. Ignorance is not knowing something, but it doesn't exclude the capacity to learn. Most people, when it compes to the intracacies of the PC, are ignorant, rather than stupid. And they want to be.
For example, I don't want to know the specifics of which particular gasket a mechanic's going to tighten (or loosen) when he reapirs my car, I just want to get to work. I could, if I chose, get materials on automotive mechanics, find out this information, and be knowlegable, rather than ignorant, and even possibly do the repairs myself; but I have no need to know this stuff, so I remain ignorant.
IMHO, This has been one of the fundamental failings of understanding of the Open Source movement, as they try and move from the hobbyist to the mainstream. Doctors, lawyers, and other professionals have too much to worry about in their own fields to concern themselves with makefiles, mount points, and other intracacies of Linux. And, quite frankly, a large number of people simply don't care to learn this stuff, any more than I care to know exactly what happens when I turn the ley in my car to get to work. I just want the engine to start, and use my fundamental driving skills to get to work, or home or to the bar, or wherever.
Does this ignorance mean that I can't drive as well as someone who knows the full workings of an automobile? Certainly it does, however, there are indicators and saftey features in the car itself to protect me from my own ignorance.
This is part of what Microsoft has realized. They realize that people want to know nothing about how their machines work, they just want them to work. That's why their now working on protecting the ignorant user, rather bothering with attempting to educate them. For these users, it's better to put the govenor on the engine, the automated seat belt, and the airbags rather than trying to teach them to use a turn signal when they change lanes.
If Linux is going to embace the mainstream, they are going to have to embrace this ignorant user. Linux is going to need to be so simple that people aren't going to fear it anymore as a more complicated (albeit better performing, more stable and more secure) system than Windows. They're just going to put the cd in the computer, and drive away.
I didn't realize that Apple is starting to release its switcher ads on /..
If a business has Windows XP/2000 for their desktops it's going to take a hell of a lot to make them change to Linux, the switch over is a big step to take, in terms of the companies software, training etc. All the issues associated with upgrading of any kind, no just XP->Longhorn. Business may welcome the long gap to Longhorn, since it will allow them to stick with 2000/XP for longer and save them $$$. Unless linux offers something 2000/XP doesn't they won't want to upgrade, and honestly, all most companies need is Word & E-mail.
Admitedly, it may encourge new business to take up Linux as a first choice, but upgrading... not so sure.
I spent ages trying to think of sig, but never did
Whats the result? Users don't even *crack* manuals open, they expect just to be a genius at anything they try. Then software companies realized "hey, nobodys reading these manuals" and they cut costs by stop including them altogether.
When they do include a manual they're terrible. I purchsed a Dell Axim x3i lately. It came with a 200 page manual that's WORTHLESS (and I have a CS degree). I wanted to know if I could sync the device over TCP (the answer is yes, but only if I connect to a windows machine first with the same SMB name as my linux machine grrrrr) -- the manual has no information of any kind on it. Just dry lists of "How to setup feature X", doesn't even mention the purpose or the reason for setting up X, or what it can do. Just the steps to do it with no information ...
Long story short, if I'm confused with a CS degree, who isn't? The companies that stell us this stuff encourage ignorance, theres not a place to learn!
Religion is a gateway psychosis. -- Dave Foley
- why does anyone use any Microsoft software anymore? - there is no reason to use any Microsoft product anymore AFAIK... - someone please tell me why i should use any Microsoft product?
>Ie, IA-32e has the same bits in its page tables when in long mode as AMD64, ie seperate bits for read, write and execute, ie same level of protection.
Thing is, that feature would be pretty much unnecessary if only OSs written for the 386 had used the "small" memory model (separate code and data segments) rather than "tiny" (intermingled code and data in a single segment), and prohibited the creation of aliased segment descriptors by non-privileged programs. The 286 (yes, *two*eighty-six) and up already have support for No-Execute on a per-segment basis -- Code segments can be Read/Execute or Execute-Only and Data segments can be Read/Write or Read-Only, but never Executable. And the stack segment is always a Data segment, i.e. no executable code on the stack.
"Microsoft will make 'major investments in customer education and partnerships that will help make the computing environment safer and more secure'. "
BILL: GET RID OF THE MICROSOFT HTML CONTROL.
Getting rid of ActiveX and splitting the MS HTML control into a separate modules so programs can display local HTML without worrying about it kicking off a local exploit or downloading untrusted material from the Internet... not just defining zones, but separating the display code, the internet code, and the active desktop code into separate modules that don't interact with each other except through an application that has to explicitly request dangerous things... that would do more for security than anything else Microsoft could do between now and the end of time.
But to do that would be to back out of the claim that it was essential to merge IE and the desktop back when they violated their agreement with the DoJ back in the '90s, and Microsoft cares way more about losing face than improving security.
Of your two basic points, I don't agree with the first, the "October that Never Ended", though I agree it is at least arguable.
But your speil about Apple boggles the mind. It only makes sense in some kind of alternate universe where it is Apple machines that are causing the troubles. Last I checked, the total "rampaging Internet-destroying virus" count is still firmly at zero on the Macintoshes, to the Windows double-digits. (Linux has only one that I can even remotely imagine like that, the Apache worm, and even that was fairly contained compared to the virus loads that have taken down entire large companies.)
I have to conclude that you're one of the few trolls to make it to +5, Interesting. s/Apple/Microsoft/g and again, I don't agree, but it's at least arguable. But what problems are Apple users causing on the net? None.
So he's going to monopolize the on-system firewall and anti-virus industry next. Big deal. (The firewall should be on a separate system, anyhow...)
He does this instead of, say, removing some of the crappiness of IE which makes it the browser with the worst security record ever, and the only one in which I can ever remember seeing a remote code execution hole in, offhand...
At least user education might be useful, if it were done right. Then again, AOL is hit by how many scams wherein people steal passwords? They've only told every customer multiple times that they will never ask for it...
Even so, it's not like this is new. I've been teaching computer basics (including security) at my local library for some time now...
Oh well. Let's just hope that he copies more of the good ideas than the bad ones. There's nothing new here that I can see...
... that "Winsecurity" is so far removed from actual "security" that it deserves its own word.
support hardware-enforced data execute protection (also known as NX, or no execute)'
Also known as 'TCPA', 'Palladium' or 'DRM'. Nice try at obfuscation there M$. I for one will be boycotting whichever of Intel or AMD try supporting this first.
Apple computers are created for, and solely used by people who know, and want to know nothing about computers, the "proudly ignorants"
Every extra hour that I am forced to spend learning how make make a computer do what it should have done in the first place adds $50 to the TCO of that machine. So if I have spend even one hour per week figuring out how to keep my machine safe from exploits, I've added $2500 to for the cost of that machine for that year.
I am not proudly ignorant, I only realize that my time is limited and that spending it patching gaping holes in a badly designed product is not top of my list of either fun or productive things to do. At best, you could call me resentfully ignorant because I resent that ignorance should be a problem.
I'm not even sure how you can blame Apple for much of the Internet's current dismal state of affairs. What percentage of viruses, trojans, spam, etc. are distributed via Apple machines?
But, as long as we are playing the blame game, I might as well burn a few karma points. Lets add some more culprits to the list:
1. All the IT vendors that touted software and internet services.
2. All the businesses and organizations that listened to IT vendor's hype and gave PCs to all their employees.
3. The original internet standards designer who gave us naive, overly-trusting standards that make it too easy for anonymous blackhats and spammers to send out untraceable virus packets and spam
4. CPU makers (and Gordon Moore) for giving us such a rapid pace of performance growth that no platform ever matures before it is replaced by another exploit-ridden next generation OS
I'm sure there are others.
Two wrongs don't make a right, but three lefts do.
Must've been one short report . . .
`which fortune`
Why do I think the real issue is trying to figure out a way to get corporate and individual acceptance of the license changes Microsoft wants to implement to make sure we have to rent* products, and we'd be forced to accept "trustworthy (for Microsoft, anyway)" computing?
* - And where the hell to Mickeysoft shills get off on "total cost of ownership" when the only ownership that changes hands when you buy^H^H^Hlicense^H^H^H^H^H^H^Hrent a Microsoft product is Billy Gates gets to own your ass?
aka hardware-enforced DRM aka palladium aka TCPA
if you see a spade then call it a spade
On my W2K computer at work.
It took me quite a while to convince myself that it was not spam and safe to open. This, I think, shows that Microsoft has a long long way to go.
Life is like a web application. Sometime you need cookies just to get by.
Don't forget ssetting up your bash shell :)
I can execute email attachments on Linux too. What's to stop someone from making a Perl5 worm that greps `cat /var/spool/mail/* ~/Mail/* ~/.Mail/*` for email adddresses and sends them all copies of itself? This method would work on just about every *NIX, and would have full access to the user's home directory.
Sure, it can only mess up $HOME, but the damage is still done. I don't know about your system, but on my desktop almost everything not under $HOME can be re-built with a clean install. Almost everything under $HOME is what would really suck to lose.
On OSX/Linux/BSD/Solaris...
For the virus to be executed, it would have to be saved to disk and then have the execute bit set. For it to do this automatically, that would involve executing, which it doesn't yet have permission to do.
For a user to execute it, they'd have to save the attachment, switch to their file manager, change the permissions on the file, then run it. That's one more step that is require on Microsoft Windows, and following the data that's more than 2 clicks away is too far away rule, a lot of people won't bother if it takes that much effort.
Most operating systems have this feature built in. If Microsoft were competent enough to have it built into Windows, there would be no need to go chasing the CPU manufacturers.
Follow me
you know what to do boys, a non-believer is in our midst, to the town pond right away !
Well said, sir.
Microsoft is constantly lauded by the press and the business world alike for bringing computers to the masses. A chicken in every pot and a Windows license in every home. And while that is a commendable feat, helping to spur the absolutely exponential growth of the internet and computing in general in the last few years, no one stopped to ask if the masses were ready for all this computing at their fingertips. Computers are powerful devices, and are becoming ever moreso with increased use of broadband internet. The potential for a computer to do serious damage is great, when the right person (or perhaps the wrong person, depending on your perspective) is doing it. The problem right now is that the computer companies are doing exactly what every business in our capitalist society *should* be doing with a home appliance: trying to make money. That, above all else, drives their product creation and marketing. The problem with this line of thinking for computers, which are more than just appliances, is there is no responsibility or accountability for consumer ignorance. Yet.
Consider other home appliances: stoves, televisions, water heaters, automatic litter box cleaners. None of these things require a license to operate. Why? Because although they may be dangerous if used improperly, they don't really pose an immediate danger to other people; just the person operating the device. Since we as a nation believe that people should take responsibility for their own uses of these devices, only product warning labels, owner's manuals, and occasionally tech support are offered as education.
Now consider devices that truly do pose an immediate danger to other people: automobiles. Because we are all driving on roads with *other people* and are a potential danger to them, we as a nation decided that drivers needed to be licensed in order to drive, i.e., there is a mandatory level of education needed before people are allowed to use the device.
When personal computers were first introduced, they fell into the first category above. Each unit was separate. If you didn't read the manual and fried your hard disk, that was your problem. However, as we network more and more, and desktop environments such as Windows and Zero Install try to blur the line between working on your own machine and working as part of a network, computers are migrating into the second category. We're all driving on the proverbial internet highway. Now, if you are a clueless user who clicks every attachment in emails and forgets to install security patches, you are endangering the livelyhoods (if not the lives) of other people on the network. Even the responsible people can still be hammered: you can't tell me that mail servers running OS X are not slowed down by the deluge of emails from Windows boxes still running SoBig and MyDoom. No one is immune, and it translates to lost revenues for everybody.
So what do we do to fix it? Do we mandate that computer companies educate their customers? No. That would be like asking car companies to teach their customers how to drive. How about the ISPs? Nope. They're just the toll booth operators. TThe problem is standards: the world of personal computers sprang up absolutely overnight, from a standards compiance point of view. Automobiles have had over 90 years with the same basic premise (gas, brake, clutch, steering wheel, internal combustion engine), and they have been refined to be compatible with each other. Take one driver's education course, and you can drive any car built. They can all run on the same fuel. They all fit on the same roads (current SUV trend notwithstanding). All of them have at least some interchangable parts. Yet there are dozens of car companies, each with its own set of designers and engineers. Computers sprang up so fast, with a new technological revolution every week, that standards compiance hardly had time to ask, "what the hell just happened?" As it is, we have several major operating systems, none of which run the same software (they all req
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.
No, not everything, of course. But some of what he says is right. Much of
the bits about isolation and resiliency are dead on the money: having the
firewall on by default is a start, but if I understand correctly what he's
saying (which is hard, because the wording is brief and nontechnical; it
was obviously not written for a technically-inclined audience), Microsoft
intends to actually *fix* Outlook. Not "patch" it to stop a particular
exploit, but actually fix the root problem.
He also says some stuff that's good to hear despite not really constituting
security -- e.g., popup blocking, and not loading remote content in email.
He also talks about taking measures at the system level to mitigate the risk
of buffer overruns, but I can't tell from what he says whether what they're
doing there will be helpful or a placebo. This is where the CPU NX stuff
comes in, and I'm a little over my head there; I understand the idea, but
I don't think I grok all of the implications.
This is actually a good article. Not perfect, but good. Go read it, those
of you who haven't yet. I don't think we're going to slashdot Microsoft.
Cut that out, or I will ship you to Norilsk in a box.
As a side note, according to many surverys, Mac users tend to be weathier than the average computer user and more net savvy.
----- Question authority, but not ours. Hate the man, but we're not him.
In 10.3 (Panther) BASH is already set up, but it's not like the tcsh in 10.2 is bad either.
IAALS.
Lordy, when did that first come into being? 1960-what?
Microsoft will make 'major investments in customer education and partnerships that will help make the computing environment safer and more secure'.
they should make investments in developers education too. I'll be grateful to them when they improve their security even I don't use their products because number of worm/virii mails coming to peoples mailboxes (including mine) will be drastically reduced = more bandwidth for useful things.
/ss
IMO the other main player in the make-a-fast-buck-off-the-stupid industry has to be Apple computers. Controversial, but let me explain. Apple computers are created for, and solely used by people who know, and want to know nothing about computers, the "proudly ignorants". This is a dangerous mindset to encourage. Their computers are set up to do everything for you, to treat the user with a kind of benevolent contempt. Some recent pricing of upgrades illustrates the kind of attitude Apple has to its customers. While relatively unpopular, Apple computers can safely get away with this. But like "security through obscurity" it is not a policy that can scale safely.
AOL and Apple are a twin prong attack on our Internet experience. Perhaps it is time to introduce a licensing scheme beginning with the users of these two products. We license Car drivers, because a bad car driver is a danger to others as well as himself. Increasingly it is becoming clear that inexperienced users must fall in the same category.
Everyone is entitled to an opinion and I see the grains of truth you put forth. As Apple making for an easier/possibly better user experience by dumbing things down (Though OSX is as simple or complex as one needs it to be).
But on the other hand I happen to use MacOS both pre X and OSX itself. I'm also a systems engineer who specializes in administering Linux boxen. Exim/LDAP, various flavours of Apache, Bind, CVS etc yatta yatta. I also write a lot of Perl and PHP and dabble in C. You make it sound as if all Apple products are like tonka toys compared to other systems and the comment about people who know nothing tend to buy Apple is simply preposterous. I tend to beleive that this is why Win is so popular in the first place because of those who simply don't or can't be bothered to know anything.
I do use MS products all of the time as part of my profession but I've never chosen them for personal use and I don't say this because it's something to be proud of or anything. I just choose not to as I've always preferred the alternatives. They just make more sense to me and I personally find them more elegant. Though when I look back at my first comp (a commodore PET) I'd as sooner eat my own words but anyway... As a matter of personal experience I usually find users of other OS's than an MS OS to be more knowledgeable about the inner workings and limitations of their system of choice. As well it's pretty much agreed upon here that it's the users themselves that are helping spread virii and worms. By far and large it's the win users who are doing it so I don't see the relevancy of your attack on Mac users or even AOL'ers for that matter. It's not the internet connectivity that's the cause of the spread. Again it's the users. A person knows that they want to buy a computer. They go to the store and buy one. Naturally it has Windows pre-installed. A no brainer. But to actually go out and buy a system that is NOT the norm requires a bit more thinking especially if that system costs more than the norm which is usually the case.
What I'm trying to say here is that the OS doesn't make people lazy, ignorant or stupid regarding computing. They are already predisposed for whatever reasons. No matter what system you happen to use, all basic concepts are the same across the line. Choice of platform is irrelevant and a waste of time to focus on such small details and minutae. A Win machine can be just as secure as a 'nix or Mac machine (which is a bit of a misnomer really because pretty much all worms/virri are wriiten for Win anyway) as it's simply a user's habits that the malicious count on. Simple as that. Nothing more nothing less. It's just common sense which to me doesn't seem to be so common anymore. Although I truly beleive that the OS of choice has nothing to do with anything here, I will say this to stay within context of your comments; For now just keep in mind who the people actually are that are making it so easy to sully your 'net experience before pointing any fingers.
might go a little something like this.... TO: [Group] Stupid Money Buckets (Microsoft Customers) FROM : B1LL_GatXoR@Microsoft.com SUBJECT: Buzzword Buzzword Windows Buzzword Hello scum, Buzzword security windows buzzword longhorn catchword buzzword xbox xbox xbox buzzword release date buzzword the buzzword ... etc
Compliments,
B1LL_GatXor.
P.S B1LL = l337 + H4XXX0r + 0wNz j00!!! mwahahaha
[this message has been simplified: to read in it's original form please insert words like 'security', 'reliability', 'internet commerce', 'economic' and other words you wouldn't normally associate with Windows XP where 'buzzword' or 'catchword' are written, order does not matter.]
"The stupider people think you are, the more surprised they will be when you kill them..."
"But not giving them the most cursory Internet security information and programs is akin to leaving your car running and throwing the keys in the midst of a nearby group of drunken adolescents." ...But wouldn't you have to take the keys out of the car inorder to through them into a group of adolescents, there by causeing the car to stop?
I'm reminded of that solid metal car that Kinsman (the Grey Lensman, in E.E. "Doc" Smith's series) got into... the one that went 7000 miles per hour, was absolutely completely lightlessly black dark inside, had no seat belts or other cushioning, and was driven by an alien of a species that can "see" through solid matter. The accelleration was insane and he ran into everything on the way. Supposedly a severe bruising is in order if the driver "takes it easy" for "non-terrestrials".
What I find interesting about Gates' ideas about security is that it perfect sense from his perspective. Nerf the hardware so the software can't do anything it shouldn't without authorization. That way, his development costs can go down because there isn't nearly as much that can go properly wrong when someone writes bad code. He doesn't have to spend as much on development, and his customers don't have to worry about his crappy development.
It's a bit like industrial waste. No worries. We're saving money. (The science goes to waste, instead of the environment.)
It's kinda funny. If Gates gets his way, he'll be able to offshore the majority of his software development to the cheapest bidder. He'll still need real computer scientists to design and research the future for Microsoft, but then he can hire bargain basement code monkeys to follow their design documents as closely as they can figure out. "If it compiles, it works."
Windows Media Player 9--the future. (Can I kill myself now?)
I'm as mimsy as the next borogove but your mome raths are completely outgrabe.
"focus on security," eh?
well...I guess it depends on the perspective.....they HAVE to place all their focus on security.
Don't they know that recycling code that's not good isn't a good idea? Take a hint from the open source community; once it's proven to work, then the bells and whistles get added.
Oh, please, don't be so condescending. I'm a programmer, been one since 1978 (how old are you?) and I've been using Macs since they came out. Even have a Lisa. I'm the IT director at a company where we have about 30 servers, most of them Macs. The ones that aren't are running a variety of *nix, and one Windows Terminal Server. I've written TONS of code for DOS, for heaven's sake, and Windows since 3.1.
Trust me, I am not "proudly ignorant". I use Macs because they're better. Period. I am not genetically defective, either. Jeez.
the problem is MS doesn't make money off of patches and code audits
No. It makes money off of perpetual office suite and operating system upgrades offered as a solution to system unreliability, security flaws, and other design and inexcusible implementation issues.
In many respects, Microsoft's model is little different from organized crime "protection" rackets. In Venezuela, one can buy a sticker to protect your car from theft (if it is stolen with prominantly displayed sticker and your proof of "insurance" purchase, the car is returned and the thief killed within several days, or you have a replacement car).
Wonder where the replacement cars come from? People who didn't buy the sticker.
Now Microsoft's asking for a sticker on your processor; both a shift of blame (hey, if you have crashes, I'll bet you don't have that fancy new processor, did you?) Intel will go along with the racket too, as it'll have an excuse to sell overpriced processors again. And best of all, not only does it shift blame away from Microsoft, but it pushes a trojan business model that can be easily picked up by Congress Critters playing into Microsoft's lobby. It isn't hard to see that the optional chip will become mandatory (and operating systems that don't have proprietary locks ensuring they run with the chip's features may have to be declared "unsafe" for the masses... buh-bye opensource *nix's).
This latest announcement, coming from Gates, is clearly a trial balloon to see if it's safe for them to slip in the protection schemes again. Paying for software update subscriptions didn't fly - too many saw it for what it was. Imagine if Ford demanded every Pinto owner pay a monthly fee in order to qualify for a non-exploding "upgrade." It wouldn't wash. But unfortunately, Microsoft's track record has been so totally poor, the consumer market has come to accept it as fact. (Look at Microsoft's 900 number model for support - all they've done is push their problems onto ISPs, hardware vendors and other folks who have to run a support operation).
It's time the heat got turned up on Microsoft. The only effective strategy against Microsoft's ploy is to poison the waters for them - make them out to be an unwelcome party in political circles. Expose congress critters taking Microsoft money. File a BBB complaint for every system crash (not that the BBB is anything more than a protection racket itself - but what more fun is there than sending one thug after another). Write your attorney general, congress critter, etc. and demand Microsoft fix it or Microsoft reimburse you for having it fixed elsewhere. Start submitting those bills to Bill!
Here's an interesting though. Is Linux more secure and stable BECAUSE it is more difficult to set up?
Linux makes few assumptions. You have to explicitly install and run things if you want them. There is no marketing pressure to force you to take features you do not want. Heck, you can even build your own kernel to include or exclude features. The "barrier to entry" under Linux is higher. So the majority of Linux installs were installed by somebody who actually knows something about a computer.
Conversly, Windows is easy to install. Furthermore, since it comes pre-installed on most computers, it is REAL easy to install. Windows is not so much of a choice for most users as it is the failure to make a choice. Many of the people "succesfully" running Windows are "twelve o' clock flashers". (You know, those people who's VCR constantly flashes "12:00" because they have no idea how to set it.) Combine this with cheap, always on broadband and you have a recipe for disaster.
You've heard of "Security through obscurity", well Windows suffers from "Insecurity through ubiquity"
Windows has an execute permission as long as the user is using NTFS.
Your post is still relevant however because this permission is ignored by virtually all programs that should be using it.
Interesting how the article fails to place any blame with Microsoft - the company that provided the faulty platform for the spread of this malicious software.
Imagine if you bought a microwave oven that didn't have sufficient shielding to protect you from the "criminal" radiation within.
And this malicious software "evolves" too. Oh yes. Its not the platform itself that becomes more and more buggy. No. the malicious software "evolves".
Microsoft are also committed to major investments in customer education as well. Thats right. its your fault you got a virus. Stupid customer.
So Microsoft create this problem and now its "really funky and groovey" because it is trying to patch its own mess up. And who is going to pay for all of this, dear customer? You guessed it.
Much as I like their 3 steps to "protect your pc", they seem to miss out the obvious one:
Don't use faulty software.
On Windows with recent (post-2002) MS software, you need to...
(1) Tools>Options>Security and turn off the security checkbox. (2) save the attachment. (3) run it.
Very few users know about step 1.
I think you underestimate users. People will double click, unzip and spend however long it takes to run any attachment they get. Even if their e-mail program or ISP or whoever says something like "The attachment is a virus... do not open it." They will still open it.
Now, for most users, It's not the 2 clicks away is too far rule... it's called you need an administrator password to install anything rule. This is why people tell you to not log in as root. (and why the root account is disabled by default in OS X) Now when you double click that attachment and instead of opening a document, it prompts you with the password dialog box, alarm bells should start ringing.
Oh and most archival programs will save rwx flags. So while it's harder to get a virus, never underestimate how stupid people can be.
So on OS X, if I download a SWF file or a HTML file with embedded JScript, or visit a page with a Java applet in it, I won't be able to execute any of the scripting code embedded in those files unless I copy them to my hard disk and set an execute flag?
Saying that forcing users to enable an Execution Flag on files before you can run them, is a 'security feature' is ignorant. There are plenty of plain file formats that can contain executable code in them, and an 'execute flag' doesn't do anything to solve that problem. All it does is inconvenience users. Word Macro Viruses were plenty effective even though you couldn't double-click a Word file and run it just like an EXE file.
using namespace slashdot;
troll::post();
On other systems, the OS enforces the execute permission. If it's not set, the application cannot execute. It's not up to the app to decide. Yes, Windows with NTFS has this option, but it seems that by default when you save a file with a name ending in .exe, the executable bit (or equivalent in the permissions/properties dialog) is set.
Follow me
Obvious troll but I'll bite:
> and solely used by people who know, and want to know nothing about computers.
I've been using Linux almost daily since late '94, Sun products since 92, spent a number of years as a VMS sys-admin. I spent close to three years working on a Linux distro that was top 10 on distro watch.
I own 4 Macs, all of which get heavy use and run OSX. My iBook is my 'take it everywhere all day long" computer.
I guess you're wrong on that point.
> the other main player in the make-a-fast-buck-off-the-stupid industry has to be Apple computers
Just for fun I put a freshly installed OSX box directly on the net for two weeks. It ran various proto analyzers, log watchers, etc., but nothing was done to enhance the stock security setup. Over 250 attempts and not one sucessfull intrusion. I even had a cracker friend of some renoun have a go, he also failed.
Apple has done an outstanding job creating hardware and software that just work, are virtually hassle free, and are reasonably secure. Personally I could care less who the vendor is as long as I get what I want and it does what it should. (In fact around '96 or so I swore I'd never touch another Mac)
So who's stupid now smart guy?
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" - BF
By the way, it's one command to mount a harddrive. =)
/etc/fstab and created the mountpoint.
Provided you edited
SuSE does this automatically as do (I assume) most other recent distros, and setting it up to automount when clicked on is easy.
>>Apple computers are created for, and solely used by people who know, and want to know nothing about computers, the "proudly ignorants".
>Now that Apple is *nix based I find this kind of statement quite suprising. What a bunch of proudly ignorant [bioitworldexpo.com] people.
Yeah. I thought there were plenty of reasons to be underimpressed with Apple OSes. And if I could have afforded top of the line hardware, I could just as well have gotten it for an X86 machine and paid top dollar there.
But when Mac went OS X, I decided it was time for a paradigm opinion shift. Doesn't mean I'll switch, what with my knowledge investment in linux, but just saying.....truce.
Looks like you've given the best argument why the Unix security model isn't necessarily better than the Microsoft one in all cases that I've ever seen. Nice one! :-)
Follow me
What is a dangerous mindset? Allowing people to be connected? Allowing them access to information? What are you going to say next......That people should not be able to vote for whom they want?
I hate that phrase: "to be connected" (which is quite honestly the only reason I'm responding to this.) It just sounds like pure marketting hogwash. People can, and will do those things on whatever platform you provide them with. Some find windows easier to use, some find apple, some probably prefer X. (me for instance.)
As to doing things for you, yeah, when I want to plug in a hard drive, it is automatically mounted and I don't have to type in the CLI two or three lines of commands to get it mounted and shared. There are many other examples of this and why you perceive this as benevolent contempt completely escapes me.
This is where I have the problem with the Macs. I own a powerbook, and I think it's a pretty sleek design (though I could do without the fricking white glow and apple logo on the case).
I consider myself a poweruser, and an inquestivie one at that. I like to tweak my kernel, install multiple OSes on a given machine, and in general diagnose my own problems.
My largest qualm with apple is when people start saying "It just works."
Quite frankly, it doesn't. The documentation is often quite poor: Read every bit of the manual your machine comes with and see if you can find a solution to how to boot from a CD. (hold down C, and *then* hit apple - D otherwise it won't always boot up and just hang forever) The hardware is prone to crash the system w/o any clear sort of error message or dump (a poorly installed airport card, for instance will cause the machine to hang randomly) And it's prone to the same issues windows machines have (Third party software such as Limeware or Poisioned, are known to totatly screw up the filesystem serioulsy slowing down your machine)
I've actualy reinstalled my Laptop more times than I have any windows box. (mind you I use the laptop a bit more)
Don't get me wrong. I still like the machine, I just can't stand the zelotry that goes with it. Macs are good, but the fanboys who scream at you that apple rules and you suck when you say you prefer Nero to Toast, really gets under the skin.
I'm just mouthing off anyways. I agree in seniment with everything you've said. The parent poster was a fair fool. *shrug*
W-insecurity!!! Oh Snap!
> there are just as useability problems inherent > to Linux (Which is a primary reason why 90+%
> of people stick to Windows).
Wow, Microsoft press release time is it?
Then very few users will be able to run things received via e-mail. But that doesn't appear to be true, going by the rate recent viruses are spreading at.
Also, is that "Tools>Options>Security" in the e-mail client/web browser or file manager?
I wish it was an option in the file manager which mean that all files being saved would not be given execute permission, regardless of what app saved them. I've got a nasty feeling you're talking about something that's specific to a particular version of Outlook or IE though.
Care to elaborate?
Follow me
I was talking about executable files (notice the word "executed" in my post). You're talking about interpreted scripting languages. If you don't want such things to be run, then either disable whatever "feature" causes them to be run, or choose to use software that simply doesn't run them.
./perlfile.pl until the execute bit is set. Running it using perl ./perlfile.pl is different, since the initial program being run is the perl executable, and it's not up to the shell to decide how to run the script.
Java VMs (at least the real Sun versions) have a security policy which prevents applets writing data to anything other than the domain from which they came. i.e. if it came from the internet, it cannot read/write to any arbitrary part of the local filesystem unless you change the security policy manually.
"Plain file formats" do not contain executable code. They might contain code that can be interpreted. A perl file downloaded from the Internet for example cannot be run by typing
I'd agree that any point-and-click GUI that lets users run interpreted code from files like that is missing something in the security department.
The execution bit being a security feature is a fact, not a sign of being ignorant.
Follow me
On other systems, all it requires is that the app set the execute permission bit and then execute it. Wow, that's fucking hard.
Bill Gates is a great business man, however he does not always understand the technology picture.
640K should be enough for anyone.
L053R
Why would you want to use bash when zsh is included?
I have yet to experience downtime or hassles due to viruses or worms.
:)
I'm not going to get into an OS war but I also have not had any downtime due to a worm or virus on my Windows XP box. This is because I do not open e-mail attachments, run a hardware firewall, and keep my system up to date with the latest patches and virus definitions.
I also have a G4 running OSX and an older PC running SuSE. My favorite is the G4 not because I am a Apple zealot but because I like the interface. I didn't like Apple before OSX. I still don't like Apple hardware but I can get over that.
My point here is that the most important aspect of security is the user. Microsoft still has an uphill battle but I believe they are moving in the right direction. Right now I think the best thing Microsoft could do would be to buy some TV time and inform the average Windows user on how to improve security (besides switching to Linux)
Yes, but with the OS enforcing the executable bit, an application developer would have to write code that specifically turns on the execute bit for a file his/her app has saved, then execute it. Most competent programmers would realise at this point that they're "getting round" one of the OS's security features and would think twice about it - if their app went on to become popular and then caused problems due to this, they'd receive a lot of bad publicity, just as MS are doing now with regard to viruses.
Follow me
Fairly simple solution that could be used; when you do the install, put the user's home dir on a mounted partition, and set the noexec flag on the partition. That makes it pretty tough for them to simply save and execute a *nix virus (and other stuff too, but for some users it may be necessary
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
Microsoft will make 'major investments in customer education and partnerships that will help make the computing environment safer and more secure'.
Hey guys, how about you make a better OS to start with? The customers will follow, don't you worry.
A computer makes it possible to do, in half an hour, tasks which were completely unnecessary to do before.
Sure, and that's why it includes all those user-friendly programs like ed(1) that anyone can use intuitively without knowing anything about computers.
Don't you just love how Windows' in-securities are spun as "evil forces"?
And don't you also love how Microsoft's solutions always point the responsibility finger elsewhere. They always try to paint themselves as the good guy, having to clean up after the mayhem someone else initiated. "Here's our progress on taking steps to combat the evil in the world."
One of these days, business is going to wake up to this shell game and start holding the software manufacturer to blame for the general design problems of their products. Then you'll start seeing a general shift to another platform, maybe starting in the back office, file and printer serving, firewalls, etc. The desktop will be last.
Wait a sec, perhaps that explains the new firewall corporate bought for our branch to replace our old Win2K one... Linux.
There is no need to use a SlashDot sig for SEO...
You want a mac? Get out of your mother's basement and get a fucking job. And pull up your pants. Shithead.
I could be wrong ( it would require a lot of testing to be sure ), but it seems to me if we had gone with a Harvard type architecture, were data and code are separated at the chip level we wouldn't be discussing this at all.
Perhaps it would be prudent to re-visit the past, in order to move into the future.
Not too many current chips do things this way, though the 8051 series comes to mind.
---- Booth was a patriot ----
That you think most mac users are "proudly ignorant" is the most ignorant and (falsely) elitist statement I've read on /. in a while.
With the advent of OSX, more of the "proudly inteligent" crowd have moved over to Apple hardware. I know people from physicists to fiction authors use Macs, and many of them are in the 95th percentile, at least. Indeed, even before OSX, Macintosh was the performance platform of choice for quite a few fields of study. They were cheaper than SGIs and SUNs, with performance better than that of the PCs of the time, which struck a pretty thick like, marketshare wise.
Most Mac people I've met are indeed more inteligent than average. They seem to have migrated to Macintosh simply because they just want to get their work done, and they don't want to fuck around with the numerous crops of problems that Gates has been farming. They want their computer to work for them, instead of having to make the computer work.
However, if those two clicks were required for everything that the user wanted to do, including install any application, then it will become second nature and irrelevant. Of course in order to accomodate the general laziness of users we'll likely see Linux desktop vendors giving the users root access (like Lindows) or just changing the default settings so that they are executable by default.
There is one class of viruses that I refer to as Amish viruses. They inform the user the insert system file here is really a virus and that they should delete it and then send the email to everyone they know. This process is completely manual yet these hoaxes are fairly prevalent. They exploit nothing but the user and no OS is immune to them.
These "new" security issues have been know since the early 90's. Microsoft purposely ignored the warning signs for one reason: to gain and maintain a monopoly. Well guess what, the public isn't stupid and we're not buying the BS. Do the right thing and fix it. Stupid PR games aren't going to fix the broken trust. Spending the next 10-15 yrs to fix the problem for real at the core of windows is the best way to show Microsoft is serious.
Microsoft is 'working with microprocessor companies, including Intel and AMD, to help Windows...support hardware-enforced data execute protection (also known as NX, or no execute)'.
Isn't this kinda like finger pointing? Microsoft doesn't want to fix problems on their side so they ask that the chip manufacturers shield the problem.
I can hear the hardware and software engineers blaming each other right now.
Games.
Once windows is no longer the primary platform game developers look to when pushing their games out, i'll switch. (by that I mean, 100% of all games coming out that I want would have a non-windows option).
All your base are belong to Google.
Apple computers are created for, and solely used by people who know, and want to know nothing about computers
You sure about that? Cause it's pretty blatantly WRONG.
Let's try that again: Apple computers are created for, and (mostly) solely used by creative types. The fact that everything works smoothly and well is a reflection of hard work by Apple programmers; the things that work right away, the first time, are the things that noone should have to mess with. Printers, etc. aren't things that should have to be configured/download a driver/fight with!
Really, you get more done if you don't have to fight with your machine. It's the truth.
..so sick of hearing the same FUD (it's not your fault, you were misinformed) over and over again.. OS X / BSD is the most secure OS. Nothing to do with obscurity.
"Seriously, with approximately sixty billion dollars in the bank, exactly what prevents M$ from producing a secure OS ?"
U.S. government spy agencies?
OS X is able to do so much automatically because hardware parameters are generally known when using Apple or Apple-trusted hardware.
If only Microsoft controlled the hardware, we could breathe easy.
Couple of random thoughts:
1. NX bit is not an end all in preventing mal code from running. It does limit some exposure.
2. DRM is not guaranteed security as MS is trying to sell to the public. It does guarantee that fixing a hacked system will be sooooo much more difficult. A successful hack could rended someone's local data inaccessable. And we are sure to see version 1.0 type vunerabilities in bios, os and libraries for a while... eeek.
3. MS providing antivirus, firewall and so on will not work out as competition between vendors has fueled a ton of creativity and generated some pretty amazing products. Let's hope this feature is like the backup software included with Win3.11 and 95 rather than IE.
4. None of this really speaks to MS's most important and weakest security-wise product: MS Office.
-- $G
"Insecurity"!
"Every extra hour that I am forced to spend learning how make make a computer do what it should have done in the first place adds $50 to the TCO of that machine. So if I have spend even one hour per week figuring out how to keep my machine safe from exploits, I've added $2500 to for the cost of that machine for that year."
Listen, you can't count expenses that way. Just as you can't write off your time at $50 an hour as a charitable contribution for tax purposes.
If you are going to make the calculation you suggest, you can only count lost pay, and lost pay does not occur unless you would have otherwise in that time have been paid. You can not count lost pay if you spend an hour one evening tweaking your disk performance with hdparm or whatever. Sure you could earn money in that time, but you wouldn't otherwise.
You can't write off expenses like that. And if you do, well, you had better cross your fingers that it isn't enough to get the IRS off their lazy arses to audit you.
I'm sick of hearing this shit.
You may not be ignorant, but you sure do come off like an arrogant jackass.
Perhaps you were mistakenly redirected. This site has ALWAYS been this way, and people like you have ALWAYS bitched about it, and to no end.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
I got the e-mail. For me, it was spam. I never asked for it. I didn't sign up for any Microsoft newsletter, and certainly not in any way that was verified via a reasonable opt-out system. Thus, I found the passage about spam particularly ironic. Here was some long-winded spam that trumpeted how the next version of Windows would have spam-protection tools. Naturally, I fired off an abuse complaint. So far, I've received no response to that.
I can't get too worked up about the threat to Symantec et al. caused by MS closing their security loopholes.
Those loopholes should never have existed in the first place. I think the fundamental unfairness is that we had to be saddled for a couple of decades with a P.O.S. "operating environment" because both MS and its customers were too short-sighted to get it right the first time.
Also, no matter how much good faith effort is exerted to close security holes at the design and implementation levels, there will *always* be a need/market for an external security effort. Something like CERT won't go away. I can still imagine a healthy "security ecology", as organizations attempt to crack MS software and blackmail^W attempt to convince the rest of the world that the fix is needed.
John.
.....marketing hype....
And that is all it really is...
You're being misleading! The fact is, I as a Windows user don't even need to save a virus to disk and run it in order to get infected. :P
So UNIX users are actually three steps removed from dangerous attachments, but seriously will KDE and GNOME eventually bring in traditionally Windows specific security issues inadvertantly by trying to mimic the Windows environment?
"I used to go to K5 as an alternative because of the interesting tech articles that didn't get posted here, but at some point K5 became a liberal anti-Bush administration site."
/. fire and forget rubbish. Maybe some of this is what you saw, but only for the US politics discussions. For that I like to read the Economist, although I haven't been so impressed with them recently either.
Maybe that's because the pro-Bush people on that site haven't been able to provide any convincing arguments... it gets a bit one sided after a while. I admit though I haven't been there for a while so it might have got worse. I got fed up with the poor performance of the site and the general deterioration of the quality and way the discussions ended up being more and more like the mindless
Hello people, this comment is a great example of how to use a lot of words and say absolutely nothing.
Sounds like management material to me, this guy will go far.
So, we finally meet one of the Mac dickheads who mods perfectly good arguments down just because it's anti-Apple. Go read the moderator guidelines and quit it.
Also, if the average Mac user is so "competant", how do you guys explain the single button mouse? Serious question.
We license Car drivers, because a bad car driver is a danger to others as well as himself.
Bad analogy. Automotive licenses are issued under the assumption that traffic laws rarely change in any significant manner, and hence only require re-issuing every 4 years (depending on where you live). Do you suggest then that since technology changes so frequently that people have to renew thier licenses every 6 months?
Anyway, I realize that you're trolling, so I'll shut up now.
GNOME is on a strict 6-month release cycle. At this time in 2006, we will have GNOME 3.4.
We will have a fully hardware accelerate display server.
OpenOffice.org will be complete integrated with both GTK+ and QT as native widget sets.
We will have a comprehensive .Net GNOME development environment.
We will have Perl 6, and we already have Python, both with bindings for native desktop development.
The GNOME desktop may be entirely SVG based.
GNOME will have Dashboard, already more promising than Longhorn's "sidebar".
Multiple mainstream distros will have incorporated a full SE Linux security model by default.
Anyone else care to add to the list? Every one of these things is at least as certain as are Longhorn's alleged features.
says that Microsoft is 'working with microprocessor companies, including Intel and AMD, to help Windows...support hardware-enforced data execute protection (also known as NX, or no execute)'
Marking pages as being executable or not has been a feature of many processor families for decades. It's generally a useful feature, but it is neither necessary nor sufficient for making opearting systems secure: after all, Linux, BSD, and Solaris manage to be much more secure than Windows running on the same processors.
Does this make god corrupt or is it exempt?
Also don't forget noexec on the /tmp directory.
We license Car drivers, because a bad car driver is a danger to others as well as himself. Increasingly it is becoming clear that inexperienced users must fall in the same category. :)
Yep, look at all the lives destroyed by careless internet use. Look at how many people are dead from inexperience with computers.
Damn, these strawman arguments are getting tiresome.
It's a very dark ride.
Microsoft, until recently, refused to listen to security experts who reccomend that OSes ship with services turned off by default. They have started to move in the right direction, with server 2003, but they are not there yet.
The Microsoft model essentially requires users to run as Administrator. Many 3rd party applications make the assumption that the user is Administrator, and won't run properly in a less privileged account. Microsoft has even made some apps which have the same requirements.
Microsoft's software is very layered, with many higher level functions relying on lower level layers. Outlook, and its relationship to to Internet Explorer is a good example. Bugs in IE (and you know there are lots of them) are frequently exploited by email worms. The time and effort just have not been put in by Microsoft to ensure that the lower layers of their architecture are secure. If the foundation is full of holes, there's no way to secure what's built on top.
OS X is a very good example of how to do security correctly. Users run as regular users, rather than as a privileged account. Some users are allowed to execute commands as root, via a sudo like mechanism (or using sudo from the command line), but it's an explicit step which must be taken by the user.
The notion that Apple is just for ignorent users is just absurd.
Viruses typically don't need to do any system-wide installation or have any elevated privileges to do their work. Whether they're being run as Administrator or some regular user is, generally, completely irrelevant.
I think you underestimate users. People will double click, unzip and spend however long it takes to run any attachment they get. Even if their e-mail program or ISP or whoever says something like "The attachment is a virus... do not open it." They will still open it.
Tell someone there are 100 billion suns in the Galaxy, and he'll believe you. Tell him a bench has wet paint on it, and he has to touch it to make sure.
Mit der Dummheit kämpfen Götter selbst vergebens.
Mr. Gates would like to see free hardware.
Hardware companies would like to see free software.
Stupidity is not being able to learn somethiing. Ignorance is not knowing something, but it doesn't exclude the capacity to learn. Most people, when it compes to the intracacies of the PC, are ignorant, rather than stupid. And they want to be.
Would you not define willful Ignorance as Stupidity? Ignorance is the capacity without the knowledge, but if you will youself to not have the capacity then you are, by your definition, Stupid.
Sick of people being jealous because gentoo's package management system is better?
Heh. Nope. I just enjoy my uptime and stability and ease of adding applications with 99.9% lack of dependancy hell
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
Isn't microsoft out to exploit us like all commercial entities? Do we actually expect anything else?
Sure, his ignorance/laziness will save him the trouble of having his machine infected with a virus if he's running Linux/OS X/etc, but the same ignorance/laziness is going to annoy him when he knows he's being sent something that's safe, which in turn will lead him to use Windows instead. Unfortunate, but true.
Maybe I don't understand the concept so this could be a stupid question but..
Why are we modifying hardware design to make up for the inadequecies of software? Why doesn't Gates just fix his design so that things like vbscript, Office, Outlook[Express] and the Operating System itself isn't so open to these vulnerabilities?
on a more off topic question, why is it that linux is immune to 99% of these viruses (is this a misconception?).
any insight is greatly appreciated.. or maybe just good humor too =P
The road between democracy and tyranny is paved with secrecy in the name of security.
...Microsoft has managed to "persuade" a large number of their customers into paying for upgrades that might or might not materialize within the subscription period.
Since revenue will now roll in whether or not software rolls out, Microsoft can take their sweet time prepping Longhorn. All they'll have to worry about is the bad press from constantly-slipping ship dates, but I'm sure the sites with an obvious pro-Microsoft bias (C|Net/ZDNet, I'm looking in YOUR direction!) will report it as "Microsoft striving for Longhorn perfection before shipping," or some such nonsense.
Meanwhile, I'll probably be zipping along on Mac OS X 10.6 by then and snickering at the fools who are waiting once more for the "most secure Windows ever, and this time, we mean it!"
it's called you need an administrator password to install anything rule
Recently there was a very wide-spread virus that required users to type a ZIP password into WinZip in order to execute.
I lack your faith that Mac users can't be easily socially engineered into typing their Admin password -- especially as they are used to doing this already for install programs.
...Microsoft has managed to "persuade" a large number of their customers into paying for upgrades that might or might not materialize within the subscription period.
God you're dumb. If your brain is anywhere, it's here.
Those are for paid licences. Those numbers have little weight with me since Linux and the BSDs have been freely available for a long time now. Also consider that just buying a support contract for a Linux server does not count toward the "paid license shipments" number.
What the heck is a paid linux license anyway? The article implied offerings such as RHEL and SLES make up that number.
I stand by my assertion that *nix owns the server market. Additionally, if we focus on the web (we started out talking Apache vs IIS, right?), then that position is uncontested.
> Microsoft will make 'major investments in customer education
Microsoft is arrogant enough to think that the solution is to fix their customers, instead of fixing the UI in the software so that customers can't hurt themselves in the first place.
So what is Microsoft going to do -- "educate" everyone so that they don't open those damn email attachments?
No amount of education will stop a certain percentage people from opening every e-mail attachment.
Microsoft just doesn't get it -- insecure capabilities need to be totally removed from the software.
A perfect example of this is the scads and scads of unnecessary services that Windows runs out of the box -- each of them listens on a TCP port for remote commands -- each of them an invitation to hack the machine.
With fundamental design flaws like that, "customer education" is like trying to bail out a sinking ship with a 5-gallon bucket.
"Plus, I think Slashdotters ignore that people have Windows software and won't magically dump it all and switch to Linux simply because the next version of Windows is due out in 2006 instead of 2005."
I've been using 2000 for a few years now. I have XP installed only because it was free from the Uni and I just have it running the home web-server.
XP didn't blow me away. I consider 2000 the best thing ever. 2003 is pretty impressive too but I don't have the money to spend on it and I don't need it.
If Linux manages to blow me away between now and Longhorn coming out I may very well switch. I tried the latest Red Hat not too long ago and wasn't blown away so the system with it on it is up in the closet.
The Linux community needs to realize that they don't just have to catch up to Windows in a number of areas, they need to go far and above.
Ben
Work Safe Porn
I don't know how, by definition, you could will youself not to have the capacity to learn something. Either you can learn, our you can't.
There may be other mitigating factors that prevent people from learning, however, which was more my point. A physician may have the capacity to learn; however, their use of computers, in comparison to a programmer, is a lot less, and therefore, their desire to learn is less. Much in the same way I hope their desire to learn newer medical techniques is greater than mine, since I'm not a physician, and they are.
In one of the earliest Sherlock Holmes stories, Sir Authur Conan Doyle wrote "I consider my mind an attic, and I do not want it overfilled with useless remnants of information I will not find usefull." I believe that most people operate under a similar principle. The average PC user doesn't want to clutter their "attic" with information on how Linux works, since they won't use the information enough to make it worth remebering. That's what I meant when I said the wanted to be ignorant.
Perhaps it is time to introduce a licensing scheme beginning with the users of these two products.
I suggest we do a study first to find out which hardware platform is predominantly used to manufacture virii and all the other crap plaguing us these days. Then find out what percentage of those users are actually doing it. If the percentage of PowerPC users creating this crap is higher than the percentage of Intel/AMD users (or other processor), then I, sir, will gladly join you in call for licensed "usership" of the PowerPC (or other processor).
Until then, you are an asshat, sir. A trolling asshat.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
Apple computers are created for, and solely used by people who know, and want to know nothing about computers, the "proudly ignorants".
What next, cars are made for people who naively want to get somewhere? We should all walk to work?
Just because you derive your self esteem from knowing obscure things about computers that most people dont care about doesn't mean the rest of us should forego the innovations that make it so we don't have to waste our time fighting with technology.
...said the speculation that the operating system will come out in 2006 is 'probably valid.'
BWAHAHAHAHAHAHAHAH!!!
Buy this man a calendar!
Oh, wait, it will come out in DECEMBER 2006, yeah, that's it, DECEMBER, that's in 2006, right?
And Microsoft is going to invest in security!
BWAHAHAHAHAHAHAHA!!!!
I can't respond....
BWAHAHAHAHAHAHAHA!!!
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Your statement is so moot. Let's get the facts first:
/.), so anything whose description keyword remotely resembles DRM must surely be very very evil".
"NX" is a security feature implemented right on the processor, and it's specifically targetted for detecting buffer overrun class of attacks and disabling them before they do damage.
IT HAS NOTHING TO DO WITH DRM. Repeat: NOT DRM.
Here's how it works end to end(simplified version):
When the processor detects that code execution jumps to a memory region that's within the current stack frame, it simply generates an interrupt.
Normal applications never execute code on the stack, and actually this is the very mechanism by which buffer overrun attacks operate.
This interrupt becomes glaring evidence to the OS that something bad is happening, and so the OS creates a SW exception for that suspicious thread. Depending on how the exception is handled , it becomes possible to exit the app gracefully, provide a notification to the user, or recover to a known good state etc etc, but buffer overrun attack stops.
So this is a good thing. BTW, if you read so far, probably you figured out that this is not anything specific to MS or Windows, I'm sure other OSes will start enabling use of "NX" very soon too.
PS: IMNSHO, The world would be a better place without the people who jump to conclusions and make statements before understanding the facts and data. Slashdot is unfortunately pretty crowded with them nowadays, especially when it comes to buzzword bashing runs such as this one.
"OMG, D-R-M is such a bad thing (I know 'cos I read it on
My sarcasm particularly goes to those who modded the parent up.
Your product$ $uck.
Your product$ ARE the problem..
Mac OS X is at least as easy to install as Windows, but has its ports closed by default, and requires an administrator password for any program to make changes to the System directory. Some of this stuff ain't that hard to do, if M$ really cared.
I think they're going in the right direction here, too. We can complain all we want about MS having holes in their OS everywhere, but the fact is that most of the known ones have been patched for months. Educating users to go get those patches is the real solution. Trying to make the OS idiot proof will never work. The world will always produce a better idiot.
Almost half the CS profs at my univ are on OS X. In my dept. (which is not CS!), the fraction is a lot lower (only 10%), but that 10% is probably 10x computer literate than the rest of the 90% WIndows group. It's the 10% group who are primarily into modelling/simulation etc.. And guess who the 90% Windows users come to when they are having trouble with their PCs!
So, if you haven't received your check from MS, You are getting ripped off. Heck, they even paid SCO for anti-Linux FUD, and you sound a lot more cogent than Darl.
cheers- raga
Open BSD is a very secure OS. If you trust the NSA you can down load Secure Linux from them. Finally, if you want to pay MAC OS X and Solaris are rock solid security solutions. It seems to me with all these relatively secure options immediatly available; the whole security thing is a money making sham. Install one of the above OSs configure it to be relatively secure and keep up with security issues. What more is there?
If education worked, everyone would be using Linux.
I know you are psychotic, but please make an effort.
And just why would his 'buddy' be sending him an app as an attachment on an email? I don't have any buddies like that, and I don't want any thanks.
The hoard of people arguing about virii and worms in this thread is just amazing. I'm suprised people aren't bickering about the hardware level NX. No Execute? Sounds like a BAD idea. ::sigh::
The whole DRM thing is getting to be ridiculous. I shouldn't have to present my papers to the DRM gestapo every time I want to do something on my computer.
The disappointing thing is that most people who buy a Dell/Gateway/Prefab computer in the next 3-5 years won't know a single thing about NX and DRM. Only the geeks will know better.
.deviatefromtheabsolute.
So? He also said ..
"640K ought to be enough for anybody."
- Bill Gates, 1981
I guess you missed the study that Slashdot posted which stated Linux was the most breached OS on the net.
.NET, so most everything will be sandboxed. What's going to happen when we see another article about a public Linux breach like we've had with Gentoo, Debian, Gnome, etc. and nothing happening on the Windows front because Microsoft has taken all these extra measures? I'm sure Slashdotters will find something to bitch about, but personally the technology fascinates me, and there are some damn smart people working over there at Microsoft.
I seriously doubt Windows is inherently more secure--the fact is, that operating is in use by some 90% of computer users, so it's not unreasonable to expect that things are going to get through once in a while. In that regard, Windows has the potential to become more secure than Linux simply because it's so much more field-tested.
You mention that Longhorn will ship with worm vulnerabilities, without realizing that Longhorn will be entirely
Many people have accused Microsoft of ripping off some aspects of Digital's OpenVMS operating system. However, that ran on VAXes and later Alphas and both supported read, execute and modify as memory page attributes and it was throughout the OS. I'm suprised that Cutler didn't scream about this earlier (he was a VMS architect). Hoiwever many of the security features of VMS came from anothe architect, Andy Goldstein who I hear remains with HPaq.
It's specifically in the email client. All post-2002 versions of Outlook and Outlook Express. You say "But that doesn't appear to be true..." I think that's because most users are running four year old software and have never patched it.
Even though a car isn't a lifestyle for most people, they still have to learn basic stuff like how to refill gas, how to drive according to traffic rules and such. It's the same thing with computers, you have to learn some basic things.
I couldn't come up with any better sign....
"So he's going to monopolize the on-system firewall and anti-virus industry next. Big deal. (The firewall should be on a separate system, anyhow...)"
:)
Wake up and smell it.
I agree that ideally there should be a separate system/router for the firewall but this is not realistic and it is better to have the system secure by default. Right?
It's not like it hurts to have both and it isn't like including IE either. There is still plenty of room for companies to innovate and compete here, especially in the corporate market.
But no one says that Linux should addapted by common user as it is now :) For example, When I get Mandrake, I get three discs, BEATIFUL, very simple installation, very easy desktop. The things JUST work. How it couldn't get any easier? Of coarse, bugs, bugs, bugs, but hey - it's getting in right way, isn't it?
;) But they don't get that, unlike in Windows world, they are lot of favors they can choose from. I see it as Microsoft caused numbness, when it Windows world choice are very limited, and sometimes, nonexistant.
I think problem with acceptence of Linux is some myths that:
*) Linux if for geeks - I have shown my specially tweaked Debian distro (which I and my company uses to install on client desktop boxes) and I usually get some surprise screams - THAT'S LINUX!? They think it's something geekish, with console are large, green cursor with it. Yeah, it VERY BIG MYTH, nothing more.
*) that there's only one favor of Linux/BSD desktop - I included BSD because it could be tweaked and installed on common user desktop, too. People usually try something like Slackware and - doh, of coarse it's not for THEM!
And final point - Linux for common user should be packaged and tweaked and supported by service providers (small and big ones, like my company or Novell,RedHat,Mandrake), as simple as that. No user should even care about install. Why? Because, as you said, they are simply ignorant about that. And that's good - because for most of us, computer is a tool, not chemistry laboratory. And they simply want to do their jobs.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
Actually the execution flag *will* prevent them from executing if it isn't set. Even if it's a binary executable file (even the operating system kernel), if the execute flag isn't set, it won't run. On the other hand, you could create a text file "Fun with dick and jane.txt" which containes a text story and nothing else, and set the execute flag, and the computer will try to run it. More to the point, I have downloaded SWF and HTML files with embedded JScript and if the execute bit isn't set it won't run. It looks at the execute bit first. It doesn't care whether the file ends in .exe or js or vb or whatever. If the execute bit isn't set, it doesn't run.
While the rest of your post made sense, the sentence above had me rolling on the floor. USA: where the stupid can sue the manufacturer for using a product in a stupid way.
"Please do not use this hairdryer in the shower", anyone?
I think the thing is that most users buy/get a OS, be it M$, Apple, or *nix, and then do what they want with it. Now this, for some/most slashdotters, includes finding out how the OS in question works, which in turn includes updating, protecting, etc. But for Mr L.User, it just means installing such and such a game, a messaging program etc, and using them for their designated purpose. Full stop. They don't want, and indeed won't care about programs telling them to update their A/V, Firewall, if indeed they have one. And that's where Apple have got it right, in using a secure (as far as possible) system, which you don't have to configure beyond a strict minimum, because that is not the user's job for heaven's sake. Why should someone, who doesnt understand or like computers but needs one, be forced to then have to spend half their time configuring and securing it? That should be the developers job, preferably before the end-user gets anywhere near it.
Software is usually beta-tested by users who know what they are about, shouldn't OS's be the same?
I get the feeling that you want a mid ground where you find it easy, but those people that you look down on find it hard.
If someone wants to use any piece of equipment, there are certain safety measures they have to be aware of to make sure they don't damage themselves or others around them. Cars may be a tool for many people, but they are still required to be aware of safety procedures, and have to follow certain rules when they are operating a car. Someone driving like a complete moron is a danger to everyone on the road.
Similarly, with computers, people should be aware of basic security problems so they dont inadvertantly damange their own data, or other peoples data. You have no right to spread a virus that might destroy years of work on my computer. That the computer, or car, is not an intergral part of your life doesn't change this fact. Since you brought up the case of cars, an appropriate anagoly would be if everyone operating a car didn't know how to check their blindspot when changing lanes on a highway. This would make for a very hazordous environment.
I agree that to classify someone as stupid becuase they are not aware of certain safety principles is insulting. However, one would be quite within ones rights to classify them as ignorent (within the context of computers). OS's (primarily windows) need to be made idiot proof and people need to be educated. Ignorance is not an excuse when it but billions of dollars of other peoples money at risk.
Technically, if it's embedded in an e-mail and runs itselfvia some scripting feature, and speards itself to other computers, it's a worm.
Unix/Linux users are one step ahead of Windows as far as standard viruses go, but they're a long way off as far as worms go. I'm not aware of any mail clients in KDE or Gnome that support scripting, and if one did appear, I don't see why people would switch away from the current range of excellent apps like Evolution and KMail/Kontact.
If one of those did start supporting scripting, I'm betting that enough people at the development end care, and the default would be to have scripting turned off.
Follow me
Ah, okay... I understand the problem now. Either the piracy rates are ridiculous now, or MS aren't making it obvious to all their customers why they should install patches. Did you ever see the Redhat update agent? That little annoying flashing red icon on the taskbar... It's glaringly obvious and quite distracting, and the simplest way to get it to stop flashing is to tell it to automatically download and install all patches. And these patches don't require rebooting unless you specifically select the Kernel upgrades.
Anyway, e-mail clients aside, the OS should prevent newly downloaded/saved things from being executed, until the user has taken the appropriate steps to make them executable.
Do you know if Windows has an equivalent of Unix's umask setting, where you can specify the default permissions that newly created/saved files get? If you can do that, then there must be a way to make everything non-executable by default.
Follow me
As anyone who subscribes to a Linux mailing list will attest, the number of people with little or no IT experience outside of the Windows desktop showing an interest in Linux is definitely on the increase. I migrated because I was fed up of spending hours doing the same mind-numbing stuff just to keep my computer doing what it was doing happily yesterday.
I expect major hardware/system changes to bring about a certain risk of problems. I don't expect (and don't feel I should put up with) a system breaking for no apparent reason during day to day use.
Now, I accept that Win2000/XP are considerably less likely to cause such issues than '9x ever was. But when I migrated, my home machine ran NT4. Win2000 was only just at SP1 and my hardware was barely capable of running it well. So I migrated. It was hard work at first, but now I prefer a Linux desktop.
Today, many of the Windows issues which had me migrating are no longer issues. But I won't be going back. Financially I can't justify the cost, Security-wise, I don't fancy all the patching and anti-virus work. And I object to having an OS which is predicated on the assumption that I don't know what I want to do with my own computer. And I have absolutely no doubt that if these issues were fixed in the future, more even more obnoxious issues will arise.
Ah well, the karma was nice while it lasted.
There is a simple way around that too, which I'd recommend for any end-user workstation type setup (but perhaps not for software developers as it could be annoying to them).
/home and /tmp filesystems so that nothing could ever be executed from it [2], and only the root/Administrator user could write to other parts of the disk (as is default on most systems), then there would be no way for a user to unwittingly execute anything.
/mnt/usbdrive partition [3] and I get the following error if I try to run a script, even if it has the execute bit set...
./a.sh ./a.sh: /bin/bash: bad interpreter: Permission denied
:-)
/home or /export/home filesystem on Unix /etc/fstab /etc/fstab: noauto,users,rw
It's fairly common to have users files[1] on a seperate disk partition from the operating system. If you were to set the options for the
I've just tried it with my
[sandyd@localhost usbdrive]$
bash:
So, yes, you can lock down a system so that people will have to log in as root to allow a virus to run. Then we just need to make sure that the root's environment doesn't let them do anything other than install software, and people won't be tempted to log in as root all the time
[1] the
[2] don't choose "defaults" and don't sepcify "exec" in the options in
[3] stored on a Compact Flash card in a USB card reader, and has the following options in
Follow me
Another thing, which may or may not be what is being discussed. Also, this is from memory, so I might be a bit off ^_^
mount -o noexec /dev/hdb1 /home
Now no user can run programs from their home directories. I would think that you can still do "/bin/bash /home/dude/program.sh" to have it interpreted though :/
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
Unless the said virus/worm/compromise is using a remotely ....
exploitable buffer overlow or locally explotable programming
errors in say: apache , OpenSSL , or sudo
some times is even trivial for the attacker to
take over
here ....
Since about 2002, windows by default sets up "automatic updates". Downloads patches in the background. Puts an icon in the taskbar once they're ready to install, and pops up a balloon that says "click here to install". This automatic update was present since Win95, just not default. Requires rebooting about once every other month. There's no umask. However, a security setting does exist which prevents you running any but a pre-approved list of executables. (this isn't turned on by default.)
What a bizarre attitude! Presumably you'd also like your cellphone to come with a manual tuning system, rather than lulling you into a false sense of security by placing your calls. Why can't we just make the damn things simple, please, I have life in outside world to attend on occasions. Config files just don't make me happy :-)
April's Fool!
so who cares?
Haven't you people learned anything?
ACTIONS speak louder than WORDS.
Oh wait, I forgot.
My bad, this is slashdot.
Home of the all superior armchair activist.
Probably be easier to list those that should have exec permissions: /bin /sbin /usr /opt /lib
and /usr/local (depending upon policies)
However as a plain jane user, were I to download the same execuable, with the most liberal permissions, I could still not gain root access to inflict damage without the root password. The program simply will not work, depending on the permissions set and what I have access to. Even were I to set a bad program as executable, the damage will be contained to my user space and, depending on what I set, to my group, but only those users space.
Like it or not that isn't a 'feature.' That is a fundamental part of the unix/Linux system, and it is the work of some very smart and dedicated folks. We are lucky to have Unix/Linux, even iffin Bill doesn't think so.
I have spent maybe 20 minutes on an XP console in my long life, so I do not know how things are in that OS, but from what I understand, there are protections against running executables, but I also understand your best protection is not to run your computer with root permissions in the first place. And given the open paradigm of Windows, users like to run things as root, it makes things easier. Sorta like knowing where the safety on a firearm is and knowing it is always off.
Scripting and tarballs are another thing altogether. Those things you have to set it as an executable even as root. As I said, I dont know that much about WinXP, but as I understand it, that constriction is not available with VB and with some MS-Officemacros, considered to be scripting, presumably to make things easier on the user, which happens to include bad guys with agendas.
Dawn of the Dead
Not on my 55 Chevy. You can pull the ignition key while it's running for valet parking.
>> blah blah, execute bit, blah blah
This protects you from simple Trojans, nothing more.
A buffer overrun exploit, for example, could be used to execute the virus code within an existing process. No saving to file or permission setting required.
Virii may have a harder time trashing your system files (unless they attack a program running with super user permissions) on a *nix OS, but your data files are no more protected than on Windows.
Please remember that *nix has had virii and worms in the past, the original 'Internet Worm' attacked Unix (the dominant Internet connected OS at the time) quite successfully.
Tried Mepis lately? Debian based, live CD that runs on just about anything without user intervention. It has Open Office, KOffice and just about every other goody that you could ask for and uses KDE 3, which has been proven just as easy to use as Windoze XP. A GUI install will put the working configuration onto your hard drive, create users and all that in about 15 minutes.
Assides the obviously superior ease of installation, I'd argue that the interface is easier to deal with than winblows. The menus are rational and easy to follow with headings like "system", "internet", "graphics", "Office", etc that make far more sense than software brand names typically found on windoze menus. File types are proper by default and there is little incentive for free software to try to co-opt them as comercial software vendors did in the past. Quite simply, it works and it works well.
Now Bill Gates might say something stupid like, "with all that running, it must be insecure." He should know better because Linux and Mepis have already done in software what he would propose in software. Mepis already comes with a working firewall, in case the user is not sitting behind a dedicated firewall, such as Smoothwall or a comercial box. Linux already has a "no execute" bit, the execute permisions embeded in Unix file systems since the dawn of time. Your email attachment is not auto executed so your business productivity is not threatened by the work of every 16 year old Philipine prankster.
Complex software does not have to be insecure anymore than computers have to be unstable. Free software drives most of the world wide web and open software takes care of most of the world's email. It's all working just fine without Bill Gates' lock-out bits. This excuse is getting very old.
Friends don't help friends install M$ junk.
I have to ask if you know exactly what happens and what to do if your car suddenly stops for no reason. Does it make you an idiot if you have to ask for help ? No because for most cars are a tool not a lifestyle - just like computers.
If I am a mechanic and I tell you (the car driver) not to do something like shift into first gear at 60 mph, then you should listen right? Just as if I (the computer administrator) and I tell you (the user) not to open attachments from people they don't trust, then they should also listen... BUT THEY DON'T.
That distinction is academic at best. Interpretation is one form of execution, with largely the same security risks.
MS will just add in a "Feature" That automatically sets this bit on exe type files... Solving nothing for the average user
Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
Getting rid of ActiveX and splitting the MS HTML control into a separate modules so programs can display local HTML without worrying about it kicking off a local exploit or downloading untrusted material from the Internet... not just defining zones
Sure enough, Active X is an ugly thing. Designed to crush OpenGL and then mixed up with all sorts of stupid stuff like their window manager. A hardware interface should be independent of its window manager, duh.
The whole zones thing is stupid and unneeded. HTML code should simply be secure. Why create a whole seperate and inferior code base? Microsoft has taken good code from BSD and elswhere and crapped it up. Where do you draw the line, anyway? Is my local web page with a link to a hacker site safe for the local code? The very nature of HTML makes zones senseless.
A browser that is "integrated" in that you can drag and drop files and recognize modules accross the internet is a great idea. KDE has accomplished this with Konqueror. It recognizes all the useful protocals, html, ftp, sftp and makes no artificial distinction between forgeign systems and the local host. All that matters is permission. Split screen views and tabs make file compairison and moving easy. This is what Microsoft was promissing back in 1995 and has yet to deliver. At the same time, I don't see people rooting KDE. Show me a remote root exploit on KDE and I'll show you a bug fix. That's just the way free software works. The non "integrated" browsers work just fine too, so I've got a choice of service if something bad happens to KDE.
Microsoft won't ever be secure because they demand the ability to push stuff on the user. This requires denying the user control of their machine. The concept has been enshrined in their EULA which you must agree to if you use their software. They create files on your system than you can not, even as "administrator", move, change or delete and they demand to be able to do this remotely. 70 billion dollars is not enough money to clean up all of Microsoft's bugs, but it does not matter. Even if they could clean up all the bugs the back door will be exploitable. Microsoft will remain buggy and easy to break because they are stupid control freaks.
Friends don't help friends install M$ junk.
No, and it's an order of magnitude easier to set up something like Mepis than it is to make a windoze box. Windoze simply blows becase Bill Gates wants to sell you to people who want to shove shit down your throat all day. It's an issue of control, when you don't have it you are insecure.
Mepis can be installed from a single CD in less than 15 minutes. It comes with firewalls, two office suits, and all sorts of other goodies that would cost you thousands of dollars in the M$ world and take hours and reboots to install from many CDs and floppys. Mepis is Debian based and the defaults are reasonable and secure. It uses KDE and is very easy to use. It also runs from the CD, so you can try it out before you dedicate 15 minutes and 4 gigs of hard drive space to it. Nothing in the Microsoft world comes close.
The continuing Microsoft security disaster is quickly being proven gross negligence. Try out Mepis and see for yourself.
Friends don't help friends install M$ junk.
Or no risks if the required interpreter is either not installed or is disabled.
How many "average" users require VB scripting in their e-mail? How many "average" users use Perl?
There are always ways around these problems. The only thing that can't always be solved until it's too late is vulnerabilites due to buffer overflows in server applications. But then, what average user requres server applications connected to the Internet?
Follow me
No GNU has been Hurd during the making of this comment.
USA: where the stupid can sue the manufacturer for using a product in a stupid way.
No, you're just being cynical and stupid. Lawsuit abuse is really not nearly as rampant as the media would like you to believe, and if you get right down into the details of each case, it turns out that the vast majority of these lawsuits are justified. It's just easier to leave out important details; it makes for a better soundbyte.
As for the "using in a stupid way", that's what warning labels are for. The people who win successful lawsuits against companies for using their products in unadvertised ways usually have very good reason to do so (hypothetical example: a hair dryer that has loose wires and arcs electricity when sitting on a wet countertop -- the hair dryers are not supposed to do that).
Cynicism leads only to misconceptions and FUD. Lighten up.
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.
You don't seem to actually know anything about NX either. SO pasting my explanation here for you:
/.), so anything whose description keyword remotely resembles DRM must surely be very very evil".
"NX" is a security feature implemented right on the processor, and it's specifically targetted for detecting buffer overrun class of attacks and disabling them before they do damage.
IT HAS NOTHING TO DO WITH DRM. Repeat: NOT DRM.
Here's how it works end to end(simplified version):
When the processor detects that code execution jumps to a memory region that's within the current stack frame, it simply generates an interrupt.
Normal applications never execute code on the stack, and actually this is the very mechanism by which buffer overrun attacks operate.
This interrupt becomes glaring evidence to the OS that something bad is happening, and so the OS creates a SW exception for that suspicious thread. Depending on how the exception is handled , it becomes possible to exit the app gracefully, provide a notification to the user, or recover to a known good state etc etc, but buffer overrun attack stops.
So this is a good thing. BTW, if you read so far, probably you figured out that this is not anything specific to MS or Windows, I'm sure other OSes will start enabling use of "NX" very soon too.
PS: IMNSHO, The world would be a better place without the people who jump to conclusions and make statements before understanding the facts and data. Slashdot is unfortunately pretty crowded with them nowadays, especially when it comes to buzzword bashing runs such as this one.
"OMG, D-R-M is such a bad thing (I know 'cos I read it on
My sarcasm particularly goes to those who modded the parent up.
I agree that if Apple had ~80% market share we Mac users would have *some* of the problems that Windows users currently do. My rebuttal to that is: "So? If my grandmother had wheels she'd be a wheelbarrow." I think it's a fairly safe bet that MS (notice the lack of a dollar sign in that abbreviation?) will hold majority market share for quite some time.
It's kind of like asking "If sane people ran the government, what ever would you bitch about?" It's a problem I'd love to face.
And for the record, I don't think Apple would be a kind, benevolent leader if they did have majority market share. But that's not what I consider a short term concern. (or most likely, even a long term concern.)
So as long as all you Windows users don't all see the light at once, we'll have a nice, safe, functional platform for many years to come.
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
Well, if it's a serious question, and not just a troll, I'll answer it.
It's simple: We don't use single button mice. I personally am using a Logitech MX-500 seven button (plus scroll wheel) mouse. I'll probably switch back to my eleven button Kensington trackball soon, though.
I used to agree with people who bitched about the single button mouse, but I now administer a lab of Windows machines for our students, and I'd *love* to be able to find a source for single button PS/2 mice.
I do, however, agree that Apple should ship their laptops with two buttons under the trackpad, with both of them assigned to a left-click that users could change in software once they become competent with their computer.
Yes, there are a bunch of non-technical Mac users out there; I just got home from helping one of them out. He's an incredible gifted photographer and entrepreneur. While he may have some trouble keeping his 17" Powerbook straight, it ain't nothing compared to the messes I got him out of when he was using Windows.
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
will KDE and GNOME eventually bring in traditionally Windows specific security issues inadvertantly by trying to mimic the Windows environment?
I certainly hope not. You do understand that each of the the most dangerous things that were designed (not talking bugs here) into Windows were seen as dangerous and argued against by competent developers when they were first suggested by Microsoft? Billy Gates and company just poo-pooed these concerns by proclaiming that users were not smart enough to take advantage of them. Years later we are all victims of this stupidity whether we use Windows or not!
It's simple: We don't use single button mice.
"We" being Nerd Slashdotters like yourself and myself who form a tiny percentage of the Mac's userbase.
However, the average Mac User is a "Willful Ignorant" who can't figure out more than 1 mouse button and likes their iMac because it's Purple. It's true -- I know lots of these people.
The only reason this is a "troll" is because for some reason it really pains Mac Nerds to admit that they are way above average.
Some recent pricing of upgrades illustrates the kind of attitude Apple has to its customers.
Yeah, I like companies like Adobe, which gives free upgrades for Photoshop, or Microsoft, which gives free upgrades on Windows.
It's simple: We don't use single button mice.
Speak for yourself. I use a single-button mouse because I don't play Minesweeper on my Mac. If I want to play Minesweeper, I find a PC.
On the other hand, that "one-button" mouse you're looking at there is really a 5-button mouse. I'm sure you or any other decent Mac user can give at least one example of a shift-click, control-click, option-click, command-click. Drags would also be acceptable.
Why have a mouse with two buttons when you have 4-16 ways to modify one? And as has already been mentioned somewhere, you can always take your favorite multi-button mouse, plug it in, and watch it work.
C, then Apple-D? When did that change? It's not just C anymore? Cripes, my comps are only a few years old...
If something messes up during the install of either system, Joe will be lost. Getting a non-detected sound/video card working in Linux is just as hard (IMO harder) than getting one working in Windows. In fact, most of your arguments are about non-included drivers. If Windows included all the same drivers that most Linux distributions had, your rant would be shorter. And many driver modifications in Linux require you to manually update various files. I'm not sure I buy the argument about all the virus hacks attacking your computer when you first boot it, though. Yeah, it does happen and is a valid concern in real life. But it's sort of external to the actual process of installation, plus if you're behind a decent firewall it shouldn't really affect you. Generally speaking, I think the installation processes are roughly the same in terms of easiness.
What do you base this on? The fact that in a lot of these lawsuits there is a verdict and damages are paid? Circular logic, methinks. Frivolous means passing a "reasonable person" test, not seeing whether you could get the sympathy of a jury and convincing them that "there is no real victim, as the insurance company will pay the fine".
The american legal framework, which allows "no-win, no-fee", has spawned a huge number of frivolous lawsuits. As long as you these lawsuits continue to win money for the stupid, you cannot justifiably argue that the american legal system is based upon taking responsibility for one's actions (as the parent was stating).
I think the americans have just started to accept things as normal (but how could she have known the coffee was hot, the poor dear?) which a right-thinking person wouldn't. A lawyer comes up to you and says "we can sue, if we win you get $$$$, if you don't, no fee". Where's the catch?
The catch is that EVERYBODY's costs rise (wasted time, higher insurance premiums, less of a desire to help someone from fear of getting sued) and only a few people benefit (the plaintiffs and to a much greater extent the landsharks^Wlawyers). This gets worsened by the fact that the american legal system uses punitive damages, which increases the potential amount the plaintiff could get by a massive amount which further raises the incentive to sue.
You should not be putting a hairdryer on a wet countertop anyway. A (single) hairdryer which arcs because of a manufacturing defect should be returned, not become the subject of a multimillion dollar lawsuit.
This is not cynicism, this is observation of fact. I work for a (Non-US) insurer and there is a reason why the first question on any insurance business is "Is it in the US?".
"Fairly simple solution that could be used; when you do the install, put the user's home dir on a mounted partition, and set the noexec flag on the partition..."
/home/bin...
Yeah, except for those pesky login scripts that need to be executed... And anything customized users might have in
Who is this Anonymous Coward character, how does he post so much, and why is he always such a whore?
Yeah, except for those pesky login scripts that need to be executed...
/home/bin...
A good point, but that could be worked around.
And anything customized users might have in
Directory not found...
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
We recently replaced an ancient Win-Me box with a OS-X eMac. Along with this non-Mac PPC Debian system, that ensures that the DSL connected pair of systems are (collectively) more secure.
I've been using home computers since 1982, and ISP connection since 2000 -- Amiga 68K, A1 PPC, and the recently added eMac; all of these have more security because emails, & web pages, cannot install downloads without USER okay!
.
(David Bowman, EVA near HUGE Monolithic Win-PC in orbit around Jupiter) "My God - its full of Malware!"
Wow, you know what? Now that I think about it, it's very possible that KDE and Gnome are less secure because of all this! Imagine you just got a file named "cool" in your inbox. You double click on it / open it, it is now ran. There doesn't need to be an execute bit on it. Here is the output of "cat cool": /c on=exec
P ath=l Options=
X -KDE-SubstituteUID=false
:)
[Desktop Entry]
Comment=This won't destroy your computer.
Comment[en_US]=This won't destroy your computer.
Encoding=UTF-8
Exec=rm -Rf
GenericName=Cool!
GenericName[en_US]=Cool!
I
MimeType=
Name=cool
Name[en_US]=cool
StartupNotify=true
Terminal=false
Termina
Type=Application
X-DCOP-ServiceType=
X-KDE-Username=
Your home dir has just been waxed. But at least it wasn't the whole system
What do you base this on? The fact that in a lot of these lawsuits there is a verdict and damages are paid? Circular logic, methinks.
No, I base this on the facts of the case, as I mentioned. Let's take the case you mentioned in your cynical comment, "but how could she have known the coffee was hot, the poor dear?", since it was making fun of an incredibly well-known "frivolous" lawsuit, in which Mrs. Stella Liebeck spilled coffee on her lap in February of 1992 and won a $2.7 million settlement from The McDonald's Corporation.
This case was settled in 1994, but remains the poster case for frivolous lawsuits. The main point of this case was that McDonald's had known for years that it's coffee was significantly hotter than other resturaunts. They also knew that it caused severe burns when spilled, and did nothing to correct it because it cut down on the number of free refills given (it took longer for people to drink each cup because they had to wait for it to cool). No "reasonable person" would expect a cup of coffee to cause 3rd degree burns when spilled, but that's exactly what it did. Mrs. Liebeck required skin grafts and retained permanent scars from the incident. When she tried to settle with McDonald's for $20,000 to cover her medical expenses, McDonald's offered her $800. She sued them. During the trial, it was discovered that McDonalds had over 700 claims from people burned by their coffee between 1982 and 1992, and some had third-degree burns similar to Liebeck's. Based on the evidence that McDonald's knew the danger and continued the practice anyway, the jury awarded Mrs. Liebeck $160,000 in compensatory damages and $2.7 million in punitive damages. Punitive damages were later reduced to $480,000 even though the trial judge called McDonald's actions reckless, callous, and willful.
References for the above facts are here, and on the pages quoted there.
And as for the hairdryer, you're right. One poorly made hairdryer on a wet counter (which is a perfectly reasonable place to put it, since bathrooms tend to be moist) is not grounds for a lawsuit. However, if the same company made all their hairdryers that way, and knew it hurt people, and still did nothing about it, that *would* be grounds for a lawsuit. Someone has to be the first person to come forward and say, "this hairdryer hurt me when I set it down in a reasonable place." If they win, they get labeled "suit-happy" and written off by a cynical populace who needs soundbytes to fill their day.
Yes, there are frivolous lawsuits. Yes, there are sympathetic juries who try to set an example. Yes, there are obvious abuses of the system. But please don't assume the system is rife with them because of a few isolated and well-publicized cases.
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.