Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Security Still Totally Inadequate

Posted by ScuttleMonkey on from the long-road-ahead dept.

Several news sources are running articles detailing the lack of computer security on all platforms. Symantec foretells a dark future for Firefox and Mac users describing their security as a "false paradise". Kernel developer and Red Hat fellow, Allan Cox stated in his recent interview with O'Reilly that "even the best systems today are totally inadequate". He goes on to say that "We are still in a world where an attack like the Slammer worm, combined with a PC BIOS eraser or disk locking tool, could wipe out half the PCs exposed to the Internet in a few hours," Cox said. "In a sense we are fortunate that most attackers want to control and use systems they attack rather than destroy them."

10 of 452 comments (clear)

  1. OSX Virus by Fahrvergnuugen · · Score: 3, Interesting

    I've been an OSX user for nearly 5 years. Still waiting...

    --
    Kiteboarding Gear Mention slashdot and get 10% off!
  2. why firefox will never be so bad as IE has been by diegocgteleline.es · · Score: 4, Interesting

    1. No activex
    2. Automatic updates

    The nightmare IE/windows users have suffered for years is pretty much derived from these two points.

    BTW, gotta love how the IE guys are adding a "new" feature to IE7:

    Building on the security features released at beta 1, upcoming new features will include ActiveX Opt-in: To reduce the attack surface and give users more control over the security of their PC, most ActiveX controls (even those already installed on the machine) will be disabled by default for users browsing the Internet

    I already can read the press: "IE7, with new ActiveX Opt-IN technology which protects you from the threats of the Internets"

    it's amazing how they're trying to get rid of one of their major security mistakes by converting it in marketing crap. "IE7 adds activex opt-in". No, IE7 doesn't "add" that feature. It just removes/limites a already existing feature

  3. Duplicate Link Checker by Anonymous Coward · · Score: 5, Interesting

    One of the links appears to be new. The other was posted like a week ago. Since the 'editors' don't actually read the site, why don't they just have a short script which checks whether the same link has been posted in another story. That would really cut down on the dupes, and wouldn't take long to implement.

  4. I'm delusional by toupsie · · Score: 3, Interesting
    Symantec foretells a dark future for Firefox and Mac users describing their security as a "false paradise"

    I have been happily living in a "false paradise" since 1984 using Macs.

    P.S. Fair disclosure I was laid off by Symantec when they bought Fifth Generation Systems in the early 90s.

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.
  5. Symantec is crying wolf again by argent · · Score: 4, Interesting

    Symantec makes their money by producing an amazingly complex set of tools for patching up a security failure after the fact. It's in tehir interest to convince as many people on as many systems as possible that this is the best way to deal with security problems.

    They have been pulling this kind of thing for years, predicting floods of malware on Palms, Pocket PCs, mobile phones, and I'm sure that game consoles and internet connected coffee machines will be next.

    I'm glad they're working on the problem, so if it ever happens that Apple pulls a stupid trick like ActiveX they'll be there, but in the meantime more people have lost data due to false positives from antivirus software on these platforms than have lost data to actual viruses... so I'll steer clear and take everything they say about it with a grain of salt.

  6. I don't know if we're lucky. by Progman3K · · Score: 4, Interesting

    If all the infected machines were erased, there would be no more bots to spam me with e-mail. There would be no more ddos armies either... http://en.wikipedia.org/wiki/Ddos

    --
    I don't know the meaning of the word 'don't' - J
  7. IMHO, Symantec has done more damage themselves! by King_TJ · · Score: 5, Interesting

    It makes me cringe whenever I hear Symantec making these "predictions" about potential attacks on computers.

    I have run into *countless* numbers of damaged Windows installations, directly attributable to Symantec's own products. Just last week, I struggled for hours with a customer's XP Home Edition because he was "having problems getting any streaming audio to work properly".

    Upon closer examination, the XP firewall was in a corrupt state, refusing to allow connections for his Internet radio stations. I was unable to view the advanced firewall properties, etc. After looking up event log error codes and trying several methods that repaired the problem for some people, it became obvious that I was looking at the result of a botched uninstall of a Symantec Personal Firewall or "Internet Security Suite" product.

    Not only can these things happen, but you'll often see computers with errors with the "32-bit subsystem" when going to an MS-DOS command prompt, due to Norton products screwing up system registry settings due to an improper/incomplete uninstall or installation/upgrade.

    Furthermore, when their anti-virus and "security suite" products do work properly, they still bring older, slower PCs to their knees in many cases. The "on-demand scanning" feature lags far behind the rest of the system when working with large numbers of small files (extracting a ZIP or the like), causing a window to constantly pop up, informing you to "please wait" while it scans them... And their "activation" process they now require for their AV products in Windows is every bit as bad as Microsoft's XP activation procedures! I remember purchasing a 25-pack of OEM Norton AV licenses last year, only to find that 6 or 7 of the key codes refused to work, claiming they were "used too many times" or the like. (I guess pirates with keygens hit upon them already or something?) Thiis is *not* the type of B.S. you want to fool around with when you're on a client site, getting paid by the hour to fix a virus problem for them!

    I won't even go into the disk corruption their "Disk Doctor" for Macintosh did to MANY customers after they upgraded to newer versions of OS X and Symantec didn't keep up with needed changes/patches to the product!

    Their company went down the tubes ever since Peter Norton quit coding their products and started getting royalties for having his photo thrown on the front of the packages.

  8. Going Nuclear by Doc+Ruby · · Score: 4, Interesting

    We haven't reached the tipping point yet. The tipping point from "blacklist" to "whitelist". People's computers still trust transmissions unless they are explicitly told not to. After the tipping point, on the other side of whatever puts us into the new track, we'll all accept traffic only from people we know, according to degrees of membership in our validated "web of trust". When an associate's own risk goes up, either through proximity through intermediaries with another associate that's not demonstrated uncompromised, or through failing vulnerability tests, or matching profiles vulnerable to newly identified threats, our systems will quarantine transmissions from them. Tainted info that's interacted with their transmissions will not be depended upon for any writeable operations. All our updated mitigations and responses will be brought to bear on the threat's local extent of transmissions. But the big difference will be that every system's default will be "distrust", and all systems will communicate their trustability as status changes.

    This change will be as important to infosystems as was the transformation of life on earth from "prokaryotes", cells without a defined nucleus within a nuclear membrane, into prokaryotes, nucleated cells. Their DNA and other infosystems are compartmentalized from the other machinery of the cell, including those that interact with signal-carrying chemistry from the extracellular environment. That change is the basis for most of life on Earth, for most of the lifetime of the world. The changes in infosystems will likely be as epochal. And until the infodynamic boundary between humans and machines is no longer mediated by non-nervous tissue (like typing fingers and seeing eyes), it will primarily define our machines, as well as ourselves.

    --

    --
    make install -not war

  9. Re:what's real? by Requiem+Aristos · · Score: 4, Interesting

    The problem with the "Kill the host and the virus can't spread" counter-argument is that it assumes one of two goals:

    1) You are trying to keep the virus active indefinitely, or...
    2) The virus requires a significant amount of time to saturate the population.

    If the writer is interested in making a name for himself neither of the two may apply. Some of the recent big-name worms have been able to infect a significant percentage of the vulnerable population in a matter of minutes or hours. This means that after the first 4 hours or so your rate of infection will level off, and you may as well start killing hosts. Which would get the greater publicity, just infecting 3/4ths of the Net, or infecting 2/3rds the Net but permanently killing the machines?

  10. McAffee is even worse by Moraelin · · Score: 5, Interesting

    Well, I won't disaggree with you on the whole. It in fact mirrors my own thoughts and observations.

    I once got a computer virused intentionally. (That was the only Windows virus I ever got, btw, so if anyone wants to start with the canned "Windows has viruses, use Linux instead" answers, spare your breath.) I was installing Windows 2000, had no firewall handy, and thought I'm too lazy to go buy a firewall or go burn Zone Alarm on a CD on someone else's computer. Also, I didn't know yet that I could just activate the built-in poor-man's firewall (yes, you can tell Windows 2000 to not allow incoming connections) to stay safe until I download the updates and a firewall. So, anyway, I thought I'd let it get virused while I download the firewall, then format and reinstall. It's not like 20 minutes extra are a major catastrophe.

    So predictably it does catch an RPC buffer-overflow virus while downloading Sygate Personal Firewall. Then I block it from connecting to the network and play with it a little. It got me curious.

    You know what was sad? It actually slowed the computer a lot less than Norton. You know what's sadder? Installing Norton and running a full scan didn't catch it anyway. It just slowed down the computer some more.

    But still, Symantec isn't _the_ worst. Try McAffee sometime if you're masochistic. Not only it was even less efficient and slower, but also had such gems as:

    - needed IE to download its updates, because it used some ActiveX crap, but it was too stupid to just launch IE, then. It launched the default browser, in this case Opera, and then couldn't get itself updated. That sad.

    - it was installed on D: but the updates proceeded to install themselves in the default directory on C:. Worse yet, I wasn't just left with just an extra copy on the hard drive, but had two versions running in RAM at the same time.

    - this got even funnier later when I uninstalled it, because one of the two versions remained installed and auto-loaded. I had to edit the registry to stop it. (If you thought only spyware has to be removed that way, McAffee is obviously the counter-example.)

    - their "privacy" protection basically did nothing but try to protect me from cookies, including temporary login cookies on web sites. I suddenly couldn't use any sites that required login. Not even in a consistent and predictable way. E.g., Gamespy's Fileplanet got terminally confused and different pages thought that I was logged in and not logged in at the same time.

    And so on and so forth. That was a rather non-funny experience.

    --
    A polar bear is a cartesian bear after a coordinate transform.