Slashdot Mirror
Microsoft Releases Super-Secure XP to US Air Force
Wired is reporting that Microsoft is releasing the most secure version of Windows XP ever created, but only if you are the US Air Force. "The Air Force persuaded Microsoft CEO Steve Ballmer to provide it with a secure Windows configuration that saved the service about $100 million in contract costs and countless hours of maintenance. At a congressional hearing this week on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as an template for how the government could use its massive purchasing power to get companies to produce more secure products. And those could eventually be available to the rest of us. Security experts have been arguing for this "trickle-down" model for years. But rather than wield its buying power for the greater good, the government has long wimped out and taken whatever vendors served them. If the Air Force case is a good judge, however, things might be changing."
Now i see why they disabled autorun. :D
Patents Drive Free Software as Hurricanes Drive Construction Industry
When the navy puts windows on their ships.
...what they did to make it secure. Is the default wallpaper black with a big picture of a lock on it?
It is by my will alone my thoughts acquire motion; it is by the juice of the coffee bean that the thoughts acquire speed
But what good is XP without drivers for keyboard, CD/DVD drives, USB ports, or NICs?
Why, without your clothes, you're naked, Miss Dudley!
So that means its sitting in a box in the corner under armed guard?
The musings of just another geek and his junk.
Microsoft would probably have no problem giving it to the public, but nobody would want to use it. Everyone whines about security, then they get it and they whine about having to click "allow" or "accept" on popup boxes. You can't have your cake and eat it too.
If they would have used an open source operating system the results would have already been released to the public. Government money spent on an operating system is wasted when the same money contributed to open source helps citizens and indirectly the world.
Giving win7 away for free, and selling 'secure' copies of XP. What better way to fight international open source adoption?
Next most secure ever release for US army will be Windows 95, then Windows 3.11 and at the top of security development ever will be release of MS DOS 1.0.
Seriously though, if the government purchased software from companies other than Microsoft, we would have much better competition in the marketplace and better alternative software.
If they can make it more secure, why don't they offer everyone the secure version?
-- these are only opinions and they might not be mine.
'The Air Force, on the verge of renegotiating its desktop-software contract with Microsoft, met with Ballmer and asked the company to deliver a secure configuration of Windows XP out of the box. That way, Air Force administrators wouldnâ(TM)t have to spend time re-configuring, and the department would have uniform software across the board, making it easier to control and maintain patches.'
So if you'd like to do it yourself, you can secure your XP too.
http://nvd.nist.gov/fdcc/fdcc_faq.cfm
I'm not sure super secure is the right word for this version of XP though, given that there are a lot of security features it is missing that Vista, Windows 7 and some other OSes have.
http://lkml.org/lkml/2005/8/20/95
Le sigh.
The "only three programs able to run!!!!one!ZOMG!!!" thing is for "Starter Edition", which has been around for years. Have you ever even SEEN it? I don't think so. It's basically a legitimate alternative to Piracy in low-income countries, and even then it's pretty rare. I still have no clue why people assume it's for netbooks.
The BSOD joke stopped being funny when Windows 2000 was the OS to have (Unless you were subjected to ME. If so, I pity you). XP was solid. 2003 was solid. Vista is slow if you have bad video drivers, but other than that solid. 7 is, so far, solid.
So I have this on good authority from someone who works there... A few years back the VA decided to start migrating from IIS to apache. At the same time they wanted to migrate file servers as well. When MS caught wind of this, they told the powers that be at the VA, "You drop us, and we'll audit you." Part of the contract MS holds with the VA is they're allowed to perform a license audit any time they want. The VA did its own internal investigation and figured out pretty quickly that MS had them, "Over the barrel" so to speak... I don't think the Air Force really wants to use MS stuff, but if they're in a similar situation as the VA, this doesn't bode well for them. I hope the Obama administration catches wind of this and puts a stop to this practice. It isn't right that my tax dollars are being forced into MS's pockets. I think in these rough economic times our government needs to really start exploring more OSS/free solutions out there.
so the Air force paid MS to "lock down windows" probably to the STIG.. Instead of doing what DODIIS does and create a Install disk to be installed and tested against, so if you do have to rebuild its there... I thought that MS came up with an affordable PL3 or PL4 System, we have been working with MS for a PL3 system, but it would cost almost a million more than a comparable Trusted Solaris or SELinux solution. and be hell to administer
The BSOD joke stopped being funny when Windows 2000 was the OS to have (Unless you were subjected to ME. If so, I pity you). XP was solid. 2003 was solid.
Yes, once Windows 2000 came out there was never BSODs ever again. Oh wait...
While this was an interesting article, the XP and the Vista versions used by the USAF are the same ones used by the general public. The only differences are the security setting, the firewall configuration, and the user configuration. No one is an admin unless they need to be, and no normal day-to-day work is done in admin mode (same thing you do in Linux, no doubt).
I didn't know this article was going to be published, but when I found it, I was not surprised by the comments. I've been working on this program for more than 2 years. Users hate it. Developers loathe it. Network security staff loves it.
Nothing can make Windows (or any other OS) completely secure if it's connected to a network. This is as close as the federal government as ever come.
The airforce and the military in general would do well not to create a monoculture; especially not one based on an arguably insecure operating system that is nearing its end of life. Despite the existence of *nix alternatives that are of comparable ease of use and generally superior security and customization, the military continues to insist that using an old operating system full of flaws and actively exploited by the vast majority of malware is suitable for government use. There is something very wrong here.
Sigs are too short to say anything truly profound so read the above post instead.
"Having the most secure Windows ever" does not equate to having secure Windows.
Rich And Stupid is not so bad as Working For Rich And Stupid.
No shit Sherlock!
"The ferrets, they're every where I tell you!"
In other cases, systems that were configured securely became vulnerable later (for instance, when a system crashed and original software was re-installed without patches that had been on the system before the crash).
The great windows tradition of "reformat, reinstall" at work. I wonder how long until this secure XP starts suffering the same fate because users find it too restrictive to do what they need.
First Let me just say that all microsoft had to do to provide the airforce with a secure version of XP was to remove all of their built in backdoors and security holes introduced in order to fuel the security industry. Thanks for making millions of jobs for america and making computer users foot the bill!
Second, obviously they can never release this Secure Microsoft program to the public. (That's such an oxymoron I had to type it slowly) Every major public release of every operating system humanity has ever come up with has been hacked, rooted, and otherwise had its security demolished.
Releasing this system to the public will merely create a group of people bent on cracking it and then the air force won't have a secure version anymore. Pardon me for saying it, but I personally wouldn't want the air force telling me I owe them money. Brass knuckles or a baseball bat are bad enough.
Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.
Don't tell me! They removed the floppy disk drive - yes?
It's called running XP in VMware under Linux.
( Also, is it just me or does the "XP" after "Super-Secure" look like a smiley representing someone laughing their guts out? )
jdb2
How about "Microsoft Cockpits - USAF Edition". When things go to hell, the HDD pulls the handle on the ejection seat.
http://www.deanliou.com/WinRG/WinRG2.htm
Politics is Treachery, Religion is Brainwashing
Next up, the Army and Navy. After that, government agencies ... finally, big businesses and the public.
No sig today...
Microsoft has a slew of people who are more than happy to configure any of their software for you, for a price of course. They're called Microsoft Consulting Services (MCS). To your point, the Air Force asked Microsoft to do the configuration prior to sending them the software. Thus you have tons of features that are disabled by default on install. It's not that it's a different version of XP, it's just a reconfigured version.
What I find questionable is the claim in the article that says to the effect "this is the way it should be" with software releases. In other words, all software should come with maximum security enabled (i.e. all or most features disabled by default) and users can pick and choose what they want to turn on. That's fine for corporations where people are paid to configure systems. However, Joe Consumer who doesn't know anything about enabling components or disabling services will find such a system completely unusable. It no longer will "Just Work".
As far as the Air Force is concerned, getting to a consistent image across their systems should have been the goal, regardless of whether they use Microsoft to "secure" XP. It can be done without a Microsoft tech's help, as you point out. Of course, both of those are much easier said than done. Just my 2 cents
Isn't super secure and XP an oxymoron??
Maybe they should have been working with MS for the past year testing and securing a Windows7 desktop config.
I think they should fix all problems with their software before selling it...wait, who are we talking about here? Sorry I forgot, it's Microsoft.
I think Organizations shouldn't buy an inferior product...wait, who are we talking about here? Sorry I forgot it's the Air Force.
I am not a nerd, I just play one in real life. My avatar thinks I'm a total loser.
let's see, Windows on hospital equipment recently got Conficker because Microsoft no longer provided security patches for Windows 2000 and NT. I'm now wondering how long the British Navy thinks these subs will last and how they'll deal with unpatched Microsoft operating systems running the show when Microsoft stops feeding them patches?
Hey USAF! If you can't see the source code and see the patches for later versions, you can't have any hope of securing the system in the long run. You're only hope for security dooms you to tearing it all out and replacing it. And you know that is not going to happen and doesn't happen. Good luck with that "Super-Secure XP".
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
.. MS's admission that an insecure OS version was purposefully released to the public?
TOP DSLR Cameras Reviews of the top DSLRs
You are about to secure Windows
Yes No
OK, as if, anyone smell BS here, like I do?
Here is a link to a story of how the Air Force wanted to create a wrold botnet to control and send cyber attacks should they need them for global scale cyber warfare.
http://tech.slashdot.org/article.pl?sid=08/05/15/1654235
My guess is, it was easier to get M$ to bend and rewrite certain things that would allow the Air Force to backdoor into systems, and create a buzz, saying that we now have the best and most secure version of XP EVER!, Because we bought it so much, now it is cheap, and it can be yours for the
4 small payments of.....!!!
If i were to buy into the propaganda, I would say, it would be much cheaper for them to install one PC properly, and close the image a bazillion times as needed and just pay a M$ license fee to do this, why rewrite the app to be more secure, it already is once the updates are all installed anyways...and your disk image would contain also all the rest of the updates for all the other apps your company would use.....
I smell BS, lots of it!
Actually we were pushing a "secure" version of XP before I got out of the AF in 2006. Basically it was just locked down, if you didn't have to have it to do your job that feature/program was disabled by the security settings. I believe the image we pushed was made by the NOSC at the time. It wasn't anything you couldn't do on your own to your home computer.
Can anyone explain why a company with the manpower and wealth of Microsoft can't just ship XP with sane security defaults out of the box for everyone else?
This is the 21st century, right?
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
that's not really saying much.
Now lets rephrase that; 15% of the attacks were still successful after a complete lock-down configuration was applied and lots of manpower went into burning custom installation disks and procedures. Is it just me or does anyone else see a problem with this?
The DoS Embassy office and now the Office of Alumni Affairs has been funding open-source development for a few years now. As the contractor, we get their permission to contribute their features back to the main project (in this case, WebGUI). IMHO, the US Department of State is ahead of the curve in Washington DC.
Everyone whines about security, then they get it and they whine about having to click "allow" or "accept" on popup boxes.
But that's not security, it's annoying and it reinforces the bad habit many people have of clicking"Yes / OK / Allow" on every dialog they see.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
It's really only that secure if it is only connected to the .mil network. Connect it to the internet and poof!
Why bother
Here's a link to the screenshot of the new, super secure Windows XP. ;-)
That's fine for corporations where people are paid to configure systems. However, Joe Consumer who doesn't know anything about enabling components or disabling services will find such a system completely unusable. It no longer will "Just Work".
Maybe Joe / Joan should just learn rather than expecting everything to just work. Or they should pay for the privilege of remaining ignorant and get someone else maintain all the computers they need to use. At least if you disable everything by default it forces them to make this choice rather than currently where they get to just blame everyone else when their identity gets stolen.
I dont read
Yup. Whether it's computer security, physical security, communications security - the more secure you are, the greater a pain in the ass it is. Whether it's checkpoints or check boxes, there's a balance between security and usefulness, and where the balance point lies varies greatly.
So, if you're an organization with a lot of guns and airplanes you can get a better deal from MS?
Coder's Stone: The programming language quick ref for iPad
Obviously, they didn't remove the networking stack.
Or maybe they did, for the "out of the box configuration."
Personally, I wish one of the Windows install options was "keyboard, mouse, video, installation media drive, installation target drive only" then let me install networking, USB, and non-driver software and stacks on an as-needed basis. This would make it much easier/safer to use Windows in embedded, industrial, and kiosk environments.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Just put XP on a Time Warner broadband connection. Try downloading anything as big as a virus and you'll violate the TOS.
Have gnu, will travel.
"Stop purchasing Microsoft products. Duh."
The military of all customers is in the ideal position to do this.
Back in The Day when all we had were green screen Unix terminals, life was simple and users didn't break the system.
Conversion is merely of giving orders to people who obey them. The military should select more secure, Open alternatives which it can tweak and control, then order users to change.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Super-secure windows = having the the power cord unpluged.
if you look closely at the article, this is something that the air force did between 2005-2007. so this is actually old news. 'The Air Force began the project in 2005 and finished installing the new configuration on systems in 2007. In contracts with hardware providers it demanded that vendors pre-load the special Windows XP configuration onto systems before delivering them to the Air Force.'
let's see, Windows on hospital equipment recently got Conficker because Microsoft no longer provided security patches for Windows 2000 and NT.
Uh, no. The MS08-067 patch that addresses conficker was released for Windows 2000 at the same time as all the other OSes, with the exception of NT. http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Need more useless stuff to read on teh internetz?
"Many of the changes were complex and technical, but Gilligan says one of the most important and simplest was an obvious fix to how Windows XP handled passwords. The Air Force insisted the system be configured so administrative passwords were unique, and different from general user passwords, preventing an average user from obtaining administrative privileges. Specifications were added to increase the length and complexity of passwords and expire them every 60 days"
Is there any way of scripting this under Linux so as to equate to this NSA locked down super secure XP
I was hoping to see Balmer yelling "Gilligan!" and hitting him with the little plaque.
And the US Air Force lost this fight.
I think they should fix all problems with their software before selling it
You obviously don't know the first thing about software development.
let's see, Windows on hospital equipment recently got Conficker because Microsoft no longer provided security patches for Windows 2000 and NT.
Extended support for Windows 2000 doesn't end unitl July of 2010. The patch that fixes the exploit on Win2k is here if interested.
As for NT, the long term support ended over 5 years ago.
I'm not not licking toads.
The Air Force began the project in 2005 and finished installing the new configuration on systems in 2007
... and I usually only need a dozen reboots or so to get a copy of XP installed ...
Wow
What operating systems have FDCC settings? Currently, FDCC settings are intended for Microsoft Windows XP Professional with Service Pack (SP) 2 or SP 3 and Microsoft Windows Vista Business, Microsoft Windows Vista Enterprise, and Microsoft Windows Vista Ultimate with SP 1.
Step 1. Remove all wireless capability. Step 2. Use wax to seal all input devices except for the keyboard and the mouse. Step 3. Put a GPS unit transponder inside the device, constantly broadcasting it's location.
excitingthingstodo.blogspot.com
It's an Open Secret that Military Intelligence will use Super-Secure Windows XP! Then they can eat some Jumbo Shrimp while watching Virtual Porn, and when the super security is Found Missing, they will Act Natural about this Minor Crisis.
It's my Unbiased Opinion that this will become a Tragic Comedy.
Nostalgia's not what it used to be.
While it's true that they disabled Autorun in XP USAF Edition, what makes it truly secure is that they ported the Vista User Account Control to XP for the Air Force.
Here's how it works:
Enemy Pilot wirelessly hacks into Air Force pilot's OS and attempts to send an command to eject the pilot from the plane.
Air Force pilot sees the following message appear on his console:
Pilot clicks on Cancel, and all is good!
However, rumors persist that they did not test the scenario where the pilot actually presses the eject button.
// Top-secret!
// Copyright 2009 Microsoft Corp.
// Windows XP super-secure for USAF
// start bootup
// show shell
#include <linux.h>
int main(){
ShowWindowsLoading();
LoadKernel(linux);
ShowGUI();
}
Meet GRASS HUT!
"Flyin' in just a sweet place,
Never been known to fail..."
And pre-pending wine to every command line?
I haven't read the article, but I can almost guess what this secure XP consists of..
DOS 3.2
DosShell
And yes, I know I'm dating myself on that one, but my EDLIN is not working so I gotta go DEBUG A:\slashdot.exe.
"The NSA got together with the National Institute of Standards and Technology, the Defense Information Systems Agency and the Center for Internet Security .. It then took two years for the Air Force to catalog and test all the software"
How much would it cost the average company to hire on the equivalent of the NSA, the NIoST, the DISA, the CfIS and the US Air Force - and spend TWO YEARS in locking down the network. Anyone care to propose a tender?
A FOAF's worked on a project aimed at 'securing XP'. I do not know if it was this one.
This friend asked the programmer if he had heard of SELinux. He said, "What?"
Surreal.
"the government could use its massive purchasing power to get companies to produce more secure products" - really?
There needs to be more motivation for them to release products that are more than 'good enough'?
If you're interested in facts I'll tell you what they are and I'll give you sources - Chomsky on The Big Idea
"I am a security program manager at Microsoft"
;)
I wouldn't mention this on your next job application
davecb5620@gmail.com
The Air Force has put out the order that all systems, except those exempt for specific reasons, have to have Vista installed by the late fall of this year.
They are not longer building standardized XP desktops, and the only special systems that could use this would have to be recertified to do so.
Remember when MS was blowing their horn about getting a "level 4" [some such] from the DoD for NT handling everything the threw at it.
Then when MS was packing up to go home, they held up the network cable and said "oh, how silly of us, never mind".
This does not surprise me since governments are MS #2 customer, right behind themselves.
Do the math, all those VAR's, anti-? companies, etc, yep, "our customers wanted this"-----right.
Blue Sky of Death
The CHAIR FORCE, the CHAIR FORCE
A GREAT way of STREIF, a GREAT way of STREIffff...
(for any of you old enough to remember the USAF commercials jingle)
Now, mix "chair force" (seated, w/ little ground action) work style with chair-throwing generals.... hehehehe... who needs bunker busters and snazzy guidance systems when generals will be able to out-Balmer Balmer by throwing government standard chairs at quanto-molecular speeds?
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
And then I blew my morning coffee through my nose...
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
... that the Air Force would use Windows at all.
If I were a government (or a head of government), I would NEVER allow my military or important offices use proprietary software! I want the source code in my hand, period.
What the hell happened to our Government? When did it become such a circus of morons?
The Aegis Cruiser Yorktown was decommissioned in 2004 after twenty years of active service.
The elephant can remember.
The geek can't forget.
In 1995 Yorktown was chose as the prototype Smart Ship. The test bed. Test beds are pushed to failure. That is their job.
The tech was not stripped from Yorktown after 1995.
The core technologies installed in YORKTOWN - are - a 16 workstation fiber optic Local Area Network (LAN), Integrated Bridge System (IBS), Voyage Management System (VMS), Damage Control System(DCS), Integrated Conditioning and Assessment System (ICAS), HYDRA wireless communication system, and Standard Machinery Control System (SMCS). CG 48 Guided Missle Cruiser History
As for myself, I find this later-day example of Microsoft's performance as a naval subcontractor rather more to the point: USS George H.W. Bush (CVN 77)
A linux distro rebranded as Windows XP.
I thought Windows 98 was the most secure version of Windows ever created! Do you mean to tell me that those bits of text that were displayed when I installed the OS were lying to me?
Somehow this reminds me to the windows 95 installation process... which told you that it had become extremely secure...
no, I'm serious! stop laughing!
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
You obviously don't know the first thing about irony.
I am not a nerd, I just play one in real life. My avatar thinks I'm a total loser.
>> the most secure version of Windows XP
Isn't that an oxymoron? Kinda like dry water?
Still getting blue screens on my home system once in a while. Infinite loop, 0x000000ea. XP Pro with ATI card (the ATI driver is the culprit but it's still a blue screen :) ).
[John]
Shit better not happen!
Persian Project Management Software as a Service
Now just imagine what that $100 Million would accomplish if spent contributing to a free platform to which they could "own" the code.
Let's see, they saved ~$100M on 5 years on JUST MICROSOFT LICENSES; so lets estimate its a savings of 10% (probably less) so they were spending about $1B for COTS software over 5 years, now they are only spending $750M.
$750M would pay 1500 employees $100K/Yr for that same 5 years. At the end of 5 years, a 1500 person development team (with help from the public) would have turned out one hell of a secure linux/BSD distro. After that they could eliminate most of those positions, and stick with auditing community contributions for security reasons.
Why the hell any agency with the resources of the US Government (or many large corporations) don't contribute to and use free software makes no sense to me. It seems like only a handful of major companies and governments are pushing for open operating systems and desktop software... but they all spend millions on web development and keep pumping money to Microsoft year after year.
I would imagine if 5 of the top 10 governments were to get together and pool 50% of their software licensing budgets over the next 5 years, they could replace 90% of their commercial software with open alternatives that meet their needs; nearly eliminating the cost of software licensing forever. The financial benefits are nothing compared to the security and flexibility gained by owning the OS.
It's sad that what MS did for the USAF is being touted as a "good thing"... For the amount of money that MS is making off our government I think anyone who has ever put their life on the line for our country should be entitled to Free BJ's from MS execs in Redmond. And now MS is being made to look good.
I think the bigger story here is that the USAF was being charged over $100M in excess licensing fees because it had multiple contracts with Microsoft. And that Microsoft has been giving their largest customers a generic, bug ridden, POS OS and not been willing to respond to their largest customer's needs until now.
What do you bet this is just a tactic to prevent the USAF from deploying their own OS as described above.
Sometimes the best solution is to stop wasting time looking for an easy solution.
Here at US Strategic Command at Offutt Air Force base in Omaha, Nebraska (a joint command), we don't need no stinkin' Windows XP! Why, Win2k is just fine for all us folk here. In fact, we are going to SKIP windows XP and move straight to Windows Vista last year... uh I mean this year (major roll-out keeps getting pushed back-can't understand why). Yep! In the works right now. What's that? Win 7 is coming out this year? Nah. We don't need that either. We'll go to Vista instead! Keep in mind that 98% of all the machines there are still on Win2k and the Vista migration still hasn't happened in force, but there are no plans yet to skip Vista and wait for Windows 7. My guess is that they already bought the licenses for Vista, but I can neither confirm or deny that.
Veritas patesco per quaestio questio. Truth is revealed through questions.
it may be, it just might not be compatible or usable by the average user.
The Kruger Dunning explains most post on
the military can see the source code.
It's part of the contract.
The Kruger Dunning explains most post on
Bzzzt. Try again.
Ref: The Cockoo's Egg.
My Windows wallpaper for the last few years has been a MacOS startup screen. People who see it do occasionally ask me when Apple made a thin black laptop (it's an IBM T41) or if I'm running a hacked MacOS.
It does seem to have some security implications, though - something seems to have locked it into place, so even if I update the wallpaper using the normal mechanisms, the MacOS image gets restored whenever I mess with screen resolutions (e.g. plug into the LCD at work...) It happened around the time my corporate IT department locked in the screensavers with an unchangeable 10-minute timeout and password prompt.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This is where you trade money for intelligence and/or diligence. Either you pay someone to do it or figure out how to do it yourself. If you're stupid AND poor, well, good luck with that.
There's a hole in the bucket, dear Liza, dear Liza..
Todos mis movimientos están friamente calculados
Please explain to me why I've been running a stock (fully patched) Windows Server 2003 Enterprise installation for three years straight, have never reinstalled the OS, and have not experienced any of the dreaded "Windows is Getting Too Old" speed decreases?
No fancy guide is required to get this performance. It's attainable out of the box. All that's needed is -as you say- user education. Don't install crapware and you're done!
Also, your guide? It's not hardening.
Check out projects like Hardened Gentoo and Hardened Solaris. No amount of registry tweaking and software uninstallation can make Windows match up to the results from either of those projects.
Super-Secure?
Knowing Microsoft, I'll bet their 'Super Secure' version is the equivalent of installing a cheap Chinese-made deadbolt over a spackle-encrusted lock that has already been kicked open.....
"Pssst! The key is under the mat!"
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
There's a reason why most IT professionals prefer centralized installation systems over manually walking to each of the systems that they manage and installing each piece of software a machine at a time. Distributing dynamic things such as hosts files through forum posts is generally a *really* bad plan. DNS changes *Very* quickly. Forum posts (especially identical ones spread throughout tens of forums) do not.
If you're going to be a saviour of the computer world, get a web page, post what you have to say there, link to it, and keep it up to date. If your advice is good, you'll gain pagerank faster than just spraying copypasta across the web.
The Air Force has yet to explain who, if anyone, authorized the bombing of a Redmond, WA software company by a squadron of B-52s.
My point is that mentioning Microsoft in that first line is absolutely irrelevant. No company, no matter how big or complex, will EVER make a bug-free application, let alone an entire operating system.
Folks, they're not using XP (or any Windows for that matter) for the things that really need to be secure. They are probably using a variant of BSD or Unix for those things.
I would guess they are using XP for the masses where information security is impossible anyway.
Erm. I'm ashamed of myself.
/. Where the truth
Computer security is the same way. You *can* cracl WPA(1/2) encryption, but if you neighbour has his connection open (or is using WEP), you are not likely to become a target.
That's why I use MAC filtering instead of WEP or WPA(1/2). It's much more secure! ;)
[UID-HeinzIntel]
" DNS changes *Very* quickly." -
That has NOTHING to do with an adbanner, bad adbanner, or bad website blocking custom HOSTS files!
...
Right... Spammers and advert hosts can't use DNS to change the hostname that they use to host their crap with a moment's notice.
(That was the main reason & purpose of noting them in my guide)...
E.G./I.E.-> HOSTS files that use 0, 0.0.0.0, or 127.0.0.1 (no DNS server broadcasts those, mind you)
Wait, what? You're telling me that IANA doesn't hand out IP addresses that are invalid or reserved for local use to Internet-facing hosts? You *don't* say!
to block out known bad adbanners, bad websites, etc. et al!
See my initial paragraph. Morever, you're doing the internet a disservice by spraying copypasta across the web. What happens when some spammer registers badnews.forumhost.com and starts spreading the worm du jour from it?
How is some clueluess user going to find the very latest copy of the hosts file that you're distributing when you've put several hundred different revisions across several thousand different forums? Is he going to go on a vision quest to compare post dates to be sure that he has the very latest one? That's why I said this:
There's a reason why most IT professionals prefer centralized installation systems over manually walking to each of the systems that they manage and installing each piece of software a machine at a time.
I guess that I was too subtle for you. Would you recommend to your 3000-identical-Windows-machines-at-a-site clients that they install the latest .MSI of EnterpriseApp v4.0 by burning a disc, taking it to each computer -one at a time-, logging in with a root account, open Explorer, double click the .MSI, answer the installer's questions, wait for the installer to complete, and move on to the next machine?
Your practice of distributing identical hosts files across dozens of forums is analogous to this inefficient system administration method. How do you plan to update all of those forum posts when a new advertising server starts up? Do you intend to leave stale copies of time-critical information up for clueless users to stumble across and use?
Why don't you emulate the practices that you claim to preach? Set up a web site. Post your advice and wares there. Link to it in forums. When the situation on the Internet changes, you can react to it immediately and be the saviour of the internet, rather than one of those who is leading clueless users astray with reams of out-of-date information.
I'll have to disagree with you: It absolutely is [hardening]
No.
It's only recently that Vista SP2 got a single feature that's standard in real hardened systems. Go and see what Hardened Gentoo and Hardened Solaris do. (They do many, many, things that Windows can't match!) Your "hardening" guides are nothing of the sort. The bar was raised a long time ago, and it wasn't done by anything from Redmond.
You can't answer my question, can you?
What if I told you that not only have I not seen the "Windows is Getting Old" slow-down, I haven't had a malware infection, ever? [0]
This is on a stock -fully patched- installation of Windows Server 2003 Enterprise. No fancy guides or tools are needed to achieve this result, it's attainable out of the box. Nothing more than plain-old user education is required.
t's NOT about speed (though you WILL see more online, if you follow all/each of its points)...
Heh. You you can install NoScript or use Google Chrome and immediately see more speed online. No fancy guide or tool required.
[0] I posit that much of the "Windows is Getting Old" effect is directly related to malware installed on the system.
Point taken, but being XP has been out for many years already, they have already issued another OS, they are issuing MS 7, in regardless that it is software and bugs will happen, the fact that a large corporation has trouble learning from it's mistakes is mind blowing. Irony was probably the wrong word, sarcasm world more closely describe my statement.
I am not a nerd, I just play one in real life. My avatar thinks I'm a total loser.
Why couldn't they release this as Windows 7 instead of what they are releasing which is essentially Vista SP 3?
I'm glad to see that you're still dodging my question.
That's A DECADE OF SOLID UNINFECTED UPTIME HERE... have you even been USING COMPUTERS THAT LONG?
Yes, I have. I've been using computers since the Tandy 1000 TL. That one was produced in... 1986, 1987 or so.
I recommend that in my guide, but, I also tell others how it's done in other browsers AND I provide a HOSTS files that covers ALL/EVERY webbound program you have
Point me to a place in any of your forum postings where you say the equivalent of "See here for a hosts file that is not out of date.".
I severely doubt you've accomplished 1/10th of what I have in it over the past 16++ yrs.
You and I have already talked about your accomplishments. You've demonstrated none of the knowledge that you claim to have.
Here is a definition of "System Hardening" from a reputable source:
...Hardening systems is a defense strategy to protect against attacks by removing vulnerable and unnecessary services, patching security holes, and securing access controls."
Mmmhmm. You're not patching security holes or removing vulnerable services in your "guide". You're -manually- enforcing "Least Privilege" for running services. That is something that third-party vendors should *already* be doing out of the box. (IMO, you should never purchase software from a vendor that makes its services run as the SYSTEM user.)
Also, you can't *secure* access controls in a Windows system. Access controls are an operating system level function. The only way that you can secure them is to harden the OS itself. Projects like grsecurity and SELinux do just that. There are no such projects in the Windows world.
Here is yet another:
"...Generally anything that is done in the name of system hardening ensures the system is both secure and reliable."
Oh. Okay. I'll add a blackhole entry for doubleclick.net to my hosts file. Now my system is secure and reliable.
Your definitions suck.
Oh, hang on. You missed my previous post. Let me repeat it.
Oh wait... rather than repeating my previous post and duplicating a lot of effort and wasting loads of my time, let me provide you with a link to a centralized location on the web that is already hosting this information.
http://slashdot.org/comments.pl?sid=1219095&cid=27799759
Here's something for you to think about...
I came by the parent comment via AlterSlash. This means that the comment you posted to was of sufficient quality to rise out of the background noise of the general /. commenting public.
Noone but me has replied to your comments.
None of your comments here have been up-modded.
What does this say about the quality of your advice?
First of all, I wrote THE OLDEST/FIRST guides for NT-based OS online, back as far as 1998
Prove it. Don't just quote from or link to some web page. Prove that you wrote it.
Secondly - My guide DOES tell people how to "cut off" vulnerable services (by patching)
Oh. I get it. You write guides for clueless users. The stuff that I do is for folks who really know what they're doing and want to take their skills to the next level. My bad.
Also, you can't *secure* access controls in a Windows system. Access controls are an operating system level function
Man, you really DO NOT KNOW WHAT YOU'RE TALKING ABOUT...
I'm a programmer. You claim to be a sysadmin. I can see how you wouldn't understand what the phrase "securing access controls" would *really* mean. Imprecise language indicates the sloppy thinking of the speaker.
Heh, also isn't "grafted on" as a "kernel hooking" system
You have never looked at the way SeLinux or grsecurity actually function, have you? Check it out, you'd be amazed.
[My copypasta] seemed to shut you up on what "security hardening" is defined as though...
Heh. I can see that you are unable to comprehend any degree of subtlety. If I didn't know better, I'd say that you were illiterate and were speaking to me through an ESL intermediary.
Lemmy link you to what I wrote again, so you can re-read it and mull over what I said.
http://slashdot.org/comments.pl?sid=1219095&cid=27801155
...you surely showed your behind about ACL's...
You don't understand what the phrase "securing access controls" implies. See this post for my thoughts on the mis-understanding:
http://slashdot.org/comments.pl?sid=1219095&cid=27803057
Point me to a place in any of your forum postings where you say the equivalent of "See here for a hosts file that is not out of date."
[Oh, but I did say this in my original posting!]
Ah. You are correct.
You and I have already talked about your accomplishments
Yes, you have NOTHING like them
You've demonstrated none of the knowledge that you claim to have.
Funny, these say otherwise [Long list of links snippped]
My challenge to you to prove that you've done any of that is here:
http://slashdot.org/comments.pl?sid=1219095&cid=27803057
None of your comments here have been up-modded.
Oh no?
How about nearly 100 times here on this website
Whoops. Lemmy correct myself:
"None of your comments in this thread have been upmodded. Noone but me has replied to this thread. What does that say about your advice in this thread?"
This is quite a read, so print yourself a copy or download to your PDA, and be amazed at what you'll learn from this collection of information that APK has gathered and put in one place
That's not proof of anything. I don't have proof of your identity. On the Internet, noone knows that you're a dog. For all you know, I'm the brains behind every commenter on /. besides yourself.
Question is, have YOU?
SeLinux was built in part, for example, to addon ACL's
Aye, I have. And aye, this is correct. The point in question is your lack of understanding of how SELinux interfaces with the Linux kernel.
...you said nothing like that [ACL's] existed on NT-based OS'...
Prove it.
You try to "put me down" for the list of accomplishments I posted here...
Prove that you've accomplished any one of the AFK things that you claim.
Ion.SIMIAN.c: You're ruining your own reputation
From the looks of it, this thread is a wasteland. The only folks here are me and you, hoss. If you want an audience, go back to the amateur techie boards that you like to inhabit.
YOU had best learn what MAC (mandatory access control) is on Linux, for 1 thing...
You really like that copypasta.
Addressed here:
http://slashdot.org/comments.pl?sid=1219095&cid=27803693
Yes, and I don't think you will LIKE the answer too much, as it is shown where I wrote that, when, & it is credited to ME (APK)...
That's not proof. I can credit anything I like to APK. Is this all that you have to show me?
"This is quite a read, so print yourself a copy or download to your PDA...
Again with the copypasta! This is addressed here:
http://slashdot.org/comments.pl?sid=1219095&cid=27803693
No one decided to mod it up in this exchange is all... that happens!
Riiight. It's a wasteland in here. There's noone but you and me.
http://it.slashdot.org/comments.pl?sid=170545&cid=14210206 (+5, AND has proof of my knowing about SeLinux as well as its mechanics, from LONG ago no less)
The link to your guide is a 404. All that your link to the NSA's SELinux page demonstrates is that you've heard of it. I would expect anyone who's been reading /. for four years to be able to demonstrate that knowledge.
Is also STRICTLY in regards to my seucurity guide!
The loose collection of quotes and advice from knowledgeable folks in the IT field that you call a "security guide" is redundant. I can achieve the same amount of security by installing Windows, keeping it up to date, and not running shady software.
Also, my security guide, to date (since late 2008), also has these "stats" to its credit:
1.) Over 250,000++ views to its credit
How many of those views resulted in a spread of useful knowledge? How many of those views resulted in someone saying, "Oh. This is just copypasta from $SECURITY_DOOD's blog."?
I know that I have contributed to the view count of many a shitty forum post just 'cause it had a good PageRank and the preview on Google kinda looked like it would answer my question.
over 20 forums in around 1 yr's time online now
This is part of the problem... it's the thing that I've been oh so subtly (and then oh so bluntly) telling you from the beginning.
What happens when your security guide is out of date? Are you planning to leave all of that stale knowledge around to mis-inform yet another clueless user? Or is your time so worthless that you'll spend it updating the copypasta that you've spread to dozen (hundreds? thousands?) of forums?
2.) As well as it being in the TOP VIEWED in forums that have existed for years TO DECADE++
Rage3d.com has been around for a long time. So has Phoronix. Ars Technica has been around for a long time, too. I'm sure that you'll agree that duration and quality are often not correlated.
3.) Then, my guide's nearly always being used by others too ... ... My guide being rated VERY WELL, to the point of being made an:
4)
a. "essential guide"
b. "Sticky/Pinned Thread"
c. Being well rated by those...
I've seen a lot of absolute trash declared "essential" and stickied on many, many forums.
(WANT PROOFS OF THOSE TOO? I can supply them, quite quickly...)
Wait, what? Where have you proven anything? I don't know that you're not a dog.
Ok - ask the guys @ NEOWIN if I wrote that guide of mine they used, for starters!
So, I ask them:
"HAY, GUYS AT NEOWIN! There's a guy who claims to call himself APK, but I don't really know if he's one guy or a bunch. Really I don't know anything about him really, cause I can't get his IP. But even if I did get his IP, that wouldn't prove anything anyway due to NAT and maybe he was using a proxy. So anyway, NEOWIN guys, did this AC on slashdot write this guide that he claims is his?"
Are you sure that I can check with them to verify that you are who you say you are?
- by ion.simon.c (1183967) on Sunday May 03, @01:03AM (#27803693)
Funny - you've made SO many screwups here
What were you quoting, again?
Why are you trying to make it seem as if it is NOT worth kicking your butt in...
Are you implying that you want to physically harm me?
Reread my second paragraph. You seem to have missed the point:
http://slashdot.org/comments.pl?sid=1219095&cid=27803715
Alternatively, check out my hypothetical query to the NEOWIN folks here for an amplification of my point:
http://slashdot.org/comments.pl?sid=1219095&cid=27804009
Ok - AGAIN: Ask the guys @ NEOWIN...
Copypasta, he chooses you!
Addressed here:
http://slashdot.org/comments.pl?sid=1219095&cid=27804009
(the biggest one being trying to get the better of ME, in debate)...
This isn't a debate. You're determined to ignore any points made, avoid any pointed questions asked, and deflect any criticism with reams of copypasta declaring the unverifiable glories of some guys who like to call themselves "apk".
I'm amusing myself on a lazy Saturday evening. What are you doing?
(showing my accomplishments...
Prove it. Prove that they were yours. Prove that you received some token -either a meatspace or cryptographically secure one will do- that proves that you are the author of all of the documents that you lay claim to, and that people who are not you have vouched for the documents' credibility, accuracy, and usefulness, replicate it, and show it to me.
*That* is proof. Not quotes or links.
Hooray! A dead thread! I win! :D
Now, on to the others.
I have proven that you cannot stay on topic for 1 thing @ this point... lol!
Very well.
Here are my currently unanswered questions. Once they have been answered, I will address the rest of your points.
Why do I have a secure and performant Windows system, when all I had to do was apply offical Microsoft patches?
Why do you spray copypasta across forums rather than host it in a central location that's easy to manage and update?
What, in your mind, constitutes proof of ownership?
What, in your mind, constitutes proof of identity?
How does your opinion on these two things compare with the high-level design of current implementations computerized authorization and resource control schemes?
What would the consequences of designing such schemes to use your level of proof of ownershit and identity be?
How do current implementations of SELinux interface with the Linux kernel? Be specific. Cite only from credible, verifiable sources. Descriptions of grsecurity's interface to the Linux kernel will be accepted in lieu of information about SELinux.
How do current implementations of NTFS's ACL interface with the Windows NT kernel? Be specific. Cite only from credible, verifiable sources. Descriptions of either Windows Vista or Windows XP SP3 will be accepted.
[ "Answer" to "Why do you consider your time to be worthless?" ]
This answer is insufficient. Try again.
[Your "what is proof of ownership?" question is] OFF TOPIC
This is directly related to computer security. Re-read the first "paragraph" of this post that is enclosed in double quotes.
[Your "what is proof of identity?" question is] OFF TOPIC
See my previous statement.
How does your opinion on these two things compare with the high-level design of current implementations computerized authorization and resource control schemes?
?
A.) NT ACL = SeLinux MAC
(I said that before, please: Take your alheimers/dementia/senility meds...)
----
I've left this one in in its entirety to demonstrate how taking things out of context can lead to incorrect results. You answered the wrong question. Try again.
[Your "What are the implications of your idea of auth and trust on security schemes?" question is] OFF TOPIC
See my previous responses to your previous "...OFF TOPIC" remarks.
[ "Answer" to "How does SELinux work?" ]
You were asked to be specific. A cursory examination of Table 2 on Page 13 reveals two things:
* All SELinux syscalls are glommed into an entry called "selinux ops".
* EXT 3 Filesystem operations are classified as "kernel hooks".
The linked paper is insufficiently specific. You would have done better by selecting the second result returned by Google for your search phrase.
Try again. (It is suggested to the supplicant that he begin his search by downloading a recent kernel source package and examining the file "src/security/security.c".)
[ "Answer" to "How are ACLs implemented in recent versions of Windows?" ]
This is the opposite of specificity. Try again.
You managed to pretty much answer one question!
Here are my currently unanswered questions:
Why do you spray copypasta across forums rather than host it in a central location that's easy to manage and update?
What, in your mind, constitutes proof of ownership?
What, in your mind, constitutes proof of identity?
How does your opinion on these two things compare with the high-level design of current implementations computerized authorization and resource control schemes?
What would the consequences of designing such schemes to use your level of proof of ownership and identity be?
How do current implementations of SELinux interface with the Linux kernel? Be specific. Cite only from credible, verifiable sources. Descriptions of grsecurity's interface to the Linux kernel will be accepted in lieu of information about SELinux.
How do current implementations of NTFS's ACL interface with the Windows NT kernel? Be specific. Cite only from credible, verifiable sources. Descriptions of either Windows Vista or Windows XP SP3 will be accepted.
I also show where & how you are wrong in this thread also... especially about SeLinux, because I stated it used "kernel hooks" (kernel patching)
You said more than that. From here:
(& ACL's on NT-based OS & controlling them? Heh, also isn't "grafted on" as a "kernel hooking" system as is SeLinux or AppArmor for Linux by the by)
My currently unanswered questions are listed at the end of this post:
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
Learn to read, as I covered it's MAC vs. ACL...
From the comment:
A.) NT ACL = SeLinux MAC
(I said that before, please: Take your alheimers/dementia/senility meds...)
Um... this doesn't explain anything.
Are you sure that you know anything about IT or computer security? Even a clueless college sophomore would be able to look up the answers to my questions in four or five hours. You've had twelve. What's wrong?
My unanswered questions are here:
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
http://slashdot.org/comments.pl?sid=1219095&cid=27809645
Examine Table 2 of that document.
It is insufficiently detailed.
Moreover:
You claim to have proved things during our conversation.
The only skill you've demonstrated is the ability to copy and paste.
This makes you, at best, a script kiddie. At worst, it makes you -in your words- "a user".
Copypasta! He chooses you!
You're lazy. You appear to be ignorant.
You claim technological knowledge. I ask pointed technological questions. You refuse to answer them.
Self-inflicted transcription errors cause you to forget what question you were replying to and respond incorrectly.
You don't sound like an expert. You don't act like a professional. Just what *do* you do when you're not spreading your copypasta on internet forums?
Oh, wait. Don't bother answering that. Your version of proof is inadequate for even the most basic of authentication schemes.
So, have I tired you out yet?
Why don't you answer my questions? There are two to which you have provided *no* answer to. There are four of which you have provided an insufficient answer. There is one which you provided a completely incorrect answer.
Each one of these questions is something that any college sophomore could answer. You claim that you're a professional. Prove it. Answer these questions. (Two of them are open-ended questions. They ask for your opinion. How much easier could it get?)
Here is a direct link to a post that contains the remaining questions. Good luck.
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
Wow, more copypasta.
*chuckles* There's this rule in chess... if you're down to your king, and you move between the same two spaces three times in a row, your opponent wins.
This is the third time in a row that you've posted the same ignorant garbage.
Hey, look!
It's that copypasta again.
You must be tired. Tired and ignorant.
You're thread's not stickied on xtremepccentral, btw. Why is that? It's not stickied over on Ars, either. Why is that? :)
Prove that you are the same person that wrote those published articles, then we'll talk.
You haven't answered the three most important questions of mine.
Here's a link back to them:
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
Here's a link back to my comments on your claims of credibility:
http://slashdot.org/comments.pl?sid=1219095&cid=27812945
Also, have you ever read the Shelley poem that you're quoting? If you have, you really should re-read it. If you do understand what Shelley was getting at, your continued quotation of it is all the more inappropriate, given the context.
Wow, more copypasta.
How do I know that you are who you say you are?
Also, show me a copy of your conversations with law enforcement. If you tell me that you don't have any, I know that you are a liar.
Also, why have you not answered my questions?
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
Hey, it's more copypasta.
Your copypasta/new content ratio is really high.
Also, show me a copy of your conversations with law enforcement.
All you need is @ the URL from Windows IT Pro...
That link leads me to an article by the Sysinternals guy. That article is behind a paywall. This isn't a police report.
A) You're a liar. I've interfaced with the police and have friends in the force. The action that you claim to have taken results in paper documentation.
B) Are you claiming to be Mr. Russinovich?
Why haven't you answered my questions?
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
Also, did you read Shelley's poem, yet?
This is character-for-character identical to the post here:
http://slashdot.org/comments.pl?sid=1219095&cid=27813171
You even duplicated your typos. Good job. Keep increasing that ratio!
Also, you didn't even read what you were replying to.
Are you this thoughtful and careful when you give advice to new and/or clueless users?
And, why haven't you answered my outstanding questions?
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
More copypasta?
Seriously? I guess that when your opponent has nothing left than to scream obscenities at the top of his lungs, then you have bested him in conversation.
Top notch. APK's copypasta is 100% the best that I have ever read. A+++, would read again.
I'mma head to bed. I'll reply more in the evening.
You could at least answer the two questions of mine that ask you for your opinion. I'm sure that it wouldn't take more than 30 seconds of your time.
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
Is the the traditional form of SMB password handling secure or insecure? Why or why not?
Or, if you don't care to answer that question, answer this one:
If I walk up to your computer and enter the phrase "I am APK", or perhaps, "APK", will it let me into your files? :)
If not, why not?
Why haven't you answered the rest of my questions? Why do I have to explain them to you as I would to a two-year-old child? Why do the unified diffs of my recent comments always indicate changed lines, where yours almost always show no added or removed lines?
You do know what a unified diff is, right?
*chuckles*
Do you behave like this on the forums that you haunt when someone disagrees with you? What do you do when someone asks you questions that you're utterly unable to answer? Do you throw these copypasta tantrums? How do the mods deal with this?
What would happen if I asked the user registered as APK on the various forums that you've advertised over the past couple of days whether he was the same person as you? Would he deny responsibility for the writings in this thread?
I've already "gotten the better" of you. I did this the very first time that I closed a thread with you. Remember when I decided to spend three minutes with google and found your tantrums at Ars? Remember how they lead me to many of the other forums where you pitched a fit?
From what I can see, your only "contribution" to the internet is a collation of advice from experts in the field. Much of this advice has already been encapsulated into automated tools such as spybot and adaware, rendering your collection of it useless.
Where are your bug reports?
Where are your vuln reports?
Where are your software projects?
Where are you interfacing with other knowledgeable sysadmins to increase your skills?
Also, why haven't you answered my questions? Do I need to rephrase them to make them even easier for you to understand?
Here's a link to them. I'm sure that you'll have a hard time finding them in this mess of a thread.
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
When did I say that Ars was my favourite site?
Quote me.
If you can't, then you're jumping to conclusions, again.
Also, you're quoting that Shelley poem here, but not in your later responses. I assume that this means that you actually went and read it? Perhaps you discovered the lesson that we learn from comparing Ozymandias's words to the state of his works: all great human accomplishment is folly. Great buildings crumble. Great works are forgotten.
Ozymandias wished for the reader of his words to despair when he compared the greatness of Oz's accomplishments to his own. Oz wished the reader to feel small and powerless before Oz's greatness. Yet, with the passage of time, Oz's words are now ironically appropriate. The reader has a different cause to despair, as he knows that he will suffer the same fate as Oz. Nothing that he can do will prevent the obliteration of his own works and -ultimately- himself.
Not exactly what you wanted to say about the accomplishments you are claiming as your own, was it?
Google failed to find any offical mention of your work with Russinovich.
I've emailed Mr. Russinovich to figure out what work that you've done with him, and to see what his professional opinion is of the person that you claim to be.
Would you care to provide me with an email address so's I can send you a copy of the conversation?
Hey, look. MOAR copypasta.
Have you run out of things to say? Did you run out of ideas a decade ago?
How is your comment to this blog entry on-topic?
http://blogs.msdn.com/e7/archive/2009/02/09/recognizing-improvements-in-windows-7-handwriting.aspx
The blog entry talks about the Windows handwriting system.
Your comment talks about changes to HOSTS file handling.
Also, you haven't replied to any of my new posts, and have not answered my outstanding questions. What's the deal?
Are you sure that you know what the various types of Windows ACL's are?
http://forums.techpowerup.com/archive/index.php/t-25428.html
I've been looking more closely at what you did over at Ars.
You made 157 posts with a single nick in two days? Seriously?
I've read the article over at windows it pro magazine since I am a subscribing member there and Jeremy Reimer, Jarrett DeAngelis, and Jay Little impersonated apk on Reimer's website and admitted to it (only after their isp's busted them for email harassing apk, and then Reimer's hosting provider for his website removed parts of Reimer's website for libelling apk as well as threatening his family like a psyhopath would which got canadian law enforcement involved (and reimer backed off fast at that point and had to or go to court and jail)). It is therefore quite obvious that moron Reimer did the same over at arstechnica, the home of the trolling loser online.
I read apk's reply and he more than answered your questions, and provided a link that actually even proves what he stated that selinux uses kernel hooking to achieve what it does on Linux, and that windows nt family of operating systems has had something like that natively already built in since day 1 in acl's. Quit trolling ion.simon.c, because you have lost miserably and make a dozen or more mistakes here and they were documented in apk's answers here which made me laugh at how badly you have done in this exchange, error after error on your end. You call yourself a programmer? You have no proof of it, where apk does, and provided it at your request. You then laughingly try to lessen what he has accomplished, because you have nothing like it. You are a jealous troll that messes up on technr ical points here as well. Grow up, accept that you lost, and move on troll. I know you are full of it and you're no longer even amusing.
If anyone here is tired, it is us reading your repeated mistakes and off topic posts in this thread, ion.simon.c. So, ion.simon.c, You claim to be a programmer. Prove it. That's what you said to apk and he blew you away with a lot of evidence to that effect as to his professional status in this science and his accomplishments in it, as well as he showing you in error here a dozen times or more by now on technical issues being discussed. Give up, you lost badly, ion.simon.c, and it is obvious you are just trying to troll him now. I will say one thing in your defense: You are so stupid that it is hilarious watching you try to save face and cover your mistakes by trying to bury apk's replies, but as you can see, I can see and have read them also and man, did you ever lose and badly.
The word MOAR doesn't exist in the english language moron. You ran out of things to say after you were caught in a dozen errors in this thread ion.simon.c and all you have is off topic evasions and attempts at burying evidences of you being in error so many times in this post that it is not even amusing anymore. You say you are a programmer. Prove it. At least apk had some evidences to that much and his accomplishments, which you have none of given that you can't produce a list of evidences like his. He did more a decade ago up to recently than you have in this science in your entire time in it. Prove otherwise.
He certainly shut you up about how selinux implements things like windows access control lists in mandatory access control and also that selinux uses kernel hooks which you doubted and he produced a stack trace debug dump of selinux from microsoft themselves to prove it. You tried to say "that is insufficient" only because it blew away your trolling garbage and once I read that article I actually learned a thing or two, so thanks apk. Ion.simon.c, thanks for the amusement and showing us all you are a victim of your own hubris and that you stuck your foot in your mouth a dozen times and are now off topic trolling to try to bury the evidences of your mistakes here through this posting. I read the list of errors you made here that apk put up and you are one stupid sob who claims he is a programmer (prove it, apk did, and you can't) and is clearly not.
HOSTS files are used in security, as is the other point apk covered on wfp versus how older windows did a 3 part phalanx zone defense like arrangement for securing ip traffic. It is on topic, because this is about windows and security and hosts files plus filtering are portions of microsoft windows' own security system. You stated you are a programmer in this posting and it is clear you are not and just some lying amateur, because when you asked apk to prove he is a pro in this science he did so with numerous examples and accomplishments in this science. You by the same token had nothing like them. apk more than answered your questions where you said "windows has nothing like selinux" and apk pointed out acl's and how they have been in NT\2000\XP\Server 2003 since their conception unlike Linux using kernel hooking seLinux. apk was completely correct and so much so you had to try the 'troll tactic' of saying "that is insufficient" and the article goes into it more in depth as to how kernel hooking works and proved selinux does as apk said it does, uses kernel hooks to achieve what Nt-based OS' always have had natively. Go away you jealous little nobody troll ion.simon.c, you have lost badly.
Alongside the article over at windows it pro forums called the memory optimization hoax and there apk stated the same as he has here and dr. russinovich never replied otherwise as to apk and he doing work for the same companies in the 1990s and that apk helped him find and fix problems in his pagedefrag program. That's official enough for me and please don't try to cover for your own inadequacy in computer sciences saying that's insufficient. What IS insufficient is your lack of proof you are a programmer since you ask proof of others of their roles in this science as you had to apk and he blew you away with his proofs and amount of it as well as achievements he has to his credit where you laughingly have zero to compare, let alone prove your bullshit that you are a programmer. If you are a programmer then I am Barack Obama. Give up ion.simon.c you inadequate jealous troll.
How apk uses P.B. Shelley's quoted excerpt fits here quite nicely. You looked upon his works and must despair, hahaha, because you have zero to compare to his rather large list of accomplishments around this science, despite you saying you have used computers since the late 1980's. I hate to point out the obvious ion.simon.c, but you have not accomplished much, otherwise you would have put up proofs of your status allegedly as a programmer in this science since you stated you are. I don't believe it because you make too many technical mistakes and I read them when apk noted them. If you are a coder then you must stink at it. You ion.simon.c claimed to be a programmer and then you asked for proof of apk's status in the science of computing. He put up so many proofs this way in the way of verifiable achievements in this science that I found it impressive in fact, especially considering he blows away anything to that effect (proving his status as a pro in this science) you had, which was, laughingly, nothing on your part ion.simon.c, so give up. You trolled and were destroyed here for it by your own stupidity and numerous errors which apk also documented and I read them. I believe you are a professional in this field as much as anyone might believe I am Barack Obama. You're nothing but a stupid troll ion.simon.c, face it.
You're a troll ion.simon.c, and not very good at it either. You made so many mistakes up there that apk documented that you are just now embarrassed into having to try to goad him via your off topic trolling. Do you think you are pulling the wool over anyone's eyes here with your off topic bullshit? By no means. I read both of your statements here and apk backs everything he says where you have no proof of even your being a programmer (though you asked it of apk and he put out an impressive list of things he has done around this science, and despite your probable lie that you are a programmer when you stated it, you have nothing, not even 1 thing that was noted as good in this science, where apk had 10 of them). You can't even match the 'modded up' posts count he had and you are a registered user. Lord knows the "elitists" amongst the registered users here often avoid ac posts (like apk does) and certainly for modding them upwards. You should be able to blow his mod up posts count away, however as usual, you have no proof of your doing better. Typical troll is what you are and not even good at that just judging by the counts of errors you have made here on things technical in this discussion.
What a joke you are ion.simon.c in saying you got the better of apk. Is making mistakes now considered getting the better of people around this website? Because your mistakes here: [list]1.) HOSTS files -> http://slashdot.org/comments.pl?sid=1219095&cid=27803005%5B/list%5D [list]2.) DNS Servers -> http://tech.slashdot.org/comments.pl?sid=1219095&cid=27798027%5B/list%5D [list]3.) Logon scripts & Group Policies usage -> http://slashdot.org/comments.pl?sid=1219095&cid=27800951 [list]4.) SeLinux being implemented via kernel hooking/kernel patching -> http://tech.slashdot.org/comments.pl?sid=1219095&cid=27806379%5B/list%5D [list]5.) Services patching &/or cutoffs for security -> http://slashdot.org/comments.pl?sid=1219095&cid=27802917%5B/list%5D [list]6.) What the definition of "System Hardening" is -> http://slashdot.org/comments.pl?sid=1219095&cid=27800687 [list]7.) Your 1st post thought my guide was about speed, & instead it is about security -> http://tech.slashdot.org/comments.pl?sid=1219095&cid=27794633%5B/list%5D [list]8.) Here was your FIRST instance of "correcting yourself"/admitting I was correct -> http://tech.slashdot.org/comments.pl?sid=1219095&cid=27803103%5B/list%5D [list]9.) Here was where you FIRST asked me to "prove who I am" -> http://tech.slashdot.org/comments.pl?sid=1219095&cid=27804053 (give us all a break!)[/list] [list]10.) Here you said I was not enforcing policies in my security guide, & you made another mistake on that -> http://tech.slashdot.org/comments.pl?sid=1219095&cid=27801155%5B/list%5D [list]11.) Here was your 2nd instance of "correcting yourself" (amending your questions to try to "make me wrong" & you failed again) -> http://tech.slashdot.org/comments.pl?sid=1219095&cid=27803601%5B/list%5D 12.) YOU also said my guide being posted here NEVER gets "modded up"? I showed QUITE the contrary here -> http://tech.slashdot.org/comments.pl?sid=1219095&cid=27803307%5B/list%5D [list]13.) You're clear INABILITY to even GOOGLE something right, @ the top of THIS post - http://slashdot.org/comments.pl?sid=1221343&threshold=-1&commentsort=0&mode=thread&cid=27831377%5B/list%5D Show whom got the better of whom, and it doesn't look at all like you got the better of apk, in fact it seems to be quite the reverse with that list of errors you have made here, along with false accusations you had to 'correct' and admit later you were wrong on a few times according to those url's above and your own quoted words in them. Give up you trolling loser, and prove you are a programmer since you asked apk to do so and he put out a list of proofs that were impressive I felt, whereas you had nothing even remotely like the 10 he had and you cannot even match apk's mod up posts count here and he is an ac no less (and everyone knows the "elitis
What's a BSP?
http://windowsitpro.com/article/articleid/41095/the-memory-optimization-hoax.html
^^^ This. This is an article. It's not even an article that has a byline by Alex Kowalski. It's certainly not a forum.
Your questions have been answered as well as your being shown in error here repeatedly ion.simon.c in the post parent to your own as well as many times in this thread where you were shown to have accused apk of things regarding his hosts file (which you admitted you screwed up on) and also about his security guide (where you stated he did not go into things like securing services or disabling vulnerable ones). You either skim, or are just another losing his ass troll who is now going off topic to try to troll others even more. You are a programmer you say? Prove it (that's what you said to apk and he blew you away with a quite impressive list of accomplishments to his credit, where you laughingly have not even a single one). You are a pitiful example of how low a human being can be ion.simon.c and thus I cannot even credit you as being a good troll. You can't match your opponents achievements, and also have made more mistakes than he did on technical issues (only thing is, apk has not made a single one yet, inclusive especially of his stating how selinx works via kernel hooks and you tried to say Microsoft's debug dump of selinux showing kernel hooking is insufficient? Give us a break you know nothing troll ion.simon.c)
Oh, this is good. How would you know that if you said you cannot see it? It's an article by Dr. Mark Russinovich and it is where Jeremy Reimer, Jarrett DeAngelis, and Jay Little (artechnica members all) were caught libelling, threatening apk and his family no less (that is when the law got involved and it stopped all 3 of them cold) and where each of the was caught impersonating not only apk, but also a Mr. Marty Meszaros, and then with them posting as others under "alternate guises" as they called them and were then caught admitting to it (waarheid=veritas) over at Jeremy Reimer's own forums at his osy website. These arstechnica morons are as laughable as you are ion.simon.c and I suspect you are just another one like them. A jealous scumbag who has never accomplished anything worth noting by those in publication in this science, which apk has shown us a ton of he has from as far back as 13 years ago or more, and you have not a single thing like them to your credit by way of comparison. Prove to us you are a programmer, and even if you can, which I doubt? I would just say as was said to you here a few times now, that you're not good at it or you would have been recognized as that by those in the media around this science. You are a troll and not even good at that.
That dumbass ion.simon.c can't even google something right, lol, see here - http://slashdot.org/comments.pl?sid=1219095&cid=27831079 lmao unbelievable, and this moron ion.simon.c says he is a programmer? No way. He's another done nothing useful or good with his life troll is all.
Even I know that. It's an acronym for a "broadband service provider" troll. You're the googler here though you messed up on something as simple as that too, lol, here - http://slashdot.org/comments.pl?sid=1221343&cid=27831377 You say you're a coder and you don't know that? You really are a lame liar ion.simon.c so take your "I am a programmer" trolling lie someplace else. You are too stupid to fool any of us and especially at this point. Now I am trolling you and laughing at you, because you say you are a programmer and you cannot even google something properly. I'll give you one thing. You are amusing in a fool's kind of way. You keep making mistakes and making your opponent look all the more stronger in your doing so. You tried to take on a tiger by taking it by its tail and are now reaping the rewards of that (you look like a stuttering mistake making idiot).
See here troll - http://www.bitpipe.com/tlist/Broadband-Service-Providers.html Then again we already know you can't even get a google query right from this example of that here on this forums - http://slashdot.org/comments.pl?sid=1221343&cid=27831377 where you said you went looking for something involving the ac apk helping Doctor Mark Russinovich with his work in pagedefrag and it was right there once he proved you can't even run a query right on Google. You say you're a programmer in this thread, prove it (after all, you asked that of apk and he did with an impressive and overwhelming list of proofs to that effect, and you by comparison have nothing to your credit). Go away troll. You're no programmer, ha, you can't even get a google query correct.
rotflmao @ ion.simon.c, you said this - "'ve already "gotten the better" of you" here - http://slashdot.org/comments.pl?sid=1219095&cid=27825529 and I hate to tell you the obvious, but far from it. Looks to be the other way around in fact, with the ac apk trashing you and mostly with your own mistakes which I found rather funhy. Also, when the ac apk posted this in reply - http://slashdot.org/comments.pl?sid=1221343&cid=27831377 showing all the technical mistakes you made, even something easy like querying google for pete's sake, you messed up large. You state you're a programmer, so I will just say what you kept repeating endlessly to apk, which is prove it. You kept acting the ass afterwards, even after the ac apk put up quite the impressive list of times his works and wares have been in written publications or doing well at respected technical contests like Microsoft TechEd too, in the sciences of computing from as far back as 13 years ago up until present time or near to it in 2007 or 2008. You by way of comparison are unable to do anything like that despite your stating you have been at this since the 80's in that exchange. Based on all of this, there is no way you could ever successfully convince me that you are a programmer. You can't even query google right.
*grins* I'm as cool as a cucumber. It's this AC and his sockpuppet that seems to have lost it.
Anyway, good luck with this guy. He's pretty thick-headed. Lemmy know how it turns out?
http://slashdot.org/comments.pl?sid=1219095&cid=27837223 sure you're cool as a cucumber (in a furnace), because you are making one screwup after another, just as you did here - http://slashdot.org/comments.pl?sid=1221343&cid=27831377 where all of your errors so far in this exchange have been exposed. You can't even query google properly and that was shown in the second url I posted. You say you're a programmer but there is no way you have tried to prove that though you demand it of others, and even if you could, based on your poor performance here it is obvious you are either not one and are lying or are crappy at it. Your choice, there are no other options so pick one. That's how many options I will leave you based on your errors and false accusations here and your inability to even query google right or know the meaning of simple acronyms like bsp which you had to ask for and I answered it for you and I am just a user.
http://slashdot.org/comments.pl?sid=1221343&cid=27831377 and you can call me all the names you wish, you are reduced to name calling like most frustrated children or noobs in this science are when they mess up and shoot their mouths off while inserting their foot into their mouth as you have with false accusations, technical errors on the topics, and most of all your trolling here (you certainly are not big on proof though you demand it of others and they provide it) I mean, least of all the statement you made that you are a programmer, because no programmer I know would screw up as much as you have on this forums in 2 to 3 days time as you have been shown to do in the posting above). Happy now, with your trolling? See what it got you? You are running yourself off this forums with screw ups and it is hilarious. Anyone is free to read the link I just posted for a good laugh though it comes at the expense of your reputation on slashdot. You brought it on yourself troll.
Loved your performance (or rather, lack of it on your part ion.simon.c) here - http://slashdot.org/comments.pl?sid=1221343&cid=27831825 nice of you ion.simon.c to make so many errors and false accusations that you ion.simon.c had to later admit you were wrong on here in this exchange. It's all there in black and white as proof that you made it too easy for the ac apk to tear you apart with ease, and believe me, it give us reading a good laugh,though at your expense ion.simon.c . You only brought the can of whoop ass the ac apk brought out on you, yourself, by trolling him. By the way, you claim to be a programmer? Prove it. You had the ac apk do that and he put up a list of 10 proofs that you had nothing like it to compare with from yourself though you say you have been using computers since the 1980's. I can now never believe that just based on the list of your errors in this thread in the link I posted just above. You're a troll.
What an idiot you are ion.simon.c for this statement - "Are you implying that you want to physically harm me?" from the post I am replying to of yours now. How on earth can anyone do that online, when they are not physically present to do so? You really are stupid. I've known plenty of little punks like you my entire life and sooner or later their wise ass remarks and snide buffoonery online gets them into a jam in the real world, everytime. I wager strongly you've had your ass beaten more than once a few times because of your pussy like behaviour and apparently you don't learn from it. Keep it up because I can promise you 1 thing that sooner or later your woman like ways will get your ass beaten in the real world because a moron like you definitely is not smart enough to avoid it as you create your own hassles as you have here and you are losing this debate badly evidenced here where all of your errors in this very thread are listed - http://slashdot.org/comments.pl?sid=1221343&cid=27831377
Prove you are a programmer,first. After all, I see you nearly constantly asking for many proofs here and on many things, which the ac apk did provide at your request. All your bullshit doesn't make me not believe the list of accomplishments the ac apk posted, along with all the errors you made here - http://slashdot.org/comments.pl?sid=1221343&cid=27831377 were listed to satisfy your request. You are nothing but another troll trying to save face here and you are not doing a good job of it. You are now off topic as is your usual also. I took a few minutes and I looked at your posting history. You have a pattern you try to repeat and it makes you extremely predictable. For example, when you are losing a debate, you start asking for "more detail" and you get supplied backing data that is detailed and you say it is not enough? Spare us. Poor little troll ion.simon.c, you are only fooling yourself, not us readers. Go away now troll, hide your head in shame. I state that since your performance in the link above which replies to you via quotes of your own words no less doesn't show any of us reading otherwise. It's shameful, and if you are a programmer (which I strongly doubt due to your list of errors in that url above as well as lack of proof you are, which is what I am asking for now). You lose, and don't have the good sense to realize it. Worse yet, you brought it on yourself and made horrendous technical errors and you try to do your trolling techniques and they keep burying you here, even moreso. It's your funeral.
OK I will email him and ask him a question. I found his email in his guide over at tech connect magazine and will email him a question and if you do not answer it correctly here, and he does answer the email, then we shall find out who is who. Fair enough? I know that will work because you do not have his email account to access as your own. You must think people are stupid you troll. Time to show you just how stupid you really are with this little test.
Are these your words in this thread, or were you being impersonated?
http://episteme.arstechnica.com/6/ubb.x?q=Y&a=tpc&s=50009562&f=12009443&m=545092007
Are saying that you're going to dump your copypasta into every post that I make from here on out? Oh, the horror.
If you are serious about this, do add a link to your very first comment, so's bored folks with an hour to kill can see the entire thread in all its glory.
How could the Ars folks differentiate between your IP and mine?
Moreover, why wouldn't you browse the forums through Tor? That works just fine.
Where's the copypasta that you promised me? I have a new reply to someone who's not you. It's more than an hour old.
No, no, no.
How do they know *your* IP address?
And, moreover, what would they *do* with your IP address if they had it?
You're a security expert, and they're a bunch of wannabes, remember?
If you were smart, you'd write up a little script that scraped my user page for new posts every ten minutes or so and posted some of your copypasta to each one.
If you were *really* smart, you'd do all this through a good proxy, so the admins here wouldn't catch on.
Let's see how smart you are. :)
Also, I have outstanding questions:
http://slashdot.org/comments.pl?sid=1219095&cid=27809231
Until they are answered to my standards, I have nothing more for you.
I know that YOU are a liar by this point, Ion.simon.c because you avoid my question to you asking for proof of your professional status as a programmer. It is obvious by now that though you demand proof from others you are unwilling or unable (the latter in this case) to provide proofs yourself. You are trying to get the better of your betters and it cost you your reputation here because you lied about being a professional programmer and are unwilling to disprove my statement calling you a liar. After seeing the list of errors you made I was almost certain you lied about being a programmer and now I have no doubt that you are not a programmer because you evade answering a simple question asking you for proof of if you are a programmer or not. I also just watched the film THE WATCHMEN and the very beginning of the film where THE COMEDIAN is trying to defeat OZYMANDIAS reminds me of this exchange between the ac apk and yourself, and you are definitely THE COMEDIAN in this case (except you are not funny and the beating you are taking isn't even funny anymore)
You sound like a botmaster who is trying to convince others that running unsecured is enough so he can take advantage of them being unsecured as the ac apk outlined how to do it along with his written quoted testimonials of others who have been free of such things as malwares for going on 2 years currently because of them applying his guide. I used it also and I used to be infested by bad ad banners and bad websites but the ac apk's advice of just turning off javascript has me not getting any infections like I used to. His ideas work and I am not a computer guru by any stretch of the imagination. I am glad I used his guide. Go away botmaster ion.simon.c, please.