The Birth and Battle of Conficker

NewScientist has an interesting look back at the birth of the Conficker worm and how this sophisticated monster quickly grew to such power and infamy. "Since that flurry of activity in early April, all has been uneasily quiet on the Conficker front. In some senses, that marks a victory for the criminals. The zombie network is now established and being used for its intended purpose: to make money. Through its peer-to-peer capabilities, the worm can be updated on the infected network at any time. It is not an unprecedented situation. There are several other large networks of machines infected with malicious software. Conficker has simply joined the list. The security community will continue to fight them, but as long as the worm remains embedded in any computer there can be no quick fixes."

Hate to say it...

[Tyrun]

But I think we all saw that one coming.

Correction

[HangingChad]

The security community will continue to fight them, but as long as the worm remains embedded in any Windows computer there can be no quick fixes.

Fixed that for ya.

Re:Correction

I think what you are trying to say is this

The security community will continue to fight them, but as long as Windows remains embedded in computers there can be no quick fixes.

But its hard to tell... care to elaborate?

Re:Correction

[timmarhy]

hasn't there been multiple worms for openssl and apache?

i'm suprised i have to make this point yet again, but there are more machines infected than the whole linux marketshare. until linux is really in the hands of the common newb you won't have an apples and apples comparison.

Re:Correction

[CAIMLAS]

There are more than you think. Old home computers are quickly becoming Linux computers.

There are a lot of independent techs out there who service the lion's share of home computers. Yes, Best Buy and the like get a lot, too. But they can't compete on quality service with the little guy (due to overhead), so they have to keep themselves going through quantity.

I know a handful "home computer techs" - people who work out of their house or have a small one-room office somewhere. They're making ends meet and keeping their families going by doing this while at the same time putting linux on computers that are only mildly useful for anything beyond XP (and sometimes even XP, eg. 256Mb RAM).

More often than not, the system is in need of a reinstall anyway due to some combination of users messing them up and malware. It's like scoring a 3-pointer at the buzzer, in terms of removing an infection vector.

I'm one such person, while I'm unemployed. I'd say maybe one out of 5 of the computers that come to me leave with Linux installed. Those satisfied customers then refer their friends and family. Not much repeat service, but quite a few referrals. It would also appear that people are oddly appreciative for preventing them from installing all that crap as well - "it just works nice and fast and there are no pop-ups".

Not only that, but when someone upgrades their computer (and they've got the proclivity to tinker) they'll do something with the old one. Linux has picked up a lot of mindshare, and I know many of the so called "tech savvy" types (who still need someone who knows what they're doing on occasion when they can't recover or get stuck) are doing this.

Re:Correction

[timmarhy]

i understand there are lots of pc's out there with linux on them, but that is just a drop in the ocean compared to what's sold with windows on it, and most of the linux systems out there are maintained by professionals and don't get uncle joe on them installing that bit of software to get his free porn.

sure linux has mindshare, but that hasn't translated into market share. The year of the linux desktop will also be the year of the linux virus.

Re:Correction

I'm one such person, while I'm unemployed. I'd say maybe one out of 5 of the computers that come to me leave with Linux installed. Those satisfied customers then refer their friends and family. Not much repeat service, but quite a few referrals.

What percentage of those users are still using Linux in 1 month? In 6 months? After 1 year? Per usual, something about your allegedly genuine pro-Linux story just begs more questions. How many users later dump the machine and end up just getting a new Windows machine instead? How many gain a new found appreciation for Windows after having used Linux for any length of time? How many users ever come back complaining that their X server is crashing or sound latency problems make watching YouTube unbearable? Even the most sophisticated user will have problems with Linux or find it not to their liking, yet these "regular people" seem to be happy as a pig in feces. You aren't telling us the full story, on purpose.

Re:Correction

[grcumb]

hasn't there been multiple worms for openssl and apache?

i'm suprised i have to make this point yet again, but there are more machines infected than the whole linux marketshare. until linux is really in the hands of the common newb you won't have an apples and apples comparison.

Silence, in this context, really is golden.

The absence of data actually does signify, as far as this argument is concerned. In effective terms, users can find a secure haven in non-Windows systems. There is, admittedly, some truth to the assertion that there's a myth of invulnerability surrounding FOSS systems. Amusingly, black hats seem to buy into it as much as anyone else.

Want effective protection from malware right now? Don't run Windows.

Will that protection exist tomorrow? Will it exist even after everyone and their dog has flocked to FOSS? These are, for the moment, academic questions. Developers, however, deal with such academic questions all the time. My personal feeling is that FOSS developers are up to the task of securing their systems even in the face of concerted attacks.

So what about that famously touted malware vector, 'stupid user tricks'? Ignorance and naivete are vulnerabilities in any system, technical or human. One doesn't have to look far for proof of that. But there's a fundamental logical flaw in this argument when applied to FOSS systems: The argument essentially says, "Once FOSS is just like Windows, it will be just as insecure as Windows."

This assumes that a mass movement to FOSS won't be accompanied by a cultural change, and I can't see how that's possible. The culture of the incurious, uninvolved and too-trusting Windows user is exactly what keeps Linux (and much of FOSS) off the desktop. FOSS punishes each of those tendencies. In effect, it pushes back against the very behaviour that remains Windows' last, greatest vulnerability.

I'm not trying to make the case for cultural change. Frankly, I'm getting jaded enough that I'm not so sure there will ever be a year of Linux on the desktop. But here's the thing: I don't care. Linux (and FOSS systems generally) work for me and my customers now. That's enough for today. I'll continue looking ahead with caution, but today, at least, I'm safe, and most of the rest of the world is not.

Re:Correction

[cenc]

In my experience 100% of the people I have volunteered to install Linux on their systems not only continue to use linux for years afterwords, bring me their new computers they buy with windows installed and ask me to remove it.

Among others:

dozens of first time to almost completely computer illiterate people.
Lots of people that have been using windows for years and are fed up with the crap, especially after most linux distros had more in common with windows xp than vista had in common with windows xp.
At least half dozen people over 60.
Lots and lots of teenagers.
Not to mention everyone that works in my office never seen a linux computer before they walked through the door, and now have them at home.

So, these arguments are for the ignorant that have not used a major distro in the last couple years.

Re:Correction

[cenc]

Really?

All the linux systems floating around for years and years and years, and no one has gotten a proper linux virus to propagate. You know why that is? Uncle joe can install his porno software (not really aware of what that would be, but for the argument), and still have relatively secure computing because of the WAY LINUX IS DESIGNED, USED, AND MAINTAINED!!!!

 

Re:Correction

[timmarhy]

your convenently side stepping the fact there is no motivation for virus writers to target desktop linux users, after all why waste time on ~1% of users. do you really think i can't trick a novice user into installing a trojan on linux? unless you have set them up with a highly restrictive environment where they can't install software on their own computer you will catch just as many as you do with windows, if not more because no one in the linux world seems to believe in antivirus

my arguement isn't that linux is hard to use, it's that it's users themselfs that are the security risk. novice users can't tell a fishing site from the real thing or know that "free game" they just installed contains a trojan.

Re:Correction

[AceofSpades19]

i understand there are lots of pc's out there with linux on them, but that is just a drop in the ocean compared to what's sold with windows on it, and most of the linux systems out there are maintained by professionals and don't get uncle joe on them installing that bit of software to get his free porn.

sure linux has mindshare, but that hasn't translated into market share. The year of the linux desktop will also be the year of the linux virus.

market share isn't the only thing that contributes to the security of an os. If software gets patched quickly, that can stop a lot of infections, which is an F/OSS strong point, not to mention the fact that unix and unix-like operating systems were designed to be secure.

Re:Correction

[cenc]

have you ever used linux?

Re:Correction

[InfiniteLoopCounter]

i'm suprised i have to make this point yet again, but there are more machines infected than the whole linux marketshare. until linux is really in the hands of the common newb you won't have an apples and apples comparison.

I know. It's typical isn't it? I've been waiting for a Linux version of Conficker for some months now. That's why I still have to dual boot: I just can't get the same experience using Linux as with Windows.

And before you suggest it, I'm not about to take the trouble to manually downoad and install some other academically written virus as a substitute. Also, typically, deficiencies in WINE stop me from running the Windows virus.

I know there is the whole marketshare thing, but I think there's just more the developers could be doing on a variety of fronts to address what is really a critical problem with Linux.

Re:Correction

[westlake]

There are more than you think. Old home computers are quickly becoming Linux computers.

More likely they are going to the dumpster.

The most conspicuous thing about Slashdot conversion stories is that you never see the numbers.

You never see the competition.

Repairing or rebuilding an aging system is going to take a little time.

That sets an upper limit to how much product will be moving out of the geek's one man shop.

There are other curiosities.

Such as the customer who wants to see a four, five - six or eight - year investment in Windows software erased from his hard drive.

Re:Correction

[zkiwi34]

Considering the number of high value Linux targets out there, you'd be very very wrong that people are not trying to generate systemic Linux hacks so they can make their filthy lucre.

Re:Correction

[mrmeval]

If a Linux based distribution was the dominant desktop OS the morons who run a PC would be infected within minutes. They'll click on, suck up, snort or fk anything presented to them. I've had intelligent people click on, install or follow complex instructions that disable all security on a PC so they could install 'that cool looking game' and then lie about it even when I had logging software logging to a remote server.

Re:Correction

[TheLink]

> If software gets patched quickly, that can stop a lot of infections,

Uh, if those windows machines actually ran "windows update" there would be no conficker.

So if Desktop Linux had the same users, they may not run "ubuntu update". Why? Because the last time they updated their machine stopped working properly

Think that will never happen? See: https://answers.launchpad.net/ubuntu/+question/24523

Notice that user actually understands "grub" and "kernels" and knows where to find help. Other users might just never update. If the O/S ever has millions of users, these users start to add up.

> the fact that unix and unix-like operating systems were designed to be secure.

Incorrect. Unix is a watered down Multics.

Linux and most Unix OSes don't provide much security by default.

By default, any program the user runs, can do everything that user can do. There is no sandboxing.

And whatever a unix/linux normal user can do is more than enough for the conficker worm to make money for its masters.

So all the bad guys need to do is get the user to run their program.

If Ubuntu ever has "windows class" users I doubt it'll be hard to get them to download a file and type:

perl conficker

Then it's pwnage time.

If desktop linux ever has the market share that windows has, it'll start to have lots more "dancing pigs" applets that people want to run.

Some will actually be OK. And some will be malware.

An O/S whose security depends on people being able to tell whether something is safe or not, without the people actually being able to see and understand the source code, or know the entire inputs, is an O/S that expects people to solve something harder than the halting problem.

Thus in my opinion Windows and most Unixlike OS have poor security.

There are ways to give users better info on whether something is safe or not before they run it.

For instance say an O/S requires a program to list out what sort of access it requires ("guest applet access", or "full system privileges").

Then the O/S can provide the user more meaningful AND true information, and the O/S can also enforce those limits if the user decides to actually run the program.

So if a "dancing pig" applet claims to not want network access, it will NOT get network access, even if it tries to later.

That's far more secure than what the current O/Ses do.

Re:Correction

In effect, it pushes back against the very behaviour that remains Windows' last, greatest vulnerability.

Allowing that behavior is exactly why Windows is used by the clueless who don't wish to be clued in. Those people are probably greater than 75% of the public.

So long as Linux gives the "push back" you refer to, you are correct: there will never be a "Year of the Linux Desktop".

Re:Correction

[RyuuzakiTetsuya]

I'm tired of this meme.

The thing about worms like Conficker is that they absolutely do not rely on user interactivity with some sort of trojan interface. No, "CLICK HERE FOR FREE PORN!" or, "DOWNLOAD THIS APP AND GET GREAT WAREZ!" apps.

Conficker spreads site to site silently through vulnerabilities in Windows.

Yes, it's possible to own *NIX boxen via trojan horse deployments, but for home users who aren't running apache, mysql, openssl, ssh, ftp, gopher, BIND, etc. the non-user infection vectors dry up. This is because Windows *sucks* for system security. While it's possible to pull privilege escalation on *NIX machines, and other OSes, often, they're a pain in the ass and usually require specialized setups(certain version of MySQL running with certain version of Apache, with... etc). Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned.

Sure, disabling autorun, running firewalls, virus scanners, etc. is great computing practice, I think it's more to expect from a typical home user who just wants the damned thing to work regardless. Lots of people use a computer thinking it's, well, a computer. Not a car, or a fax machine or a rifle that every so often needs to be broken down and maintained. Nor should it be. Modern file systems are virtually self-optimizing and aside from system updates and making sure there's room on your disk, which NO OS can really claim to do for you, unless you count Apple's MobileMe/.Mac service, even then it's only 20 gigs, most modern OSes can just be used on end with out much worry. Except most machines aren't running with components designed in this decade, they're often running Windows.

Re:Correction

[mshurpik]

>Linux has picked up a lot of mindshare

The problem with Linux on the desktop is that it's not very compelling.

Linux shines when the people around you are using it. That is, on your LAN or within telnet's reach. X is amazing, when used remotely. Why download and install a program when you can just telnet over to where its installed? Assuming the bandwidth is there (and it's a hell of a lot more there each year), the program will run. And it will be a lot faster than doing it the newfangled way, which is to make it a web service.

Linux makes a great desktop, if by "desktop" you mean network terminal. But we don't have a network. We have the web, which is a single graphical application (the "browser") that runs best on Windows. Just like a video game.

Linux won't, and probably can't, catch on until the network is there to support it. That includes small and large businesses, which have networks that would benefit from it, and are still using Windows. Businesses can use Linux the way it is intended, right now. But the "home desktop" is designed to deliver applications, not services.

Let's put it this way: The day some 14-year-old kid installs IIS for XP and hosts a webpage from his bedroom will be the first day of Linux's life. To my knowledge, nobody is hosting squat. Except on bittorrent, which doesn't quite count, because although BT is a protocol, people use it like just another Windows app.

Re:Correction

[Opportunist]

It may not be popular on /., but Windows isn't the main problem here. The core of the problem is people not giving a shit about the security of their system. Whether that system is Windows, Linux or Mac is irrelevant.

Windows has reached a point where it can be considered "fairly secure". There are few known security holes, and none that can't be fixed with a little system tweaking and putting a router in front of the machine. But what can the system do if the user is the main point of failure, when he grants everyone any kind of privileges?

Take a look at the Dancing pig problem. In a nutshell: "Given a choice between dancing pigs and security, users will pick dancing pigs every time."

A webpage promises the user what he wants to see or do. Firewalls and security systems ring alarms because what the page actually will do is install malware. But the user clicks it away and allows it in. Because he wants to see the dancing pigs (or install a crack, or see some pron, or ...).

What system could avert that? Only one that does not allow its owner to do what he pleases. Do we want machines that we don't own but that only install what's "good for us"? I wouldn't want to go there...

As long as people don't give a shit about their security, this problem will not end. Be it with Windows, Mac, Linux or FantasyOS. And people will not give a shit about their system's security and whether their system is a threat to the rest of the internet as long as they are not held responsible for their system's actions.

Re:Correction

[hairyfeet]

You are talking about servers which have these things called Linux administrators, or Guru if you will, that actually read security bulletins, patch on time, have IT experience, etc. This makes them a lot harder target than Velma.

Everybody, meet Velma. Say hi Velma-(Hi Y'all!)

Working in PC repair and sales since the days of Win3.xx, when dinosaurs roamed the earth as my oldest puts it, I have found Velma to be a VERY typical Windows user. She rarely if ever patches because it scares her that it might "break" something, if it wasn't for me should would be running the Norton that expired in 2004 for an AV, and worst of all, like WAY too many of my customers, she has a serious weakness. In Velma's case it is her BFF Kim. You see, her BFF Kim is what some of us in the biz call a "click whore", in that she will click on ANYTHING. Spam attachments, chain letters, you name it. And Velma will ALWAYS trust her BFF Kim no matter what to tell her. Now please enjoy an ACTUAL account of my working with Velma-

/Me/Velma, that is a password protected zip file. It is even telling you to turn off the AV before opening! It is a Virus, do NOT open that!
(Velma) Ohh...You worry too much. It is from my BFF Kim! She wouldn't send me anything bad! See, it says "happy puppy pics!" Isn't that nice?

/Me/ Velma, it isn't pics. Pics end with .jpg. That is Happ_Pup.exe! That is a virus! Do NOT run that! (Velma) Oohhh...drink decaf, it'll be fine! See it has Kim's name on it and everything! /Velma turns off and ignores AV warnings, runs .exe, popups start sprouting everywhere and the network crashes from all the activity/

(Velma) Whoops. But it MUST be a trick, because my BFF Kim wouldn't do that! /Me/.....

NOW do you see why Linux "security" wouldn't be worth a bucket of warm spit if Linux got all the Velmas of this world? If you ever do manage to get Velma and Kim and all their little buddies onto Linux your good friends at the Russian Business Network and their friends in China and Nigeria would be sending "Happ_Pup.sh" along with easy to follow instructions on how to run it. And Velma and Kim WOULD run it, no matter how many times you told them not to. It is simply the dancing bunnies problem and short of forcing Velma and all her kind to run locked down thin clients with no rights at all to their own machines Linux will NEVER fix it. Sorry.

Re:Correction

I see the same thing happening. I'm not exactly unemployed-rather self-employed. In any case I repair computers too while I start my business-which will also repair and sell computers.

Re:Correction

The most conspicuous thing about Slashdot conversion stories is that you never see the numbers.

Most of the stories are works of fiction.

Re:Correction

[cyber-vandal]

The trojan will of course have to work on several subtly different distros that are running one of several windowing environments and the users will be browsing the web with one of half a dozen web browsers. Windows is a monoculture and is therefore very easy to attack. Desktop Linux is not.

Re:Correction

[OolimPhon]

...the fact that unix and unix-like operating systems were designed to be secure.

Incorrect. Unix is a watered down Multics.

Total bollocks. You've never used Multics, have you?

Linux and most Unix OSes don't provide much security by default.

Do you have even the faintest idea what you're talking about? Didn't think so.

By default, any program the user runs, can do everything that user can do. There is no sandboxing.

...except that the standard user can't do much to damage the system. By design. The worst they can do is to nuke their own files.

Re:Correction

[uassholes]

Curious about which distro you install for them.

Re:Correction

256Mb ? Windows XP runs on 32MB?

Re:Correction

I have a friend who installed Ubuntu on his machine and was actually quite happy with it. He searched google for basic information and was able to get xine up and running to watch dvd movies on his 32 inch monitor connected to the pc. He was extremely happy that he no longer had to worry about viruses.

One day he called me frantically complaining about the inability to login because the system refused to accept his password. After calming him down, I found out that he had a second account called .... test. The password was also ... test.

Well we logged into test-test and did a sudo to root (which didn't require a password becuase test was properly configured in the sudoers file) then changed his normal account's password.

He was happy again.

Later I was able to look at the auth logs... and just as I suspected.... someone logged in using test-test from the net using ssh then changed his other account's password. (He has a cable modem and no NAT set up)

The ubuntu default firewall is ok..... but cannot prevent bad things from happening to people that creates accounts called test / password test.

And that is my biggest fear with linux going mainstream. People like that will quickly give linux a bad name when the year of the Linux desktop arrives.

Re:Correction

[John+Hasler]

> I know there is the whole marketshare thing, but I think there's just more the
> developers could be doing on a variety of fronts to address what is really a critical
> problem with Linux.

The guys at Freedesktop.org are hard at work on the problem and making considerable progress.

Re:Correction

...except that the standard user can't do much to damage the system.

So what? The problem isn't the local system being damaged, the problem is endless spam and DoS attacks. These work equally well from unprivileged users on both Linux and Windows.

The worst they can do is to nuke their own files.

Which, for a user, is the worst thing that can happen.

As the OP said, all desktop operating systems have crap security. The one thing they protect is the one thing that matters least.

Re:Correction

[doulos05]

I know, I totally agree. In the neighborhood I live in, houses get broken into all the time. I know this one guy who has a big, fancy "security system", and he's never been robbed. But I think it's just because there's so much other low-hanging fruit.

Besides, most of the people who got robbed were doing stupid things, like assuming that their locked door would actually stop anybody other than them from getting into their house. One guy forgot his key so often, he just never locked his door anymore. They got him real good.

And really if you think about it, the thieves would just learn, evolve, and adapt if we all got security systems. They'd find a way in. Sure, the break-ins would only happen weekly instead of daily, but I don't think that's really a large enough reduction in frequency. And sure, the alarm system would notify the police so they'd be able to get here quicker and maybe apprehend the criminals, but I think the police should just patrol our street 24/7. They should park a police car in front of ever house, then they'd nail these burglars real fast AND we wouldn't even have to call 911.

What I really wish is for that moron on the hill with the fancy security system to just shut up about how beneficial it is. He must be grade "A" stupid to see most of the people who got robbed were asking for it.

Re:Correction

[AceofSpades19]

Uh, if those windows machines actually ran "windows update" there would be no conficker. So if Desktop Linux had the same users, they may not run "ubuntu update". Why? Because the last time they updated their machine stopped working properly Think that will never happen? See: https://answers.launchpad.net/ubuntu/+question/24523 Notice that user actually understands "grub" and "kernels" and knows where to find help. Other users might just never update. If the O/S ever has millions of users, these users start to add up.

This is why I run a stable distro that doesn't break everything all the time. Debian stable for example, I think it would be highly unlikely for anything to break during an update.

Re:Correction

This is half true. Yes, you are safe from most worms and viruses. However, most of the hackers use Linux themselves, they're more familiar with its inner workings than they are with Windows. There are quite a lot of vulnerabilities in old versions of software than run on Linux, and Linux applications update faster and more often than Window applications in order to solve these vulnerabilities.

Most users don't keep up to date on all the latest software all the time, even the most jaded network administrator has a lot of things on his mind and does not always have the time. The result is that your system is more vulnerable than Windows is, in reality.

I have two very intelligent well paid friends who run separate Linux shells, they give out accounts to close friends; they keep up to date on patches, set resource limits, use safer alternate email and dns daemons, etc. Their shells are constantly being hacked into and exploited to host news websites by alqaeda, it is a never ending battle for them to keep the hackers out. One of them decided to completely shut off apache access to all users now in order to solve the problem, so now its nothing more than a shell to retrieve and store files via ssh. Also, there are a lot of users using GoDaddy and other hosting services for example, and by default they install an extremely out of date Linux system for you with every flaw known in the book.

In addition, SSH for example, which is today a staple of *nix network management and central to its needs, has an enormous amount of past and current vulnerabilities. As an example, there is currently a flaw in SSH that has not been corrected yet that allows someone to man-in-the-middle attack your SSH connection very easily and witness everything you are doing on your machine.

Moral of the story, do not think just because you use an alternate operating system that you have to be less vigilant.

Re:Correction

[hairyfeet]

Actually here in the south we got a great and REALLY cheap security system! we call it a MoM(mean ole mutt). Hell my last family MoM didn't even cost us a cent, because as my mother was complaining about somebody stealing gas out her car I noticed a half wolf stray hanging around the edge of the property looking to steal some cat food. A couple of leftover cheeseburgers later and Voila! Perfect security system!

Sure enough I came out the next week and the oldest was laughing "Look at what old Jack(that's what the kids named him) has in his mouth!". So I call ole Jack over with a leftover burger and he just prances up pretty as you please with a chunk of bloody blue jeans in his mouth. My mother said "We hear this scream about 2Am and by the time I got to the door a car was peeling out down the street and old Jack was prancing up with that in his mouth." which of course earned him a pat on the head and an extra burger. We never had a problem with theft again!

Old Jack went off in the woods a month ago and never came back. We figure he just went out in the woods, laid down and died. But lucky for us old Jack sired an offspring from a passing female so we have little Marco to take his place. You really can't go wrong with a MoM. They are cheaper than a burgler alarm, are happy to take care of any leftovers you might have, and a little pat on the head and a dry place to sleep and they are happy campers. And I don't know why, but I have seen junkies that wouldn't back down from a loaded 9mm back off from a MoM. I guess there is just something primal about seeing a large mutt with those teeth shining and the hair slicked back. But I bet if those crooks came across a MoM more often they would move on down the road.

Re:Correction

[ScrewMaster]

I'm not exactly unemployed-rather self-employed.

A fine distinction at best.

Re:Correction

[orange47]

"perl conficker" aha, but thanks to 'wonderful' Linux system, that would end with an error requesting some dependency or special kernel version or even other distro.. seriously, the average Linux user would stick to known repositories, its easier.. for anything not there, he'd use wine or virtualbox..

Re:Correction

[JackieBrown]

Just curious, but what did he need he need ssh for?

I know what I use it for, but I really can't see my mom using ssh. And it's pretty easy to lock down if only you are using it to help update his system (or some other legitimate excuse.)

There is not much you can do in regards to weak passwords other than forcing users to create strong passwords. But you can not install applications that allow others to remotely log into your system.

Re:Correction

[orange47]

aha, but, if Velma doesn't care about security and doesn't understand computers, than she won't need executable scripts in email attachments. she can't have it both ways. it should be trivial to block all unsafe files in attachments (or always run them in some sandbox), and linux can do it better because it recognizes files by headers and not just the extensions..

Re:Correction

That's the point though. SSH is installed by default in ubuntu and iptables is set up to allow incoming connections. As long as the username and password is correct, like test/test, then someone can get in.

I disabled ssh of course so he's fine now. I also gave him a stern warning about weak passwords.

My point is that a lot of people getting into linux will not be too bothered about security at first because, after all, it is "more secure than windows" so why bother.... Then things like this will happen and Linux will soon get a (deserved or undeserved) bad name.

Re:Correction

[simplexion]

I have no idea why that comment is moderated Insightful. There is absolutely no insight when the person is just ranting on something they don't really seem to understand.
Oh and yeah... end users are generally the problem but Windows makes it so easy for them.

Re:Correction

Visual Studio is able to detect what permissions your application needs and restrict what it can do.

Re:Correction

[obscuro]

your convenently side stepping the fact there is no motivation for virus writers ... no one in the linux world seems to believe in antivirus

I run antivirus software on my Linux desktop for the purpose of avoiding forwarding infected files. So... there's one Linux user who cares about viruses. As for motivation, there's certainly deep motivation to crack Linux servers.

Re:Correction

[TheLink]

There's a lot you can do with a few lines of perl.

On most perl installs the LWP library is included (even on Windows perl installs). IO::Socket::INET is most certainly included. And you can bundle perl libs (especially the ones written in perl) you need if you use pp.

It's not difficult to write a cross platform perl trojan than makes sure it is restarted each time (if linux/freebsd use crontab and/or at, if windows use the registry), searches the web or a P2P network for new instructions, validates the instructions (check digital signature) and then fork children to execute the instructions (that way even if there's a stupid bug only the child dies - the parent continues running). It could then end up doing stuff like send spams, DDoS a target, pop up ads and more.

There are also the other alternatives like python or lisp. I'm not sure if the antivirus people will be able to keep up if the malware authors start using languages that allow very rapid development. A different version with new features every few hours :).

What makes conficker interesting is typically the people who are able to do all that "fancy stuff" don't write malware - they make their money doing other stuff. As a result most malware is normally not that sophisticated and I'm not sure if it really needs to be that sophisticated. They don't normally get new instructions AND check them using digital signatures and public key cryptography :).

Maybe the increasing sophistication is due to a "war against" other malware writers/commanders - a malware writer would want the zombies to be controlled by him/customers, not his competitors. The AV people might just be smaller annoyances in comparison.

Re:Correction

[hairyfeet]

Ahhh.....You are making a classic mistake, did you catch it? Here it is if you didn't-you see Velma is your BOSS when you are working for her, and if you tried that kind of shit you would be fired! Let me tell you another true story. Yes I like stories, because I'm southern and that is how we do things dang it!

This is another true story illustrating your catch-22 told to me by my friend Glenn the server admin. He actually had to go over his bosses head(risking losing a seriously good paying job) to the regional director, which was a serious no-no in that company, after having this conversation with his PHB- "You have NO RIGHT to tell me who I can and can't correspond to, do you hear me? I AM YOUR BOSS and you will let through my emails from Melissa right this minute or I WILL fire you!"

Now lucky for Glenn the regional director turned out to know a thing or two about computers and had more importantly seen the papers on the spread of the Melissa worm. If he hadn't, then Glenn would have been out of a good paying job. You see the catch with dancing bunnies is the user WANTS the bunnies. Not only will they NOT thank you for blocking the bunnies, they will actually fire your ass if they can. This is why security doesn't work. It doesn't work because your friends at the RBN and their friends in China and Nigeria have long since figured out how to make the bunnies attractive. And for the Windows home user THEY are the boss and they WILL fire your ass if they can't see the bunnies.

So in the end all you can do is make this face and clean up the mess, along with cashing the check, of course. It is a capitalist country, after all ;-)

Re:Correction

"All the linux systems floating around for years and years and years, and no one has gotten a proper linux virus to propagate" - by cenc (1310167)
on Saturday June 13, @12:33AM (#28317381)

"All those linux systems floating around"? That's funny... face it, by way of comparison to Windows usage? Practically nobody uses Linux. At least, not by way of comparison to Windows.

(And, please - Don't try to tell any of us there aren't any Linux "viruses/trojans/worms/spywares/malwares-in-general" either, because I'll produce a list that will make your head spin).

APK

P.S.=> I know 1 thing: IF Linux were to be used by the majority of PC Users, such as the "Uncle Joe" type you noted? You'd see Linux get "run over" by a wave of viruses/trojans/spywares/worms/malwares-in-general - Simply because the malware makers out there are out to target the largest body of PC users possible, & that's Windows NT-based OS users, which makes sense for them, from THEIR "POV": Target the largest single body you can via a single shot (because they are NOT out to just "wreck your PC" nowadays, but instead, the game has become quite a bit more serious, & that is to TAKE YOUR MONEY or PERSONAL INFORMATION)... apk

Re:Correction

"Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

Neither do Windows NT-based OS users, once they cut the "SERVER" service... that controls all/each of the things you note, & if they only have a SINGLE system @ home, or more that are not "networked to one another"? Problem solved... easily! You can layer on more defenses ontop of that simple measure, just in case you DO 'suck in' a malware that reactivates it, & the guide I post below, shows how!

----

"Sure, disabling autorun, running firewalls, virus scanners, etc. is great computing practice, I think it's more to expect from a typical home user who just wants the damned thing to work regardless" - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

Want to "do it right", & as EASY as possible? See here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (&, beyond):

http://www.tcmagazine.com/forums/index.php?s=da9e00ecfeb1ec4065b3c748e4ee4e02&showtopic=2662

----

And, it works...

(Nicest part is, that the CIS Tool makes it as SIMPLE as it gets for Windows XP users to secure themselves @ the registry + filesystems levels by guiding them as to what to do & the directions are detailed enough & good, & then using Windows Server 2003's "SCW" (security configuration wizard) does as well, & it's "built in" as an addon you can install in Windows Server 2003).

APK

P.S.=> Layered security, above & beyond the std. practices of a software firewall, antivirus, &/or antispyware programs resident + how to make it as easy as it gets (due to the CIS Tool making it so) to have a secured Windows NT-based OS of modern variety, step-by-step, & for a user's opinion of it (just one of MANY)? See here:

http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

Re:Correction

[RyuuzakiTetsuya]

Do you know what's easier to do than following any of those directions?

Buying a fucking Mac.

Good day sir.

Re:Correction

[orange47]

so, tell me, when your boss enters the airplane, does he demand the right to fly the plane? After all, its probably his personal jet and he is the most important person in it. Why should he trust some pilot with his life?

Time to reconsider "anti-worms":?

[John+Hasler]

n/t

Re:Time to reconsider "anti-worms":?

[symbolset]

My God! It's full of anti-worms.

Re:Time to reconsider "anti-worms":?

[g-san]

Go for it. See if you can reverse engineer conficker's encrypted and digitally signed binaries. It's only RC4 and MD-6. MD-6 was only released a few weeks prior to the first wild sightings of version C. Still wanna mess with these guys? Then all you have to do is figure out which of the 50,000 domains spread across ~120 .tlds to register so you can put your binary on it for when conficker does it's daily payload check.

Or if you want, you can try to infiltrate it via its own P2P network. You better be quick, if conficker detects it is being debugged, it quits. Can't look at the code? Hmmm, maybe look at the p2p protocol? Doh! you cannot run wireshark on an infected system, conficker process kills just about anything you would use for disinfecting every second (though I might change the .exe name of a tool i was using). But even then you have to figure out the digital signature before conficker will run your binary, it's a 4096 bit key, you better get started. Bonus points for breaking it before the authors update it.

This worm is piece of work. It memory patches your dns resolver. It kills your security products. With it's encryption, every copy is different. It hides with random file name, in several locations, date same as your kernel, and the registry entries get pretty names most would overlook on a quick glance. The ports it opens are a function of your IP address, so you cannot just look for port xyz traffic, but a remote conficker can figure out which ports should be open for your IP. It does updates with a plain URL that no IDS could catch without red flagging genuine HTTP requests. It closes it's infection vector but opens another back door. It pokes holes in your firewall, and gives them pretty names too. But wait there's more! It tries to spread through network shares with weak passwords and copies itself to the modern sneakernet of USB drives. Its IP scanner even avoids unregistered address space.

The authors of this worm seem to be a few steps ahead of everyone. It's weaknesses get patched, it's vulnerabilities get updated. As long as we have people running pirated copies of Windows, or people too afraid to auto-update for whatever reason, we better get used to things just "living" in the internet. Anti-worm? goodluckwiththat!

"Watch me" service

[davidwr]

If your ISP provided a free service where it would text or phone you and offer to help clean up your systems if it detected malware-ish behavior coming from your computer or network, would you sign up?

The only gotcha is that you would be inviting the ISP to watch your traffic.

OK, this is slashdot, so most people would say "no," but how many regular people would say "yes" and would that make much of a difference?

Re:"Watch me" service

[Agent+ME]

Regular people just care that whatever is on their computer isn't directly costing them money or causing it to visibly malfunction. From experience, I know most would ignore any offers to help, sadly. Guess the trick is to find a way to make them want to disinfect their computers.

Re:"Watch me" service

[Darkness404]

Exactly, other than adware or software that directly and immediately causes identity theft, most people don't care, after all computers are supposed to be slow after about a year because all the hardware goes obsolete right?

Re:"Watch me" service

OpenDNS already have a system set up where, if you use their DNS servers, it will tell you if it detects any Confiker-type activity on your network. Non-intrusive, transparent to the end-user, and quite effective.

Re:"Watch me" service

They could slowly jack up the cost of the service over the course of a year, then offer a few dollars off of the bill if the user complies.

Re:"Watch me" service

[Darkness404]

Yes, but what happens if this leads to more filtering? Such as "Your computer has been using a lot of P2P, install this to scan for any unwanted programs" and it sends all the data to the RIAA/MPAA?

Re:"Watch me" service

[RoFLKOPTr]

Guess the trick is to find a way to make them want to disinfect their computers.

"Every time you don't update your antivirus, a kitten is struck by lightning."

Re:"Watch me" service

[Tubal-Cain]

Guess the trick is to find a way to make them want to disinfect their computers.

Or make them want something that Linux has but Windows doesn't. Unfortunately, users tend to have weird priorities. They won't budge over the seemingly intangible factor known as 'security', but they might switch in a heartbeat for Gnometris.

Re:"Watch me" service

[derspankster]

Glad I'm using OpenDNS since my wife continues to use Windows.

Re:"Watch me" service

[nametaken]

Regular people just care that whatever is on their computer isn't directly costing them money or causing it to visibly malfunction. From experience, I know most would ignore any offers to help, sadly. Guess the trick is to find a way to make them want to disinfect their computers.

Easy, do what the government does... fearmonger.

"ZOMG Identity theft!!#!"

They'll be begging for free help.

Re:"Watch me" service

[alienunknown]

Ahhh that brings back memories....

Re:"Watch me" service

I ran an ISP only a few years ago. The number one source of identifying hacked PC's was abuse messages coming to our admin accounts. It didn't take our support staff long to lock out and call the customer. Many would say, "yes, the computer has been running slow lately", and thanked us for fixing their virus.

We also monitored our MRTG graphs. If we noticed strange spikes in traffic, our network people would investigate. One time we had to shut down a chess server at a high school. I will say this was in a rural area where just getting ADSL in at all was difficult. We didn't have enough bandwidth back to MAE East to allow it on a multi-point circuit with many other oversubscribed customers. But, more often than not, it would be a hacked machine. We would cut it off and everyone else would get fast Internet back.

Of course much is changing. Where it used to be Internet servers with root-kits, now its at the user end. An IDS should be part of any Internetwork. Even allowing the millions of spam hitting can kill the most robust SMTP system. As for Conflicker, blocking and monitoring its known ports doesn't require any "Bush era type" spying. It is just good networking. A good ISP will protect its address space from being put in a db. Of course, when it does happen, going to the db usually outs the hacked address space. For many years, colleges were the worst offenders. But it could be one customer on a dial up line that pings you.

The part that really gets me today is that most Wintel users don't have a DART (ERD) disk since they ain't MSCE'ed. I've quickly fixed many a PC with them. While the public is better educated when opening email, many still don't protect their browsers. I'm glad to see Win7 will be browser neutral in Europe. I would like to see Mozilla put up a list of recommended plug-ins on installation to at least get NoScript to more Firefox users. For you finger pointers out there, Java/Flash run on all the major web servers (and can be platform independent servers themselves).

Combating hackers goes back to the pre-browser days (yes children, we used to gopher). Much of the early hacking led us to an open Internet (yes, it used to be a closed university/military network). Much of the early hacking was for chat, games, and Usenet. Today it is organized crime. Hacker ISP's run a lot of this business. I was glad to see one closed down recently, but there are many more still running. Add to that the server farms with many hacked servers, and we are here today. Powerful bot-nets controlled by the highest bidder. Some day, some stupid "green card spam" will crash everything again (yes, that is when we lost Usenet). Every ISP and server farm should be responsible and not be part of the problem.
-John Clark

Re:"Watch me" service

[Mistlefoot]

Then most, if not all, ISP's could use this strategy too. Seeing as to how a very high percentage of users (my guess) would use the automatically obtained dns servers (from their ISP). And it would be just as "non-intrusive, transparent to the end-user, and quite effective."

The ISP where I live - Shaw - offers free Anti-Virus based upon F-Secure. Based upon this link it does protect against Cornficker and tools are provided to remove it.
http://www.f-secure.com/v-descs/worm_w32_downadup_gen.shtml (non clicky on purpose)

Re:"Watch me" service

[TheGratefulNet]

after all computers are supposed to be slow after about a year because all the hardware goes obsolete right?

that; or they're running SSD's.

Re:"Watch me" service

[Darkness404]

I never really got what made SSDs less reliable than HDs, I mean having bought cheap flash drives, used them extensively and the only ones that I have had break were broken from physically breaking them in some way. On the other hand, I've had several "name-brand" drives either fail for no reason or give me the "click of death", along with an EEE with moderate use with an early SSD that hasn't failed yet.

Re:"Watch me" service

The only gotcha is that you would be inviting the ISP to watch your traffic.

But that's a gotcha for ISPs too. A lot of them want to continue being neutral access providers. They do not want to be aware -- and thus liable -- for what is passing through their tubes.

Re:"Watch me" service

Comcast sent an email to my boss stating he was infected with no opt-in. But we know where they stand on privacy issues.

Re:"Watch me" service

I got my girlfriend to use Ubuntu64 (because her laptop shipped with 32-bit vista, and it's a 64-bit processor), and she loves it. Because of the gnome game pack. She already used openoffice.org as well as Firefox, so not much of a change as far as she was concerned except there were more games.

Re:"Watch me" service

[shentino]

Especially if the RIAA lapdo, er, CBS is involved and your ISP happens to be a subsidiary.

Re:"Watch me" service

[shentino]

Except that government is vulnerable to pressure from lobbyists.

"Bot traffic" could easily be written up in legalese to mean anything special interests don't like, such as bit torrent.

Which may be even easier than expected if ACTA remains classified to the bitter end.

Re:"Watch me" service

[westlake]

If your ISP provided a free service where it would text or phone you and offer to help clean up your systems if it detected malware-ish behavior coming from your computer or network, would you sign up?

I'll take the odds that your cable ISP has a free Internet security bundle for Windows.

Security Center

OK, this is slashdot, so most people would say "no," but how many regular people would say "yes" and would that make much of a difference?

The uncomfortable truth about privacy is that is you are most likely to have it when you don't want it. But that is a lesson lost on the young.

Your Bell Telephone service was monitored for quality control for one hundred years. For most of those years, the phone was your lifeline.

Securing the network was in everyone's best interest.

Re:"Watch me" service

[shentino]

Probably because ISPs tend to have deeper pockets than customers and are thusly more apt to be shoehorned into a booby trap if they try to be a good samaratin.

Re:"Watch me" service

[Opportunist]

Sure! I'm in the EU, they're watching my traffic already anyway, mandated by law. They could at least use that privacy invasion for some good, too, for a change.

Re:"Watch me" service

[Opportunist]

You know, that WOULD actually be a quite well working solution.

Whatever the worm wants to do, it must eventually do a DNS lookup. How many people go "normally" to masjwefkangagjagawrh.uprekj.cn?

Re:"Watch me" service

[icannotthinkofaname]

I never really got what made SSDs less reliable than HDs

I think it's the third point in this list, the "memory wear" problem. If that problem didn't exist, it'd probably be the perfect storage device.

What do you think? Good reason to stick with regular HDDs?

Re:"Watch me" service

[Opportunist]

"Regular people" don't care at all. That's the whole point here.

They don't care as long as it "works". And "works" means, as long as they can surf their web, read their email, write their letters and maybe play a game or two. As long as the system does that, they don't care about anything going on inside. They don't care whether they spew out spam as long as their connection remains fast enough to read pages and mail at normal speed. They don't care whether they are a botnet hub as long as it doesn't slow the machine down past the point where it becomes a drag. And given the horsepower of current machines and the average workload they have to do for "regular people", the chances for this happening are slim to nil.

Re:"Watch me" service

[Opportunist]

"So? Ffffft.

How likely is that to happen? Almost zero? Fffft. And when it happens? My bank will cover the loss so I shut up and don't make a stink about it, so does Visa, so? Ffffft."

That's how this is perceived. It's no biggie. The money that may be lost will be covered by the financial institutions that don't want people to lose faith in online transactions. And that's about all people care about when it comes to identity theft.

Re:"Watch me" service

[Erikderzweite]

You're not alone in that experience. I've converted my father to Linux a couple of years ago. I converted him because of security issues and all the Window maintenance hassle.
But I also know that the real reason he has switched were foobillard and same-gnome. He still plays his old spider game in wine though because he doesn't want to lose fine statistics he has there (have to look whether I can change AisleRiot's stats manually to make him switch :) ).

Re:"Watch me" service

[noidentity]

Somewhat related to this "not directly costing money" when a machine is infected, I recently got high-speed Internet service in the US via a cable modem. Using two different brands (Ambit and Motorola), there is constant flashing on the modem's LAN light and my router's WAN light the moment it connects. I've searched for explanations and the two are that the modem/router are constantly talking to each other for no reason, and that it's the random traffic that all the malware-infested machines in the world are directing at my particular IP address. The latter possibility is very intriguing, as I thought that the main load ISPs faced was just spam e-mail and having to filter it. The idea that they are essentially dealing with constant traffic to every node is astounding. Any idea which is the real cause?

Re:"Watch me" service

The problem is, who gets to say what's bot traffic and what isn't?
Is Bittorrent bot traffic? Running a Tor node? How about a harmless personal bot that sends out planned emails and administers an IRC?
Or what about running a crippled malware bot for the sole purpose of studying its network?

Re:"Watch me" service

[ScrewMaster]

Whatever the worm wants to do, it must eventually do a DNS lookup.

Not necessarily. At would have to do is have a list of the static IP addresses of its control servers, and if that list changes it could be remotely updated anyway. DNS is not a requirement: as you note it is actually a point of failure.

Re:"Watch me" service

[Opportunist]

Usually malware updates using DNS. Simply for convenience. If the server fails for some reason (detection, put offline by the ISP or law enforcement, etc), all it takes is to change the DNS entry and wait for the propagation, without the need to actually change the malware and risk another detection.

But the system would work for IP addresses as well. You try to connect with xxx.xxx.xxx.xxx and it's a known malware host, you get a warning from your ISP that you're probably infected because, again, why should you connect to a botnet server? Even if it is a hijacked benign server (less and less likely, actually), how many people in the US or Europe would visit the webpage of a Malaysian chess club?

The botnetter's reaction would probably be to put the controlling server on a local hijacked server, but there the local law enforcement could quickly respond. Malware researchers usually work well with law enforcement, what fails is usually that you have pretty little chance to put any pressure on ISPs in a country that ends in -stan, they simply don't care whether their servers cause havoc here.

I know the implications of freedom here. But with the erosion of freedom around the internet, with Germany installing a (pretty worthless, btw) "blocklist" for child porn already, I don't see why something like this couldn't and shouldn't be used for something good for a change.

More in depth netcast on Conficker

[From_the_Lou]

No affiliation here to the website, just a really good podcast/netcast. http://twit.tv/sn193

If we look carefully at these Windows worms...

[symbolset]

If only we consider more thoroughly what single thing they all have in common, we might be able to find a cure.

Re:If we look carefully at these Windows worms...

As usual, life rarely has one single element at play

Item 1: Lack of firewall. A workign hardware or software firewall prevents all network infections.

Item 2: Lack up updates. Machines that did not recieve security updates did not get the patch that fixed this issue prior to the apperance of Conficker.

Re:If we look carefully at these Windows worms...

[symbolset]

As usual, life rarely has one single element at play

No, I'm sure that all these Windows Botnets have a single thing in common besides that they're computers.

Item 1: Lack of firewall. A workign hardware or software firewall prevents all network infections.

That's funny. You have no idea. Anyway, I'm pretty sure the German army has a firewall in place for their Windows computers. That's not it.

Item 2: Lack up updates. Machines that did not recieve security updates did not get the patch that fixed this issue prior to the apperance of Conficker.

No, I'm pretty sure it got onto some of these Windows networks through AutoRun even if all the PCs were fully patched.

What we're looking for is a common thread - something all these Windows computers have in common. It can't be that they're computers -- if we give up our computers Windows won't run at all.

Re:If we look carefully at these Windows worms...

There are only two things that are infinite...

Re:If we look carefully at these Windows worms...

[noidentity]

If only we consider more thoroughly what single thing they [Windows malware] all have in common, we might be able to find a cure.

Hmmm, they're all in x86 code? I dunno, I'm stumped.

MOD PARENT UP

Bravo, sir!

This started with ANOTHER WIndows "massfix"

Am I the only one who thinks it strange that M$ has just announced yet another 31 "security holes" in their software?

I have to wonder if there is something out there that makes Confliker look like a practice run!

Sure..

[msimm]

Just make it opt-out and the 10% of us (or whatever) that might not be comfortable can continue to use the service happily.

The problem with bot-nets is not that people don't care (exactly) but that they are ignorant, literally, they don't know. Everyone wouldn't fix it or know how or who to turn to but the net result would still be X percentage less infected computers. Probably even an X percent increase in awareness/interest (personal information accessible/business information-secrets accessible/illicit information accessible/etc). And of course importantly an X percent decrease in profitability for operators (or at least their end-users).

Kill the market.

Re:Sure..

[msimm]

Another point, would we prefer the ISP implement this in a subpoenable fashion or wait for the government to implement a national security system that would need essentially the same level of access to your information? Personally I like an audible paper trail from a non-governmental organization.

Why can't we remove it?

[fermion]

We now have Windows Defender. MS should know every nook and cranny in MS Window. What is so special about Conficker that the best software company in the world can't protect it's user against a well known and defined threat. I realize that dumb users will often just go back and reinfect the computer, but then we would expect defender to block the reinstall.

Re:Why can't we remove it?

[ShadowRangerRIT]

If you read the article, the problem isn't Microsoft failing to offer patches and fixes, it's the failure of users to install them. Conficker was detected in the wild *after* the patch to remove the vulnerability became available, but people didn't install it. I suspect a few of the monthly malware removal updates deal with it as well (though I don't know for certain). What do you want MS to do, deploy goon squads to forcibly patch people's computers?

Re:Why can't we remove it?

Microsoft did protect it's users. With an update to windows (http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx) that fixed this vulnerability. Before Conflicker came out.

Users who refuse to keep their computer up to date are a problem that Microsoft can do VERY little about (at least without forcing Windows Update, which would pretty much piss everyone off, especially whenever it broke something)

Re:Why can't we remove it?

[smoker2]

No, I expect microsoft to disable the network stack if it detects conficker type activity. Simple really. Contain the infection. Those who don't maintain their computers adequately should not be allowed to have free rein. They've proved themselves inadequate by not applying patches.

Re:Why can't we remove it?

[soundguy]

Windows update is often turned off by the user because the Windows OS is such an incredible, poorly-designed piece of shit that every trivial update REQUIRES a reboot. My Win2k/XP machines work 24/7 and all of them have ongoing open projects in various applications, active terminal windows with running process on my servers, local scheduled backup processes, and all kinds of other monitoring applications that CANNOT be shut down randomly because Windows decides it want to reboot itself every fucking day.

Microsoft could cure most of their security problems at the consumer level by simply fixing their junk OS so it can upgraded/updated as necessary without requiring a reboot for anything but kernel updates. I'd run automatic updates myself if they eliminated the possibility that my work would be lost or a critical application would be shut down for no good reason. Until that day comes, automatic updates stays OFF.

Re:Why can't we remove it?

[grahamsz]

So should linux kernels do the same thing? Surely it'd be good if your server shut down because you didn't apply an openssh patch.

Re:Why can't we remove it?

[ShadowRangerRIT]

Windows should ship with a built-in, suspicious network activity detecting component that disables the network if it flags a problem? And people complain when they get erroneous WGA warnings! Imagine the response when anyone running a P2P program, or a UPnP-type software, or security scanning software gets shut down. All of these are legitimate examples of software that is supposed to look for other computers in ways similar to Conficker's searches. Of course, the first action of a smart worm would be to disable that little check, then go about its business, so it would only catch the irretrievably dumb virus writers and legitimate users with "suspicious" programs. Brilliant!

And just in case you weren't paying attention, you couldn't ship this functionality in an update, because the problem users aren't installing them!

Re:Why can't we remove it?

[shentino]

MS already did this sort of thing with insta-revokable video drivers that didn't play ball with Protected Video Path.

Forcing users to apply patches opens the door to slavery to whatever special interests get in bed with Microsoft.

Re:Why can't we remove it?

[Opportunist]

Consider this for a moment: You are the writer of a worm that has full control over the system. What is the first thing you disable? I mean, before you start any kind of "suspicious network activity"...

Re:Why can't we remove it?

In that situation, you can a) configure windows update to download but not install updates, b) be aware that most updates ship on Tuesday, and not "every fucking day", and c) find a time to reboot once you've triggered the install yourself. Maybe on a Wednesday or something. Or once a month. Or on Christmas. Or something.

Re:Why can't we remove it?

[loxosceles]

If microsoft didn't make it a pain in the ass to keep a system updated without Microsoft Genuine Advantage, there might just be more people keeping their systems up to date.

Re:Why can't we remove it?

[g-san]

> We now have Windows Defender... What is so special about Conficker..

For one, conficker kills Windows Defender and keeps it from starting up on reboot.

We ALL know the words to this one by now!

[Chris+Tucker]

Botnets, worldwide botnets.
What kind of boxes are on botnets?

Compaq, H.P., Dell and Sony, true!
Gateway, Packard Bell, maybe even Asus, too!

Are boxes, found on botnets,
All running Windows! Foo!

Re:We ALL know the words to this one by now!

Is this to the melody of the Flintstones theme song? (I can't find any other fitting melody.)

Re:We ALL know the words to this one by now!

[jejones]

It's an old jingle for Armour hot dogs:

"Hot dogs, Armour hot dogs,
  What kind of kids eat Armour hot dogs?..."

Internet Telescope

[thejapanesegeek]

What I thought was interesting was the internet telescope mentioned in the article. No wonder we're running out of IPv4 addresses, someone's wasting millions of them!

Quis custodiet ipsos custodes?

[symbolset]

Um, no. Unless you made it mandatory for everyone in the world this is not going to solve this problem. Probably not even then.

Credible network admins are having trouble getting rid of this thing, and they have Group Policy and Remote Admin access.

User education!

[oljanx]

I routinely encounter people who have disabled windows update because they believe Microsoft is out to get them. They worry that the updates their computer nags them about are filled with unnecessary crap. Crap that will spy on them, display advertisements, install toolbars and hijack their machine. I think this is largely due to some weird cultural concept that Windows is both evil and necessary. In truth, it's neither.

Re:User education!

[Opportunist]

That's just because they learned that everytime they installed something that announced itself as "critical update" and "warning, machine infection possible if you don't do this" they got bombarded with advertisments and had strange new toolbars in their browsers...

Re:User education!

I'm exactly who you are referring to. I disabled Windows automatic updates after it added the WGA installer, which nags me every day about wanting to install unnecessary crap. Even after disabling the automatic updates, I'm still searching for a way to stop the daily nagging of the WGA installer. (Note: this is at work. At home I do have the Ubuntu automatic update enabled)

Re:User education!

[Erikderzweite]

So why haven't you talk about this to your system administrator?

Re:User education!

[Chemisor]

So let's give the users an education. Instead of trying to block all these botnets, hack them! They are designed to distribute malicious software, so use that capability! Write a payload that would erase the hard drive on every infected machine and send it out there. I guarantee you that in a few weeks the users will be educated.

WHO says:

[assert(0)]

Conficker has reached level 6. It's pandemic now.

Re:WHO says:

[Opportunist]

Considering the H1N5 was there too IIRC, it ain't that bad...

I've got it...

[TheLink]

I've got it... It's people!

And more specifically the sort of people who would install stuff just because a pop up tells them they are infected and they should install "Antivirus 2009".

And those who would type in passwords for encrypted zipfiles to decrypt them and install the stuff inside them...

Re:I've got it...

[freeweed]

Conficker required no such user action as "installing stuff because a pop up tells them to".

Stop, stop, stop repeating this meme. It's just not true.

Re:I've got it...

[TheLink]

The question was "what was common" amongst those botnets.

Re:I've got it...

[ScrewMaster]

I've got it... It's people!

Actually, most trojans and similar malware get in to people's computers because of a mouse driver problem.

Ahem.

They're not morons

[TheLink]

In theory they're not actually morons ;).

Because in theory it's impossible to solve the halting problem.

In theory users have to figure out whether a program is safe (analogous to "halt") even though
1) They don't have the actual true description of the program
2) They don't know the full inputs of the program

And that's a harder problem than the halting problem ;).

While you could say - nobody should install anything that's "Not Expert or Vendor Approved", to me that's a rather dismal state of things.

Things could be so much better. Really.

For instance if you had an O/S that will require applications/applets to list out the type of access they require.

Then the O/S can provide a meaningful and TRUE description to the user of what the application might do.
And the O/S can also enforce the limits of the access.

So if something says it's a screensaver, it's only going to get screensaver access. It's not going to be able to make recordings from your microphone and webcam, and send them to Elbonia behind your back. It's not going to be able to write to anywhere other than it's own designated scratchpad area, not even your USB drives.

And that would be a secure modern O/S.

Then you can tell your "morons" - "You can install whatever stuff you like, unless the O/S gives you that red warning dialog box about the program requiring full user or system privileges".

In terms of security, most current O/Ses aren't even better than what was available 40 years ago. Heck, Unix is a watered down Multics.

They're just decorated with fancy graphics and animations so most people think they're advanced.

Yes, Vista does have some sandboxing, but the way MS has implemented stuff makes many people turn off many of the protections. So they'll become the next hosts for the next Conficker.

As for Linux, Apparmor and SELinux don't appear "Desktop Ready" yet.

Re:They're not morons

[jsveiga]

For instance if you had an O/S that will require applications/applets to list out the type of access they require.

Then the O/S can provide a meaningful and TRUE description to the user of what the application might do.
And the O/S can also enforce the limits of the access.

When I read this part, I thought you would mention Symbian. At least it looks like it does what you suggest. I am not a Symbian specialist, but when you write something that needs access to more than simple GUI stuff, you need to sign the app (tied to a specific phone IMEI, at least with the free online signing process), and in the process request what you want to allow the app to access (GPS data, user data, comms etc). Then when installing the app, Symbian will warn you that the app requires access to special features. Of course nothing is unbreakable, but it's a step in the direction you described.

Re:They're not morons

[Pechkin000]

For instance if you had an O/S that will require applications/applets to list out the type of access they require. Then the O/S can provide a meaningful and TRUE description to the user of what the application might do. And the O/S can also enforce the limits of the access.

I am sorry, do you honestly think that in about a month or two there wont be a possibility to spoof that information? The whole idea of "hey why don't they make an OS do this or that" is ridiculous. When (and it is a question of when not if) *nix base OSs becomes the dominant force in the desktop and enterprise market, there will be virii that propagate the global network the same way those same virii propagate the "windows world". Lets take the whole proof of concept idea out of the equation. When you write a pice of malware, the idea/goal behind it is to achieve something tangible.... make money, gain bandwidth and gain storage space (I am thinking the old FXP scene here, but mostly make money... so what are you going to target? Most of the desktop market is Windows based PC's mostly used by Joe " I just wanna watch my porn" Blow or James " I wanna buy my chrsitmas presents on line" Doe. So if I wanna build a botnet, I am going to target Billy boy's OS. As simple as that. Because quite frankly, even if I did write something remotley effective for Linux, chances are people that use it, also regularly monitor their network activity and WILL know if a piece of malware is running on their box. It may take them a week or two but they will find it. In contrast, I have known people that had a hacked serv-u running on their box for YEARS serving all sorts of shit before they realized that something wasn't right. Most people reading /. will be able to reasonably secure their PC, regardless of the OS. Lets not compare apples and oranges. When Linux is on 90% of the desktops, you will see 90% of the virii targeting that OS and at that point we will be seeing articles posted here quoting Symantec about their latest release of some bullshit ass 360 Turbo Plus Protection Linux edition, not articles discussing why is it that we most people havent switched to linux yet since its so much more secure compared to Windows 14 :)

Re:They're not morons

[TheLink]

Thanks. Wasn't aware that Symbian did that (or I forgot).

Yes it would be something like that, but more oriented to a desktop/server environment e.g. https://bugs.launchpad.net/ubuntu/+bug/156693

I was thinking more of there being a hopefully manageable number of "predefined sandbox templates" that an application could request to be run within e.g. "guest applet", "screensaver".

Specifying one of those predefined templates, would imply a list of access items (network, user data etc). These do not necessarily have to be signed.

Custom sandboxes must be possible as well, but they should preferably be signed (and you could set up a computer to only accept those signed by certain Vendors).

In fact it could be possible to have the application signed by one party (supplier), and have custom sandbox template for it that's signed by another party (IT security auditor).

After all you might trust your Supplier to provide you an application with the features you want, but you're not sure about the security, so you get some 3rd party to create/modify/check the sandbox template for that application.

But perhaps that adds too much complexity - as you said nothing is unbreakable, so it might be "diminishing returns".

There definitely has to be a way to revoke stuff. After all I hear there's symbian signed malware floating about.

Re:greed

[Opportunist]

As a computer consultant that (has to) advocate Windows, allow me to answer this.

The average computer user in a company doesn't know jack about his machine. Fortunately, he's not required to do administrative tasks, but he's required to work with it. And he's required to produce. Trying to convince management that they should toss out all Windows machines and install Linux everywhere is something you should only try if you always wanted to take over bolder duty from Sisyphos.

Second, the average computer administrator in a company doesn't know jack about Linux. Why? Because he was hired to administrate Windows machines. More often that not, he can only do that, too, because Windows offers an easy to use GUI that forgives a lot of errors and asks at least 10 times before you can break something. If you hand these people Linux servers, you're opening a can of worms. No pun intended. They can, maybe, keep a Windows environment halfway stable and secure if you hand them the right tools and a good explanation how to use them. At least 'til you come the next time.

If you press them into Linux, you will come back to Linux boxes that have been crowbared open because "else it didn't work".

And, bluntly, security-wise I prefer a fairly well secured Windows server environment to completely insecure Linux boxes. Insecure, not because the system wouldn't allow it, but because the administrator is completely overtaxed by the task of securing them.

Yes, hiring another admin would be a good idea. Try rolling that bolder towards management, please.

Viruses will always exist

[Turzyx]

Every trojan relies on a single component core to each and every desktop, laptop and server in existence. The user.

Tragically, as long as humans are allowed the use of these systems there will always be viruses. People should not allow pretentious Linux admins to tell them any different.

Virus devastates millions of complacent idiots

[David+Gerard]

A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough to still think Windows is not ridiculously and unfixably insecure by design.

Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."

Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems."Don't they trust us?" asked marketing marketer Steve Ballmer.

Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.

"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."

"Yes," said Phagge. "Yes, they do."

Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.

Re:greed

[Horar]

Thanks for taking the time to write a thoughtful though flawed response. The thing is, I never mentioned Linux. Furthermore, I would say that the continued existence and popularity of the Apple Macintosh refutes the rest of your arguments hinging on ease of use and technical support. In fact you have perfectly illustrated the point that I am making here.

There was a time when doctors routinely prescribed smoking cigarettes as a quick and easy fix to all manner of ills. The long term hazards and effects weren't properly understood, and by the time they were, there was such a huge vested interest in perpetuating the smoking habit that the battle to remove it for the common good is still far from over, and may never be.

Likewise it is all too easy to facilitate yet another Windows installation, rather than risking your income by swimming against the tide. Even if you already know that the software that you are installing is inferior, you will go ahead and install it anyway, putting your own self interest ahead of those of your unfortunate clients.

As for the attitude of management towards this corruption that is so pervasive throughout the industry, I think a quote from one of my own past employers sums it up the best. "If we adopt this other more cost effective technology it will reduce my departmental budget and then Bob (the manager of another department) will get a better parking spot than me."

Any zombie networks running on Linux ...

[jopet]

or on some other non-Windows OS? This is a serious question ... what is the amount of exploits and similar with regard to non Windows computers. Is it known?

'computer' worm

[viralMeme]

'The dry, technical language of Microsoft's October update did not indicate anything particularly untoward. A security flaw in a port that Windows-based PCs use to send and receive network signals, it said, might be used to create a "wormable exploit"'

Don't they mean a BUG in the Operating System and defects in the Memory Management unit lead to the worst virus/worm infestation in years.

'One major implication from the Conficker B and C variants, as well as other now recently emerging malware families, is the sophistication with which they are able to terminate, disable, reconfigure, or blackhole native operating system (OS) and third-party security services'

looks like governement black-ops

[LorenzoV]

OK, just speculating. Tin-foil hat firmly in place.

I wonder if Conficker is a government (which government?) black-ops project disguised to look like organized crime?

The technology looks pretty sharp to me. Not to discount the skills and ability of any competent software developers, but ... I smell a rat.

Audiable paper trail???

[davidwr]

Ah, the sweet sound of 20 lb. copier paper!

Cable? We don't have no stinkin' cable!

[davidwr]

I get my internet over avian carriers you insensitive clod!

My ISP's security system is a shotgun filled with bird-shot. Meet their head of security.

That's not the worst they could do

[TheLink]

> Do you have even the faintest idea what you're talking about? Didn't think so.

That's not a nice thing to say. Why did you say that? Did I hurt you somehow before?

> The worst they can do is to nuke their own files.

Nah. As I've been saying - they could run the wrong program and then the bad bad things could happen.

While having their own data destroyed is typically far worse than losing their entire operating system, that's NOT the worst that could happen when a user runs the wrong program.

1) Their data could get silently corrupted. Silent corruption is often far far worse than complete data loss. When you have complete data loss, it's obvious. So you restore from backups, or deal with it in other ways. When something tampers with the data, you could be screwed so badly and not know why. By the time you realize something is wrong, all your backups could be of the corrupted data.

2) Their secrets could get exposed and abused.

3) Their computer could get taken over and used for illegal stuff. While they might eventually be exonerated, the pain and damage involved is likely to be more than mere data loss.

Plus it's probably easier to live if people think you're some incompetent loser who went out of business because of massive data loss, than if people think you really downloaded, stored and shared all those illegal and _disgusting_ porn.

I'm sure others can think of many other things worse than "nuking their own files".

e.g. they could unknowingly help Skynet survive and grow in strength ;).

Re:greed

[Opportunist]

You want to convince management to buy even MORE expensive computers? Computers that they will dismiss as "fancy but impractical", with one less mouse button (read: you get LESS for MORE money!), computers that will (in their mind) break the all-holy compatibility with their clients (and competitors), no matter how much you explain to them that nearly all software is available?

Even Sisyphus would refuse to push that boulder.

According to your logic, they'd be happy to spend more money. Usually they're not. If they just want to spend more money, I'd be delighted to ease that burden for them. They want a solution that doesn't cost much, that doesn't take long and that allows them to keep or get their certificate. Period.

Re:Correction - MacOS X has been attacked as well!

"Do you know what's easier to do than following any of those directions? Buying a fucking Mac." - by RyuuzakiTetsuya (195424) on Monday June 15, @09:37PM (#28343231)

Think so? MacOS X, once it started gaining more popularity, began to be attacked as well - proving the points I made in my "p.s." in my prior post you responded to!

APK

P.S.=> Here are 20 "evidences thereof", as to my statements above about MacOS X, being "virus/trojan/spyware/malware-in-general" prone, like ANY OS IS - thus, here we go:

A Worm for Your Apple:

http://www.beskerming.com/commentary/2007/07/18/222/A_Worm_for_Your_Apple

Another Mac Trojan/Fake Codec:

http://blogs.pcmag.com/securitywatch/2007/11/another_mac_trojanfake_codec.php

Leopard Has More Holes than Spots:

http://www.eweek.com/c/a/Security/Leopard-Has-More-Holes-than-Spots/

Mac OS X Exploit Rapidly Follows Patch:

http://www.eweek.com/c/a/Security/Mac-OS-X-Exploit-Rapidly-Follows-Patch/

More Mac Vulnerabilities Than Windows In 2007?

http://it.slashdot.org/article.pl?sid=07/12/18/170241&from=rss

OS X Still Open to Samba Vulnerabilities:

http://www.pcmag.com/article2/0,1895,2141380,00.asp

A Little .Mac Security Flaw:

http://it.slashdot.org/it/07/12/16/0055211.shtml

Ancient Flaws May Leave Mac OS X Vulnerable:

http://apple.slashdot.org/apple/06/01/26/2224236.shtml

Apple Clients Still Vulnerable After DNS Patch:

http://it.slashdot.org/it/08/08/01/1932258.shtml

Apple Still Has Not Patched the DNS Hole:

http://it.slashdot.org/article.pl?sid=08/07/28/2311240

Mac OS X Root Escalation Through AppleScript:

http://it.slashdot.org/article.pl?sid=08/06/18/1919224

Mac OS X Users Vulnerable To Major Java Flaw:

http://it.slashdot.org/article.pl?sid=09/05/19/2344239

Macs May No Longer Be Immune to Viruses:

http://apple.slashdot.org/apple/06/05/01/0359225.shtml

OS X Leopard Firewall Flawed:

http://it.slashdot.org/article.pl?sid=07/10/30/188214

Two Trojans for MacOS X:

http://it.slashdot.org/it/08/06/25/0032226.shtml

Worm Threat Forces Apple To Disable Software?

http://it.slashdot.org/it/07/08/03/1451217.shtml

Zombie Macs Launch DoS Attack:

http://it.slashdot.org/article.pl?sid=09/04/16/2327246

Third flaw hits Mac OS X:

http://www.techworld.com/security/news/index.cfm?NewsID=5429

(Want more? I can provide them, & a larger list for Linux over time also... as I said I could in my post to the "Pro-Penguin" pe

Re:Correction - MacOS X has been attacked as well!

[RyuuzakiTetsuya]

Hardened and resistant does not mean "Immune." Yes, flaws exist in the OS, but no where on the scale that it exists on the Windows platform.

All this hype I hear about the gaining market share of OSX also increasing the market share for malware, viruses, etc(trojans excluded, operator error when it prompts for username and password is something that no OS can really be hardened against, although recovery from such a idiot move can be, I don't know how well OSX handles being rootkitted or attacked after having a trojan rape the machine, but I can imagine recovery to be simpler than on a Windows box; which also makes up half of your little list), market share for similar vulnerabilities haven't gone up either the same way they do for Windows machines.

Taking a read of the various flaws listed(most of which are a year+ old, and many of which have been patched), it seems to secure a Mac install, all you have to do is power it on and turn off Bonjour(Although it seems like the DNS vulnerability has too, been patched). It seems like a majority of the flaws are very user specific, like abusing apple remote desktop, which is not enabled in the first place. Yes, Apple is a little slow with patching at times, they just now got around to releasing the Java patch that's been around for quite awhile, but it's done. Compare this with a typical windows exploit which is basically, "Turn on your PC to get owned."

While it's not the "it just works" setup, quite frankly, I like that a whole lot better than, "Turn off X, Y, Z, install A, B, C and D apps, block L, M, N and O ports, and don't use the computer on alternate mondays" route pro-windows people tend to be. Not every OS is perfect, but, the shit that Windows users go through is not worth it.

Also, with your list of vulnerabilities, are these services that the average user is going to be running? It doesn't help to list 90 vulnerabilities with Apache when, I'm clearly not talking about users who are running apache.

You admit not all holes in MacOS X are fixed

"Hardened and resistant does not mean "Immune." Yes, flaws exist in the OS, but no where on the scale that it exists on the Windows platform." - by RyuuzakiTetsuya (195424) on Tuesday June 16, @01:09AM (#28344503)

I never ONCE said it was "immune", or ANY OS is "completely immune", did I? As you say, USERS THEMSELVES are a 'problem' (PEBKAC, ever heard of it? It too, though, can be corrected via education), first of all, & as I said?? New 'holes' show up, in the OS & its apps that run on it, plus drivers & services also.

HOWEVER?

It appears that after my setup, per my own experiences, & that of others I show proof of (& I can produce more than the 1 I did that showed 2 people experiencing practical immunity, as long as they obey a few simple rules my guide illustrates though - funny that, eh?) that Windows CAN BE MADE SO, & again:

SO CAN USERS - with a bit of "education"!

IN fact, education, such as my guide yields for them!!

(& I put it on "rookie user" forums, the most, not where 'security gurus' are - they KNOW about it, but can only reach so many people... & it's those "rookie users" that need that info., more than anybody else does)...

In fact, for YOUR OS of choice? IF you possess the skills/saavy to do so?? DO 'spread the word' to them, on any platform you wish, as I have!

(Mine's been used to the tune of nearly 300,000 views in only a yrs' time & also to the tune of my guide becoming a "sticky/pinned thread" or "most viewed" on some pretty widely travelled/well known forums in that short time frame, in fact, if not more by now)

So, why's that?

Well, like THRONKA said in the example quote of his in my 1st reply to you?? BECAUSE IT ACTUALLY WORKS, if the user applies cis tool, & its points, plus others I add onto it, & evidences thereof exist (I posted only 1 though)).

And, as far as "no where on the scale it does on the Windows platform" in reference to *NIX's on the PC in general, especially for home users?

HEY: That's easy - 95% of the world's PC's run Windows NT-based OS', & how many of all the combined *NIX's do (especially on the most used CPU platform there is, in x86)?? Thus, Windows user represent the largest body of "ordinary grandma/uncle Joe type users", who are analogous to 1st year drivers of automobiles, when the MOST accidents tend to occur for them, until they become more experienced (I know, it happened to me in both cars & computers, & only makes sense it does then when you do not have a lot of experience or solid training).

Also?

*NIX, on the PC, especially the "home user front", doesn't even SCRATCH the surface area Windows has... Thus, from a malware maker's "POV" (point-of-view)?? It makes a LOT more sense to attack Windows NT-based PC's... take out the LARGEST BODY OF USERS (especially "grandma/Uncle Joe" types, as I stated in my P.S. here -> http://it.slashdot.org/comments.pl?sid=1267281&cid=28331039 To another "Pro-*NIX" type that replied here) that they can, with a single shot basically.

All you *NIX users have, right now & IN REALITY? Is "security by obscurity" or rather, FAR LESS NUMBERS WORLDWIDE, period (especially on the most used hardware platform there is, in x86)... Truth be told? Malware makers who are after MONEY nowadays, not just mischief, are NOT AFTER YOUR RIGS... there isn't enough of you (ever heard the term "ROI"?)

(AND perhaps, the *NIX userbase MAY have more "technically saavy & experienced users", vs. MOST Windows users (though that's debateable easily enough - a lot of them might TALK a "good game", but the ultimate evolution of a computer person is NOT being "just a techie" or even a network admin, but doing coding (where YOU create the tools, not just use them or follow directions in a guide or man page))).

I can say that also,

Re:You admit not all holes in MacOS X are fixed

[RyuuzakiTetsuya]

You're an idiot. thankfully i've got insomnia and willing to go point to point here.

never ONCE said it was "immune", or ANY OS is "completely immune", did I? As you say, USERS THEMSELVES are a 'problem' (PEBKAC, ever heard of it? It too, though, can be corrected via education), first of all, & as I said?? New 'holes' show up, in the OS & its apps that run on it, plus drivers & services also.

HOWEVER?

It appears that after my setup, per my own experiences, & that of others I show proof of (& I can produce more than the 1 I did that showed 2 people experiencing practical immunity, as long as they obey a few simple rules my guide illustrates though - funny that, eh?) that Windows CAN BE MADE SO, & again:

SO CAN USERS - with a bit of "education"!

IN fact, education, such as my guide yields for them!!

(& I put it on "rookie user" forums, the most, not where 'security gurus' are - they KNOW about it, but can only reach so many people... & it's those "rookie users" that need that info., more than anybody else does)...

You're missing the point. Windows *can* be made to be secure. Sure. Great. So can VAX/VMS. That doesn't make the product that ships out the door from Redmond gold. Firewalls, antiviruses, and antimalware apps just try to put a gold plating on a giant stinking turd.

In fact, for YOUR OS of choice? IF you possess the skills/saavy to do so?? DO 'spread the word' to them, on any platform you wish, as I have!

Here's my OS X safety guide:

"Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."

(Mine's been used to the tune of nearly 300,000 views in only a yrs' time & also to the tune of my guide becoming a "sticky/pinned thread" or "most viewed" on some pretty widely travelled/well known forums in that short time frame, in fact, if not more by now)

So, why's that?

Windows users are sheep and willing to put up with a trash OS?

Well, like THRONKA said in the example quote of his in my 1st reply to you?? BECAUSE IT ACTUALLY WORKS, if the user applies cis tool, & its points, plus others I add onto it, & evidences thereof exist (I posted only 1 though)).

So what if it works, windows is still trash.

And, as far as "no where on the scale it does on the Windows platform" in reference to *NIX's on the PC in general, especially for home users?

HEY: That's easy - 95% of the world's PC's run Windows NT-based OS', & how many of all the combined *NIX's do (especially on the most used CPU platform there is, in x86)?? Thus, Windows user represent the largest body of "ordinary grandma/uncle Joe type users", who are analogous to 1st year drivers of automobiles, when the MOST accidents tend to occur for them, until they become more experienced (I know, it happened to me in both cars & computers, & only makes sense it does then when you do not have a lot of experience or solid training).

Or let's look at this from a technical point of view. Windows ships with various WTFs out of the box. take for example, and this is a damn good example, the RPC service, the one responsible for the famous Blaster worm, is necessary for copy and fucking paste. Copy and paste. WHY?!

run an nmap on a given home user OS X machine and compare it with a given Windows machine. Be prepared to crap yourself. I worked at an ISP that had to block a largish array of ports because of all of the random shit Windows would keep open for something simple like File/Print sharing.

Also?

*NIX, on the PC, especially the "home user front", doesn't even SCRATCH the sur

Reduced to tossing NAMES my way?

"Why are you polluting slashdot with your MS FUD that's largely been debunked?" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

Anyone is free to read this exchange, & make up their OWN minds... but, they ought to note you are reduced to what my subject line states, directed DIRECTLY my way (the sure sign of defeat in intelligent debate)

"I'm pretty sure that the folks here really don't buy your garbage" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

Sure, sure, but I am "BIG ON PROOFS", so, how about 100 times of my being "modded up" here +1 (harder on us "A/C" posters on +1 no less, we start @ zero) - +5 max then?

See here for that list (only partial, but it will do to disprove your crap) -> http://news.slashdot.org/comments.pl?sid=1229289&cid=27933241

So much for THAT, lmao!

(Look before you leap... & on THAT note?)

"Who the hell are you?" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

Since you ask? Ye shall receive...

Windows NT Magazine (now Windows IT Pro) pril 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Lastly, being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3

HAVE YOU DONE ANYTHING EVEN NEAR REMOTELY THE SAME?

(If so, prove it please, I evidently had to... thanks!)

THAT LIST ALONE?

Well - It might help answer that question since you're asking it so I give the evidences thereof, easily verifiable, & disprove some of your other comments just like the proof above did, lol... again - look before you leap!

"You're an idiot" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

The very second you have to toss names MY way? You've lost... I only called the person who "modded you up" a fool, but I do NOT recall calling YOU any names... show me where I did please? Thanks.

"You're incredibly uninformed and not really providing any real information on how a given Mac or *NIX box would be taken down in similar ways to Windows machines." - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

Really? The lists I put up show QUITE otherwise...

Re:Reduced to tossing NAMES my way?

[RyuuzakiTetsuya]

Noise.

Just. Noise.

I'm not sure if you're a clever troll or some sort of new take on Samir Gupta, or if you're just an idiot. But you're full of noise.

Clearly you don't know what a fallacy is, otherwise you wouldn't have used so many of them in your defense of Windows and limp wristed slapfight with Linux. Clearly you don't know what you're talking about. What the hell do you mean by "hardcodes?" Like, you helped some computer science phd remove hardcoded variable values out of some application? What does that have to do Windows security?

Please get off the internet. You clearly sound like a man who's never gotten laid. Ever. Try talking to a woman with out mentioning the CIS Tool and maybe, just maybe, you can have your tool serviced too.

That's the "best you've got"? Please... apk

"Noise. Just. Noise. I'm not sure if you're a clever troll or some sort of new take on Samir Gupta, or if you're just an idiot. But you're full of noise. - by RyuuzakiTetsuya (195424) on Tuesday June 16, @09:11PM (#28356259)

Yes, like I suspected: You've accomplished NOTHING of note in this field, & have nothing left vs. that which I put out here -> http://it.slashdot.org/comments.pl?sid=1267281&threshold=1&commentsort=0&mode=thread&cid=28351919 in my replies to you, merely asking IF you have done the same (which clearly, you have not, nor probably will you ever).

(I am quite certain, I can assure you, that you suggesting MacOS X via your profanities & name calling directed my way plus further insults only indicate you have nothing BUT that left! Especially when you stated in the url above that you were pretty sure "nobody buys your garbage here" directed my way, & I produced about 100 mod ups I have had here & I have many more, but that will do... you apparently also cannot do the same there, nor can you even show you have ever done anything of note in this field, period, noted by others in publications in this art & science (& I had done so 13++ yrs. ago, to nearly the present day in fact on many levels)).

So, ANYONE is free to read & decide for themselves, as to "whom 'got the better of' whom" in this ENTIRE exchange between us, starting here -> http://it.slashdot.org/comments.pl?sid=1267281&cid=28335781 ... & now? Well - You are left with nothing but name tossing & insults, lol!

Especially vs. today's noting that it took Apple "forever practically" to patch Java, as was noted here today in fact -> http://it.slashdot.org/story/09/06/15/2352200/Apple-Finally-Patches-Java-Vulnerability

That, plus the other 20++ or so "holes & vulnerablities" that are (per your stating it, no less, & yet suggesting others "get MacOS X" no less, lmao) still present in it, or have been in the past, which I posted up here (a partial list only, see below for the other 951, lol) -> http://it.slashdot.org/comments.pl?sid=1267281&cid=28343885

THUS - indicating your PROFANE (no less) suggestion of "Buy a fucking Mac" to me, is FAR from "the right choice" for anyone!

Read some of the statements in that URL from today's articles here regarding Apple's "lag" in patching the Java exploit no less, finally!

Comments there, like this one -> It is truly sad that Apple still just don't "Get" security. for starters, & the thread is riddled with such statements in fact...

Which only 2nd my own here, albeit I backed mine with 20 proofs to that effect here -> http://it.slashdot.org/comments.pl?sid=1267281&cid=28343885 ... & far more below!

SO, dispute those articles which show MacOS X holes over time, some unpatched no less, & their sources

However - clearly, the very fact remains that all you have is no accomplishments of note in this field period (& I only put up a FRACTION of what I could have no less on my part), & your name tossing my way now, & your insults directed my way.

(Poor showing... but, proving my point about you, perfectly).

Thanks!

APK

P.S.=>

" What the hell do you mean by "hardcodes?" Like, you helped some computer science phd remove hardcoded variable values out of some application? What does that have to do" - by RyuuzakiTetsuya (195424) on Tuesday J

Re:That's the "best you've got"? Please... apk

[RyuuzakiTetsuya]

You're digging your heels in, not listening to anything anyone ever has to say to you, because as you describe your self, that you're above the level of experience of people who post here generally. I don't have a life. I'll admit it. But, I don't. So I'm biting.

Unfortunately, your conclusions are all wrong. Your history of past posting shows people pointing out everything wrong you've said.

What you've done has absolutely no bearing on whether or not you're right. We've got accomplished astronauts who say we've never gone to the moon and nobel prize winning doctors who said you could treat cancer with Vitamins. They're obviously proven wrong. You're either a troll, trying to get people to argue with you, or you're an idiot because you don't know what the argument from authority fallacy means. It means that your arguments need to stand up on their own. Most of your posts are hyping up how awesome you are, yet you're sitting here on slashdot trolling away trying to ... I really don't actually know what you're trying to do. Either you're in troll mode, trying to get people like me worked up or you're going through cognitive dissonance so hard you're like Ted Haggard at a Castro Street pride festival.

Further more, Secunia is listing 5 major desktop/workstation releases of OS X as well as 6 major server releases of OS X as a single OS. If we took this logic and ran with it, the Windows NT 5 family, 2000, 2000 Server, 2000 Advanced Server, 2000 Datacenter, XP Home, XP Pro, XP Media Center, XP Starter, XP Tablet, XP 64bit, XP 64bit Pro, 2003 Server, 2003 Server SBE, 2003 server web, 2003 server enterprise, 2003 server datacenter, 2003 Compute Cluster Server, Windows Storage Server, HPC Server 2003, Home Server, 2003 with Chipotle Mayonaise...

You'd wind up with *way* more listed vulnerabilities than you'd get from just counting a single version of NT5. That's why that number is pretty unreliable.

Plus they're listing things that aren't Apple's fault as being a "vulnerability."

(Same with Windows, but, this is why Secunia's listings are unreliable).

Also, things that Mark Russinovich has worked on really have no bearing on this discussion. THe point of the discussion is, if Mac OSX or Linux or Solaris were more popular, would they have the same level of reported vulnerabilities as Windows does? The answer is easily no. The evidence is out there, I've given you an outline of the baseline technical reasons why this is, and yet you dig your heels in and go on really long and amusing tirades about your own guidelines, your work, and CIS Tools.

Who won in this discussion? I don't have to cover my ass on the internet when I boot my computer up. You do. I win. Until that changes, I win.

About the MacOS X & Windows Server 2003 bugs

"You're digging your heels in, not listening to anything anyone ever has to say to you" - by RyuuzakiTetsuya (195424) on Wednesday June 17, @01:51AM (#28358055)

Now, how can you say THAT, when I quote your words, & simply reply back to them?

"Most of your posts are hyping up how awesome you are" - by RyuuzakiTetsuya (195424) on Wednesday June 17, @01:51AM (#28358055)

Hey, YOU asked "Who are you?", I simply gave you some data on that much, & then asked IF you had done the same.

APK

P.S.=>

"Plus they're listing things that aren't Apple's fault as being a "vulnerability." - by RyuuzakiTetsuya (195424) on Wednesday June 17, @01:51AM (#28358055)

What? They list it as a local exploit, the SINGLE one they don't have patched... but, with MULTIPLE problems in it, here -> http://secunia.com/advisories/34424/3/

Problems being -> Privilege escalation, DoS, & System access

I used the MOST current build possible... & compared it to what I use, Windows Server 2003, w/ a known issue w/ QUARTZ.DLL (& you unregister it or alter it's ACL so nobody can use it till it's patched & you're fixed: Simple)

Can you fix the MacOS X hassle THAT easily, & if so, how? apk

On "who won"? Again, please... apk

"Who won in this discussion? I don't have to cover my ass on the internet when I boot my computer up." - by RyuuzakiTetsuya (195424) on Wednesday June 17, @01:51AM (#28358055)

You still do. Think other remotely exploitable holes won't appear in Apple's MacOS X? Think again - this is the "nature of the beast", & up until yesterday, & our discussion began BEFORE that?? MacOS X had a java hole that was big enough to drive a truck through...

(THIS IS THE "SHEER ARROGANCE" as well as ignorance you display & others like yourself, that try to tell others "*NIX is impenetrable" when clearly, you STILL have a problem in MacOS X even now, & it produces 3 problems of System Access, DOS/DDOS, or Privelege Escalation possibilities - & the ONLY way you can 'shield yourself' vs. them, is to do SOME of what I do (alter permissions/access rights)).

Give up man... lol!

"You do. I win. Until that changes, I win" - by RyuuzakiTetsuya (195424) on Wednesday June 17, @01:51AM (#28358055)

Heh, all I did was point out that your stating that NetBIOS holes in Windows was so bad, everyone should avoid Windows, & my suggesting that for single users (the majority of folks running Windows no less, single system users online) that was SIMPLE to fix, in cutting off the server service, does the job, easily vs. your statement!

(Then your profanities started... & other stupidities, like assuming I have never been laid (1000's of times, by literally 100's of women over time, just so you know, lol, which is probably MORE than you'll see in a lifetime, the way YOU act (like a frustrated name tossing spoiled child when someone gets the better of them)).

And, you certainly are unable to show even a SINGLE noted accomplishment on your part surrounding this field either, to top it all off... give us a break!

APK

P.S.=> THIS, lol, "took the cake" though (trying to invalidate a very reputable source for security vulnerabilities information):

"this is why Secunia's listings are unreliable" - by RyuuzakiTetsuya (195424) on Wednesday June 17, @01:51AM (#28358055)

Sorry, that won't wash - they are a HELL of a lot more reliable & truthful than YOU are, this is certain, & your own words do that (evidence next below)...

SECUNIA merely put up valid information that showed that MacOS X has had MORE security vulnerabilities over time than the OS I use, in Windows Server 2003 is all, & of course, like usual? YOU didn't like it...

Too bad, it is only how it is! You trying to invalidate their data? No dice.

Plus, lmao when I put out only a fraction of what I could have of the 971++ vulnerabilities MacOS X has had?

You "threw a fit" & continued your name tossing!

(& then, lol, you tried to tell us all "MacOS X has never been patched" & this? This -> http://it.slashdot.org/story/09/06/15/2352200/Apple-Finally-Patches-Java-Vulnerability shows you as either a LIAR, or completely uninformed, ignorant of your own OS, & obviously wrong on that account)... apk

Re:On "who won"? Again, please... apk

[RyuuzakiTetsuya]

You still do. Think other remotely exploitable holes won't appear in Apple's MacOS X? Think again - this is the "nature of the beast", & up until yesterday, & our discussion began BEFORE that?? MacOS X had a java hole that was big enough to drive a truck through...

A single Java flaw that took months to patch with no actual threat in the wild, despite how many machines were vulnerable prior(hint: that same flaw hit across all platforms; even windows) versus...

ActiveX.

QED.

(THIS IS THE "SHEER ARROGANCE" as well as ignorance you display & others like yourself, that try to tell others "*NIX is impenetrable" when clearly, you STILL have a problem in MacOS X even now, & it produces 3 problems of System Access, DOS/DDOS, or Privelege Escalation possibilities - & the ONLY way you can 'shield yourself' vs. them, is to do SOME of what I do (alter permissions/access rights)).

Arrogrance or did i just not buy a crapware OS? I just now ran nmap and the only service running is Bonjour. Which has no current vulnerabilities right now.

I win. GTFO.

Quit avoiding my questions, answer them... apk

Are you telling us that a javascript exploit via a webbrowser in its default launch configuration is "immune" to javascript exploits on MacOS X? Alternately, what about scriptable documents, such as Adobe Reader can do (iirc, even on MacOS X it can & this too, has been exploited both locally AND remotely)?

Answer THAT, please...

(LOL! Man, rhia ought to be about as good as your saying "MacOS X has NEVER BEEN PATCHED" & now? You have to admit it has been... lmao!)

AND?

Yes, you ARE displaying arrogance - nearly the entire time here, in making it seem as if MacOS X & other *NIX's are "impenetrable" & without flaws seeminly!

(Arrogance, as well as hubris, because when I started this I only showed you in error about Netbios/LanMan networking being EASILY secured by users via cutting off a single server, the SERVER service, which you didn't like & then started tossing profanities & other silly 'putdowns' my way like a frustrated child would).

----

"A single Java flaw that took months to patch with no actual threat in the wild" - by RyuuzakiTetsuya (195424) on Wednesday June 17, @02:33PM (#28364331)

Again, simple: As I have said earlier here repeatedly? Your OS & other *NIX's are hidden by "security by obscurity"...

I.E.-> Not enough folks use it, to make it worthwhile for hacker/cracker types to target (certainly NOT by comparison to the market share of Windows, which dwarves all of *NIX-dom combined in fact, & certainly on the most used hardware platform there is, in x86) for it to be a target of malware makers/hacker-cracker types... AND? I am not the only person who holds that view either - take a read:

http://www.totaltele.com/view.aspx?ID=446406&Page=0

(In regard to the slashdot article entitled "The next Ad you click may be a virus", it is its source, here, from yesterday -> http://it.slashdot.org/article.pl?sid=09/06/15/2056219 )

----

"Hackers are like any other criminal out there. They look for opportunities where there is the largest number of people gathered, because they will get the best return on their efforts," says Hemanshu Nigam, who oversees safety, security and privacy for News Corp.'s online properties, including MySpace. News Corp. also owns Dow Jones, publisher of The Wall Street Journal"

----

AND? Most folks are "gathered" on Windows usage, worldwide, period

So - IF the "year of the (insert *NIX variant here) desktop" ever happens (hasn't yet, though I have been hearing THAT diatribe propoganda for nearly 15 yrs. now & it never happens)?

Then, you'll see THAT *NIX get "hit" just as much as Windows does (perhaps more, because of the arrogance of people like yourself that think you need no protective measures online (funny though, that even *NIX servers ride behind firewalls don't they?))...

That all "said & aside", by someone other than myself no less who was quoted in said article?

Heh, my man, face it: You don't possess the intellect to get the better of me, nor the information necessary either... plus, as you can see? Others, who are pros in this field like myself, agree with my viewpoint also!

----

"GTFO." by RyuuzakiTetsuya (195424) on Wednesday June 17, @02:33PM (#28364331)

LOL, grow up, & get this simple point thru your head, ok? You do NOT own this website, nor are you even a modeator here... so ordering me around? LOL, waste of time, you don't have the clout for it (or the ability to 'get the better of me', period) & anyone is free to read this exchange & see the numerous errors you made throughout it, vs. the points & evidences I put out vs. your "straight outta pravda" propoganda.

When you learn to THINK FOR YOURSELF one day, hopefully? You'll choose your words, & opponents, more car

Re:Quit avoiding my questions, answer them... apk

[RyuuzakiTetsuya]

LOL, grow up, & get this simple point thru your head, ok? You do NOT own this website, nor are you even a modeator here... so ordering me around? LOL, waste of time, you don't have the clout for it (or the ability to 'get the better of me', period) & anyone is free to read this exchange & see the numerous errors you made throughout it, vs. the points & evidences I put out vs. your "straight outta pravda" propoganda.

Still doesn't mean I can't tell you to get the fuck off the internet.

When you learn to THINK FOR YOURSELF one day, hopefully? You'll choose your words, & opponents, more carefully (because anyone here reading can see your "foaming @ the mouth raging frothing replies" replete with profanities doubtless out of frustration from making SO MANY ERRORS here? They will decide for themselves as to "who won" here (& I can assure you, it is NOT yourself, based on your 'performance', or rather, lack thereof)).

Being a dedicated Windows user for about 10 to 15 years has gotten me to really think for myself.

I thought, "Maybe I want a machine that isn't going to die just from browsing the web." Then I got a Mac.

By the way? WHY are you avoiding my questions now

Because you're an idiot. It's something I can't stress to you enough. Stop flogging WIndows. It's not secure. It's garbage.

Once more - Quit avoiding my questions... apk

Answer the questions, quit avoiding them (they're bolded, not quoted, & end in question marks - ok? That ought to be simple enough for the likes of yourself):

Are you telling us that a javascript exploit via a webbrowser in its default launch configuration is "immune" to javascript exploits on MacOS X? Alternately, what about scriptable documents, such as Adobe Reader can do (iirc, even on MacOS X it can & this too, has been exploited both locally AND remotely)?

Answer THAT, please...

(LOL! Man, rhia ought to be about as good as your saying "MacOS X has NEVER BEEN PATCHED" & now? You have to admit it has been, after the JAVA patch Apple FINALLY issued yesterday clearly illustrated for us all to see (to see that you are nothing more than a zealot who cannot see reason, or that you are ignorant)... lmao!)

----

"A single Java flaw that took months to patch with no actual threat in the wild" - by RyuuzakiTetsuya (195424) on Wednesday June 17, @02:33PM (#28364331)

Again, simple: As I have said earlier here repeatedly - Your OS & other *NIX's are hidden by "security by obscurity"... & I am NOT the only pro in this field that holds that viewpoint, see the quote below:

I.E.-> Not enough folks use it, to make it worthwhile for hacker/cracker types to target (certainly NOT by comparison to the market share of Windows, which dwarves all of *NIX-dom combined in fact, & certainly on the most used hardware platform there is, in x86) for it to be a target of malware makers/hacker-cracker types... AND? I am not the only person who holds that view either - take a read:

http://www.totaltele.com/view.aspx?ID=446406&Page=0

(In regard to the slashdot article entitled "The next Ad you click may be a virus", it is its source, here, from yesterday -> http://it.slashdot.org/article.pl?sid=09/06/15/2056219 )

----

"Hackers are like any other criminal out there. They look for opportunities where there is the largest number of people gathered, because they will get the best return on their efforts," says Hemanshu Nigam, who oversees safety, security and privacy for News Corp.'s online properties, including MySpace. News Corp. also owns Dow Jones, publisher of The Wall Street Journal"

----

AND? Most folks are "gathered" on Windows usage, worldwide, period!

So - IF the "year of the (insert *NIX variant here) desktop" ever happens (hasn't yet, though I have been hearing THAT diatribe propoganda for nearly 15 yrs. now & it never happens)?

Then, you'll see THAT *NIX get "hit" just as much as Windows does (perhaps more, because of the arrogance of people like yourself that think you need no protective measures online (funny though, that even *NIX servers ride behind firewalls don't they?))...

That all "said & aside", by someone other than myself no less who was quoted in said article? This is a reply to your obvious lack of know-how in your reply:

"Being a dedicated Windows user for about 10 to 15 years has gotten me to really think for myself. I thought, "Maybe I want a machine that isn't going to die just from browsing the web." Then I got a Mac. - by RyuuzakiTetsuya (195424) on Wednesday June 17, @04:02PM (#28365501)

You "thought"? That's a first... AND?? You didn't "think" enough... others who used what my guide entails in its points think, and SEE, quite differently:

Again -> http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

----

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing o

All you do is call others names RyuuzakiTetsuya

It seems all you do is call others names, and avoid technical questions in areas when you are shown as incorrect in them RyuuzakiTetsuya. You said that Apple Mac OS X has not ever been patched and even I know that is not the truth. You also said that the rpc error was worse than it is and when apk showed you that wasn't the truth and easily fixed you began your name tossing tirade which is not a good showing here at all. You also are not a moderator here nor this website's owner so who are you to tell anyone to get out of here or off of the internet. You have not accomplished anything worth noting in this science and apk only asked if you had when you asked who he was and he showed you a list of things he had that would identify who he is. You said you won this debate and I for one will tell you that when you stoop so low as to call others rude names and make insults their way, shameful ones as you did mind you? You have far from won, especially when you start avoiding questions put your way. I read this entire debate, and RyuuzakiTetsuya you lost badly. Try not to lose your temper and begin the name calling and instead of ignoring questions answer them instead or just admit you are incorrect. APK was correct that in order to fix the single known vulnerability in Mac OS X that you would have to do what is in his guide in part and that is to limit access rights to things in a pc such as the filesystem or networking shares. You refuse to admit this and called apk and idiot and the way he maneuvered you into that is not the mark of an idiot. He got the better of you due to your own failures. Better luck next time.

Re:All you do is call others names RyuuzakiTetsuya

[RyuuzakiTetsuya]

Clearly you're illiterate.

I said that "Yes, it occurs, but never has OSX been patched."

Wait, that's what you claim I said, what I actually said was:

"Yes, it occurs, but never has OSX been patched so copy and paste is no longer an infection vector. Or Autorun. Or..."

If you quote that entire statement I meant to say that there's never been a patch released for OSX to remove an infection vector that is caused by a basic OS function like copy and paste. This makes you, an asshole. A huge one at that.

Here's the put up and shut up moment I gave the other asshole.

Put up a page that I can get to that has some sort of browser hijack that can get you to read a file on my ~/Desktop directory that's chowned root:root. We'll work the details out later over email or something, but, put up or shut up.

Own my box or go the fuck home and stop bothering people.

Calling others idiots and avoiding question win

[MEK_LoveBug]

RyuuzakiTetsuya calling a guy an idiot who asked you questions you refuse to answer is not a win by any stretch of the imagination. I read this entire exchange between yourself and apk (I often read his posts and have modded he up before because of the value of their content) and you telling he you have won while you are lowered to name calling and avoiding questions he asked is no win. He only noted that your stating that the netbios shares hassle you initially noted was an easy fix and it is. Stopping the server service does that to all file and disk shares with ease. You began calling he names and had to admit that the Operating System you suggested with the "F" word rather rudely has flaws and yet you suggested it to others. When apk cornered you into admitting this and asking you how you would fix it, I think the reason you will not answer is because it will indeed illustrate that to really secure an OS, even one like MacOSX, you need to do things like apk notes in his statement about his guide for securing windows, such as limiting access rights and file shares. You said you won? I don't think so. Not when you are stooping so low as to avoid questions and avoid answering them, making as many mistakes as you have, and last of all but not least of all, having to call others names. You lost RyuuzakiTetsuya, face it.

Re:Calling others idiots and avoiding question win

[RyuuzakiTetsuya]

Fuck you.

Seriously. Fuck you.

Thomas Jefferson is often quoted with, "Ridicule is he only weapon which can be used against unintelligible propositions. Ideas must be distinct before reason can act upon them."

That is a way more valuable quote than it should be. It's almost my motto.

You follow him around, and mod him up.

I'd say that invalidates everything that he's been hyping about his own scores. Why isn't anyone else coming to his defense? It's because he's spouting largely bullshit non-sense.

Is OSX Flawed? Sure. Will running with a firewall or antivirus not completely trash my OS? No. Windows does not have that feature. It's a handy feature I like. Browser hijacks? Possible, but not likely. Nor is it any concern to me. it's an acceptable risk because quite frankly, Firefox is a difficult browser to hijack. Break, sure, that's one thing, but completely hijack it and do funny things to it? That's another story all together.

This is the put up or shut up moment. Put up a page i can go to, and I'll put a file on my desktop. It'll be chowned to root:root and if you can read it, I'll concede defeat.

Re:Once more - Quit avoiding my questions... apk

[RyuuzakiTetsuya]

Blahblahblah.

Users shouldn't have to follow guides to make their computer secure. this is like saying, "Your car could explode at any moment, but if you listen to Car Talk, and follow their advice you'll be fine." Not that I don't like Car Talk, but I think it's abusive for an OS vendor to require this level of user diligence for a consumer OS.

As I told the other two assholes.

Put up or shut up.

Put up a page that can read the contents of a file on my desktop owned to root that isn't readable by everyone and it'sg roup is set to root. Do that, and i'll shut up and buy a Dell and follow your faggoty little guides to lock it down.

or if you can't, go the fuck home and stop bothering random slashdotters. You commented to me, and if I don't stop you no one will.

Re:Once more - Quit avoiding my questions... apk

[RyuuzakiTetsuya]

Did I just fail the turing test?

More name calling? Ok, some for you then

[MEK_LoveBug]

No I wouldn't 'f' you, sorry to disappoint you on that note. As you said Mr. Thomas Jefferson said ridicule is the way? Then I am telling you that you are an object of ridicule in avoiding answering a question of what you would do to stop the single known (mind you, known, there will be more and there always is, security vulnerabilities in Operating Systems and there will be for years I think) error in Mac OS X. You would have to do more than what you stated was your security guide, and more like what the ac APK stated he has shown other Windows users how to do, like me. It works, and not only does the user thronka from xtremepccentral say it works, I am also. I have not been infected by anything since I applied it and am heading on a year without problems. In fact, the only way to secure Mac OS X versus its single known issue is to limit access rights to files, folders, and disks per the recommendations from secunia.com that were posted here. You avoid answering this out of what the ac APK stated, your own hubris. All you have left now is name tossing, and since you like ridicule? I am going to give you some: Quit crying baby boy, you have lost and badly due to your mistakes as well as your arrogance (suggesting an OS that has been attacked more than your opponent's version was doesn't sound like good advice to myself, and the rest of your mistakes did the rest). As you said, Good Day Sir (except you don't rate sir, since you toss names around like a trash mouthed scum).

Look at RyuuzakiTetsuya foaming at the mouth

Truth be told, I read the secunia.com article on it and the ac apk was correct. You would have to do what he does on Windows per his guide's statements (damned good guide, I have yet to see one that comprehensive, even from nist or even Microsoft and from what the testimonials online where it was posted (I searched "HOW TO SECURE Windows 2000") a great deal of those that used it said the same as the guy named Thronka did whom the ac apk used as a quoted happy user of it). You were also asked if a javascript exploit on a default setup web browsing program (in other words, minus noscript or adblock and the like) would be vulnerable to attacks that have been known to occur. You stated it was an 'acceptable risk'? There are no 'acceptable risks' in my opinion. The same thing was asked of you about Adobe Acrobat Reader and its ability to use scripted documents which have been rampantly exploited lately. This could happen on Mac OS X also. You call me an asshole. I won't stoop to your level. Idiots drag you down to their level, and beat you with experience. I won't allow you that luxury. What I do see in you, is avoiding answering what you would do to stop the single known problem in Mac OS X and yea, name calling and foaming at the mouth raging replies. You have far from won, due to your avoiding simple questions and calling not only the ac apk names, but now myself and others. The funniest part was when you said "I am pretty sure nobody here buys your garbage" but when the ac apk put up around 100 mod ups, that shut you up, quite quickly. You are hilariously off base, and I suspect mentally unstable or you were raised wrong and spoiled. You cannot handle losing but you did lose and that is no one's fault but your own, sorry to say. Grow up, quit tossing the names. You bought an Apple computer, you probably spent around (guessing) $2000 - $3000 U.S. Dollars or so for a nice one, and you could have stayed on Windows and secured it in two hours time instead and spent the money more wisely. Dumb move. Still, nobody said you were smart here or ever as far as when you were asked if you had accomplished anything good in this science either so, that ridicule of mine directed your way, minus profanities as you use? Stands. You're quite stupid for spending that much money and on an Operating System that's still got security holes, and will see more in the future, when all it would have taken is 1 hour of time and reading a guide like ac apk put out and you would have been fine and had a few grand left to you. Now you are only showing me you are both penny foolish and pound foolish is what. Why don't you take your own advice and leave the internet, before you damage your own reputation some more, because you certainly have here on this website.

Have you considered decaf?

[MEK_LoveBug]

"You're an idiot. thankfully i've got insomnia and willing to go point to point here" - by RyuuzakiTetsuya (195424) Alter Relationship on Tuesday June 16, @07:44AM (#28346135)

No small wonder why. Have you considered decaf? After all your swearing you ought to.

"Did I just fail the turing test?" - by RyuuzakiTetsuya (195424) Alter Relationship on Thursday June 18, @10:35PM (#28384623)

You failed the cool calm collected sanity test as far as I am concerned. You are hereforth banned from the coffee pot, haha. You said ridicule was Thomas Jefferson? Guess what, I am ridiculing you, for you calling me names. You were shown as stupid here by stating that netbios lanmanager holes are a big problem in Windows and the ac APK only showed you how to shut those off with a click or two by a user and you went off on a tirade of swearing the likes I have rarely seen online. Like any spoiled brat, you got a spanking from the ac apk who kept his cool and when you are asked how you would secure the single known security problem in your operating system of choice in Mac OS X, you refuse to answer it, and I know why. It will show your security guide suggestions are not enough and that you would have to do as the ac APK recommends in his guides, of which his initial suggestion of stopping the server service is a single part. His guide layers on others, which is the recommended trend in the pc and server security industry. It's called layered security. Look it up, because if you think other holes in Mac OS X will not come up, you are sorely mistaken. Do lay off the caffeine as well. It's that, or see a psychoanalyst. You need it. Good day, last I have to say to a trash mouth like yourself.

CHROOT JAILBREAK, & why MacOS X sec. guides?

"Users shouldn't have to follow guides to make their computer secure." - by RyuuzakiTetsuya (195424) on Thursday June 18, @10:29PM (#28384585)

Maybe they shouldn't, but the sad fact is, they do. Especially those most attacked currently, in Windows users. It's almost like you're telling me I am doing "the wrong thing" helping them on this note!

Hey, imo @ least? Well - you're abusing them worse in YOUR suggestion in fact by telling others "BUY A F'ING MAC"... how much did you spend on it? Let me guess, since they are very GROSSLY overpriced: $3,000?

You could have spent your monies more wisely, & time, by simply securing Windows properly... apparently you are not as solid @ computers as your ego thinks, since you abandoned a perfectly good working platform that has no less, kept NASDAQ running 24x7 into the "fabled '5-9's'" of uptime, for 1/2 a decade++ even (& if anyone would be attacked, it's NASDAQ - the info. they have, would be a hacker/crackr's DREAM to pilfer (instant millions possible probably) but, you do not see reports of they being hacked/cracked either!)

1.5 hours of your time, would break down to $1,500 an hour (if you spent 3g's on a high end Mac)... think about THAT!

AND?

SO - On that note then also, if MacOS X is so secure, as you say, and needs no more than YOU suggested? THEN, WHY do these guides for securing MacOS X exist, then?

http://www.google.com/search?hl=en&ei=3RE7Sou9OZmqtgfdtZUM&sa=X&oi=spell&resnum=1&ct=result&cd=1&q=%22HOW+TO+SECURE+Mac+OS+X%22&spell=1

Seems to be a LOT of them, for a "truly secure OS", now, isn't there?

As well as the existence of a written security guide for MacOS X users (sorry, again, not automated by CIS Tool though strangely? Other BSD's DO have CIS Tool automated ones) from the makers of CIS Tool, the Center for Internet Security, existing...??

(Explain that please!)

The guides I read also seemed to go into a HELL of a lot more than your 'guide' earlier, mind you (& are close to what I suggested for Windows folks on many points in fact, like SECUNIA.COM recommended for the single KNOWN (mind you, KNOWN, more will come up, they always do in ALL OS') MacOS X security exploit)...

----

"I think it's abusive for an OS vendor to require this level of user diligence for a consumer OS." - by RyuuzakiTetsuya (195424) on Thursday June 18, @10:29PM (#28384585)

Agreed, & I NEVER ONCE disagreed, can you show me where I did?

AND, yet?

You called me a "SHILL" (amongst other choice names, as I see you doing to others now, "winning friends & influencing people" (not)) & yet, I posted a link @ Microsoft itself, to their director of Windows development no less, of where I AM CRITICIZING THEM DIRECTLY!

You SURE you're not like, Steve Jobs, or some majority Apple Shareholder?? LOL... "inquiring minds want to know"...

(I only was out to show users how to stop the REAL abusiveness).

Now - what IS, truly, "ABUSIVE" is malware makers + hacker/cracker types, but, I take lemons & make lemonade: Like I said earlier? In a strange way, they are doing us all a favor (I noted it with sarcasm earlier, and do so now on this note) - they expose the holes, so OS & software makers can patch them (it's not just security researchers that do so mind you).

----

"As I told the other two assholes." - by RyuuzakiTetsuya (195424) on Thursday June 18, @10:29PM (#28384585)

Whew... My man, seriously: You've GOT to "lay off" on the name tossing - it's not making you change others' minds, first of all, & like I said before? IT MAKES YOU LOOK BAD! I didn't notice them, until I took a peek around this th

Re:CHROOT JAILBREAK, & why MacOS X sec. guides

[RyuuzakiTetsuya]

Fuck you.

it's not cracking or breaking if someone tells you in a public forum to do something and you do it. I know there are dozens of various browser cracking techniques that go across various browser platforms. From IE to Firefox to Webkit based browsers or even Opera. The challenge is I have for you is put up some sort of proof of concept. Prove in some sort of live environment that connecting with a Mac or *NIX machine is inherently as unsafe as Windows. Particularly when that machine has little to no outside listening services. You can sit here and link to me all the technical documents you want, the thing i"m asking you to do is *prove* it. *do* it.

I'm not claiming OS X is anyway invincible, but, what I am saying is that when you consider the typical system usage, OSX, *NIX, BSD, etc. all employ sane enough and safe enough security considerations for the average user and that by telling a user that if they don't follow your guides that you're going to risk your entire machine is pretty bogus. If the OS wasn't shit in the first place, then you wouldn't need to fill in the gaps. The browser's always a security risk, but I'm willing to bet that breaking any given Mac/*NIX browser is going to be more difficult than Windows and IE, or even Windows and Firefox/Opera/Webkit Browser Goes Here, because of how lax security is, even in Vista, even in Seven.

Chroot Jail Break's possible, & MacOS X Sec. G

"Fuck you." - by RyuuzakiTetsuya (195424) on Friday June 19, @02:16AM (#28385949)

There you go again: When out-thought, you resort to profanity (again, proving my point about you, once more)... predictable!

Face it: All anyone would have to do, is have something along the lines of the code noted (and a bit more to "mess you up", be it blowing some critical file that your system needs to scanning your system & sending back some sort of sought after info. to they) that uses a CHROOT JAILBREAK & bang: It'd do the job... so, again - so much for "your methods of security"... & again, YOU KNOW IT.

----

"The challenge is I have for you is put up some sort of proof of concept" - by RyuuzakiTetsuya (195424) on Friday June 19, @02:16AM (#28385949)

I did: A CHROOT JAIL BREAK is entirely possible & more than just proof of concept, they actually exist!

Ok, here you are, for more evidence thereof -> http://www.google.com/search?hl=en&q=%22Chroot+Jailbreak%22&btnG=Google+Search and here too -> http://www.google.com/search?hl=en&ei=a2c7So6NH4OMtgeF8-n7Dw&sa=X&oi=spell&resnum=1&ct=result&cd=1&q=%22Chroot+Jail+Break%22&spell=1

(PLENTY OF IT EXISTS)

----

"I'm not claiming OS X is anyway invincible, but, what I am saying is that when you consider the typical system usage, OSX, *NIX, BSD, etc. all employ sane enough and safe enough security considerations for the average user and that by telling a user that if they don't follow your guides that you're going to risk your entire machine is pretty bogus. If the OS wasn't shit in the first place, then you wouldn't need to fill in the gaps" - by RyuuzakiTetsuya (195424) on Friday June 19, @02:16AM (#28385949)

The results on malware infestations show QUITE otherwise due to trojans ( and yes, I spent a year fixing what level I & II techs could not a couple years back as part of my job duties, when they failed to do so) says otherwise... & for they? Fighting malware infestations were a GOOD 95% of their days! So, so much for YOUR statements.

I've actually BEEN THERE & DONE IT, professionally. It's part of what made me write up the guide I did for Windows folks, the most used OS there is, & thus the most victimzed because it's the most used, on the most used hardware platform for PC users, in x86... period (& I even put up quotes of other pros in this field agreeing with me)...

-----

"If the OS wasn't shit in the first place, then you wouldn't need to fill in the gaps" - by RyuuzakiTetsuya (195424) on Friday June 19, @02:16AM (#28385949)

That "sheet" as you call it, keeps NASDAQ up & running 24x7, 365 days a year, into the "fabled '5-9's'" of uptime... so much for YOUR opinion (and skills, since you abandoned it, because you did not have the know-how on how to secure it properly)...

Again also: Then, WHY ARE THEIR MacOS X SECURITY GUIDES (from Apple no less, like this one -> http://www.cyberciti.biz/tips/securing-hardening-macintosh-computer-system.html ) that exist for the Apple MacOS X, that are an AWFUL LOT LIKE MINE THEN on MANY POINTS?

Answer that... along with how you'd secure MacOS X vs. the single KNOWN exploit that still exists for it??

(Perhaps because you'd then have to admit that the methods I extoll also extend to YOUR OS PLATFORM OF CHOICE? The one you overspent on, when you could have saved a lot of money by just spending 1-2 hours of time securing Windows, which you us

You spent $3000 on a Mac and didn't have to haha

[MEK_LoveBug]

You're just stupid and I have had it being civil with you after you called me an a hole. Your so stupid because you could have spent an hour or two securing Windows properly, indicating you are no computer genius because you admitted you could not and instead jumped to Macs instead, giving up, like incompetent quitters do and often find they made mistakes when the going got tough and they got going to worse things still. So instead of spending $3,000 or more on a Mac as you did that isn't as secure as you seemed to say it was in suggesting it to others, since more errors in it (971) are present in its current model or were, versus Windows Server 2003 (234) from secunia.com data, that you now look the fool. Yes, you are a fool, and you're now being forced to admit Mac OS X is not totally secure and impenetrable as you would like others to think it is so you can feel good about being a stupid sheep that bought into the bull that nix people spout here and elsewhere online, but nobody buys into your garbage literally. You stated nobody buys into apk's words and he produced around 100 mod ups here as an ac to prove you wrong. You asked who he was and he showed 10 examples of he being not only internationally published and in some very reputable publications in this science, but that he also has commercial code to his credit and some decent noting in the shareware or freeware world also. Now that apk has not only demonstrated your suggestions for truly securing a Mac OS X based system are incomplete per guides from Apple Computer themselves no less which seem a great deal like apk's were (actually not as complete on the comparable levels involved such as hosts file usage for example) but that when he points out in order to secure Mac OS X against its single unpatched known security flaw that you would have to exercise suggestions that he uses and I now do as well and am going on a year of uninfected uptime on a Windows system. He pointed out that browser flaws exist and could affect Mac OS X web browsers also and especially in their default configuration. You then laughingly changed the rules to using chroot, and when apk pointed out that 'chroot jail breaks' exist, you did your usual pitching a fit and frothing profanity strewn replies. You are also what you accused he of, being non-sequitur, and you are the one changing stances here constantly (just as you did when you said running antivirus and antispyware in your first reply here was good things to do and later said they were only 'gold plating', switching horses in midstream like you did from Windows and stupidly spent monies on an Operating System that has less software for it for less purposes such as gaming one of the largest software markets in existence than Windows does. This makes you a fool and is probably the reason you are swearing here so much, you are a fool and you know it). You lose RyuuzakiTetsuya. You are a loser who basically lost $3,000 stupidly also when all you had to do was follow guides for securing windows. No wonder you are a nobody in this science. Nobody buys into your garbage is more like it, or your Mac OS X (or isn't the nix lack of market and mindshare out there today in the pc world not an indication of that?) Why don't you take your own advice and 'gtfo', loser?

You were asked to prove something first and didn't

Why would an fairly well noted software programmer like apk risk his standing on you setting him up for a legal problem when it is widely known that chroot jail breaking exists and works and stupid you not only suggested using chroot, which is breakable, but you also refuse to answer why guides for Mac OS X exist that far exceed your shoddy recommendations and the funny part? Those guides are from Apple themselves and I downloaded them after apk put up a link to them and they are very similar to apk's advisements for Windows users which you are defintely as it was stated 'loathe to admit'. You are no expert in the arena of computing and it certainly shows. You are nobody to listen to on this topic and you were proven so right off the bat by apk's reply which got you foaming at the mouth you little spoiled brat. By no stretch of the imagination are you intelligent, much less an expert in computing on the topic here, and your foaming at the mouth profane replies show us all this clearly. Since you demand proofs, though apk put up a lot of those for you from respectable sources, now instead, why don't you prove what you were asked nicely to here http://it.slashdot.org/comments.pl?sid=1267281&cid=28351919 by the ac apk instead, after you asked he who he is and he replied with some impressive data, showing he had actually doe some things that did well, inclusive of Microsoft Tech Ed 2 times in a row for commercial code he has written for a server ware maker. All you have done that was noted well by others in this field of computers?? It doesn't exist. You can't produce it is why and you are a loser RyuuzakiTetsuya that has made so many mistakes here it's astounding. You lose here and quite badly on all accounts noted RyuuzakiTetsuya. All the proofs shown from those sources and other pros in this area notwithstanding and you said apk won't listen to others? He concedes Microsoft is doing things wrong and you called him a shill. He directly critiques them as well as he helping Microsoft Windows users stay safer online. You by comparison have nothing to show for yourself. You lost badly and all you have is calling anyone that disagrees with you or proves you wrong assholes and worse. You've done nothing in computers that anyone has noted and you said you won here? The only thing you have won is a duncecap for spending large sums of money on a Mac that is grossly overpriced, doesn't run as much software as Windows does and also bears more security vulnerabilities in it than Windows Server does which is what apk uses. You try to invalidate valid sources on top of it such as secunia.com and quoted pros in this field that stated the same thing apk did which is that nix systems on pc's are less assaulted because nobody uses them by comparison to the numbers of people that use windows. You are a loser and a dumb one at that for spending money that probably set your family back a lot of nice things or meals and this is probably why you are swearing up a storm. Inside you know you are the asshole and stupid and it is showing by the names you throw at others (which was a solid point though off topic in a way that apk made to you in one of his posts in that you give away your own inadequacies and internal problems in the names you toss at others). Tell you what loser, go rob a bank. Don't just show me evidences in newspapers or online that it happens, just do it because I am telling you to. Why won't you do that? Maybe because it is breaking the law which is what you are asking apk to do, and if you clicked on code like what is shown to bust out of another of your erroneous suggestions on a webpage that has chroot jail break code in it, that you would be pwned by it. You lose loser and I am having a ball laughing at you as are others at this point. Nothing like laughing at a fool and a fool and his money are soon parted. Just like the 3g's you spent on that Mac (how many meals did you set your family back on doing that fool move I must ask?)

"cuz someone says to do it on a forums" been there

"it's not cracking or breaking if someone tells you in a public forum to do something and you do it." - by RyuuzakiTetsuya (195424) on Friday June 19, @02:16AM (#28385949)

Man, you are way, Way, WAY "off-base" on that one... how do I know? Been there, done that, & QUITE unintentionally in fact!

A REAL E.G.-> Years ago, on NTCompatible.com's forums, a user asked me to write up an app that launched OLD Apache webservers for he, albeit invisibly (like a service is, sort of) because according to he? The old model he used kept its interface screens up as a std. app does.

So, I did so, took me only minutes (easy app to write, as Shells/Spawns & various languages' calls for executing apps usually ALL have parameters for this things like invisible launches of said apps (cheesy, but worked as he saw fit))...

Then, years later, around 2004 (Iirc, I wrote it in 2001 or so)?

WELL - Guess what??

Well - I find it was put up on Computer Associates' website as a "malware" & listed using my MIDDLE NAME first, instead of my real first name & I tracked the freak down who reported it as well!

(Yes, even though it is listed with ZERO 'threat levels' & is like ping or a gun, depending on the parameters or app loaded into it? I can be 'deadly' but that is the user doing it, NOT I!)

STILL? Well, imo definitely, this ended up harming me, + it does others like myself also (Dr. Mark Russinovich but now that he's @ MS, less of it happens to he or MS' attorneys would probably crush the life out of even CA or others like they), Nir Sofer of Nirsoft, + more & this crap (false positives)?

Hey - it REALLY PISSED ME OFF! Think YOU'RE UPSET HERE? You have NO idea...

See, that was because I went thru their entire "formal review process" questionnaire to have it removed, 21 questions, & NONE OF WHICH THAT APP OF MINE EVEN VIOLATES mind you, not even 1 single point!

Yet - My app's still there, more than 1 yr. later & still listed ss possible malware "tool" (not strictly a malware, but an app that can be used for that type of activity & I wrote it in good faith to help a forums person was all, he didn't have the ability or tools to code it for himself & I try to help others, when possible (karma & all that)).

SO - Despite my talking to Mr. Greg Jensen @ CA, head of their antimalware suite, about it... & attorneys as well? My app's still there listed thus.

All/each of them, to myself, had recommended that, first. Go thru their FORMAL "removal process"... Well, so I did!

(I am still waiting for it, 1++ yrs. later now no less, to be pulled from their lists (all others, except the one who "said I wrote a malware" to CA, whom I tracked down no less? ALL, removed it 8 in total, only CA & 1 other schmuck remain... I'll "win" in the end, but the effort's a pain - NirSoft's programmer, NIR SOFER, & I had a huge discussion about this VERY RECENTLY & he has had the same happen to he, he & I approached /. about it, no dice, they won't do an article, & neither will most mags so he did a blog on it, but did not mention me, but did Mr. Russinovich (as antivirus companies & the like pay for their ads & thus, a large part of their revenues)))

Ask Nir Sofer of NIRSOFT (good man, he'll tell you ALL about it in fact)...

So, NO THANK YOU, as to your 'request', because just MY luck? Someone besides you will click on it, & we'll both be in deep sheet!

APK

P.S.=> Also, what would happen if, say I DID actually create such a page, that has a "download this super-duper antivirus program that fixes all etc. et al" (like many malware fake antivirus/antispywares do) & somebody here stumbles on it as you go to use it as a "test" as you say, & they got screwed by it as well? We'd BOTH probably end up in the shitter & in trouble - no, I think things thru before I do them, especially things like this plus especially nowaday

Good point apk sorry you & Nirsoft went thru i

[MEK_LoveBug]

I read about exactly what you stated regarding Nir Sofer of Nirsoft going through the very thing you mentioned and he is apparently the many time victim of these antivirus or antispyware false positives per his blog noting it here Sunday, May 17, 2009 Antivirus companies cause a big headache to small developers http://www.nirsoft.net/blog/2009/05/antivirus-companies-cause-big-headache.html and I don't blame you for not 'taking this challenge' because it sounds like more of a setup to me too. Considering this type of thing caused you some pain before when you meant well writing an app for somebody that later was turned in as a malware/greyware? I especially moreso do not blame you for it. I saw this happen to Dr. Russinovich's psexec iirc too. Of course, you know this idiot RyuuzakiTetsuya you are being too nice too imho will give you guff about it, but he is a nobody who is reduced to name calling at this point of this debate anyways and he's made so many mistakes it is not even amusing anymore. Considering me called me names like a hole and such also he is nothing more than a spoiled little child you outfoxed and out thought at every turn by this point. I will try to ignore him but it is too hard to resist to not do so after he has been so rude to myself, yourself, and others also.

Re:"cuz someone says to do it on a forums" been th

[RyuuzakiTetsuya]

Have you ever considered not posting unreadable walls of text?

Have you considered "Hooked on Phonics"?

"Have you ever considered not posting unreadable walls of text?" - by RyuuzakiTetsuya (195424) on Friday June 19, @05:07PM (#28395785)

Well - It surely seems that others understand me just fine, per the 100 or so "upward mods" I received here -> http://news.slashdot.org/comments.pl?sid=1229289&cid=27933241

So, as you have already seen? That puny "line of b.s." doesn't hold much water, vs. THAT much evidence to the contrary, now does it?

(Yes, & even when I do a LOT of content, it seems folks do understand my posts & yes, appreciate them to the point of mod ups)

On that last post? Hey - I just had a lot to tell is all, especially about False Positives & "taking users requests on forums" + it NOT being "OK" (despite what you say - I have had it end in absolutely total b.s. is why (see my last post, & so have others like Nir Sofer from NirSoft &/or Dr. Mark Russinovich of Microsoft, & many others)...

SO, that all "said & aside"?

Have you considered taking your ADHD/ADD or Dyslexia treatments more regularly, or perhaps "hooked on phonics"?

(Two can play THAT game)

APK

P.S.=> Now, again - ANYONE is free to read this exchange from my 1st post in response to yours here -> http://it.slashdot.org/comments.pl?sid=1267281&cid=28335781 And, onwards/downwards from there, & judge for themselves, "what is what" here (IF they can stand all your profanity & such that is)... ok?

Re:Have you considered "Hooked on Phonics"?

[RyuuzakiTetsuya]

It surely seems that others understand me just fine, per the 100 or so "upward mods" I received here ->

Had you understood what a fallacy is, we wouldn't be having this conversation. Just because you were modded up doesn't mean that people agree with you or even understand you. Looking at your list of posts, it seems like you randomly pick fights and expect your friends to come by and mod you up. Unfortunately, there's no real way to determine why someone gave you +5 or +4. Clearly meta-moderation isn't working.

I'll explain this to you simply and i'll type slowly so you can understand this.

Those 4 posts where you got +5? 1 was a milquetoast post about graphics cards and the rest were misinformed IT rantings that everyone jumped on you about, one of which isn't +5 anymore, it's +2.

(Looking at your list of +4s, clearly I'm not the first one who's tangled with you.)

Why don't you just have a normal slashdot account where people can track your comment history so they can see that you're making more noise than signal? The last time I heard SNR this bad was when I used to listen to AM radio from several states away.

Or are you afraid of registering because you can't get banned as an A/C permanently? Looks like even Ars Technica got fed up with your shit and banned you. Are you sure you're not autistic? You keep ignoring the things people tell you, you're stubborn and you act like a child, oh yeah and you claim to be a computer programmer(I KID! I KID!). The signs are there.

If U can't understand me, how could we converse?

"Had you understood what a fallacy is, we wouldn't be having this conversation" - by RyuuzakiTetsuya (195424) on
Saturday June 20, @01:05AM (#28399371)

How could we even HAVE a conversation, if YOU couldn't understand me?

(Your b.s. has just been disposed of, with ease, in that very statement of mine in response to yours... so much for THAT)

AND, there is the fact that around 100 people modded me up here also -> http://news.slashdot.org/comments.pl?sid=1229289&cid=27933241 that show others clearly do understand my comments! You may not like it, but the fact stands, I was modded up for good reasons (unlike yours here which my first post disproved right away & my continued posts got you "frothing @ the mouth" because that was all you had vs. their facts, lol!)

Many of my posts are, yes, very lengthy... but, they are also very detailed on the subject @ hand many times!

(Unlike you going 'off topic' as you had to after your making so many mistakes in this exchange it isn't funny anymore as well as your use of profanity (like your suggesting the use of chroot, breaking a constraint I had no less of using a browser in its default launch & setup online, where I showed you about "chroot jail breaks" even making THAT statement of yours null & void, as well as an ineffective measure for security online)

"Why don't you just have a normal slashdot account where people can track your comment history" - by RyuuzakiTetsuya (195424) on Saturday June 20, @01:05AM (#28399371)

You said it: Any registered user here is TOO easily tracked, for "trolling purposes"... simple! I avoid it the easiest way possible or make it harder on trolls to do is all by posting as A/C... again, simple, & it works.

"Those 4 posts where you got +5?" - by RyuuzakiTetsuya (195424) on Saturday June 20, @01:05AM (#28399371)

Yes, the maximum one can be "modded up" here, no less... harder on us "A/C"'s by far, even getting a +1 mod up, because WE start @ zero!

"Looking at your list of +4s, clearly I'm not the first one who's tangled with you" - by RyuuzakiTetsuya (195424) on Saturday June 20, @01:05AM (#28399371)

And, like you? They too, lost badly... why else was I modded up THAT highly after all? Can you show me 100++ mod ups for you?? The +1 & +2 don't count for you, as you are a registered user, so, let's see a list of your +3 thru +5 then, ok???

"Looks like even Ars Technica got fed up with your shit and banned you" - by RyuuzakiTetsuya (195424) on Saturday June 20, @01:05AM (#28399371)

There is no "banning me": IF I want "in", I can be back in, in seconds... Heh, speaking of arstechnica? I learned how to do it from their trolls in fact by watching they do that to forums admins to harass them, from a old site called 3dFiles.

By the by? Arstechnica's members (who 'ban' people who get the better of their "cronies" as I did Jay Little & Jeremy Reimer, with ease over @ Windows IT Pro where they were laughed out of there for being off topic, & completely WRONG (Jay Little claimed to have been an "exchange expert" but when I showed he that memory optimizers stop exchange server stalls? He ran... so did Jeremy Reimer) were also caught doing the following:

----

1.) Impersonating me (at arstechnica, & on Jeremy Reimer's OSY personal playpen website as its called, to which Reimer even admitted I was impersonated no less)

2.) Email harassing me (Reimer's ISP put him on a tracking ticket for it)

3.) Stalking me online (Following me to Windows IT Pro, NTCompatible.com, & other websites no less like "online internet psycho-stalkers")

4.) AND, even had portions of their members websites removed or removed by their hosting providers in their entirety (OSY

I ignore things & act like a child? Please...

"You keep ignoring the things people tell you" - by RyuuzakiTetsuya (195424) on Saturday June 20, @01:05AM (#28399371)

Once more, since I said it before & YOU "ignored it" (more like avoided it @ ALL costs, lol):

HOW CAN YOU STATE THAT, when I quote each of your points & reply to them? Explain that...

I quote your points, usually, point by point & respond to each, disproving each easily & SO much so, you avoid them or refuse to answer!

(Then you resort to calling me names like idiot out of CHILDISH frustration @ being shown as incorrect on YOUR part)... I disproved your initial point with a simple fix in fact, by stalling the server service alone, single machine users are safe vs. that which you noted, in 1-2 clicks or so (easy)).

To that? Well - YOU then started name calling & worse... who's the "frustrated child" here? NOT I...

(I.E./E.G.-> I haven't called you any names, I don't have to - you wreck your own points each time for me, & avoid points I use to disprove yours to NO end... lol!)

AND As far as "ignoring things" as well?

Why then are you avoiding these questions below, A thru C??

So - Answer these questions please, & quit evading them (and try not to go "off topic" anymore & be profane as you have been in your name tossing "foaming at the mouth" replies to myself & others here):

----

A.) HOW WOULD YOU SECURE THE SINGLE KNOWN MacOS X (971 total exploits discovered over time) security vulnerability?

B.) Can you do it as easily as I can in fixing the single Windows Server 2003 (234 total exploits discovered over time) vulnerability??

C.) Can you tell us why Apple publishes a security guide that is much like my own in many points & far exceeds YOUR "security recommendations for MacOS X" (which I proved faulty on your suggestion of using chroot, & chroot jail breaks dispose of that easily as being secure & valid)???

----

"you're stubborn and you act like a child" - by RyuuzakiTetsuya (195424) on Saturday June 20, @01:05AM (#28399371)

No, I quote each point you make, & disprove it (with ease) - Ones you hade, such as your using chroot as your 'security measure' (which first violated a constraint I put up as far as webbrowser programs launching in their DEFAULT setup no less & commandlines no less in doing so), but when I noted that chroot jail breaks exist?

On that note? Well - YOU WERE SHOWN AS FAULTY/IN ERROR, once more, as-per-usual, & avoid my points + questions, to no end, in doing so... (AND, by using profanities & name calling in the doing of it, to myself & others here, like a frustrated child would).

(And, I am not the one calling others here "a-holes" out of childish frustration & worse (saying I have never been laid, etc. et al, lol, when that is NOT true (far, Far, FAR from it))

And, I stay on topic... You however, like a 'typical troll' that has been shown incorrect? YOU are going off topic & avoiding my questions above to NO end...

(Why is that? Is it because it would show you as faulty again (like w/ your chroot suggestion noted above here) & that you WOULD have to secure MacOS X & its apps per my suggestions for Windows users (which even Apple itself recommends in THEIR security guides for MacOS X))??

LOL... TOO easy!

APK

P.S.=> By the way, once more:

1.) When you get your PHD in English? Then, you can comment on others writing...

2.) When you get your PHD in psychiatry?? Then you can say I have 'autism' etc. et al (which without one, & a formal analysis being performed on myself for that? You're also now libelling me here)...

3.) When you have appeared 10x or more in respected publications in this field, as I have, or have commercial code for a serverware maker that takes

Re:If U can't understand me, how could we converse

[RyuuzakiTetsuya]

AND, there is the fact that around 100 people modded me up here also -> http://news.slashdot.org/comments.pl?sid=1229289&cid=27933241 that show others clearly do understand my comments! You may not like it, but the fact stands, I was modded up for good reasons (unlike yours here which my first post disproved right away & my continued posts got you "frothing @ the mouth" because that was all you had vs. their facts, lol!)

100 mod points isn't 100 people. It's 100 mod points. You can repeatedly mod someone up +1 over and over again. Someone with a good streak of luck and a whole lot of mod points could mod you up quick. Or a cadre of idiots who would follow you around.

(like your suggesting the use of chroot, breaking a constraint I had no less of using a browser in its default launch & setup online, where I showed you about "chroot jail breaks" even making THAT statement of yours null & void, as well as an ineffective measure for security online)

It's a put up or shut up moment. Either browsing is inherently safe or it's unsafe. Prove me wrong that running a default install of Mac OSX 10.5 with Firefox can be as unsafe as IE7 on Vista and I'll shut up. You don't even ahve to put something up, just point me to a proof of concept that someone else put up and I'll do it.

You said it: Any registered user here is TOO easily tracked, for "trolling purposes"... simple! I avoid it the easiest way possible or make it harder on trolls to do is all by posting as A/C... again, simple, & it works.

and running around signing your name on your posts isn't going to be tracked either? Christ, it's just a slashdot account, it's not a social security number.

Yes, the maximum one can be "modded up" here, no less... harder on us "A/C"'s by far, even getting a +1 mod up, because WE start @ zero!

This is where you lose this argument entirely.

I had more to that statement. Most importantly, that the times you got modded up +5 you were either saying something unrelated to OS/Browser security or you were contradicted. OR you were modded down.

Granted, that's 3 special cases, but...

And, like you? They too, lost badly... why else was I modded up THAT highly after all? Can you show me 100++ mod ups for you?? The +1 & +2 don't count for you, as you are a registered user, so, let's see a list of your +3 thru +5 then, ok???

http://slashdot.org/RyuuzakiTetsuya/comments

Or are you too much of a skilled programmer to find the "comments" section? Christ.

There is no "banning me": IF I want "in", I can be back in, in seconds... Heh, speaking of arstechnica? I learned how to do it from their trolls in fact by watching they do that to forums admins to harass them, from a old site called 3dFiles.

Sure, change your IP on your NIC, get a spare gmail account, and creating a new account can easily swerve a ban. But that doesn't take the stink and disgrace of being banned from a major, reputable tech site because you were an idiot who wouldn't shut up or stop using symbols in place of common, every day words.

Oh, by the way? Answer these questions please, & quit evading them (and try not to go "off topic" anymore & be profane):

It's my right as an American to be a filthy son of a bitch. But I'll answer your questions anyway.

A.) HOW WOULD YOU SECURE THE SINGLE KNOWN MacOS X (971 total exploits discovered over time) security vulnerability?

install 10.5, run software update and not install any app that I didn't trust.

Done. Takes less than 20 minutes to run software update.

B.) Can you do it as easily as I can in fixin

Re:If U can't understand me, how could we converse

[RyuuzakiTetsuya]

Also, my bad.

my comments section is at:

http://slashdot.org/~RyuuzakiTetsuya/comments/

Re:I ignore things & act like a child? Please.

[RyuuzakiTetsuya]

HOW CAN YOU STATE THAT, when I quote each of your points & reply to them? Explain that...

Easily. Take this snippet:

"Those 4 posts where you got +5?" - by RyuuzakiTetsuya (195424) on Saturday June 20, @01:05AM (#28399371)

Yes, the maximum one can be "modded up" here, no less... harder on us "A/C"'s by far, even getting a +1 mod up, because WE start @ zero!

From: http://slashdot.org/comments.pl?sid=1267281&cid=28399371

What you will do is snip off where ever it is convenient for you not to have to face a certain reality then quote that and take that on like it's the point I'm making. That's called the straw man fallacy.

The full quote was:

Those 4 posts where you got +5? 1 was a milquetoast post about graphics cards and the rest were misinformed IT rantings that everyone jumped on you about, one of which isn't +5 anymore, it's +2.

Anyone following this thread would see that you're an asshole, a troll, an idiot or painfully all three.

On a debate level, you are losing. This would be an F- in any college level debate class. Maybe an F+.

Re:I ignore things & act like a child? Please.

[RyuuzakiTetsuya]

1.) When you get your PHD in English? Then, you can comment on others writing...

Are you a native English speaker? Your English is terrible for a native speaker. It's great and above average for a non native. Talk to me when you can put "a" and "t" together and not get @.

2.) When you get your PHD in psychiatry?? Then you can say I have 'autism' etc. et al (which without one, & a formal analysis being performed on myself for that? You're also now libelling me here)...

Pointing out the obvious signs of autism isn't libel, it's a statement of fact. Asking isn't implying, it's genuinely asking, have you ever been diagnosed autistic? Is it libel? No. Cheap shot? Sure.

(Libel only applies if you can make a case my statement would damage your image in an untrue sort of way. Asking is not making a statement; the Enquirer knows this first hand).

3.) When you have appeared 10x or more in respected publications in this field, as I have, or have commercial code for a serverware maker that takes that company to a finalist position 2x in a row @ Microsoft tech ed or other noted competition etc. or when you have had freeware/shareware do as well as mine had over time???

Being published in your field doesn't make you more or less right, it makes you incredibly embarassed if you're ever proven wrong by someone who isn't. That's the fallacy of arguing from authority alone. "Because I am in position, I am right." As opposed to, "Experience tells me will happen for reasons, therefore I am right."

Re:If U can't understand me, how could we converse

[RyuuzakiTetsuya]

One last thing, I meant change MAC on your nic, renew IP from your ISP, not change IP on NIC.

(Changing mac will for DHCP to spit out a new IP and let you browse with a new IP address.)

Re:If U can't understand me, how could we converse

[RyuuzakiTetsuya]

(like your suggesting the use of chroot, breaking a constraint I had no less of using a browser in its default launch & setup online, where I showed you about "chroot jail breaks" even making THAT statement of yours null & void, as well as an ineffective measure for security online)

Actually my suggestion was to make a file on my machine somewhere chowned to root:root(user:group). Not chrooting Firefox, the browser I'd be using to attach to whatever honey pot you'd have set up.

Chroot only affects processes that have chroot jails setup. :) I knew something was fishy when I read that statement. I'm talking about you exploiting my browser, escalating Firefox's privs to root, then doing *something* demonstrable with it. You're talking about chroot, I'm talking about actual system security.

Re:If U can't understand me, how could we converse

"100 mod points isn't 100 people. It's 100 mod points. You can repeatedly mod someone up +1 over and over again. Someone with a good streak of luck and a whole lot of mod points could mod you up quick. Or a cadre of idiots who would follow you around." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

I posted my being modded up about 100x times here by others, from +1 (harder on us ac's because we start @ zero) up thru +5 max, not 100 points worth of mods - man, your reading comprehension is poor, & it's the 2nd time you've done that here already (That type of thing).

I asked that YOU show me that you have more than that from +3 onwards thru +5 on YOUR part is what I asked of you.

Calling others' names FIRST on your part, as usual again, I see also?? Please...

"It's a put up or shut up moment. Either browsing is inherently safe or it's unsafe. Prove me wrong that running a default install of Mac OSX 10.5 with Firefox can be as unsafe as IE7 on Vista and I'll shut up. You don't even ahve to put something up, just point me to a proof of concept that someone else put up and I'll do it." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

Didn't you state you were aware of cross browser exploits via javascript? Also, do you think MacOS X 10.5 won't turn up more exploits than the single one it has unpatched also? More are SURE to turn up, & your suggestions don't even fit what is needed to patch the single remote exploit that exists on MacOS X now as is, per Apple & SECUNIA.COM stating what is needed to actually patch it.

"and running around signing your name on your posts isn't going to be tracked either? Christ, it's just a slashdot account, it's not a social security number." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

Ok, click on MY "Anonymous Coward" username or usernumber, & show me a history of posts I had done here all week (you can't, but I can with you - which does make you far more easily tracked & if somebody wished to troll you thru all threads you do here, is the point i was making).

"It's my right as an American to be a filthy son of a bitch. But I'll answer your questions anyway." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

About time, but, I wonder who folks will believe more: YOUR "suggestions for security", vs. those from Apple's engineers?

"install 10.5, run software update and not install any app that I didn't trust. Done. Takes less than 20 minutes to run software update." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

That's not 1/10th even of what Apple's people puti n their guides, & not enough for it per SECUNIA + Apple vs. the current exploit that exists & is unpatched from Apple n o less that causes 3 issues like DOS/DDOS, SYstem Access, & privelege escalation.

"Yes. Don't run HTTPd, don't run FTPd, don't run sshd, don't run sftpd, don't run telnetd, don't run gopherd, use a real web browser that's not IE..." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

Again not what apple themselves suggest, nor secunia either, for patching the single known exploit that exists unpatched on a mAC, & far short still of the security guide apple puts out.

"A Cover Your Ass approach? Apple recanted and took down the support doc about running antiviruses because viruses just aren't a problem on the Mac platform." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

A SMART & THOROUGH APPROACH, vs your 1/2 baked one.

"I answered your questions and I didn't use a single swear word! Fucking hell man." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

More profanity, eh?

"Anyone following this thread would see that you're an asshole, a troll, an idiot or painfully all three" - RyuuzakiTetsuya (195424) on Sunday June 21, @11:38PM (#28416257)

Sure, sure - after the 100's of profanities you spoied here when frustrated, I am certain they'd think otherwise... just like your reply now, above...

APK

P.S.-> In fact, I am certain they'd think quite the reverse of your staement, because of the profanities... as well as your "security recommendations" of:

http://www.apple.com/support/security/guides/

----

Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

Falling FAR SHORT of those from APPLE themselves above, in addition to SECUNIA.COM's reocmmendation vs. the single exploit unpatched & present on MacOS X also, which do MUCH of what I suggest for Windows folks with proofs via the quotes of others that used them in addition to being either most viewed, sticky pinned threads, essential guides, & 300,000++ views in a single year of them across 20 forums...apk

Re:More profanity, eh?

[RyuuzakiTetsuya]

"Anyone following this thread would see that you're an asshole, a troll, an idiot or painfully all three" - RyuuzakiTetsuya (195424) on Sunday June 21, @11:38PM (#28416257)

Sure, sure - after the 100's of profanities you spoied here when frustrated, I am certain they'd think otherwise... just like your reply now, above...

APK

Saying "fuck" doesn't make me wrong, it makes me an asshole. There's a difference.

Falling FAR SHORT of those from APPLE themselves above, in addition to SECUNIA.COM's reocmmendation vs. the single exploit unpatched & present on MacOS X also, which do MUCH of what I suggest for Windows folks with proofs via the quotes of others that used them in addition to being either most viewed, sticky pinned threads, essential guides, & 300,000++ views in a single year of them across 20 forums...apk

Those are the security guidelines if you're in the mood to lock down your machine incredibly tight; not usable. Data encryption, disabling mic input, password protecting startup, etc. all are great if you're a corporate user and you're worried about someone snooping in on your machine, or the target of industrial sabotage. Not average home user concerns. What I was talking about in the original post versus what you're advocating are two different things.

No, average users shouldn't have to lock down their machines like this. If Apple proposed this be the case for the average home user, that too, would be user abuse.

If you're a business and you're handling sensitive data, sure, go right ahead, but, if you're not, why bother?

No evidence of publication, or PHD in English?

"Are you a native English speaker? Your English is terrible for a native speaker. It's great and above average for a non native. Talk to me when you can put "a" and "t" together and not get @." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:55PM (#28416427)

Yes, I am. Pure opinion on your part is all that is, & "@" is std. notation shorthand for "at" by the by, & this is only a forums, not my last will & testament anyhow.

However, this further supports my point again - that You have nothing by way of comparison to my simply putting up 10x of evidences where I can + have done well in ths field in the eyes of others who did the judging who are pros, & more, + no PHD in English or psychiatry on your part, and yet you see fit to criticize others on those grounds? Please...

By the by??? Your profanity here in this thread, repeatedly? I wonder who will think whom speaks well or not... lol!

(Come back to us when you have those PHD's & try again later, ok??)

"Pointing out the obvious signs of autism isn't libel, it's a statement of fact. Asking isn't implying, it's genuinely asking, have you ever been diagnosed autistic? Is it libel? No. Cheap shot? Sure." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:55PM (#28416427)

It's libel if you don't have a PHD & cannot practice psychiatry, and if you have not performed such an analysis formally on me... and?

No never diagnosed with any psychological problems here ever, so much for your cheap shots, & profanities thru this exchange... as well as your "security recommendations" falling FAR short of what Apple's own engineers recommend. Mellow out on your ego, because until YOU are 1 of those engineers @ apple? I think others will listen to THEY far before you.

"Being published in your field doesn't make you more or less right, " - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:55PM (#28416427)

Did I say it did in regards to this exchange & topic (which you have gone off topic on numerous times already in)... I only posted it in response to what you asked of "WHO ARE YOU?" is all... &, it also showed yuo have done not even 1/10th of what I have in this field that others noted as good.... mpr 1/100th of the mods I have here even either!

So much for that...

APK

Re:No evidence of publication, or PHD in English?

[RyuuzakiTetsuya]

Yes, I am.

If you're a native english speaker, then please, type like you have a greater than average command of the language.

How the hell did you get published with your atrocious use of the language?

It's libel if you don't have a PHD & cannot practice psychiatry, and if you have not performed such an analysis formally on me... and?

I was asking if you were diagnosed. I wasn't practicing psychiatry. I was just putting 1 and 1 together to try to get 2.

Did I say it did in regards to this exchange & topic (which you have gone off topic on numerous times already in)... I only posted it in response to what you asked of "WHO ARE YOU?" is all... &, it also showed yuo have done not even 1/10th of what I have in this field that others noted as good.... mpr 1/100th of the mods I have here even either!

Yes, yes you have. You've made statements that, because you've been published and had your work everywhere that it makes you immune to criticism. It does not.

U changing your statements AGAIN? LMAO!

"Actually my suggestion was to make a file on my machine somewhere chowned to root:root(user:group). Not chrooting Firefox, the browser I'd be using to attach to whatever honey pot you'd have set up. Chroot only affects processes that have chroot jails setup." - by RyuuzakiTetsuya (195424) on Monday June 22, @12:04AM (#28416513)

First of all: YOU did not say to chroot a file, & you never said chown, so that shows you just "change rules as you see fit" on the fly... b.s.! AND, that is along the lines of what my guide tells users to do to their filesystems &/or registries via ACL's in Windows, by the way, & FAR exceeds what you recommend for securing Macs, which again, falls far short of what the folks @ Apple recommend here:

http://www.apple.com/support/security/guides/

Which are a great deal like what i have shown users how to do on Windows.

":) I knew something was fishy when I read that statement." - by RyuuzakiTetsuya (195424) on Monday June 22, @12:04AM (#28416513)

LOL, with you "changing the rules" constantly here, in the commands you said to use in this example alone (let alone changing a browser's default launch commandlines etc. et al via chroot, which CAN be broken easily enough)?

Give us a break... who's the one sounding "fishy" here?? LMAO!

"I'm talking about you exploiting my browser, escalating Firefox's privs to root, then doing *something* demonstrable with it. You're talking about chroot - by RyuuzakiTetsuya (195424) on Monday June 22, @12:04AM (#28416513)

What? YOU SAID YOU USED CHROOT!

(I merely showed that a lot of exploit code exists to break chroot jails... to which you restarted your profanities once more my way & that of others as well!)

Give up already... changing the rules to what you see fit constantly & changing your recommdations + tests conditions etc. et al isn't looking any better for you than your near constant profanities spouted to myself & others here in your replies...

APK

P.S.=> You spent upwards of $3,000 U.S. Dollars on a Mac, which you did not HAVE to, because Windows you already conceded can be made VERY secure... 2 hours of your time, vs. the money you spent? Which makes more sense (dollars and cents too) to others reading here, I wonder?? apk

On MAC address & IP Changes + more

"One last thing, I meant change MAC on your nic, renew IP from your ISP, not change IP on NIC." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:58PM (#28416457)

I can do a MAC switch/"spoof my MAC address", fairly quickly, via my router, easily enough (LinkSys/CISCO technology model) - AND/HOWEVER? I can change my IP easier & faster than that, lol!

ALSO?

Doing THAT to most NICS? Not easily done, by the by - as far as changing the Media Access Control ID # in the NIC itself!

Afaik? I.E.-> You have to have a nic with a 'burnable prom', & NOT ALL OF THEM ALLOW THIS ANYMORE 9heck few if any I know of do anymore)

(Do YOU have a NIC that allows for that? IF SO, what model & maker?? I'd like to know of modern ones that are top speed today that allow for that, or, mobos that allow for THAT specifically in any built into mobo NICs also... not via a router/firewall as I have noted, but a NIC that allows for this... thanks!)

If this is more "security recommendations" on YOUR part? It slowly seems to be changing & adding on a LOT more than you first suggested, eh? Kind of like how APPLE themselves recommend FAR more than you did originally:

----

Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

APPLE SECURITY GUIDES FOR MACOSX:

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer)

What YOU recommend IS quite a lot LESS than the folks @ Apple themselves recommend... & funny: Their recommendations are CLOSE to the levels I recommend for Windows NT-based OS of modern variety (2000/XP/Server 2003 & to a good extent, even vISTA & beyond as well)

APK

P.S.=> I wonder: Who knows more about securing MacOS X & PROPERLY/FULLY - YOU, or the people that invented it @ Apple? apk

You said you were going to use chroot, not chown

You keep changing the rules as apk stated on everything when you are found incorrect or not fully correct. You said you were going to use chroot on firefox and apk put up proofs that chroot jail breaking exists is what happened here and it made you look like a fool. With you now recommending chown, you are only falling into a trap of your own making, because that is along the lines of what apk recommends for Windows users at both the filesystem and registry level, and it is easy to do also. This also falls into what secunia.com and apple recommend, to fix both the current problem in Mac OS X in its single known exploit that causes dos, privelege elevation, and system access and you'd have to do what apk states basically by you now recommending chown instead of chroot as you first did and were proven erroneous in because chroot jail breaks exist. You are proving yourself wrong and apk right the more you go along, and I will believe Apple's own system engineers and network tech's recommendations above yours any time. In fact, you are starting to point out things they do or recommend in chown work. Talk about disproving yourself and looking poorly. You are only proving apk right the more you go and changing 'what you said' for the second time here is not looking any better than your name calling is, and you told others how to write and called them autistic and other worse names? You have lost here and are only trying to save face and are burying yourself more.

He writes well, you are the one with the problem

I can read what apk writes and I understand it well. You are the one that has add or adhd (or dyslexia) it seems.

U said to use chroot first, not chown, and U err

[MEK_LoveBug]

You said to use chroot, not chown, and it was shown that chroot jail breaks exist. I will trust the people at apple who recommend this versus the single known exploit in Mac OS X since both they and secunia.com recommend it for that, but also for the fact that Apple recommends it in their security guides for users to secure Mac OS X. No matter how you try to discredit your betters like apk, secunia, and of all people, Apple themselves? The more poorly you appear along with your name calling of others such as apk, myself, and others here. You are now forced to recommend what both Apple, Secunia, as well as apk recommend and that was changing ownership of various files. You have lost and are making yourself lose by making mistakes, calling others names after mistakes you make, and the fact that you have to do what apk, Apple, and secunia recommended to do the job right (instead of 1/2 assed as you have been doing so far and suggesting to others). You went and spent $3000 on a Mac when all you had to do was spend an hour or two on your Windows system to secure it better than it is by default by a long ways, and you're telling others not only to spend monies they do not have to, but you also suggest faulty or impartial measures for them on their Mac OS X machines. You lose badly on all accounts noted.

So, now you see my point on a reg. user acct here?

"Also, my bad - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:28PM (#28416151)

Right on "your bad": That is where ANYONE can track a registered user here, easily, to troll them etc. et al, just as I stated...

(You cannot do THAT to an "A/C" poster like myself.)

That's WHY I don't do a "registered account" here...

(& by the way? You're going "off topic" as usual)...

APK

BOTTOM-LINE IS THIS on all of your suggestions

"Actually my suggestion was" - by RyuuzakiTetsuya (195424) on Monday June 22, @12:04AM (#28416513)

What your ORIGINAL SUGGESTION was, for securing MacOS X IS QUOTED BELOW (& does not include CHOWN work, which is what both myself AND APPLE both recommend (I called it what it is on Win32, ACL changes, & it's analogous somewhat to CHOWN work in Mac/BSD or any *NIX (more like SeLinux kernel patch adding MAC to Linux (mandatory access control))...

SO - If this is more "security recommendations" on YOUR part? YOUR SUGGESTIONS now seem to be changing & adding on a LOT more than you first suggested!

(ALL quoted below in full, no less, where you said what you did to secure MacOS X)

In fact, now? It's going along the lines of how APPLE themselves recommend, as do I for windows folks, & now you state FAR more than you did originally:

----

"It's a put up or shut up moment. Either browsing is inherently safe or it's unsafe. Prove me wrong that running a default install of Mac OSX 10.5 with Firefox can be as unsafe as IE7 on Vista and I'll shut up. You don't even ahve to put something up, just point me to a proof of concept that someone else put up and I'll do it." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

Didn't you state you were aware of cross browser exploits via javascript? Yes, you did, here:

----

"I know there are dozens of various browser cracking techniques that go across various browser platforms. From IE to Firefox to Webkit based browsers or even Opera." - by RyuuzakiTetsuya (195424) on Friday June 19, @02:16AM (#28385949)

----

(YOUR OWN WORDS ARE PROOF! Sheesh... lol!)

Also, do you think MacOS X 10.5 won't turn up more exploits than the single one it has unpatched also?

(More are SURE to turn up, & your original (& now changing by your now saying to use CHOWN work on a file suddenly, lol) suggestions don't even fit what is needed to patch the single remote exploit that exists on MacOS X now as is, per Apple & SECUNIA.COM stating what is needed to actually patch it).

YOUR ORIGINAL HOW TO SECURE A MAC OS X SUGGESTIONS QUOTED, IN FULL:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

Now, here's what Apple themselves recommend:

APPLE SECURITY GUIDES FOR MACOSX -

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer, the people that invented that Operating System + type of personal computer, no less...)

What YOU recommend above in quotes? That IS quite a lot LESS than the folks @ Apple themselves recommend... & funny:

Their recommendations are CLOSE to the levels I recommend for Windows NT-based OS of modern variety (2000/XP/Server 2003 & to a good extent, even vISTA & beyond as well) such as changing ACL (analogous to SeLinux MAC (mandatory access control)

Which you HAD to use to secure your MacOS X setup fully vs. various attacks (including your "test" you wanted done, and it fits what the people from SECUNIA.COM recommend vs. the single known exploit that exists on MacOS X (that produces 3 problems of System Access, Privelege escalation, & DOS/DDOS), just as I recommend to Windows users (easy to do for both filesystem &/or registry) - proving you NEED to do more than what YOU recommended initially @ least!)

(YOU defeat yourself for me, everytime almost &

BOTTOM-LINE ON THIS ALL FROM YOU

"I'm tired of this meme." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

And, we're tired of YOU telling people to "buy a f'ing mac" (spending upwards of $3,000 or more, when all they have to do is spend an hour or two securing their Windows systems via easy cis tool guidance for example, or SCW in Server 2k3) as you did profanely, & also giving folks who do use a MAC, a false sense of security via your IMPERFECT "guide for security" for them, quoted below!

Read on...

----

"Actually my suggestion was" - by RyuuzakiTetsuya (195424) on Monday June 22, @12:04AM (#28416513)

What your ORIGINAL SUGGESTION was, for securing MacOS X IS QUOTED BELOW (& does not include CHOWN work, which is what both myself AND APPLE both recommend (I called it what it is on Win32, ACL changes, & it's analogous somewhat to CHOWN work in Mac/BSD or any *NIX (more like SeLinux kernel patch adding MAC to Linux (mandatory access control))...

YOUR ORIGINAL HOW TO SECURE A MAC OS X SUGGESTIONS QUOTED, IN FULL:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

SO - If this is more "security recommendations" on YOUR part? YOUR SUGGESTIONS now seem to be changing & adding on a LOT more than you first suggested!

In fact, now? Suddenly now, your suggesting CHOWN type work, & it's going along the lines of how APPLE themselves recommend, as do I for windows folks, & now you state FAR more than you did originally:

----

"It's a put up or shut up moment. Either browsing is inherently safe or it's unsafe. Prove me wrong that running a default install of Mac OSX 10.5 with Firefox can be as unsafe as IE7 on Vista and I'll shut up. You don't even ahve to put something up, just point me to a proof of concept that someone else put up and I'll do it." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

Didn't you state you were aware of cross browser exploits via javascript? Yes, you did, here:

----

"I know there are dozens of various browser cracking techniques that go across various browser platforms. From IE to Firefox to Webkit based browsers or even Opera." - by RyuuzakiTetsuya (195424) on Friday June 19, @02:16AM (#28385949)

----

(YOUR OWN WORDS ARE PROOF! Sheesh... lol!)

Also, do you think MacOS X 10.5 won't turn up more exploits than the single one it has unpatched also?

(More are SURE to turn up, & your original (& now changing by your now saying to use CHOWN work on a file suddenly, lol) suggestions don't even fit what is needed to patch the single remote exploit that exists on MacOS X now as is, per Apple & SECUNIA.COM stating what is needed to actually patch it).

Now, here's what Apple themselves recommend:

APPLE SECURITY GUIDES FOR MACOSX -

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer, the people that invented that Operating System + type of personal computer, no less...)

What YOU recommend above in quotes? That IS quite a lot LESS than the folks @ Apple themselves recommend... & funny:

Their recommendations are CLOSE to the levels I recommend for Windows NT-based OS of modern variety (2000/XP/Server 2003 & to a good extent, even vISTA & beyond as well) such as changing ACL (analogous to SeLinux MAC (mandatory access control)

Which you HAD to

Re:BOTTOM-LINE ON THIS ALL FROM YOU

[RyuuzakiTetsuya]

HURR
DURR
HURRDURRR

This i going to keep going in circles. I'm tired of it. You have no intentions at all with seriously answering point to point in an honest fashion or even keeping up with the conversation at hand. I keep advocating what the typical user will see. They're not going to see people trying to break their browser and access their microphone. They should not be expected to face the kinds of automated, distributed attacks that would require a firewall. it's excessive.

Finally no amount of external hardening is going to change the fact that Windows itself is about as solid and reliable as cardboard is as a building material. Yes, by being extremely careful, picking software, components, drivers and vendors with care you can hit the magical 5 9s of reliability and higher, but, this doesn't change the fact that you've got to tip toe around it like it could break at any moment.

BOTTOM-LINE ON THIS? You need more than what U say

It's guys like you, that say "1/2 baked = GOOD ENOUGH" that are the problem:

"Those are the security guidelines if you're in the mood to lock down your machine incredibly tight; not usable." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

The idea, the RIGHT idea, is to "lock down your machine incredibly tight" as is possible though, albeit w/out impacting useability!

SO - Care to show me what makes a machine "unusable" in my guides for Windows users here:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

???

AND, per your statement I quoted above? THAT would be "the right idea": To lock it down as tightly as possible, w/out impacting useability (which I felt that MS ships Windows way too "open" by default - thank goodness it only takes 1-2 hours to secure it, tops (and, it remains completely useable no less))

CONVERSELY? YOUR "SECURITY GUIDE/SUGGESTIONS" BELOW, YOUR ORIGINAL ONES? ARE WAY TOO "OPEN"...

"If you're a business and you're handling sensitive data, sure, go right ahead, but, if you're not, why bother?" - by RyuuzakiTetsuya (195424) on Monday June 22, @05:26PM (#28429255)

That's not a very intelligent question, especially on the topic of security: Ever think others do have 'sensitive info.' on their machines? Sure, I'd recommend @ least offline storage instead, but sad fact is, folks do keep sensitive info., AND there are "keyloggers" which can steal it "on the fly" when you use sites like online commerce/shopping + banking sites for example too!

Read on!

----

"Actually my suggestion was" - by RyuuzakiTetsuya (195424) on Monday June 22, @12:04AM (#28416513)

What your ORIGINAL SUGGESTION was, for securing MacOS X IS QUOTED BELOW (& does not include CHOWN work, which is what both myself AND APPLE both recommend (I called it what it is on Win32, ACL changes, & it's analogous somewhat to CHOWN work in Mac/BSD or any *NIX (more like SeLinux kernel patch adding MAC to Linux (mandatory access control))...

YOUR ORIGINAL HOW TO SECURE A MAC OS X SUGGESTIONS QUOTED, IN FULL:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

SO - If this is more "security recommendations" on YOUR part? YOUR SUGGESTIONS now seem to be changing & adding on a LOT more than you first suggested!

In fact, now? Suddenly now, your suggesting CHOWN type work, & it's going along the lines of how APPLE themselves recommend, as do I for windows folks, & now you state FAR more than you did originally:

----

"It's a put up or shut up moment. Either browsing is inherently safe or it's unsafe. Prove me wrong that running a default install of Mac OSX 10.5 with Firefox can be as unsafe as IE7 on Vista and I'll shut up. You don't even ahve to put something up, just point me to a proof of concept that someone else put up and I'll do it." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:11PM (#28415967)

Didn't you state you were aware of cross browser exploits via javascript? Yes, you did, here:

----

"I know there are dozens of various browser cracking techniques that go across various browser platforms. From IE to Firefox to Webkit based browsers or even Opera." - by Ryuuza

Got your PHD in English? Mere opinion on YOUR part

I was published for wares I wrote, and things I did that actually accomplished tasks/goals for folks (inclusive of commercially sold code in a commercial ware for server users, but end users can use it also), as well as for guides & such.

NOW, again: Have YOU ever been? No... otherwise you'd have put that out already...

"How the hell did you get published with your atrocious use of the language?" - by RyuuzakiTetsuya (195424) on Monday June 22, @05:31PM (#28429365)

Now, you get that PHD in English? You can make comments on others' writing... until then? That's only YOUR opinion, others vary vs. yours, like the 100 or so "mod ups" I have here I showed you, which again, is another something you cannot match that I have done...

AGAIN: BOTTOM-LINE IS THIS, about your 'security suggestions', & how short you fall in them (inclusive of your suggesting chown work later on but not originally):

----

Guys like you, that think "1/2 baked is good enough" are the problem!

"Those are the security guidelines if you're in the mood to lock down your machine incredibly tight; not usable." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

The idea, the RIGHT idea, is to "lock down your machine incredibly tight" as is possible though, albeit w/out impacting useability!

SO - Care to show me what makes a machine "unusable" in my guides for Windows users here:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

AND, per your statement I quoted above? THAT would be "the right idea": To lock it down as tightly as possible, w/out impacting useability (which I felt that MS ships Windows way too "open" by default - thank goodness it only takes 1-2 hours to secure it, tops (and, it remains completely useable no less))

CONVERSELY? YOUR "SECURITY GUIDE/SUGGESTIONS" BELOW, YOUR ORIGINAL ONES? ARE WAY TOO "OPEN"...

"If you're a business and you're handling sensitive data, sure, go right ahead, but, if you're not, why bother?" - by RyuuzakiTetsuya (195424) on Monday June 22, @05:26PM (#28429255)

That's not a very intelligent question, especially on the topic of security: Ever think others do have 'sensitive info.' on their machines? Sure, I'd recommend @ least offline storage instead, but sad fact is, folks do keep sensitive info., AND there are "keyloggers" which can steal it "on the fly" when you use sites like online commerce/shopping + banking sites for example too!

----

"Actually my suggestion was" - by RyuuzakiTetsuya (195424) on Monday June 22, @12:04AM (#28416513)

What your ORIGINAL SUGGESTION was, for securing MacOS X IS QUOTED BELOW

(& does not include CHOWN work, which is what both myself AND APPLE both recommend (I called it what it is on Win32, ACL changes, & it's analogous somewhat to CHOWN work in Mac/BSD or any *NIX (more like SeLinux kernel patch adding MAC to Linux (mandatory access control) & only later for your "test" did you suggest using it)...

YOUR ORIGINAL HOW TO SECURE A MAC OS X SUGGESTIONS QUOTED, IN FULL:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

SO - If this is more "security recommendations" on YOUR part? YOUR SUGGESTIONS now seem to be changing & adding on

1/2 baked "good enough" = NOT good enough

"What you will do is snip off where ever it is convenient for you not to have to face a certain reality then quote that and take that on like it's the point I'm making. That's called the straw man fallacy." - by RyuuzakiTetsuya (195424) on Sunday June 21, @11:38PM (#28416257)

Ok, then I will quote your original 'security recommendations' for MacOS X users, for all to see first:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

And, by way of comparison? Here is what Apple themselves recommend:

----

APPLE SECURITY GUIDES FOR MACOSX -

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer, the people that invented that Operating System + type of personal computer, no less...)

----

What YOU recommended, original, above in quotes? That IS quite a lot LESS than the folks @ Apple themselves recommend... & funny:

The recommendations, from Apple computer no less?

They are CLOSE to the levels I recommend for Windows NT-based OS of modern variety (2000/XP/Server 2003 & to a good extent, even VISTA & beyond as well) such as changing ACL (analogous to SeLinux MAC (mandatory access control) via the kernel hooking addon to Linux, which isn't native to its original builds, & only lately have linux distros distribute it or AppArmor (iirc, this is the name of the one other than SeLinux))

Which you HAD to use to secure your MacOS X setup fully vs. various attacks (including your "test" you wanted done, and it fits what the people from SECUNIA.COM recommend vs. the single known exploit that exists on MacOS X (that produces 3 problems of System Access, Privelege escalation, & DOS/DDOS), just as I recommend to Windows users (easy to do for both filesystem &/or registry) - proving you NEED to do more than what YOU recommended initially @ least!)

(YOU defeat yourself for me, everytime almost & NOW by "amending your original guide" by adding in suggestions of CHOWN work, which I basically tell Windows users how to do it on Windows NT-based OS in my guides... sheesh, thanks!)

----

"Those are the security guidelines if you're in the mood to lock down your machine incredibly tight; not usable." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

The idea, the RIGHT idea, is to "lock down your machine incredibly tight" as is possible though, albeit w/out impacting useability!

SO - Care to show me what makes a machine "unusable" in my guides for Windows users here:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

???

AND, per your statement I quoted above? THAT would be "the right idea": To lock it down as tightly as possible, w/out impacting useability (which I felt that MS ships Windows way too "open" by default - thank goodness it only takes 1-2 hours to secure it, tops (and, it remains completely useable no less))

CONVERSELY? YOUR "SECURITY GUIDE/SUGGESTIONS" I QUOTED ABOVE, YOUR ORIGINAL ONES? ARE WAY TOO "OPEN"...

----

People like you, are part of the problem, with your "1/2 baked, good enough" view, like this below:

"If you're a business and you're handling sensitive data, sure, go rig

Your original suggestions? TOO incomplete

"You have no intentions at all with seriously answering point to point in an honest fashion or even keeping up with the conversation at hand." - by RyuuzakiTetsuya (195424) on Monday June 22, @06:45PM (#28430535)

That's untrue: I am just using what YOU stated originally as being enough to secure a MacOS X setup, here:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

And, I quote your points, responding to each (and though you state my writing is bad, it seems that you understand me well enough to converse with me here, & I have been "modded up" by folks here around 100x too... lol!)

Also?

When you asked ME to do a "test" (one we COULD possibly get into trouble for no less)? Well, funny - YOU HAD TO USE CHOWN TYPE WORK!

(I see NO MENTION OF THAT USAGE OF CHOWN in your original statement of how to secure a MacOS X setup, and that IS A FULL QUOTE OF YOUR WORDS... period!)

----

"They're not going to see people trying to break their browser and access their microphone. They should not be expected to face the kinds of automated, distributed attacks that would require a firewall. it's excessive." - by RyuuzakiTetsuya (195424) on Monday June 22, @06:45PM (#28430535)

What it's telling me is that Apple KNOWS there are some problems in MacOS X that need that done...that's what I see! You called their guides "covering your ass" & they ought to, but, they like MS ought to implement SOME OF THAT in their shipping model, & let the user take his chances & turn on what they need (my version of Windows I use in Server 2003 is much this way - you addon/turn on what you need for server class apps, but they do NOT install by default!)

So, to FULLY secure a system - not a 1/2 baked setup that you recommended intially, and LATER you had to use CHOWN type work to secure yourself vs. a hack attempt... why didn't you mention CHOWN in your original suggestions for how to secure MacOS X then, as Apple does here below:

----

APPLE SECURITY GUIDES FOR MACOSX -

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer, the people that invented that Operating System + type of personal computer, no less...)

----

What YOU recommended above, originally, in quotes? That IS quite a lot LESS than the folks @ Apple themselves recommend... & funny:

Their recommendations are CLOSE to the levels I recommend for Windows NT-based OS of modern variety

APK

P.S.=>

"Finally no amount of external hardening is going to change the fact that Windows itself is about as solid and reliable as cardboard is as a building material. Yes, by being extremely careful, picking software, components, drivers and vendors with care you can hit the magical 5 9s of reliability and higher, but, this doesn't change the fact that you've got to tip toe around it like it could break at any moment" - by RyuuzakiTetsuya (195424) on Monday June 22, @06:45PM (#28430535)

Funny, NASDAQ does "do it right", & you must concede that, as I see it has been for myself after securing MY system, as did other users noted above per following the guides for securing Windows above...

Hey, also?

Well - even your INCOMPLETE "suggestions to users for how to secure MacOS X" I quoted above, says 'be careful, watch what you install' in essence as regards warez as you put it... picking software, components, drivers, an

Re:Your original suggestions? TOO incomplete

[RyuuzakiTetsuya]

Let me ask you this one thing.

When you are using a computer, are you going to advocate complete safety with no margin for error or failure? No acceptable risk at all?

If so, would you get into a car that only had lap and shoulder belts and moderately used tires or would you be not happy unless you had a 5 point racing harness and fresh tires and brakes?

No, here is what I advocate/espouse, on security

"When you are using a computer, are you going to advocate complete safety with no margin for error or failure? No acceptable risk at all?" - by RyuuzakiTetsuya (195424) on Monday June 22, @09:07PM (#28432635)

No, I am only advocating DOING AS GOOD A JOB AS IS POSSIBLE, & according to those that have used the guide I wrote up for it, here:

----

Again -> http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral)

----

Users of my guide apparently do as I have seen, no problems... & it works, AND FOR LESS THAN THE UPWARDS OF (or greater than) the $3,000 you spent on your Mac!

You said (profanely as was your usual earlier @ least repeatedly), "Buy a F'ing Mac" - Well, users can take 1-2 hours & get the SAME from Windows... for less than $3,000, this is certain!

That is, as long as they follow some rules + recommendations that only take 1-2 hours to put into place, especially using CIS Tool!

(Which is, as Bert64 a member here put it, while securing Linux even? Is just a "point & click affair you answer questions to & follow what it says" - he ended up going from a 46/100 up to 90/100 on SuSE Linux (albeit under emulation/VM, which have THEIR share of problems too, per here -> IT: Security Flaw Hits VAserv; Head of LxLabs Found Hanged http://it.slashdot.org/story/09/06/09/1422200/Security-Flaw-Hits-VAserv-Head-of-LxLabs-Found-Hanged )

I say this, because YOUR ORIGINAL SUGGESTIONS were:

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

Funniest part is, you later used chown work, vs. myself attacking your machine (upon your request but I did not do to avoid trouble potentially @ least, in case someone else clicked on it, & despite you saying "it's ok if a forums user asks for it" (to which I put up my own bad experience there, it is NOT "ok to do" even then, even if you meant well as I did in my tale about that!))

Which you HAD to use, by using Chown WORK, to secure your MacOS X setup fully vs. various attacks (including your "test" you wanted done by ME, and it fits what the people from SECUNIA.COM recommend vs. the single known exploit that exists on MacOS X (that produces 3 problems of System Access, Privelege escalation, & DOS/DDOS), just as I rec

Re:No, here is what I advocate/espouse, on securit

[RyuuzakiTetsuya]

Users of my guide apparently do as I have seen, no problems... & it works, AND FOR LESS THAN THE UPWARDS OF (or greater than) the $3,000 you spent on your Mac!

My macmini was only 500 and my macbook was only 999. You can get a MacBook Pro for 1,129. MacBook Airs are now only 1,500! Talk about a straw man argument.

Re:BOTTOM-LINE ON THIS? You need more than what U

[RyuuzakiTetsuya]

Do you ever shut up?

Re:No, here is what I advocate/espouse, on securit

[RyuuzakiTetsuya]

Well, users can take 1-2 hours & get the SAME from Windows... for less than $3,000, this is certain!

No, you don't. You get open user permissions and a kernel that's more than happy to escalate privileges to System just by asking *really* nicely. You also don't get a real file system either. or a real TCP/IP stack. Or memory management worth a damn. Or a graphical subsystem that's been doing what Aero glass has been doing since 2001. or a sane driver model. or...

You overspent (money) vs. 1-2 hours of work

You overspent this:

"My macmini was only 500 and my macbook was only 999. You can get a MacBook Pro for 1,129. MacBook Airs are now only 1,500! Talk about a straw man argument." - by RyuuzakiTetsuya (195424) on Monday June 22, @09:59PM (#28433265)

That's what? $1,500, BEFORE TAX?? LOL... who's the "straw man"???

(Plus, you abandoned Windows, which can be secured FAR better than its defaults, & you conceded that much finally... & NASDAQ shows 99.999% stable & secure uptime using Windows Server as I do????)

Hey, you could have spent 1-2 hours using this:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

And had results like this:

----

Again -> http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

----

You suggested this originally no less:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

And, by way of comparison? Here is what Apple themselves recommend:

----

APPLE SECURITY GUIDES FOR MACOSX -

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer, the people that invented that Operating System + type of personal computer, no less...)

----

What YOU recommended, original, above in quotes? That IS quite a lot LESS than the folks @ Apple themselves recommend... & funny: The recommendations, from Apple computer no less? They are CLOSE to the levels I recommend for Windows NT-based OS of modern variety (

(2000/XP/Server 2003 & to a good extent, even VISTA & beyond as well) such as changing ACL (analogous to SeLinux MAC (mandatory access control) via the kernel hooking addon to Linux, which isn't native to its original builds, & only lately have linux distros distribute it or AppArmor (iirc, this is the name of the one other than SeLinux))

LOL: Later, you suggest & USED, CHOWN... but you did not suggest that to others in your "security recommendations for Mac users", why is that?

BECAUSE you HAD to use to secure your MacOS X setup fully vs. various attack

Re:You overspent (money) vs. 1-2 hours of work

[RyuuzakiTetsuya]

A straw man argument is an argument made when you make up some point about your opponent's argument and then accuse your opponent of taking a stand on that point. YOu made up the point that Macs cost over 3000, when you can buy a mac for under a grand.

You are officially an idiot.

You overspent, face it... give up!

"No, you don't." - by RyuuzakiTetsuya (195424) on Monday June 22, @10:25PM (#28433503)

Others' results seem to say otherwise, see here, again (so it "sinks in"):

$1,500, BEFORE TAX?? LOL... and you abandoned Windows, which can be secured FAR better than its defaults, & you conceded that much finally...???

Hey, you could have spent 1-2 hours using this:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

And had results like this:

----

Again -> http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

----

You suggested this originally no less:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing, never enable Apache, FTP access, SSH or remote desktop. Ever."" - by RyuuzakiTetsuya (195424) on Tuesday June 16, @07:44AM (#28346135)

----

And, by way of comparison? Here is what Apple themselves recommend:

----

APPLE SECURITY GUIDES FOR MACOSX -

http://www.apple.com/support/security/guides/

(Straight from the horses' mouth, Apple Computer, the people that invented that Operating System + type of personal computer, no less...)

----

What YOU recommended, original, above in quotes? That IS quite a lot LESS than the folks @ Apple themselves recommend... & funny: The recommendations, from Apple computer no less? They are CLOSE to the levels I recommend for Windows NT-based OS of modern variety (

(2000/XP/Server 2003 & to a good extent, even VISTA & beyond as well) such as changing ACL (analogous to SeLinux MAC (mandatory access control) via the kernel hooking addon to Linux, which isn't native to its original builds, & only lately have linux distros distribute it or AppArmor (iirc, this is the name of the one other than SeLinux))

LOL: Later, you suggest & USED, CHOWN... but you did not suggest that to others in your "security recommendations for Mac users", why is that?

BECAUSE you HAD to use to secure your MacOS X setup fully vs. various attacks!

(Including your "test" you wanted done, and it fits what the people from SECUNIA.COM recommend vs. the single known exploit that exists on MacOS X (that produces 3 problems of System Access, Privelege escalation, & DOS/DDOS),

Re:You overspent, face it... give up!

[RyuuzakiTetsuya]

No amount of hardening is going to change the fact that UAC is a complete joke when it comes to system security, or that DirectX is a hopeless kludge or that the networking stack completely sucks.

Also, a Windows Server license for 2003 and 2008 is about a thousand dollars. A Leopard Server license costs something like 500 bucks. Who overspent now?

Make me "shut up" (the sign of desparation from U)

"Do you ever shut up?" - by RyuuzakiTetsuya (195424) on Monday June 22, @10:18PM (#28433435)

What's the matter? When your WEAK 'arguments' that I quote point by point, & DISPROVE point by point everytime (or, lol, YOU DO FOR ME?) are failing?? You either tossed names @ myself & others here, or, you begin "giving orders" ('all hail RyuuzakiTetsuya' who is not a moderator here, or the forums owner (no, I don't THINK do)).

Not at your command I won't: You have to outreason, out think, & out evidence me... you have not, not yet!

(And, as I said before?)

Anyone here reading is FREE to read from here onwards:

http://slashdot.org/comments.pl?sid=1267281&cid=28318001

and decide for themselves "what is what" on this topic!

APK

P.S.=> IF they can stand you telling others to shut up & such, that is...

(You should have had the facts to "shut me up" then, and you didn't)

Well, that is, IF they can stand that, along with your name calling & worse directed not only MY way, but to others also, calling them aholes & idiots etc. et al... No, your arguments are ALL shot now, especially vs. this -> http://slashdot.org/comments.pl?sid=1267281&cid=28433193 ... apk

Straw men spend $2000 for no good reason imo, lol

"You are officially an idiot." - by RyuuzakiTetsuya (195424) on Monday June 22, @11:53PM (#28434419)

Well, I didn't spend $2,000++ when I can do as well security-wise, free... so, who's the idiot, rotflmao?

MATH TIME! 271 known vulnerabilities over time, & for the version of Windows I use no less, vs. MacOS X latest @ 971 known security vulnerabilities over time? Do the math, unless you find it TOO difficult that is... lmao!

Both have 1 known unpatched hole - but, I can fix mine 2 ways, & F A S T, plus within 4 clicks tops on 1, & less on the other.

Can you patch the single MacOS X flaw that produces 3 problems in the hack present still, of System Access/DDOS-DOS/Prilege Escalation exploit?

If so? How so... using CHOWN (which your original "security recommendations" for MacOS X users "StRaNgEL" omitted (not)).

(You had to use it in the end, vs. that known exploit MacOS X has, & also to stop the attack the likes we discussed me doing to you (which I don't do stupid stuff like that, period - fact is, I use my saavy to help others against it!))

(See, that last one, privelege escalation attacks? YES - happens on Macs too, despite you only saying Windows had that in your rant of which I can easily counter each point vs. Windows posts of yours here...)

That's just another proof of my stating the *NIX crew is either not that good, or, state 1/2 truths.. readers decide from those choices I say after all this, lol!.

(AND, by the by? HIGH end Macs I've seen go for $3,000 after all is said & done - I did guess 1 thing wrong: I thought you might have bought "the very best" but, like your security measures?? LOL, you don't... read on!)

"you can buy a mac for under a grand." - by RyuuzakiTetsuya (195424) on Monday June 22, @11:53PM (#28434419)

Yea, lol, U can blow THAT much ca$h, or this 4 free:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

& had results like these on Windows, 4 free also:

http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

----

NOW, minus the usage of CHOWN on your part? You suggested this originally no less:

----

"Here's my OS X safety guide: "Don't download warez. Or, if you do, whenever it prompts you for a username and password, never give it. Ever. Also, your computer will occasionally ask you to install updates and reboot. I suggest doing this. Unless you know what you're doing,

Re:Make me "shut up" (the sign of desparation from

[RyuuzakiTetsuya]

I do have the facts.

The fact is, unless you're running something that opens ports and leaves you waiting to accept packets from somewhere, you're safe. Period. Your browser is always a vector for infection, but nothing you can(Other than regular patching) do can really stop a compromised browser from performing a privilege escalation then doing whatever the fuck it wants. I chose Mac OS X because that's a little bit more difficult than under Windows(well, one of the many reasons; Windows *sucks* and *NIX variants really don't have the app support I want; Linux is pretty damn close though, but between various window managers, Xfree, X.org, etc, usability sucks compared to OSX).

Period.

MacOS X & MS IP Stack BOTH BSD based, lol!

"Also, a Windows Server license for 2003 and 2008 is about a thousand dollars. A Leopard Server license costs something like 500 bucks. Who overspent now?" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:01AM (#28434485)

NASDAQ didn't, w/ 99.999+% stable/secure uptime, for 1/2 a decade straight now! See here -> http://slashdot.org/comments.pl?sid=1229203&cid=27909649 and, "refresh my memory": How many 24x7 high-transaction distributed stock exchanges is MacOS X proven that way for?

"No amount of hardening is going to change the fact that UAC is a complete joke" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:01AM (#28434485)

Windows Server 2003 doesn't have it. I don't see it. I also do not recommend VISTA, & possibly Windows 7 but I will reserve judgement on the latter... for now.

"DirectX is a hopeless kludge" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:01AM (#28434485)

It's harder to code imo, than OpenGL (2.0 std. used here) is, but, it also controls more equipment (think robotics even) than OpenGL (I've coded around both for screensavers in fact, this is my hands-on opinion of ooding both (has RyuuzakiTetsuya I wonder?)).

"or that the networking stack completely sucks." - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:01AM (#28434485)

I only use IP here (Tcp/Udp), & that's it... rotflmao: Guess what, PER MY SUBJECT-LINE OF THIS POST?

Microsoft's IP stack IS BASED FROM BSD - & so is the MacOS X!

(Keep it up, you're only destroying yourself & thanks for that one, YOU FELL RIGHT INTO IT, proving you skim too - I stated it a post or so back!)

APK

P.S.=>

"You are officially an idiot." - by RyuuzakiTetsuya (195424) on Monday June 22, @11:53PM (#28434419)

Well, I didn't spend $2,000++ when I can do as well security-wise, free... so, who's the idiot, rotflmao?

MATH TIME! 271 known vulnerabilities over time, & for the version of Windows I use no less, vs. MacOS X latest @ 971 known security vulnerabilities over time? Do the math, unless you find it TOO difficult that is... lmao!

Both have 1 known unpatched hole - but, I can fix mine 2 ways, & F A S T, plus within 4 clicks tops on 1, & less on the other.

Can you patch the single MacOS X flaw that produces 3 problems in the hack present still, of System Access/DDOS-DOS/Prilege Escalation exploit?

If so? How so... using CHOWN (which your original "security recommendations" for MacOS X users "StRaNgEL" omitted (not)).

(You had to use it in the end, vs. that known exploit MacOS X has, & also to stop the attack the likes we discussed me doing to you (which I don't do stupid stuff like that, period - fact is, I use my saavy to help others against it!))

(See, that last one, privelege escalation attacks? YES - happens on Macs too, despite you only saying Windows had that in your rant of which I can easily counter each point vs. Windows posts of yours here...)

That's just another proof of my stating the *NIX crew is either not that good, or, state 1/2 truths.. readers decide from those choices I say after all this, lol!.

(AND, by the by? HIGH end Macs I've seen go for $3,000 after all is said & done - I did guess 1 thing wrong: I thought you might have bought "the very best" but, like your security measures?? LOL, you don't... read on!)

"you can buy a mac for under a grand." - by RyuuzakiTetsuya (195424) on Monday June 22, @11:53PM (#28434419)

Yea, lol, U can blow THAT much ca$h, or this 4 free:

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& b

Re:MacOS X & MS IP Stack BOTH BSD based, lol!

[RyuuzakiTetsuya]

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662 [tcmagazine.com]

I'd hate to break this to you, but when I made the switch, my PC had died. Dead HDD, dead motherboard, dead PSU, and possibly dead RAM. Your guide is not a guide to necromancing dead PC hardware for free or even cheap. It's how to harden a crapware OS.

Javascript limit+HOSTS file & more? BrowserSec

"I do have the facts." - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:21AM (#28434635)

Where are they, & where did I state anything different than what you have here below next:

"The fact is, unless you're running something that opens ports and leaves you waiting to accept packets from somewhere, you're safe. Period." - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:21AM (#28434635)

I've been saying that all along, show us where I haven't?

"Your browser is always a vector for infection, but nothing you can(Other than regular patching) do can really stop a compromised browser from performing a privilege escalation then doing whatever the fuck it wants" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:21AM (#28434635)

LOL, javascript, is the "deliverer/harbinger of doom" here...

My guide suggests javsscript limited usage - I also noted it here, in addition to other measures to secure a browser (my guide covers TONS more that work as well "layered onto" those for COMPLETE AS POSSIBLE PROTECTION)!

AND, ABOVE ALL ELSE? Evidence, that it surely seems to work out well for this person quoted below in THRONKA (since javascript via browsers AND ADOBE delivers 95% of the hacks/cracks/malware, even in adbanners) as well as his client & her kids, + MEK_LoveBug a responder here and myself (plus many others I can produce who did well or liked the guide I wrote up for them that allows them to avoid SPENDING $2,000 - $3,000 for no good reason, when securing Windows is a CIS Tool usage + some minor rules & education for them?)...

SO - You spent #2,000 for a Mac? Well, & could have done THIS, for free (instead of running from Windows, doubtless but apparently because of your NOT doing stuff like below, in Windows)

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?showtopic=2662

----

& had results like these on Windows, 4 free also:

http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral) ... apk

----

"Linux is pretty damn close though" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @12:21AM (#28434635)

It's got security issues galore in it's time too, & other hassles (sound system coding Adobe said, for instance, is a nightmare & recently, ext4 caused file damage/losses & still does if a coder doesn't alter his coding (how many can be reached for that @ once etc. et al) for filesystem usages, forcing wholesale rebuilds of any app that talks to the sys

Re:Javascript limit+HOSTS file & more? Browser

[RyuuzakiTetsuya]

You spent #2,000 for a Mac?

Actually, the day I left the windows world was when I came home from work, found that there was a lovely little love letter from the OS, "Disk not found." Disk shit itself due to motherboard failure. I needed a new motherboard, a new HD, a new PSU(Voltages were a little funny when I went to check whether or not the board failed because I bought the cheapest PSU I could find), and other various pieces of new hardware.

Instead, I bought a Mac Mini. $500 bucks. Came with XCode too. My crappy choices in hardware wasn't what pushed me to buy a Mac. I knew that I chose the cheapest parts on the market, and I got what I paid for. I knew I was going to buy an OEM machine instead of build a new one because I now really don't have the care to choose good parts, choose good suppliers and build the whole thing. When I considered new hardware I also considered a new OS. Sun puts out a Solaris box for under a grand and that was tempting, but the Mini was simply cheaper and had *much* better app support.

It's got security issues galore in it's time too

yes, because Linux boxes are more likely to run stuff like ssh services, web services, ftp services, so on and so forth. That's where the security failures are.

& other hassles (sound system coding Adobe said, for instance, is a nightmare & recently, ext4 caused file damage/losses & still does if a coder doesn't alter his coding (how many can be reached for that @ once etc. et al) for filesystem usages, forcing wholesale rebuilds of any app that talks to the system possibly (not all, but most do though for MANY things)... printer support, & usb problems are others I have heard over time, as well as the "this runs on Windows but not Linux" variety (Gigabyte IRAM, anyone, as a SINGLE example with many more I could put out?))

and this is why I bought a mac! :D

Further more:

http://www.infoworld.com/t/platforms/windows-inherently-more-vulnerable-malware-attacks-os-x-489?page=0,2

QED.

Infoworld Article TORN APART, point-by-point

http://www.infoworld.com/t/platforms/windows-inherently-more-vulnerable-malware-attacks-os-x-489?page=0,2

Time to tear that article up, point-by-point, & show WHERE + HOW points in my article show how to do so:

(Here we go, & with how on EACH POINT I DISPUTE HERE, from this page -> See, "STEP #1 of 12 - SECURING SERVICES @ THE ACL/Security SID + POLICIES LEVELS" here -> http://www.xtremepccentral.com/forums/showthread.php?s=8836f6b40cf558ad4c613e2c72251270&t=28430 for verification of any statements I make here)

"All Windows background processes/daemons are spawned from a single hyper-privileged process and referred to as services.

By default, Windows launches all services with SYSTEM-level privileges.

SYSTEM is a pseudo-user (LocalSystem) that trumps Administrator (like UNIX's root) in privileges. SYSTEM cannot be used to log in, but it also has no password, no login script, no shell and no environment, therefore"

See point # 1 of the security guide I wrote, entitled "STEP #1 of 12 - SECURING SERVICES @ THE ACL/Security SID + POLICIES LEVELS"

There? Well - I SHOW ANYONE HOW SIMPLE/EASY IT IS TO RUN ANY SERVICE AS LESS THAN SYSTEM!

(In fact, "oddly enough? I mention MacOS, because just like in MacOS X & its daemons, Windows users can control this & set services to run in LESS THAN SYSTEM SERVICE (not all do, but many if not most, can be altered to do so & function perfectly))

Yes, even on older Windows 2000 (but, you have to make a lesser priveleged user here, piece of cake, just like Windows XP &/or Windows Server 2003 already do in less priveleged users/groups already)

"The activity of SYSTEM is next to impossible to control or log."

What? This is doable but WHY BOTHER, when you can just assign a service to another "log on" entity, other than SYSTEM, in any service's properties -> Log On tab... as I noted above & in STEP #1 of my security guide for Windows users!

"Most of the code running on any Windows system at a given time is related to services, most or all of which run with SYSTEM privileges, therefore"

First of all - there is a lot of OTHER code running too (drivers, @ RPL 0/RING 0 along w/ system core kernel code AND usermode programs that run under the privelege context of the user logged in running them)

Secondly & Again - Many of which CAN be altered for backgrounded services as I noted above, IF IT IS SERVICES INVOLVED!

(Once more - It's simple to run as lesser priveleged user entities you have already as many services DO allow (LOCAL SERVICE, or NETWORK SERVICE)... AND? Windows XP &/or Server 2003 service packs even set some of them to less than "SYSTEM" once they were applied also (from the oem install defaults))

This is ALL noted in my article - Mr. Tom Yager of INFOWORLD must have overlooked its points!

"Successful infection of running Windows software carries a good chance of access to SYSTEM privileges."

Not "unique to Windows" by ANY means:

Privelege Escalation Exploits exist on MacOS X now, currently, & ARE UNPATCHED - This sword? Cuts 2 ways...

Fact is - The SINGLE KNOWN SECURITY VULNERABILITY THAT EXISTS FOR MACOS X in fact? Lists this @ SECUNIA.COM as a possible (along with DOS/DDOS & System Access, that also 'come along for the ride' on that one).

"Windows buries most privileged software, service executables and configuration files in a single, unstructured massive directory (SYSTEM32) that is frequently used by third parties. Windows will notify you on an attempt to overwrite one of its own system files stored

Re:Infoworld Article TORN APART, point-by-point

[RyuuzakiTetsuya]

NOW - the day that MacOS X can run as many softwares for as many purposes as Windows does, as well as MacOS X being able to run as many hardwares for varieties of purposes? THEN, then the Apple folks have something to cheer about - but, that day's not here now, & hasn't been for the existence of the Mac! AND THE DAY MacOS X can be shown to keep a high tpm stock exchange up & running into the "fabled 5-9's" as Windows Server has for 5 yrs. now running stable/secure & F A S T? Then, maybe, I'll listen to b.s. like the above...... apk

OSX *can* pull five nines. it's only on windows where five nines of reliability are fabled.

Got proof of MacOS X running a stock exchange?

"OSX *can* pull five nines. it's only on windows where five nines of reliability are fabled." - by RyuuzakiTetsuya (195424) on Tuesday June 23, @03:00PM (#28443103)

Fabled? Not really! AND??

This is no mere "FABLE", but instead, reality (provable, concrete, & verifiable reality):

NASDAQ proves it... of course, this is also contingent upon the team adminning it as well (keep this in mind, with ANY OS)

Here is an example of NASDAQ's uptime, AND stability, in a high tpm environs, industrially (using Windows no less):

NASDAQ keeps on running 24x7, into the fabled "5-9's" of 99.999% uptime using Windows Server 2003 + SQLServer 2005 (in failover clusters) since late 2005, acting as the official dissemination system of official trade data:

----

NASDAQ Migrates to SQL Server 2005:

http://windowsfs.com/enews/nasdaq-migrates-to-sql-server-2005

&/or

NASDAQ Uses SQL Server 2005 - Reducing Costs through Better Data Management:

http://blog.sqlauthority.com/2007/09/17/sqlauthority-news-nasdaq-uses-sql-server-2005-reducing-costs-through-better-data-management/

"NASDAQ, the worlds first electronic stock market replaced its aging mainframe computers with Microsoft® SQL Server 2005 on two 4-node clusters to support its Market Data Dissemination System (MDDS). Every trade processed in the NASDAQ marketplace goes through the system with Microsoft® SQL Server 2005 handling some 5,000 transactions per second at market open. The system also responds to about 10,000 queries a day and is able to handle real-time queries against data without slowing the database down."

+

Case Studies - Financial Services:

http://www.microsoft.com/sqlserver/2005/en/us/cs-financial-roi.aspx?pf=true

"NASDAQ Deploys SQL Server 2005 to Support Real-Time Trade Booking and Queries

NASDAQ, which became the worlds first electronic stock market in 1971, and remains the largest U.S. electronic stock market, is constantly looking for more-efficient ways to serve its members. As the organization prepared to retire its aging large mainframe computers, it deployed Microsoft® SQL Server 2005 on two 4-node clusters to support its Market Data Dissemination System (MDDS). Every trade that is processed in the NASDAQ marketplace goes through the MDDS system, with SQL Server 2005 handling some 5,000 transactions per second at market open. SQL Server 2005 simultaneously handles about 100,000 queries a day, using SQL Server 2005 Snapshot Isolation to support real-time queries against the data without slowing the database. NASDAQ is enjoying a lower total cost of ownership compared to the large mainframe computer system that the SQL Server 2005 deployment has replaced."

----

SO, that all "said & aside" - You want PROOF of that "stability/uptime", you say?

OK, see here -> http://www.nasdaqtrader.com/Trader.aspx?id=MarketShare

"NASDAQ is renowned for its high performance technology and has proven reliability with 99.999+% uptime. Whats more, firms count on NASDAQ for unsurpassed speed and tested capacity to execute trades quickly and efficiently."

----

What I'd like to see is actual proof of MacOS X pulling that "fabled '5-9's", albeit in a HIGH TPM environs that has run for 1/2 decade++ or more, & just as stably + secure as NASDAQ has seen...

You have me wrong I think (& my replies MAY have given you that impression):

I don't "hate *NIX"!

In fact, it, along with VAX's VMS (on a VAX-1180 in the early to mid 1980's) is where I started i

Crapware OS? NASDAQ shows otherwise + others

"I'd hate to break this to you, but when I made the switch, my PC had died. Dead HDD, dead motherboard, dead PSU, and possibly dead RAM" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @04:14PM (#28444411)

Well, I hate to break THIS tidbit, to you: I have trouble believing that!

Why?

Well, simple - You would have said it many posts ago...

(Not just the 1 other time you stated it, only recently no less, & when many others including myself said you overspent on a platform for a PC in Macs!)

I say that, because you can gain great security in Windows, as well as more speed + stability, IF you follow that guide of mine (or others, but I feel mine is quite a bit more comprehensive than most are online))...

So, personally? Yes - I think THAT is) a "Fable" on YOUR part, lol, because it took you SO LONG to 'come up with it'.

(To each his own right? I'm entitled to my opinions, like yours below (albeit, once more? NASDAQ's showing, See here -> http://slashdot.org/comments.pl?sid=1229203&cid=27909649 using SQLServer 2005 + Windows Server 2003 "does a job on that" opinion of yours (doesn't it?))

----

"Your guide is not a guide to necromancing dead PC hardware for free or even cheap" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @04:14PM (#28444411)

Show me once where I said it was for THAT? Thanks...

----

"It's how to harden a crapware OS." - by RyuuzakiTetsuya (195424) on Tuesday June 23, @04:14PM (#28444411)

Yea, yea, that's YOUR OPINION... others who used my guide say way, Way, WAY differently (AND WITHOUT SPENDING $2,000 - $3,000 on a Mac):

----

http://www.xtremepccentral.com/forums/showthread.php?s=ae352cd32542fe49a55fe00b11086449&t=28430&page=3

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA (forums user @ xtremepccentral)

----

That's an end-user's experience along with his client's (which I see the same of, as well as MEK_LoveBug another poster here does also) - pretty NICE, you must admit!

That's also in addition to the "Fabled" NASDAQ data I used above, vs. your opinion here...

APK

P.S.=> I have to go grocery shopping now, talk later... apk

Re:Crapware OS? NASDAQ shows otherwise + others

[RyuuzakiTetsuya]

You would have said it many posts ago...

It wasn't relevant. Why I made the switch and what ultimately forced me into it are two different things.

Show me once where I said it was for THAT? Thanks...

Yea, lol, U can blow THAT much ca$h, or this 4 free:

I had the choice of either blowing 500 dollars on a OEM Windows machine that would utterly suck or 500 bucks on a unix workstation that's roughly the size of a plate of toast. Granted the graphics chip on it sucks but that's why i own a ps3.

Re:Crapware OS? NASDAQ shows otherwise + others

"It wasn't relevant" - by RyuuzakiTetsuya (195424) on Tuesday June 23, @05:16PM (#28445477)

You're stating your Windows PC "blew up" (but, that you also said you bought lousy hardware for it iirc also, correct? That was YOUR opinion a few posts back iirc), so you bought a Mac, correct?

When others stated in their subject lines, such as here (5 days ago now almost) -> http://slashdot.org/comments.pl?sid=1267281&cid=28388145

They said "You overspent" as well as myself? THIS IS THE BEST you FINALLY came up with?? 4-5 days later, no less???

(The "believability" of that is a WEE bit "thin", & seems to myself to be a "prevarication/canard" to use a $5 dollar word for it, especially given that much "lag" in response & this is what you came up with, especially considering you're fairly fast in reply - but... oh well!)

APK

P.S.=> What EXACTLY "forced you into it"? YOU said you bought crap parts in a post here earlier, iirc, was THAT it? You know, you DO GET WHAT YOU PAY FOR in this field, especially in hardwares imo (though I buy used stuff too, & have been VERY fortunate in this regards, especially w/ "TRINITRON" monitors, yes, I still use CRT's & ones of THAT variety (fast refresh rates) & they come cheap used for 21" models ($70 or so usually, & go for 4-5 yrs. each for me no less, which is better than spending say, $1,000 on one of that size, which I had in the past, BIG MI$TAKE in my 'younger days')).

Anyhow - I can see 1 decent reason for trying new hardwares &/or Operating Systems + software of various kinds, but not for 1,000's of dollars spent:

Mainly, maybe to learn something different, in case the market changes in the future!

(HOWEVER - the trend has BEEN Windows in the position of overall dominance & most use from home users, up thru departmental servers, into the "Enterprise Class/Mission Critical" range for what? Almost 20 yrs. now??)

That truly being the case - you're STILL "best served" by Windows, & yes, even on an ECONOMIC FRONT: It's called greater surface area overall, & thus the MOST OPPORTUNITY FOR EMPLOYMENT (surface area-wise)... think about that! apk

Re:Crapware OS? NASDAQ shows otherwise + others

[RyuuzakiTetsuya]

What EXACTLY "forced you into it"?

Not having a computer forced me to buy one, considering how necessary one is to even keep up these days.

I was considering best quality for price, this included OS. Had I bought a cheapass Windows machine, it'd still come with Windows. Had I bought a mac, it would come with a real OS.

Re:Crapware OS? NASDAQ shows otherwise + others

[Americano]

You realize that APK, MEK_LoveBug, and the other AC's responding to you are all the same person right? I salute your stamina in bothering to try and talk sense to him.

He's an ill-informed troll, and his posts usually simply break down into pointless ranting about how you can't say anything because you're not an "expert" - as defined by him - whereas he is an expert based on a handful of online journal publications, and thus his statements are unassailable.

But I suppose you've worked that out for yourself already. :)

Why do you think Windows NT-based OS are crap?

First, see my subject-line above, & why is MacOS X a "real OS" in your estimation, & Windows NT-based ones like 2000/XP/Server 2003 aren't?

"DISCLAIMER":

I dislike VISTA, & from my former responses to you? I think you know WHY! I.E.-> I have objections about how HOSTS files work since 12/09/2009 in VISTA (Windows 7 &/or Server 2008 as well) and WFP also in them all (vs. how Port Filtering, IPSec, & software firewalls worked before that in a "greek phalanx/zone defense" 3 part setup, vs. the current 1 part ONLY design (easy to take down imo, or easier rather), per the link where I showed you I was questioning & critiquing MS on them anyhow

(& I don't know enough admittedly though, via 'hands-on', for Windows 7 either, or Server 2008 (the latter 2 being based on VISTA really, & Windows 7 offering SOME new nice features, & trimmed down default services (been suggesting this since NT 4.0 in fact, online) especially on the network adminning ends & some user stuff))

"Not having a computer forced me to buy one, considering how necessary one is to even keep up these days." - by RyuuzakiTetsuya (195424) on Tuesday June 23, @06:03PM (#28446145)

Whatever: It took you 5 days (or more since it was said first that you "overspent on a Mac", because you can secure Windows easily for FREE) to come up with THAT, & I think it IS a "prevarication/canard" to put it mildly - but, let's "run w/ that anyhow", & assume you ARE "telling the truth"!

(Though your taking 5 days or more to come up with THAT?)

Well...

----

"I was considering best quality for price, this included OS. Had I bought a cheapass Windows machine, it'd still come with Windows. Had I bought a mac, it would come with a real OS." - by RyuuzakiTetsuya (195424) on Tuesday June 23, @06:03PM (#28446145)

Why do you think MacOS X is a "REAL OS", & Windows NT-based ones aren't?

I mean, hey - Not only does Windows Server 2003 (what I use in its default workstation/pro install mode here @ home) show 99.999% uptime in high transactions-per-minute 24x7 99.999% fabled "5-9's" uptime, stability & security for NASDAQ, while in combination w/ SQLServer 2005... but they run more hardwares & on the MOST USED HARDWARE PLATFORM THERE IS, in x86 for PC's &/or Servers combined, & have more software + peripheral hardwares that run with them than any OTHER pc OS platform on x86 in existence...

Plus - face it: Since Windows "rules" & has ruled for basically 20 yrs. or more now on these fronts (from home user desktops, to departmental LAN servers, & WANs on "Mission Critical/Enterprise-Class" wares also (which I have been part of such projects, & NASDAQ is a great example of it also))?

That greater market-share + overall greater surface area = more possible clients & places to work - you stand to GAIN MORE, ECONOMICALLY by sticking by Windows... just makes sense (DOLLARS & CENTS too).

APK

P.S.=> Nothing wrong w/ trying a "new thing", especially to learn more... &, I did the same w/ OS/2, & loved it, 2.1 thru Warp 3.0 in fact!

Still... it basically has "died" though! Even "Mighty IBM" couldn't 'steam roll' over the wave that was (IS), Windows...

AND, I tried Linux many times, Slackware 1.01 around 1993 or so iirc, possibly 1994, + RedHat 7.0 later on, & more recently with KUBUNTU 8.04 (albeit on a colleagues' laptop @ work, on/off, just to see what changed & got better)... but I came back to Windows...

Why, & everytime?

More wares that fit the jobs I wanted to do, more games (which I still like, though NOT as much as years ago), plus more hardware with TOTALLY RELIABLE DRIVERS as well (I read a lot on THIS much first, before I buy a hardware, & USER REVIEWS (not possibly "bought & paid for 'good ones'" from major website only (yes, I suspect this goes on, & actually MORE than suspect it but... I am going to let 'sleeping dogs lie' on that note))... apk

SAMBA users didn't have to worry? See inside! apk

"Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

B.S., because they clearly DO, and currently no less:

----

Samba Security Bypass and Format String Vulnerabilities

http://secunia.com/advisories/35539/3/

Impact: Security Bypass & System access

----

I think that the user's involved ought to patch that up, & F A S T... once more, your statements didn't "hold true" in your original post & @ the time of their posting...

By the way - This didn't get patched until 2 days ago (6/24/2009) &, we started this discussion long before that on 6/13/2009 (& your initial/1st post, quoted above? Yes, it was before that date of the patch!)

Also, as far as Mac's? Take a peek here:

----

Apple Issues Firmware Upgrade For MacBook Pro:

http://apple.slashdot.org/story/09/06/23/1338211/Apple-Issues-Firmware-Upgrade-For-MacBook-Pro

----

(As to their "high quality"...? Seems that they couldn't get SATA access right!)

APK

P.S.=> Hilarious... & TOO easy! apk

SAMBA security holes, & Mac SATA patch?

"He's an ill-informed troll" - by Americano (920576) on Thursday June 25, @06:39PM (#28473695)

Sure, sure... I am "ill informed"? Let me quote what was said by RyuuzakiTetsuya on 6/13/2009, verbatim (& then, I'll supply some data that definitely contradicted it on that very date) in regards to SAMBA:

"Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

Well, that all "said & aside"? Take a read below, & tell us who was "ill informed", lol:

----

Samba Security Bypass and Format String Vulnerabilities:

http://secunia.com/advisories/35539/3/ [secunia.com]

Impact: Security Bypass & System access

----

I think that the user's involved ought to patch that up, & F A S T... once more, your statements didn't "hold true" in your original post & @ the time of their posting...

By the way - This didn't get patched until 2 days ago (6/24/2009) &, we started this discussion long before that on 6/13/2009 (& your initial/1st post, quoted above? Yes, it was before that date of the patch!)

Also, as far as Mac's? Take a peek here:

----

Apple Issues Firmware Upgrade For MacBook Pro:

http://apple.slashdot.org/story/09/06/23/1338211/Apple-Issues-Firmware-Upgrade-For-MacBook-Pro [slashdot.org]

----

(As to their "high quality"...? Seems that they couldn't get SATA access right!)

APK

P.S.=> Hilarious... & TOO easy + accusing myself of being others (or vice-a-versa)? Is THAT the "best you have"? Please - prove my technical points wrong - I did to his article by Tom Yager from INFOWORLD, point-by-point, & RyuuzakiTetsuya outright RAN, lmao! apk

Re:SAMBA security holes, & Mac SATA patch?

[Americano]

Sure, sure... I am "ill informed"?

Yep. That's what I said, and I don't believe I stuttered, so I guess you read me properly.

You are an ill-informed troll.

Learn to read then, SAMBA & NetBIOS

You had best learn to read, because I will now quote EXACTLY where RyuuzakiTetsuya shows he is "ill-informed", AND where he is off/wrong on technical issues as regards his "putdowns" of Windows just like I did to his INFOWORLD "Pro-Mac" (vs. Windows) article by Mr. Tom Yager, here ->

http://slashdot.org/comments.pl?sid=1267281&cid=28439225

(I tore it up, point-by-point & with ease, because it was SO full of mistakes, it was not even funny!)

Here we go, with quotes of where RyuuzakiTetsuya was wrong in his init. post:

"Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

Well, that all "said & aside"? Take a read below, & tell us who was "ill informed", lol:

----

Samba Security Bypass and Format String Vulnerabilities:

http://secunia.com/advisories/35539/3/

Impact: Security Bypass & System access

----

AND, on 6/13/2009 when he posted that? It wasn't patched (& wasn't thru most of this exchange, & not until 2 days ago in fact))

(AND, you called ME "ill informed"? LMAO!)

See here about his statements regarding NetBIOS/LanMan networking, to which I gave him the "simplest cure of all" for that much:

http://slashdot.org/comments.pl?sid=1267281&cid=28335781

(By simply cutting the server service, I gave an easy fix to THAT statement of his... to which he agreed most people don't need it running no less (since they only have 1 system much of the time))

As far as 'curing/immunizing a user' vs. Conficker? I was on that months ago here -> http://it.slashdot.org/comments.pl?sid=1159209&cid=27178753 & I was "modded up" +1 as INFORMATIVE (funny that, especially when you called ME "ill-informed", lol!)

APK

P.S.=> In the end? Whoever "modded up" RyuuzakiTetsuya was obviously a fool, OR, he did it himself via a 'sockpuppet' account he keeps himself (probably YOU - see? Others can accuse YOU of that also)... apk

Re:Learn to read then, SAMBA & NetBIOS

[Americano]

I never said anything about RyuuzakiTetsuya, so I don't know why you're trying to criticize him to me. I merely provided independent confirmation to him that you are an ill-informed troll, because I've seen your foaming-at-the-mouth rants in previous articles too.

For the record, I happen to agree with his assessment of the relative merits of Windows security versus Mac/Linux security - Mac & Linux are - by default - more secure than a default Windows install. Any system (including Windows) can be made insecure, and any system (including Windows) can be hardened. However, out of the box, Linux & Mac OS have more sensible security defaults for a hostile network environment than Windows does, and require less hardening to get secure & less patching to keep secure.

None of the three are perfect. In my opinion, Mac OS is more locked down than I'd like in some respects, and doesn't support some software that I'd love to see ported over there; Linux has a generally lackluster user experience and requires to much fiddling to configure; Windows requires too much patching, is unstable, and provides a "middle of the road" user experience at the expense of a lot of administration work.

TomHudson felt URA Troll (independent confirmed)

"I merely provided independent confirmation to him that you are an ill-informed troll, because I've seen your foaming-at-the-mouth rants in previous articles too." - by Americano (920576) on Friday June 26, @04:32PM (#28487853)

On WHO THE TROLL IS here? Well - Seems others agree with me (and it's you, per Tom Hudson, & your screwups like you did here missing the fact I merely corrected where RyuuzakiTetsuya was incorrect (on everything he stated in fact)):

"What a fucking hypocritical lying little troll." - by tomhudson (43916) on Friday June 26, @03:29PM (#28486897) Journal

That's from right here, today, where you screwed up & put words he never said in his mouth -> http://slashdot.org/comments.pl?sid=1283193&cid=28486897

(So, there is some "independent confirmation" that YOU ARE NOTHING MORE THAN A TROLL... lol, not from myself, but from others here no less (and, you had to 'eat your words' to Tom Hudson also, admitting you screwed up & skimmed))

Amen, & agreed, 110% TomHudson (This "Americano" is nothing BUT a troll (and a dull-witted, skimming, hypocritical dyslexic one @ that, who likes to put words into others' mouths they never stated... & then, he has to 'eat his words' afterwards (2x now today, lmao))...

"Linux & Mac OS have more sensible security defaults for a hostile network environment than Windows does" - by Americano (920576) on Friday June 26, @04:32PM (#28487853)

That's funny - RyuuzakiTetsuya said that NetBIOS/LanManager were more of a hassle than SAMBA is, security-wise... but, my replies here show that SAMBA has borne a hole in it for a VERY LONG TIME & right when he stated that in his initial posting... funny that, eh?

"and require less hardening to get secure & less patching to keep secure." - by Americano (920576) on Friday June 26, @04:32PM (#28487853)

Funny - I showed RyuuzakiTetsuya that MacOS X has been shown to have 971 vulnerabilities over time up to its current model... the version of Windows I use in Server 2003 only had 274++ or so... funny that, eh?

SO, that all "said & aside"?

Well - Enjoy your lunch Americano, how are the taste of eating your own words (nothing quite like "the bitter taste of defeat" is there, you skimming troll)?

APK

P.S.=> The funniest part is, Americano tried to call ME troll, here -> http://slashdot.org/comments.pl?sid=1267281&cid=28473695

"He's an ill-informed troll" - by Americano on Thursday June 25, @06:39PM (#28473695)

And, then I simply showed a FRACTION of where the poster he was so "vigorously defending" had made so many mistakes (technical ones), that were totally incorrect from the get-go no less -> http://slashdot.org/comments.pl?sid=1267281&cid=28484753 & yet?

SOMEHOW RyuuzakiTetsuya was "modded up" (probably by "Americano" here, who is doubtless a 'sock puppet' account of the person he defends in "RyuuzakiTetsuya" there)...

OH, & by the way "Americano"? Like here, you 'skimmed' & screwed up, trying to put words into others' mouths as you did to Tom Hudson & now are "eating your own words" for... & you're going to have to EAT A FEW MORE, right now (hope you're not TOO full of your own shit, lol, by this point, because here it comes):

"and his posts usually simply break down into pointless ranting about how you can't say anything because you're not an "expert" - as defined by him - whereas he is an expert based on a handful of online journal publications, and thus his statements are unassailable." - by Americano on Thursday June 2

Re:TomHudson felt URA Troll (independent confirmed

[Americano]

Okay, I'll bite. Your Secunia "vulnerabilities" links? Yeah, did you read fine print where Secunia indicates the following:

PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products.

However, let's assume that comparing raw numbers of vulnerabilities means anything. Let's look at the number of patched advisories, and their relative criticality.

Secunia has issued 130 advisories since 2003 for Mac OS X - that's all versions of Mac OS X. Of them, 5 out of 130 advisories remain unpatched, and the most critical of those patches is rated as "Moderately Critical" - a 3/5 on a 5-point criticality scale.

Now let's look at your precious Microsoft Windows Server 2003 Enterprise Edition, even though 1 version of Windows versus every version of Mac OS X is not a true apples-to-apples comparison. There have been 191 Secunia advisories since 2003 for that operating system. Of those, 13 out of 191 remain unpatched, with the most critical unpatched advisory rated as an "Extremely Critical" (a 5/5 on a 5-point criticality scale. The worst possible.)

So, Windows 2003 server has more unpatched vulnerabilities in absolute numbers, and also it's unpatched vulnerabilities are more critical in terms of the amount of access an attacker can gain by exploiting the vulnerabilities.

So what about my statement that "Windows is less secure, by default, than Mac OS" is disproved by these statistics? Raw numbers of vulnerabilities are absolutely not to be used to compare the "relative security" of two systems, which Secunia themselves go out of their way to state.

Let's review ACTUAL VULNERABILITIES not advisories

Funny: The latest build of MacOS X shows 971 vulnerabilities here -> http://secunia.com/advisories/product/96/?task=statistics

Specifically this -> Affected By 130 Secunia advisories 971 Vulnerabilities

Now, by way of comparison? Windows Server 2003 -> http://secunia.com/advisories/product/1174/ :

Affected By 191 Secunia advisories 234 Vulnerabilities

The VULNERABILITIES are what counts, as THEY are the problem itself!

(Again - learn to read, or you will end up "eating your words" as you did to Tom Hudson here today + myself already 2x today, in your stating we said things we never did, and also that I was only in 'online journals' where I was clearly in written respected publications in this science (and you clearly have NOT been & then you impersonated me as well when that was all said & done, lmao, which is the SURE SIGN I "got the better of you"), lmao!)

APK

P.S.=> Oh well - Time to "eat your words" yet again:

"So, Windows 2003 server has more unpatched vulnerabilities" - by Americano (920576) on Friday June 26, @05:49PM (#28488807)

WRONG, as-per-usual: Both MacOS X & Windows Server 2003 have 1 outstanding unpatched issue each... albeit, the one for Windows Server 2003? Merely unregistering quartz.dll is nothing & easy to do (that, or just altering its ACL so NOBODY can use it, until it's fixed (which only means you do without watching .avi files is all)

NOW - the MacOS error? Generates 3 possibles, & those are:

1.) SYSTEM ACCESS
2.) PRIVELEGE ESCALATION EXPLOITS
3.) DOS/DDOS

A "wee bit more serious" I would say, especially since MacOS X has remote "X" sessions possible, because it is a *NIX... & worse if a remoteable badware/malware gets inside of it (& lord knows, users (especially "gramma ones", which are the folks that use Macs the most from what I see & hear + who it is "geared to" no less) will make mistakes of that nature)

Can you FIX that, as easily as I can on Windows' single exploit?

apk

Re:Let's review ACTUAL VULNERABILITIES not advisor

[Americano]

You fail. You didn't read any of my post, or any of the links. You've proven your inability to read or formulate a coherent thought. Secunia themselves state that the numbers of vulnerabilities should not be used to compare the security of two different products.

By "1 unpatched", I presume you mean "1 unpatched advisory that was discovered in 2009," right? What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you? You keep linking to Secunia, I suggest that you learn how to read their advisories.

I also provided links to the relevant "list of advisory" pages where advisories for Mac OS X and Windows Server 2003 EE are described, and the numbers I quoted you are directly from those pages.

Advisories are the actual confirmed issue writeup Secunia does. Vulnerabilities are simply "a big list of things people have reported to us as being a problem." Vulnerabilities have not been vetted or inspected for accuracy, duplication, or anything else.

In summary: Advisories are what matter. Unpatched advisories are what matter. Windows Server 2003 Enterprise Edition has more unpatched advisories than does Mac OS X, and it has more severe unpatched advisories than does Mac OS X.

The question was not "Can these problems be fixed?" The question was, "Which is more secure by default?" By default, Windows has more unpatched problems with more critical impact.

You can't fix it, can you? I can on Windows though

The question was not "Can these problems be fixed?" - by Americano (920576) on Friday June 26, @06:38PM (#28489297)

LMAO - MY question to you was simply this, in bold below (after giving you absolutely VALID DATA from secunia regarding it no less):

----

"WRONG, as-per-usual: Both MacOS X & Windows Server 2003 have 1 outstanding unpatched issue each... albeit, the one for Windows Server 2003? Merely unregistering quartz.dll is nothing & easy to do (that, or just altering its ACL so NOBODY can use it, until it's fixed (which only means you do without watching .avi files is all)

NOW - the MacOS error? Generates 3 possibles, & those are:

1.) SYSTEM ACCESS
2.) PRIVELEGE ESCALATION EXPLOITS
3.) DOS/DDOS

A "wee bit more serious" I would say, especially since MacOS X has remote "X" sessions possible, because it is a *NIX... & worse if a remoteable badware/malware gets inside of it (& lord knows, users (especially "gramma ones", which are the folks that use Macs the most from what I see & hear + who it is "geared to" no less) will make mistakes of that nature)

Can you FIX that, as easily as I can on Windows' single exploit? - by Anonymous Coward on Friday June 26, @06:06PM (#28489013)

----

So - proofs right here in your 'evasions' troll - Like I said, in my subject-line? YOU CAN'T FIX THE MacOS X hassle, but, I can for Windows easily!

(AND, they both bear only 1 security vulnerability UNPATCHED @ present)

I wonder, which is the "more vulnerable OS" - the one I can fix a hole on, OR, the one YOU CANNOT?

----

"By "1 unpatched", I presume you mean "1 unpatched advisory that was discovered in 2009," right? What about ones discovered in previous years that are still unpatched" - by Americano (920576) on Friday June 26, @06:38PM (#28489297)

You know what I mean because I posted the data from SECUNIA, a respected site online that informs others of these things!

They (MacOS X & Windows Server 2003 (what I use here)) BOTH have only 1 known vulnerability present... you screwed up stating what you did, period!

LMAO - And, above all else here probably? Well, you can't fix what's wrong w/ MacOS X still... lol, but I can with the one in Windows, period, & easily!

(And, I'd have to say that my not being able to watch .avi files is no biggie, not when compared to DDOS/DOS, System Access, & Privilege Escalation exploits WHICH MacOS X does have, right now, currently - apparently "unfixable" too, where the puny thing on Windows is, easily no less!)

LOL, give up already - I'll tell you EXACTLY what I said to the parent poster RyuuzakiTetsuya (who ran after I tore up his article from INFOWORLD by Tom Yager, point-by-point, easily no less because it was SO full of what I initially protested against here (Pro-*NIX types 1/2 truths & outright b.s.)):

YOU DON'T HAVE THE INFORMATION or INTELLIGENCE to "get the better of me", period!

----

"By default, Windows has more unpatched problems with more critical impact." - by Americano (920576) on Friday June 26, @06:38PM (#28489297)

What? See the above!

LOL, because DDOS, System Access, & Privelege Escalation exploits that are possible from the single unpatched MacOS X vulnerability is QUITE A BIT MORE SERIOUS than not being able to play .avi files here for a little while!

(Simply because I can fix the hassle in Windows, easily... apparently? You are CAUGHT FLAT-FOOTED & without a valid response to MY QUESTION above, quoted, in how you'd fix the problem in MacOS X that exists now).

APK

P.S.=> Funny - but, didn't MacOS X have 971 actual VULNERABILITIES present, & Windows Server 2003 only 271? Advisories are fine, they tell you what to do is all, vs. such things... but, the actual VULNERABILITIES PRESENT are the problem... apk

 

Re:You can't fix it, can you? I can on Windows tho

[Americano]

I can't say this any more plainly: YOU ARE WRONG. If you cannot read Secunia and understand what you are reading, and how it relates to Mac OS and Windows, then we have no basis for conversation.

You have demonstrated your inability to do this at every turn.

Good day.

ALL Windows Server 2k3 are fixable NOT MacOS X tho

"What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
on Friday June 26, @06:38PM (#28489297)

Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

Easy, alter the ACL for quartz.dll or unregister it, until it's patched

Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

Not critical, & another ACL fix... easy!

Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

Another SIMPLE ACL fix...

Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

Piece of cake too: Another ACL fix!

Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

Another "piece of cake", in another ACL fix!

Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

Win2k3 Server bugs are fixable, MacOS X are not

Skimming again?

"You fail. You didn't read any of my post, or any of the links. You've proven your inability to read or formulate a coherent thought" - by Americano (920576) on Friday June 26, @06:38PM (#28489297)

Apparently, you're skimming again - You missed my post on all bugs & how to fix them ALL in Windows Server 2003 (mostly via ACL's & most are NOT CRITICAL/LESS CRITICAL ANYHOW + the 2 that are? EASY TO GET AROUND!)

So - are you just skimming again, like you did w/ TomHudson (who also called you a troll, today, in another post here today)? See here to others reading on THAT note -> http://slashdot.org/comments.pl?sid=1283193&cid=28487913

(Awww YOU FAIL (to fix the bug present I noted in MacOS X, not even a workaround from you)... poor baby!)

Running away, are we?

See here -> http://slashdot.org/comments.pl?sid=1267281&cid=28489801

There?

I went to ALL of the unpatched exploits Windows Server 2003 has had over time, & MOST of them can be fixed by avoiding bad sites, bad wares, or ACL fixes (& other common sense practices) or they are non-critical, & not a single one doesn't have a way around it... not a single one, IF you know what you're doing that is!

I can do that on Windows Server 2003... how about you, on the MacOS X exploit I noted? NOT!

"NEXT!" (that's to any/all "Pro-*NIX" people here, or, @ least the undying fanboys of it who won't listen to reason, & do not have the skills or saavy to answer simple questions I ask - which, so far? Appears to be MOST of you!)

APK

P.S.=> So, again - let's see YOU fix that MacOS X hassle, OR, any of them present over time in MacOS X (go @ each, show me easy fixes, as I did for you @ your request) ... ok?

You cannot and you didn't on the 1 I had shown RyuuzakiTetsuya, thus, I have to ask everyone/anyone here reading this simple point:

WHAT IS THE MORE INHERENTLY VULNERABLE SYSTEM? The one you can fix hassles on (Windows Server 2003) via easy work-arounds, or acl work, OR THE ONE YOU CANNOT FIX THE PROBLEMS INHERENT ON (MacOS X)?

Again, you do NOT have the intelligence or information to "get the better of me" here on this topic, period... let's see you fix that single hassle I asked you about in MacOS X then... @ least as easily as I can in Windows!

(Especially since 14/16 of the unpatched holes are less critical or not critical (why they are unpatched still, not that bad) or are EASILY worked-around, & mostly by what I told RyuuzakiTetsuya his "MacOS X security guide" was short on (ACL use, albeit in Mac they're not called that, but I do know that on SeLinux, this is called MAC (mandatory access control))... apk

Re:Win2k3 Server bugs are fixable, MacOS X are not

[Americano]

What's funny is, your fixes require disabling functionality. not much of a fix if it breaks other stuff, is it? You want to know how I secure my Mac system from the unpatched Secunia advisories for Mac OS X?

First, let's look at the open issues, and how they're exploited:

• 3 of the vulnerabilities require access to the local system itself, i.e., you must be sitting at the keyboard.
• 1 of the open vulnerabilities requires local network access - you must be on an unfirewalled subnet to even attempt to exploit it.
• The final one requires you to have the "Open safe files after download" option checked in Safari, and then you must download a specially crafted HFS+ disk image, and open it.

So how do I secure my system against these attacks? Simple, really:

1. Only trusted users have logins on my system. Myself, my girlfriend, and one of my friends who is over enough & who I trust enough to give a local account. Everybody else gets to use the "guest" account which is locked down and completely unable to do anything more than browse the web.
2. All my systems are behind a firewall; wireless is secured by WPA2 encryption & MAC filtering is in place - even if you get through the firewall or encryption, if you're not a recognized MAC address, you don't get to join the network.
3. Don't do stupid shit. If I don't know and trust the source of an application, HFS+ image, or script, I don't execute it.
4. Disable "Open safe files after download" in Safari. I verify that this is done as a matter of course whenever I log in for the first time on any Mac.

My Mac has been on the internet for 2.5 years with these precautions, and I've never once had to do anything more than apply system updates as they're rolled out to keep my system secure.

You can dick around with crippling your Windows box so it can't play videos and mess around with ACLs on your files all you want. Have fun - while you're doing that, I'll be busy over here, actually using my more-secure-by-default computer to do things that are productive and enjoyable.