Slashdot Mirror
Microsoft a Weak Link In Possible Cyber War
climenole writes 'Microsoft has vast resources, literally billions of dollars in cash, or liquid assets reserves. Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods,' says former White House advisor Richard Clarke in a recent book. Microsoft makes the list of risks because so many people have installed its software for critical systems.
If you look at any ecosystem, you'll find that there are pests trying to gain a foothold into that system by exploiting a weakness. If there is only one type of organism, the pests will adapt and exploit the weakness of that organism. This is why you need ever more powerful pesticides when cultivatign monoculture crops such as corn, wheat or even soybeans.
Same goes for ecosystems of comptuers. Given 90% are running Wintendo, you find that the pests (virus and other exploit authors) take adavantage of that monoculture. The weaknesses are then exploited and have to be "patched" in order to ensure survival of data and/or systems.
Given an ecosystem with multiple operating systems - Windows, Linux, Unix/OSX, zOS - you'll find a greater ability to defend against continual threats.
The Kai's Semi-Updated Website Thingy
Ahhhh yes.... it's what I call the Greed Creed factor! Just about every major company in the world is now engaged in more more more... well more for THEM, and less for us. Take the phone company, ATT. Their mission is to make profits for their stockholders. That is primary. Everything else, like providing quality service at an affordable price, and efficient customer service, is secondary. Yeah, they'll give you a dial tone, but what they really want it to give you a bill. Why do we have the slowest and most expensive broadband in the civilized world? Because while the technology exists to make it faster and cheaper, doing so would actually mean spending money, which, of course would interfere with the number one goal of making money!
News aggregators are another great example. They don't produce anything. Just gather up the pieces, perhaps in a unique way, display them on a page with lots of ads, and get paid basically for producing not one iota of content.
Until we reach the tipping point were providing goods and services is the number one goal of every company, as opposed to profits, The middle class will continue to shrink into oblivion.
Trust me, the next civil war won't be about left or right, about conservative vs liberal, black vs white(or any other color combination), but the have vs the have nots.
It will be about money, and it won't be pretty.
I am not a Microsoft fan, but I believe the weak link has much more to do with the meat sitting in front of the computer than the software on the computer.
Well, that gets to the issue of who bears the responsibility; that which sells a poor but patchable/fixable product, or the buyer who is ignorant of the necessary fixes?
Is this more like owning a house, where the owner is responsible for regularly checking the foundations for cracks, the locks for security, etc... Or more like owning a car, where the owner is still responsible, but the manufacturer builds in many, many indicators and warnings when things need attention?
So you claim that attacks are proportional to how widely used it is. Why don't you also claim that bug reports come proportionally faster? Or that its security should be proportional to how much profit they make from it?
a botnet?
Yours In L.A.,
Kilgore Trout
Cost is not just the cost of the box.
Let us say, as a business, I want to run some servers.
A quick look over at a job site: Windows Admins - £25-30k, Unix - £30-45k.
This is why I think and greatly fear that closed systems may end up in our future on mainstream computing just due to the dancing bunny problem.
Device operating systems are moving that way where if one wants to run stuff on a smartphone, it must pass a gatekeeper, either always like in the case of Windows Phone 7 or iOS, or a reactive system with an after the fact kill switch like Android has.
Because Joe Sixpack doesn't care about security, it really doesn't matter what OS he uses. He will su to root, log on as Administrator, turn the key and logon as SECOFR on AS/400, or whatever superuser access requires for the website that has the pr0n viewer to be installed. It doesn't matter what the OS is, the dancing bunnies "security hole" is going to kick any OS in the ass. This is one reason why closed environments such as on phones have a lot fewer security issues -- unless Joe Sixpack roots/jailbreaks the device (which will be past his competency and too much trouble in most cases), he most likely isn't going to get a Trojan because the Trojaned app would have had to pass some type of vetting first.
Yes, there are issues where one can get affected through a hole in a browser or add-ons. However, the advantage of a closed system is that if done right (where the OS has DEP, ASLR, and other base level ways to prevent code injection), sneaking executable code on a device is not going to work.
Maybe the compromise in the PC world will be going to a hypervisor based system admin access is available, but it takes some deliberate doing to get a superuser prompt, and applications are installed in VMs, where the compatible OS files are stored as an image. With decent deduplication, the OS files only need to be stored once, so installing a program into its own VM where it can only see what is present there, and perhaps files in a shared directory may end up being what is done. This way, a user ends up never needing admin access, and a Trojan is only limited to that VM.
http://en.wikipedia.org/wiki/Warhol_worm
one of these days, some genius asshole is going to, just for the lulz, shut down the whole goddamn internet in 15 minutes. he or she is going to it with a worm that, of course, will be based on something in the microsoft constellation of oses/ products/ third party software. perhaps from our other security averse friend, adobe
i thought it was going to be code red or sql slammer, but no, these infections were content to zombify, not zombify and enslave the nonzombies (see below):
http://en.wikipedia.org/wiki/Code_Red_(computer_worm)
http://en.wikipedia.org/wiki/SQL_Slammer
enslave the nonzombies: of course there are other oses out there, but they are in the minority. so listen up genius asshole: whoever writes this worm will cleverly make sure that all compromised systems DDOS non-microsoft os ip addresses on purpose. sql slammer and code red just blindly reached out to all ips and latched on to any promiscuous microsoft bitches that proved to be receptive to getting fucked. but you, oh genius asshole, will take note of those ips which defy you and share this list dynamically and automatically in real time between your other pwn3d machines
if a machine does not respond to your rude advances to be fucked, or can otherwise be quickly and reliably sniffed out as a non-microsoft os ip, punish the defiant, hard and cruel
you leveraging your growing zombie horde of microsoft os monoculturalism to mount a directed attack on nonmicrosoft machines. DDOS the responsible and the vigilant. leverage the power of the insecure to take down the secure. if the bitch won't fuck you, slap that bitch. if they will not be defeated, then they will be enslaved in a deluge of requests until they succumb. none shall survive, all shall be zombified or enslaved
and therefore completely wipe out the whole goddamn internet. for the lulz, you see
i'm still waiting, and when it happens, even though my means of livelihood is based on the internet, i'll be clapping and eating popcorn, reveling in the sheer armageddon horror of it all. awesome dude!
so where are you, genius asshole? make it happen
please don't let it happen for some insipid mundane making-up-for-my-small-penis-through-nationalism reason like cyberwarfare between usa/ russia/ china/ iran. that would be boring. nationalism is fucking retarded
get it done FOR THE LULZ my genius asshole friend, where ever you are. i'm waiting to be adequately entertained by global internet meltdown. MAKE IT HAPPEN
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
You can't really call it a competitive price when the competition is free. It's good enough for a premium, at best.
Prof. Lester C. Thurow said in his book "Head To Head" that it isn't about price or quality, but market share. Once you achieve the greatest share, you can control the market. Whether the product improves or not, only time will tell. Anyone who tries to enter the market has to have a better product at a lower cost than the holder of the market share. Although this is no guarantee of acceptance. This is how the Japanese got a foothold in the American auto industry, (but not in Europe) with cheap, crap automobiles. Over time, they improved in quality and the price went up. But then again, look at all the recalls. Market share can control the price. The product, quality, price don't really matter.
The mind conceives, the body achieves, the spirit manifests.
Once you get away from using popular applications and O/S's, the price rises incredibly quickly. Instead of spreading (say) a billion dollar development costs across 100 million product sales, you have maybe 10,000 customers who can be persuaded to pay for a product. This immediately means no-one will buy it unless forced to by law, or unless they can in turn, pass on the costs to their customers. The smaller market also means there will be fewer suppliers - probably just one. Which in turn will drive up costs due to lack of competition and decrease any incentives to fix problems or develop new wares in a timely fashion.
We know what a secure operating system for the year 2010 will look like. It will look like VMS from 1995, for all the reasons discussed above. Now, which are we prepared to pay for: Microsoft products on every store shelf, running the country or critical systems with the security, features, lack of connectivity from the mid-90s?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
No, that is a broken philosophy. In two ways:
1) In the modern trading environment, making short-term quarterly goals is overemphasized to the point of sacrificing long term prosperity. There's something to be said for demanding returns within a certain timeframe, but 4 months is too short.
2) It can be trivially shown that mankind could drive itself into distinction, all the while with a majority of investors "making money." The lack of a moral imperative to not only be personally profitable, but also be a net contributor, is what is broken about our current business culture. It's what brings us lovely scenarios like giant oil companies evolving a culture of disregard for safety.
Someone had to do it.
A great deal of what you say is true, but is true mainly for circtuitous reasons. Some of it is false. The level of complexity between OSX and Windows is perfectly compareable. One of the reasons that OSX has had such a relatively good reputation for stabiltiy is the fact that they limit configurations and (here's the key) write or modify the drivers that they use for those configurations. If Apple were willing to allow OSX to be put on non-Apple hardware, it would simply be a matter of producing drivers. Microsoft doesn't produce drivers, at least not for the vast majority of the hardware they run on. The foist that job on the hardware vendors and they get away with it becasue they are so domintant that no vendor wants to not have ther hardware work in Windows. Essentially, Windows works on more stuff for two reasons: 1) They allow vendors to produce drivers, and 2) Their dominance essentially forces vendors to produce drivers. One of the major reasons for the vastly imporoved stabilty of Windows in recent years is that Microsoft has been instisting on quality drivers (there are other reasons, but this is a big contributor).
Linux is seriously no more complicated to adminster than Windows now, at least not at the invidiual user level. I've been staggered recently by my latest Ubuntu install. While I use the command line becasue I'm comfortable with it and can accomplish many tasks more quickly with it, it has become largely unecesary. There are three major reasons that Linux is unsuitable for "Joe User" at this point.
First, it has driver support problems. Since it's not hugely dominant in the OS field, it can't force ventdors to provide drivers in a timely manner or at all. Second, application support. This is similar to the driver problem. Third, lack of preinstallation by OEMS. As has often been said, installing Windows from scratch is not really any harder or eaiser than installing Linux from scratch. It's just that most people never do either. They simply buy a preinstalled machine (with Windows). All three of these problems relate to the Microsoft's dominance of the market and have little to do with the quality of Linux or its configuaration and administration tools. Since you forgive Microsoft for vendor problems that "aren't [its] fault" I assume you'll do the same for Linux.
There was a substantial discussion of the "Enterprise Readiness" of Mac and Unix machines in another thread yesterday. This is largely a Red Herring. Capable admins can manage all the things that Active Directory does in a Mac, Unix, or heterogeneous Mac/Unix enviroments. The only things that create some problems are an equivilant to Group Policy Editor, which can be worked around, and the face that while all the Mac and Unix machines will happilly share directory data and files with each other Mircrosoft refuses to play ball. So anytime you you have an enviroment that includes Macs, Unix machines, and Windows machines you usally wind up with the "Windows Domain" and the "Everybody else Domain." Of course other vendors can't be blamed for Mirosoft both refusing to use standards and refusing to publish how their own system works.
Essentially, nearly all the problems with migrating off of Windows in the Enterprise or the home boil down to: "Microsoft is so dominant in the market that we can't really change off of them." We can't get drivers... Why? Becasue once you've made one driver that works on 90% of the computers in the world, why bother to make another two or three to placate the other 10%? We can't get apps... Why? Becasue again, if you wrote one piece of software and it works on 90% of the computer in the world, why bother to port it three or four times to get a pitance more systems? These systems won't integrate into out enterprise IT environment... Why? Becasue the vendor that sold them is so domiant that it doesn't need to make make sure it's compatible with anyone else. You aren't *supposed* to have a heterogeneous environment silly. We provide everything you need.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
Not sure I agree their attempts via lobbying were unsuccessful. Linux is used in a significant way in government/DoD systems, as noted in the article, Mr. Clarke surprised many by insisting on an evaluation of Linux in 2004 - and I remember how that study and its results ran into resistance across the boards, before the electronic ink was dry. Without lobbying efforts having tipped the playing field, Linux could very well have significantly more penetration in government infrastructure than it does today.
... the irrational resistance in federal circles to Linux desktops that prevails to this day is amazing.
And note that on the desktop front, Microsoft's strategy arguably has worked bizarrely well
"Ahh! I see you're in that indeterminate Schrodinger state where - oh, uh
Things that require little processing power but do require lots of (aggregated) bandwidth. This is where it's easier for botnet owners to compromise a thousand Windows PCs connected via cable modems than one or two high-end multi-homed Unix servers that could handle the same load.
Botnet owners also have a disadvantage: they don't want their malware to be easily detected. Thus the less it burdens the host PC, the less likely that it will be detected and removed. Massive processing power certainly does have applications. It's that botnets are working with what is available and readily feasible and this naturally places limits on their uses, the same way a lack of money would prevent you from purchasing a private jet.
Actually I sought to explain why the low-hanging fruit is even more desirable than the "juciest" targets available. That doesn't mean the juicy targets are less juicy or that the low-hanging fruit isn't low-hanging. It means botnet owners want maximum return for the least possible effort and big-iron Unix systems run by competent admins don't accomplish that goal like expendable Windows machines that are a dime a dozen though individually far less capable. What I personally like or don't like has nothing to do with this.
It is a miracle that curiosity survives formal education. - Einstein
I was comparing the "latest/greatest" from Apple, Microsoft, & the LINUX camp
If you're including linux from 2003, you have an odd and erroneous definition of "latest/greatest". Not only that, Windows 7 is an OS, Linux is not. And, furthermore, if you are comparing kernels, you have to include the Vista kernel to the 7 kernel which you did not.
I'm not going to bother refuting the rest of your drivel since it all rests on this one blatant fabrication. If you want to attack Linux's security record, at least do it in good faith then people might be willing to listen to your arguments. Your original post is little more than noise and it just sets you up for ad hominems and derision as no one can really take you seriously.
The soylentnews experiment has been a dismal failure.
Not many companies tell their shareholders that they `just want enough to get by`.
Correct, but that's not the point.
Do you have some examples?
Yep. My small business.
The point, in general, is this: There are many was to run a business. Just because 99% do it a very specific way doesn't mean it's the only way.
Linux, you magnificent bastard, I read the fucking manual!