Are Computer Crooks Renting Out Your PC?

An anonymous reader writes "Brian Krebs recently posted an interesting piece looking at an invite-only service marketed on shadowy underground forums that lets crooks 'rent' or 'buy' access to individual botted PCs that can be used to tunnel traffic. The story looks at the mechanics of renting out bots, and the author traces some of the infected systems back to real businesses. From the post: 'The Limited; Santiam Memorial Hospital in Stayton, Ore.; Salem, Mass. based North Shore Medical Center; marketing communications firm McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority.'"

Are Computer Crooks Renting Out Your PC?

[WrongSizeGlass]

No. I'm so busy surfing /. that I don't have any spare CPU cycles to rent out.

Re:Are Computer Crooks Renting Out Your PC?

[rockfistus]

Oh god, here come the douche bag linux comments. If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS. It ain't Windows' fault.

Re:Are Computer Crooks Renting Out Your PC?

[1s44c]

Oh god, here come the douche bag linux comments. If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS. It ain't Windows' fault.

Actually it is window's fault that it's insecure by design. Sure you can work around the problems but it's not 100% effective. Adobe also deserves some of the blame and their flash nightmare is more or less the same on all OS's.

Re:Are Computer Crooks Renting Out Your PC?

[fuzzyfuzzyfungus]

Yo dog, I herd you like zero-days, so I put a zero day in your box so somebody else can compute while you compute...

Re:Are Computer Crooks Renting Out Your PC?

No, here comes the "we don't use a defective and insecure by design operating system" comments.

Re:Are Computer Crooks Renting Out Your PC?

[Gordonjcp]

"Might want to use an alternate OS" because it's less bother to keep Linux secure than Windows?

That's only one of the reasons I use Linux. Why would I go out of my way to use an OS that takes extra work to secure? I'm sure there's a car analogy in there involving buying a Yugo with no doorlocks, or being given a Mercedes with central locking and an alarm already fitted, but I can't be bothered making it.

Re:Are Computer Crooks Renting Out Your PC?

Yes, but windows does have some rather lax security out of the box. Linux (for the most part) keeps privileges to a minimum unless needed. Your average user doesn't know how, and doesn't want to know how, to secure his windows box.

Re:Are Computer Crooks Renting Out Your PC?

I'm going to rent my own pc from the crooks.
Plausible deny-ability for anything I do on it.

Re:Are Computer Crooks Renting Out Your PC?

[MokuMokuRyoushi]

OS and setup notwithstanding, it's entirely possible for you(and yes, even the l33t3s7 of beings) to be tagged by a botnet. People speak the truth when they say that only an disconnected computer is completely safe.

Re:Are Computer Crooks Renting Out Your PC?

[fuzzyfuzzyfungus]

Don't forget Adobe Reader. I've lost count of the number of Reader security advisories that apply to basically every OS they release binaries for. It isn't often you see news of an exploit vector for Solaris; but Adobe manages it.

Re:Are Computer Crooks Renting Out Your PC?

[PopeRatzo]

Actually it is window's fault that it's insecure by design.

It's not so much that Linux is necessarily more secure, just that the botnets can't get their software to run on it. Something about not having the right drivers, is what I heard.

Yep, that's what I heard all right.

Oh, take it easy...

Re:Are Computer Crooks Renting Out Your PC?

[John+Hasler]

Possible, but very, very unlikely. Attacking home Linux boxes just isn't cost-effective. There aren't enough of them. Sometimes security through obscurity actually works.

Re:Are Computer Crooks Renting Out Your PC?

[MobileTatsu-NJG]

Are Computer Crooks Renting Out Your PC?

No, I don't run windows and I set it up right.

You left out: "And I check on it once in a while.". You are not running a completely secure OS.

Re:Are Computer Crooks Renting Out Your PC?

[Threni]

Exactly. "Are Computer Crooks Renting Out Your Windows PC?" would be a better headline.

Re:Are Computer Crooks Renting Out Your PC?

[MokuMokuRyoushi]

Fair enough. Though I'm decent at protecting Windows computers, I know very little beyond what I've already said in regards to Linux vs. virus'. Can anybody link to a place I can learn?

Re:Are Computer Crooks Renting Out Your PC?

You forgot to mention that:
Linux users have a better common sense then the rest.
Linux users use legitimate repos when they install any software.

I think the mac users fit in there as well, but with only linux and windows as experience, I really can't speak for them.

Re:Are Computer Crooks Renting Out Your PC?

[setagllib]

The article itself mentions that many of these machines belong to businesses, where Linux has a higher share. And while servers are more difficult to attack in general (well, they don't have Adobe Flash or Reader...) they make better targets, and servers are where Linux is the higher profile target. Its heterogeneity and timely security updates save it a lot there. We can expect more effort given to attacking Linux over time, but for sure it will *take* more effort.

Re:Are Computer Crooks Renting Out Your PC?

[mrclisdue]

Perhaps they'll run on Linux if Wine is installed....

cheers

Re:Are Computer Crooks Renting Out Your PC?

[kelemvor4]

Amen.

Re:Are Computer Crooks Renting Out Your PC?

[DarkOx]

Right on I am getting real tired of "I run X" where X is most of Linux therefor I am secure. That attitude alone tells me you are probably making big mistakes all over the place. Arrogance does that. Its true people writing those comments are probably safer than Joe Public with his OEM crap ware laden Windows XP installation, out of date virus defs, and default Windows firewall configuration, 3000 never applied updates waiting, and logged in as an Administrator, but that is pretty low bar to be above!

I do IT security for a living, here is a hint. Whatever software you are using take steps we all read about, firewall, antivirus if that makes sense for your platform, don't elevate permissions when your don't have to, keep your box update, and after you have done all those things continuously check to make sure you are still doing them and above all use common sense at all times, always think before you click!

Re:Are Computer Crooks Renting Out Your PC?

[CapOblivious2010]

Linux users have a better common sense then the rest.

True enough, but that doesn't say anything about the security of linux... it merely says that people who are smart enough to get linux to work for them are also smart enough (on average) to avoid all the crap that idiot windows users fall for.

Re:Are Computer Crooks Renting Out Your PC?

[Tablizer]

That "Web 2.0" /. interface indeed is a CPU hog, full of polling JavaScript. Fortunately, they still allow the old-style as an option.

Re:Are Computer Crooks Renting Out Your PC?

[JamesP]

Actually, I've seen my share of linux boxes with malware on them

Either scanning my servers or actually being in my servers - saw a CPU surge in a box, lasted an hour before I just 'destroyed' the (virtual) box

So yeah, there are worms that make their way across linux boxes

Re:Are Computer Crooks Renting Out Your PC?

[hairyfeet]

Now that the Linux FUD patrol have weighed in (hows that 6 year old X Server bug? Figure out how to make drivers run past a single update yet?) allow the ministry of truth to relay the facts.

..FACT...Post Sp2 Windows is trivial to secure with a wealth of free services from MSFT SE to AVG to Comodo CIS to Avast. OOTB post Sp2 is easy to lock down and will NOT get infected simply by hooking to the net as ALL incoming all blocked BY DEFAULT.

..FACT.. Talk to ANYONE that actually repairs machines (such as myself) and we'll be happy to tell you that a good 90% of infections are INSTALLED BY THE USER. REPEAT nearly ALL INFECTIONS are INSTALLED BY THE USERS, with the other 10% divided between outdated Adobe products and using out of date browsers like IE 6. Why would they install bugs? Two words: SOCIAL ENGINEERING that's why. One of the new bugs I'm sure this bunch is using is the "New limewire" installer, which punches a huge hole in security and sets up a proxy so they can MITM anything coming from that machine. "But Limewire is dead!" you say, true but the users don't know that so the "new" limewire simply drops them on gnutella while pwning the box.

..FACT...Linux without IT personnel IS WORTHLESS. These infections are being done primarily in the SOHO, consumer, and SMB markets where there is NO or lax IT personnel. These users WILL NOT in no particular order...learn BASH, learn CLI, trawl forums for fixes when the update shit all over the drivers, play hardware roulette trying to figure out what works and what don't, hell I could go on all day. Your "solution" may as well be "give them a fab and make them build their own box! Then they'll know what is going on with their systems!" While this is true you have better odds of winning the lotto than getting the masses to go along.

..FACT...When Linux becomes a big enough target IT WILL BE PWNED. See the current rounds of bugs going through Android, or the "KDE Look Screeensaver Trojan" for examples. Windows malware thrives on uneducated users will to install dodgy shit. Lots of uneducated users willing to install dodgy shit on Linux? Here comes the malware. Right now the users of Linux at least attempt to educate themselves and don't go around installing dodgy shit off of Freshmeat. if that situation changes? Welcome to the jungle, we got fun and games.

So your entire argument is based around several fallacies. One that an uneducated user of Windows, which is the ones that get pwned, will suddenly be willing to learn your PITA Linux dance and become an educated Linux user. if that were true they'd quit installing dodgy shit and wouldn't have that problem in Windows either. Two that the bugs are magically knocked down the doors and installing themselves, when it is the users inviting them in and offering them coffee. See the fake AVs, the fake Limewire, and the "watch the hot pron, just install this codec.exe now!" for examples. if Linux users were willing to install dodgy shit like that, don't think someone would be writing it? Think again.

The funny part is you WILL NEVER ask yourself this econ 101 question "What am I doing wrong, that my competitors are doing right?" (hint it is NOT a conspiracy) because when your product costs $0 and the competition has a starting price of $100 and $700 respectively, and they are royally kicking your ass? something is rotten in Denmark.

I could point out it is because your driver model is a drawing of a turd with "fix it yourself LOL!" written underneath, that no B&M like myself will touch it because you can't allow updates without half the drivers shitting themselves, tying software to the kernel rev is fucking idiotic, hell I could go on all day but why bother? You'll just keeping munching that shit sandwich OF FREEDOM while telling everyone one complete lie after another, thinking they'll buy your bullshit. Hell go to Linux TM repos and see every single argument any FOSS zealot will use to rebut me, from "ItWorksForMe (TM)" to "StableABINonsense(TM)" because t

Re:Are Computer Crooks Renting Out Your PC?

http://en.wikipedia.org/wiki/Linux_malware

Re:Are Computer Crooks Renting Out Your PC?

[MokuMokuRyoushi]

That last part is always the most important. One of my siblings tried to download a game just earlier on a different computer, I'm still trying to dig out the trojan. Even if I've got NOD32 running properly and ports properly secured, that one click will break down any effort made. Wish me luck...

Re:Are Computer Crooks Renting Out Your PC?

Let me be the first to say that you're pretty well full of shit.

And that's not a meme.

cheers,

Re:Are Computer Crooks Renting Out Your PC?

Conversely, your average user wants even less to know how to configure drivers on a Linux box, or install programs, or...

Of course, that's why folks like those involved with Ubuntu are working their hardest to make all of that dead simple, but it's still got a ways to go.

Re:Are Computer Crooks Renting Out Your PC?

[shermo]

I can't help but wonder if they've noticed that I no longer mod stories since the remake and whether there's a significant number of people who are in the same boat.

Re:Are Computer Crooks Renting Out Your PC?

[icebraining]

Touched the nerve, has he? Parent didn't even mention Linux.

99.4% of malware is written for Windows, therefore running a different OS is a smart move in terms of security, even assuming two persons with the same skill level.

Re:Are Computer Crooks Renting Out Your PC?

but as a retailer that got burnt on Linux returns .... I haven't seen drivers THAT bad or unstable since Win3.x.

Finally! I'd always wondered what "scarred you for life". Let me be the first to tell you, you are a brave man, indeed! Perhaps foolish also, but, wow, gotta admire your bravado.

Re:Are Computer Crooks Renting Out Your PC?

[melikamp]

This is trivially true, due to the nature of Microsoft.

Re:Are Computer Crooks Renting Out Your PC?

[PNutts]

Attacking home Linux boxes just isn't cost-effective. There aren't enough of them. Sometimes security through obscurity actually works.

That doesn't make sense in the context of TFA.

Re:Are Computer Crooks Renting Out Your PC?

[Mashiki]

Don't forget about java. I mean who was the genius who thought that code that's remote should be executable outside of a sandbox? Oh and .net too. Personally it seems like the entire software industry needs a swift kick in the face.

Re:Are Computer Crooks Renting Out Your PC?

True enough, but that doesn't say anything about the security of linux... it merely says that people who are smart enough to get linux to work for them are also smart enough (on average) to avoid all the crap that idiot windows users fall for.

Yes, whereas idiot Apple users' purses (not wallets, being all female) are effected directly by the fanatical brainwashing that binds them to the company in an implementation so overzealous and effective Satan himself would likely get on his knees for Steve Jobs in order to learn his secrets.

Re:Are Computer Crooks Renting Out Your PC?

[socsoc]

I'm sure that they've noticed a single person, and his boat, have stopped modding. Just like voting with your wallet works to show retailers!

Re:Are Computer Crooks Renting Out Your PC?

[shermo]

In my defence it is a big boat

Re:Are Computer Crooks Renting Out Your PC?

[melikamp]

Windows is trivial to secure with a wealth of free services from MSFT SE to AVG to Comodo CIS to Avast.

Wow. Do you realize that AV software is largely ineffective against new viruses? Here is a typical scenario out of my life: a friend wants me to fix a Windows PC infected with a virus. Sometimes the virus is apparently racing the AV, and sometimes the AV is disabled. But there is always AV. So what good is it? The only useful feature of an AV software is that there is a slight chance it will behave unusually after the machine is infected, and so alert a user of an intrusion sometime in the past (that is, of course, only if the virus is destructive or buggy).

So on one hand you acknowledge that Windows is insecure by default, and should be secured. But to secure it, you want to install a piece of software that slows the computer down, while failing to prevent many viral infections.

You also fail to address the biggest issue with securing Windows: it is theoretically impossible. Because the software is proprietary, it is insecure by any sensible definition. It is insecure for you as the user, although it is made to provide "security" for Microsoft. Not for any technical reason, but solely because of Microsoft's greed, you have a backdoor in your OS that only Microsoft (you hope) can use. Whatever other security holes there are, you propose to fix with other proprietary programs, each having its own backdoor.

When Linux becomes a big enough target IT WILL BE PWNED.

Linux kernel will be pwned? As in, once Linux reaches X% desktop share, all of the sudden a bunch of kernel exploits will be found? How? The value of a kernel exploit today, either local or remote, is already enormous. If they are already found at the rate they are introduced, then what does the popularity have to do with it?

Or did you mean, Linux-based OSes will be owned? All of them at the same time? Or one in particular? And then which one? I am not surprised seeing Android in trouble: every android phone sold today is a proprietary platform, and the proprietors happen to be incompetent. This does not mean that we won't be able to install Debian or Slackware on a phone a few years from now and enjoy rock-solid security.

Re:Are Computer Crooks Renting Out Your PC?

[cheekyjohnson]

"100% effective"? I doubt that anything is.

Re:Are Computer Crooks Renting Out Your PC?

[syousef]

..FACT...Post Sp2 Windows is trivial to secure with a wealth of free services from MSFT SE to AVG to Comodo CIS to Avast. OOTB post Sp2 is easy to lock down and will NOT get infected simply by hooking to the net as ALL incoming all blocked BY DEFAULT.

..FACT.. Talk to ANYONE that actually repairs machines (such as myself) and we'll be happy to tell you that a good 90% of infections are INSTALLED BY THE USER. REPEAT nearly ALL INFECTIONS are INSTALLED BY THE USERS, with the other 10% divided between outdated Adobe products and using out of date browsers like IE 6. Why would they install bugs?

I almost got pwned the other day through a driveby download googling some medical information. Using the latest Firefox browser. XPSP3 with updates. Latest flash and a slightly out of date version of Adobe reader - 9 (but it doesn't matter which version you use because they never fully fix it and there's always an exploit out in the wild that hasn't been fixed!) I certainly didn't click on any installers or even banner ads. So no it's not just user software. Microsoft Security Essentials is what prevented the virus from executing. Zonealarm would have kicked in next. But this drive by did manage to get past sever of my defenses. And windows firewall is no where near as good a solution as simply sticking a proper router in between for incoming AND a good software firewall for outgoing.

Adding "FACT:" to the start of every paragraph is utterly lame and does not lend any authority at all to your post.

Re:Are Computer Crooks Renting Out Your PC?

The grandparent mentioned the words 'AV software' and you lambast him for claiming it's the magical pill.
 
Hint: With a build-in firewall and common sense, most of the time the AV software is the last line of defense. Yes something will get through, but that's the same thing for both Windows and Linux. Windows AND Linux are relatively secure by default, but that doesn't mean you cannot make them MORE secure. If I put an unpatch centos 3 server out to the internet, it's gonna get own as fast as Windows 7. However, the time it will take is 'never'. Why? Because both OS come with firewall out of the box. You need to turn on external services to expose your OS' vulnerabilities.
 
Don't give me crap about Linux is by design oh-so-much-more secure. All it takes is for the user to enter the root/Administrator to install the latest screensaver, and your box is fuc* .

 
And what does 'proprietary = insecure' mean? This doesn't even make sense! If you say 'open source allow more eyes on the code, thus making the software potentially be more secure,' then yes, it is likely. But what makes open-source so great that open-source = secure? Hello, phpBB? WordPress? BIND?
Also, while I am not claiming that Linux/BSD have backdoors, what makes you think that even though you have 30000 pairs of eyes looking at the kernel, that no one would be able to slip a backdoor in?
 
Most Windows trojans come from third party vectors; these days you rarely find one that just 'drop into your box' via kernel exploit. IE, yes. Firefox, yes. But kernel exploit? And where did the grandparent say that kernel exploits have anything to do with what Windows malware use to infect? Hint: User install the software themselve
 
Don't be a tool. Linux is secure for now. But if it rises in popularity in the consumer market, it will get own. And it won't get own through the kernel- it will get own through the problem between the keyboard and the chair.
*From someone who just spent the last 12 hours working on his centos boxes and love his linux boxes*

Re:Are Computer Crooks Renting Out Your PC?

Really? Not even people you disagree with?

Re:Are Computer Crooks Renting Out Your PC?

[IceNinjaNine]

Its true people writing those comments are probably safer than Joe Public with his OEM crap ware laden Windows XP installation, out of date virus defs, and default Windows firewall configuration, 3000 never applied updates waiting, and logged in as an Administrator, but that is pretty low bar to be above!

Just remember, when we're being chased by a bear, I don't have to out run the bear... I just have to out run you. Cue v.bad Soviet Russia joke..

Re:Are Computer Crooks Renting Out Your PC?

[CastrTroy]

A lot of these machines could just be beginners setting up Linux boxes, and not knowing what they are doing. They have the SSH server on, and a weak password, and they are easily pwned. I think that most of these computers probably aren't compromised through people installing unknown software, but rather through bad configuration of servers, that are easily broken into.

Re:Are Computer Crooks Renting Out Your PC?

[hairyfeet]

Want to know what's funny? he did exactly what I'd said they'd do and went straight to the memes. in this case it is the classic "ChangingThe GoalPosts (TM)" in that he had ZERO to argue my points with so he completely changes the subject to kernel exploits, which is also covered in "LinuxIsJustTheKernel(TM)" .

Now whether the FOSSies (which I use to separate FOSS users from Zealots, FOSSies are like Moonies in that EVERYTHING IS PERFECT and anybody that points out their BS is a "ShillAstroturferTroll(TM)". Now whether the FOSSie wants to believe it or not post SP2 with a decent free AV like Avast or Comodo CIS (both of which use heuristics and sandboxing by default) both of which are 100% free, then it is pretty damned hard to infect windows without the user helping the bug along. This is why we have seen post XP that malware is increasingly going the Trojan route, see fake AV and "Porn Codec.exe" for examples.

And notice he was VERY careful not to say a word about the Linux driver model, the most broken ass POS teabagged pile of garbage every foisted off onto man. And no wonder it is garbage when the controller of the kernel writes, and I quote" The kernel isn't designed, it grows like a virus" (yeah Linus, its called an STD and your ass would be FIRED for that Mickey Mouse shit anywhere else).

The simple fact is Linux had its shot during the XP pre SP2 and Vista era, and it blew it. They didn't fix the mess, instead just piling more broken releases atop a broken driver model and ended up a broken POS. They will put up with that in the server dept because MSFT server licensing is frankly a clusterfuck from hell, so putting up with the BS of Linux is cheaper than hiring a lawyer to read a MSFT server EULA.

But in the desktop, of which we speak? Things have never been better in Windows land, sorry. Windows 7 is trivial to lock down, trivial to admin, trivial to get hardware for, trivial for even the most clueless to keep safe thanks to low rights mode and users no longer EVER having admin rights (even when you run as admin you are really a power user with admin reserved for SYSTEM).

So why does Windows still get bugs? Three words: Third Parties and PEBKAC. Third parties keep MSFT from packing anything more powerful than Windows Defender in by default because both the OEMs and bunches like Symantec make a killing on trialware, which thankfully windows security will now flag if you don't keep up to date, and PEBKAC because the malware writers learned long ago it is easier to break a system if the user helps you.

I had a beautiful secure machine I sold last week, the customer just paid me to clean it, so what happened? He refused to listen to me or the AV which practically threw itself in front of him trying to stop him (he uninstalled it to get it to "shut up") and then he proceeded to install a bunch of dodgy shit like Limewire and then was amazed when I ran my LiveCd and showed him he was infected all to hell.

Now how are you gonna blame MSFT for that? The guy IGNORED all warnings, disabled AV, and WENT OUT OF HIS WAY to install dodgy shit. And you know what? That is how a good 90%+ of the infections I see cross my desk. The rest are old crap like Adobe or those that turn off updates because they are running "hot windows" and naturally get pwned. Shock shock, running hot software gotten off dodgy warez sites isn't safe. color me surprised!

And for you "Linux advocates" out there? FIX YOUR BROKED ASS SHIT and we retailers will be HAPPY to carry your product! Do you think we LIKE buying Windows licenses? We do so because YOUR SHIT DON"T WORK because your drivers might as well come with the Goatse image for a logo, since they are gonna shit all over themselves come first update! BTW did you know Dell, on of the largest retailers ON THE PLANET can't even use your default repos? Do you know why? It is because if you update ANY Dell linux offering with the default repos it breaks sound and networking! FIX YOUR BROKED ASS SHIT and then we'll talk, otherwise you are just blowing smoke up our collective asses and calling it perfume.

Re:Are Computer Crooks Renting Out Your PC?

[loosescrews]

I wouldn't mind renting someone's Linux computer.

Re:Are Computer Crooks Renting Out Your PC?

That's true but it implies that 'number of virii total' somehow affects an individual's chances of being infected with ANY virii...

It's not that simple, but with such a crushing proportional difference.. you're right.

Being out of the crosshairs 99 percent of the time is a major component of any security model.

Re:Are Computer Crooks Renting Out Your PC?

[subk]

I love reading these "expert opinion" posts written by the guy selling white-box PC's next to the Mexican restaurant in the local strip mall.

Re:Are Computer Crooks Renting Out Your PC?

Please, stop the unthinking FUD-spreading anti-MS hating.
Facts:
1) There are good AVs and bad AVs. The majority of good AVs have heuristics to detect new suspicious patterns. A good AV will also avoid being a resource hog. Just looking at Process Explorer right now, I see avast! using a grand total of 4708Kb in private mem. That's less than 1% of 512MB. CPU cycles are basically trivial.
2) Viruses aren't usually the great problem, either, but rather trojans and similar that exploit users' gullibility and lack of knowledge. This is where tools such as NoScript, updated browsers and proper downloading practices come in.
3) Any software is theoretically impossible to completely secure. There's just too many attack vectors. Free might have more eyes, but only if there's an interested community. For narrow domains, this is not the case. Moreoever, this "backdoor" you speak of is simply ludicrous. If it existed, it would've been exploited long ago. A company having a backdoor means ANYONE has potential access, which is basically the definition of Huge Security Flaw.
4) Linux is more than just the kernel. Something as simple as exploiting a buffer overrun in the right place (could be something as stupid as the Save As... box) can do the trick.
5) It's far easier to exploit desktop systems than servers. There's FAR more Windows desktops than Linux desktops. Ergo, Windows will be targeted more often. If Linux ever got widespread adoption in the desktop, then we'd see exploits popping up left and right.
You also seem to believe Free means the software will automagically repair itself upon finding a flaw. The truth is, if there's no dev community willing to release a patch in a timely manner (and not break stuff in the process), your software is just as vulnerable. If there is a community, well, it's basically the same as the support team of Microsoft. Triage, develop, test, deploy. (Or what, you think those patches are coded by machines? It's people, one way or another)

Re:Are Computer Crooks Renting Out Your PC?

[Nerdfest]

I actually have an RSS feed just for Adobe security updates. It's kind of sad.

Re:Are Computer Crooks Renting Out Your PC?

[PopeRatzo]

Son, a bit of advice. If you want better Karma, complaining about your Karma is not the way to go.

It's that way in life and it's that way on Slashdot.

Look above. I made a nasty, if joking crack about Linux and didn't get modded down. You gotta learn how to talk to people. I realize this is something that is not stressed in CS programs at the local JuCo, but it's a skill that will pay off in the long run. Plus, really, not that many of the people with mod points here are operating system absolutists or cultists. You use what you use and everything has a trade-off. That's not to say they're all equally good or equally bad, but they're all equally not worth losing your mind over.

My guess is that you didn't get "modded down" because of any "honest observations". Most likely you were being a little bit of a dick about it, which usually will get you modded down unless you are very very skilled at being a dick in an interesting and entertaining way.

Re:Are Computer Crooks Renting Out Your PC?

[rockfistus]

"Linux users have a better common sense then the rest." *Facepalm* It never ends! Oh dear god... Maybe they are better than everybody and I just can't face the facts. Oh dear god, give me a sign......

Re:Are Computer Crooks Renting Out Your PC?

[c6gunner]

Yeah, as long as you use common sense, you're usually ok. I used windows starting in 96 up until middle of last year. I didn't use anti-virus software for most of that time, and still only got one virus unintentionally (the rest were intentional infections when I was testing various viruses / trojans). So yeah, common sense is the best prevention, but even so I eventually did start using AV software, "just to be safe", and no matter how careful I was I always ended up getting SOME crapware, so occasional spyware scans were a necessity.

Now that I'm only using linux, solaris, and BSD, I don't worry about spyware at all, and I don't bother with AV software either. Sure, there's some infinitesimally small chance that I'll run across malware that can infect one of my machines, but it's so low that it's really not worth thinking about, especially since I still use the same common sense approach as I did on windows. If the average user moves to linux, they WILL be safer, regardless of how little common sense they may have when it comes to computing.

Re:Are Computer Crooks Renting Out Your PC?

[benjymouse]

Yes, but windows does have some rather lax security out of the box.

Citation needed.

Re:Are Computer Crooks Renting Out Your PC?

[moonbender]

Adding "FACT:" to the start of every paragraph is utterly lame and does not lend any authority at all to your post.

The overall gratuitous use of capital letters, random swearing and quotation marks is meant to do that. The ..FACT... is just for decoration!

Re:Are Computer Crooks Renting Out Your PC?

[judeancodersfront]

Another fascinating retort. Perhaps next time you could include "M$"? It's a crowd favorite.

Re:Are Computer Crooks Renting Out Your PC?

TLDR

Re:Are Computer Crooks Renting Out Your PC?

[subk]

Anybody else notice this guy mentioned SECURE and COMODO in the same sentence?

Re:Are Computer Crooks Renting Out Your PC?

I read through some of your posting history. Your hatred is rather, umm, fanatical. Does your name happen to be Gerald Holmes?

Re:Are Computer Crooks Renting Out Your PC?

[subk]

You are a moron. There is no problem with the Linux driver model. And just for shits and giggles, I'll happily now inform you that I am writing this post on a DELL Precision 490...which today I updated to the latest Nvidia driver and Xserver in one command. And no, it did not shit itself.

Re:Are Computer Crooks Renting Out Your PC?

[MobyTurbo]

Linux kernel will be pwned? As in, once Linux reaches X% desktop share, all of the sudden a bunch of kernel exploits will be found? How? The value of a kernel exploit today, either local or remote, is already enormous. If they are already found at the rate they are introduced, then what does the popularity have to do with it??

I hate to inform you of this, but local root exploits are very common in the Linux kernel. How else do you think Android phones get rooted? They have to either via Linux kernel exploits, or Android exploits, and due to the well-known nature of the former, it's usually those when available. (They usually are.)

Re:Are Computer Crooks Renting Out Your PC?

[froggymana]

Right on I am getting real tired of "I run X" where X is most of Linux therefor I am secure. That attitude alone tells me you are probably making big mistakes all over the place. Arrogance does that. Its true people writing those comments are probably safer than Joe Public with his OEM crap ware laden Windows XP installation, out of date virus defs, and default Windows firewall configuration, 3000 never applied updates waiting, and logged in as an Administrator, but that is pretty low bar to be above!

You know, X.org is actually rather secure these days... :)

Re:Are Computer Crooks Renting Out Your PC?

[subk]

Umm... You see a CPU surge, so you destroy the virtual session and assume it's a worm? That's an admin style both lazy and deranged.

Re:Are Computer Crooks Renting Out Your PC?

[cavreader]

Where can I get an OS that was not built "insecure by design"? Last time I checked there are no immune OS's available no matter how they were designed. The security on every OS is always a work in progress. Every week someone discovers a new weakness or potential security flaw and updates and patches are rushed out to plug the hole and I have not seen this happen only to MS OS's. How much longer can this go on before the system becomes so locked down that even approved applications can still operate. People say the users are a big security hole and that is somewhat correct but I submit that the application developers also share some of the responsibility themselves. It is not just the OS that is responsible for the problem but the combination of others who both write apps and use those apps.

Re:Are Computer Crooks Renting Out Your PC?

[Billly+Gates]

That left out ... the system came with Norton Anti Virus 2008 30 day trail so its secure

Re:Are Computer Crooks Renting Out Your PC?

[sco08y]

.FACT... is trivial ... with a wealth of ... is easy ... will NOT get infected ...

Those are three opinions, and one guarantee, none of which are facts.

..FACT.. Talk to ANYONE...

That's conventional wisdom, not a fact.

..FACT...Linux without IT personnel IS WORTHLESS.

That's an estimation of worth, not a fact.

..FACT...When Linux becomes a big enough target...

That's a prediction, not a fact.

So your entire argument is based around several fallacies.

Nope, none of them were fallacies, they're all false assertions.

... this econ 101 question "What am I doing wrong, that my competitors are doing right?"

Econ 101 is about microeconomic equilibria, such as opportunity cost, supply and demand, etc. Your question sounds like some kind of management seminar.

Re:Are Computer Crooks Renting Out Your PC?

[bemymonkey]

Interesting, the modding is the only thing that's gotten better/easier with the addition of Javascript - no more scrolling down to the "Apply Moderation" button (which I'd forget more often than not)... are you doing this because you find instant moderation so appalling? Or just as a general protest against all the Javascript?

Re:Are Computer Crooks Renting Out Your PC?

[hairyfeet]

Using the CLI (which NO consumer will EVER touch in a million years) I have NO doubt? And if you manage to get two updates in a row without Linux shitting itself then you are the luckiest bastard in the world! Oh and the meme you are using is called WorksForMe (TM). Oh and you might want to tell the guys at The Register that it WorksForMe(TM) while you're at it.

As for nothing wrong with the driver model you are using the meme StableKernelDriverABINonsenseâ while ignoring the fact that everyone else has had one for over a decade and if you'll look up the arguments in favor of not having a standard ABI they are strictly political in nature and the one that wrote it even goes so far as to call those that don't give ALL driver code to the kernel devs "leeches".

And you STILL won't ask yourself the question, will you? What are your competitors doing right, that you are doing wrong? If there is nothing wrong with the driver model why has ALL B&Ms and just about all OEMs dropped your product like a bad habit? I'll tell you why it is because IT IS A BROKED ASS MESS that's why! And is that a Dell Ubuntu offering? Bet it ain't, as they don't work with the Ubuntu repos LOL!,

Kinda sad that every single talking point you have has been regurgitated so damned many times it is a meme, isn't it? It is like the flip side of the MSFT shills, where you go through the TM list and pick the same tired ass arguments, while ignoring nobody wants your product. Oh well, some will just never learn.

Re:Are Computer Crooks Renting Out Your PC?

[Baba+Dubu]

I had no idea Adobe had this (although i have been using Foxit on my own machine for a number of years) my boss insists on having the Adobe Reader as part of our standard workstation install image.

Re:Are Computer Crooks Renting Out Your PC?

My mother managed to get some nasty installed on a *limited account* in a fully updated install of XP with SP3.

It doesn't surprise me the GP is a retailer. They usually have the biggest mouths in defense of MSware but, ironically seem to know next to nothing about what a computer is, what it does and how it works. The above rant is almost pure nonsense.

Re:Are Computer Crooks Renting Out Your PC?

I am fairly sure that my machines are not in
anybody's botnet.

I am running DOS.

Re:Are Computer Crooks Renting Out Your PC?

[Nutria]

Using the CLI ... I have NO doubt?

You're not very good at not doubting. Maybe you don't actually know what the word "doubt" means.

Why? Ubuntu has a completely GUIfied software install and upgrade system. Point, click, drool and it's all done.

Re:Are Computer Crooks Renting Out Your PC?

[Nutria]

Using the latest Firefox browser. XPSP3 with updates. Latest flash and a slightly out of date version of Adobe reader - 9 (but it doesn't matter which version you use because they never fully fix it and there's always an exploit out in the wild that hasn't been fixed!)

How, then? Do you have FF set to automatically allow 3rd parties to install s/w? Or did it sneak in thru Flash or Acrobat Reader?

(Flashblock should protect you against such attacks, since you must actively click on window areas to get each Flash script to run.

Re:Are Computer Crooks Renting Out Your PC?

It's not really a principled decision. I select the box, highlight the moderation I want, and nothing happens. I'm sure it's easy to fix by changing a couple of settings, and I've actually spent more effort in these two posts than would be required to fix it. But I'm annoyed that something that worked fine doesn't work anymore, so I'm not bothering to fix it.

Re:Are Computer Crooks Renting Out Your PC?

[bemymonkey]

Moderating works without problems across all my browsers (Chrome, IE, Firefox, Android). Maybe turn off NoScript? ;)

Re:Are Computer Crooks Renting Out Your PC?

hahaha "polling javascript" you say.

i wouldn't be surprised if microsoft gets in on the act. they can sell their list of users that still run unpatched versions of internet explorer.

actually, all computers with windows are basically one big bot net owned my microsoft, so anyone that still has windows can look themselves up on this black market when microsoft runs out of oems to screw and patent fud becomes worthless.

Re:Are Computer Crooks Renting Out Your PC?

[McTickles]

Well just a comment about your previous post, the one where you keep going "FACT", saying "FACT" before everything doesn't make it true you know, in fact facts are very relative but lets not go there, all you achieve saying "FACT" is making you sound like a uter moron.

Anyhow, about updates on Linux, well it so happens that I install software, drivers, updates regularly using a GUI that was provided by my distro (ubuntu) and do all this in a couple clicks, when drivers or kernel components are updated granted I have to reboot, which takes about 30 seconds, 30 seconds reboot out of 100 days chunks of uptime is not that bad.
The drivers I have installed work very well and I have no complaint about them, I game (yes I game), I participate in GPU-based computation projects, I code, I surf the intertubes, I pirate shit, and so far really Ubuntu has been quite fair to me.

The other day I installed Vista on another machine so I could copy a few DLLs from it for Wine, well, let me say, I just dont understand how so many people can put up with that crap; first the trackpad driver failed, then norton (it came with norton preinstalled, HP laptop) started being an annoying fuck popping warning messages and update notices and slowing everything down while at it, the hard drive AT IDLE with nothing except Norton loaded was thrashing like mad, 3 gigs of RAM left and yet thrashing the swap, how does that make sense? And of course came the updates for Windows itself, machine takes ages to shut down (I was in a bit of ahurry too) because of it applying updates right when you just want to get your Vista session over with already!
I got my DLLs, and promptly expunged that shit from the laptop's hard drive.

There you go kind sir

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

The amusing thing about your post is you just confirmed what he said. You didn't get infected by just hooking up to the Net (as was the case in the old days -- no browsing required), and you fell into the category of an outdated Adobe product. You were even saved by Microsoft Security Essentials.

What more do you want? By the way, as for Adobe Reader, disable browser integration. Seriously. I'm also pretty sure the latest Reader products check for updates automatically, so if you're running an older product with known and fixed bugs, what's your excuse?

Re:Are Computer Crooks Renting Out Your PC?

omfg.. just by the length of your post alone things must be getting desperate in the microsoft camp.

it will no doubt attract another thousand word fud thesis telling me more about why microsoft will rule the world for the next hundred years, but...

FACT... microsoft fanbois suck even more than mac fanbois (and mac fanbois really suck)

linux fanbois are just former microsoft or mac fanbois that are sulking after recently realising how ripped off they are... so they suck too.

ps. hal 9000 rulz.

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

That's only one of the reasons I use Linux. Why would I go out of my way to use an OS that takes extra work to secure?

What distribution do you use? Could you describe, precisely, in what way it is more secure than Windows 7?

Re:Are Computer Crooks Renting Out Your PC?

Please list the design decisions that make Windows Vista or Windows 7 more insecure than the average Linux distribution. I'd love to hear it.

Re:Are Computer Crooks Renting Out Your PC?

if the reasons android phones get rooted were because of linux kernel exploits don't you think it would be a problem for all linux devices and servers?

wow! why are all the script-kiddies wasting their time hacking ma and pa windows boxes when they have bigger fish to fry!?

lemme just go root amazon right now :) ... or maybe it has something to do with google taking the gpl-licensed linux kernel source code, raping it, and then releasing the bastardised mutant spawn as something marketed as being stable and secure as its parent.

i hate to inform you of this, but android was rooted from the beginning.

Re:Are Computer Crooks Renting Out Your PC?

[Plunky]

Moderating works fine with scripting disabled for slashdot.org. The only thing is that you need to do it the old way, you select the moderation in the drop down box and then at the bottom of the page there is a "Moderate" button. Click it and your moderations will be applied. In truth, I never noticed that there might be a new way to do it because I never allowed scripts to be run..

If you want to apply it immediately, just open the comment in a new tab, moderate and close the tab..

If you want to reload the page with new moderations, just press F5..

Re:Are Computer Crooks Renting Out Your PC?

[JamesP]

What would be irresponsible is to leave a machine with a CPU and Network surge on

And yes, I checked if it was something else before 'nuking' it. I didn't need what was in there, so erasing it was a no-brainer.

But yeah, take your time to figure out what it is while your machine is spamming the world and scanning other boxes for vulnerabilities.

Re:Are Computer Crooks Renting Out Your PC?

That's great advice, when there's only one bear around....

I assume there is more than 1 botnet operating at any given time and that they're capable of hitting more than one target.

Re:Are Computer Crooks Renting Out Your PC?

[MobyTurbo]

if the reasons android phones get rooted were because of linux kernel exploits don't you think it would be a problem for all linux devices and servers?

No, because these are local exploits, which aren't as big a deal as a remote exploit for a server. They are enough to root an Android phone though. :-)

Re:Are Computer Crooks Renting Out Your PC?

Boy did someone pull your string...

Do this. Read your OS EULA.

If you are comfortable with your Windows OS after absorbing that...you can type your "justifications" all day. The fact remains that you don't own your OS.

Linux as a desktop will struggle along, I've done so nicely since 2005 and so have our kids. http://www.heliosinitiative.org.

It's been a rare thing indeed that we've encountered the problems you describe. My advice is to update from Ubuntu 6.04.

Re:Are Computer Crooks Renting Out Your PC?

[PopeRatzo]

I'm not your son.

Are you sure? It would disappoint me to see my seed diluted so, but I did do a fair bit of traveling back in the day.

Re:Are Computer Crooks Renting Out Your PC?

[Gordonjcp]

Well, I've never used Windows 7 and it's unlikely I ever will. The distro is unimportant; the fact that it doesn't have secret closed-source software and therefore is less likely to have hidden sneaky backdoors in it makes it more secure.

The main reason I use Linux is because the software I use simply isn't available for Windows.

Re:Are Computer Crooks Renting Out Your PC?

[flappinbooger]

AS mentioned above most malware comes from the internet. I have discovered (and I'm sure many other people have too) that the best way to create a secure windows surfing environment is to do the following:

Start with a clean windows install, apply updates, use a limited account if so desired.
Install a reputable antivirus if so desired, such as anything but norton, mcafee or trend micro, (possibly AVG Internet security business edition with the enhanced features turned on to help detect rogues)
Install firefox, no-script and ad-block plus
Install flash and java
Install Sandboxie
Only surf with noscript/abp and only surf sandboxed.
Don't be stupid

The last two items are not easy for everyone.

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

So in other words, you don't really know if it is more secure or not. You claimed it took extra work to make Windows more secure. The general problems with Windows security hasn't been because of backdoors put in by Microsoft.

Now, installing random software and having unpatched software with security flaws, that's a problem that both operating systems have in common.

Re:Are Computer Crooks Renting Out Your PC?

[flappinbooger]

My mother managed to get some nasty installed on a *limited account* in a fully updated install of XP with SP3.

It doesn't surprise me the GP is a retailer. They usually have the biggest mouths in defense of MSware but, ironically seem to know next to nothing about what a computer is, what it does and how it works. The above rant is almost pure nonsense.

I saw a fake A/V get installed on a limited account on a domain. These users cannot change even their own clock, yet this rogue was able to get installed and start surfing to porn sites. Scared the lady half to death as she was in a medical office.

Not all of the registry changes were allowed to happen, but it still was running, still disabled things like taskmgr, still able to make some registry changes to the local profile such that I had to remove them from the admin profile.

I've even seen where a limited account gets infected yet the cleaner software doesn't have sufficient rights to do anything and cannot clean the infection under the same account. Amazing!

As I mention in a different post, surfing sandboxed will/can prevent so much. Most malware, I would imagine, doesn't even bother to run sandboxed.

Re:Are Computer Crooks Renting Out Your PC?

[Gordonjcp]

No, the original poster claimed it took more work to secure Windows than Linux.

 

If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS.

That suggests it takes extra work to secure Windows, beyond the work required to secure other OSes. Who's got time to fiddle about that that stuff? Just get something that works.

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

No, the original poster claimed it took more work to secure Windows than Linux.

And you agreed with it and said that's one of the reasons why you use Linux. So you can't just pass it off now that you can't defend your statement.

Who's got time to fiddle about that that stuff? Just get something that works.

And there you go again.

Re:Are Computer Crooks Renting Out Your PC?

[Ol+Olsoc]

Yeah, I mean it's a whole lot of fun to be in a constant battle just to keep your computer working and safe. Time spent trying to keep my Windows box safe is still deducted form my lifespan.

Re:Are Computer Crooks Renting Out Your PC?

[Ol+Olsoc]

Yes, Windows seven. The secure Windows, the Windows that never blue screens, the Windows just like every other version.

Re:Are Computer Crooks Renting Out Your PC?

[Gordonjcp]

I don't really need to defend anything. People keep harping on about things like virus scanners and firewalls and anti-malware and stuff like that, but they are running Windows. I run Linux on my computers, and have never needed to use a virus scanner since the Atari ST days. If Windows is so secure, why do you need to bother with things like virus scanners and firewalls?

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

What distribution do you use? Could you describe, precisely, in what way it is more secure than Windows 7?

Re:Are Computer Crooks Renting Out Your PC?

[Ol+Olsoc]

Does my answer's precision make or break the accuracy of my statement? Strange metric, that

Although I suspect that you were responding to Raenex's post, I'll add my $0.02 to the OS issue, and other observations.

I've used Macs just about forever, PC's since DOS days (but no Windows 1 or 3.1 experience) and Ubuntu for the last couple years.

The Windows machines need a lot of maintenance - Although I've been giving Security essentials a try, so far, not so bad. I've got W7, Vista, and XP. Latest issue was on the Vista machine. It bluescreened every time I pressed the function key, which is needed a lot on that machine. Ended up being an Adobe reader/Vista problem, not the Windows update that most people associate with that particular problem. My Windows 7 machine is down right now, so I'm not getting as much experience on that one yet, but I have a good idea what to expect. The XP was just rebuilt after an update made it perform flakily, then when I rolled the update back, it hosed the hard drive. Had to run a Linux Bootdisk to retrieve the data that hadn't been backed up yet. Now back to the computer's security issues. I've spent a lot of time and effort with various AV programs, their updates, and the problems that can happen, like once Norton's decided to run while the computer was defragging, Hard drive didn't like that. Just too much messing around just to keep the machines secure, or even running for that matter.

The Linux box and Macs run bareback. Imagine if that was a Windows machine?

But the Windows culture doesn't see their problems as problems. It has to be stupid users, market share, or anything other than Windows responsibility. So every time Windows comes out with a new OS, it's just like the old Peanuts cartoons where Lucy once again promises Charlie brown that this time, honestly, this time she'll hold the ball for him to kick. No way she'd lie to him. And the Windows fans, just like Good ol' Charlie Brown, believe her, and run to kick the ball, only to have it pulled out at the last moment. Rats, fooled again.

When I retire in the not so distant future, I'll be switching over to OSX and Linux only, and raise a glass of beer to not having to futz around with Windows any more.

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

Linux has something like 1% of the desktop market. It just isn't a target. Now if everybody switched to Linux because of mythological security, it would be a different story.

I ran for years without a virus scanner on Windows without a problem, but then I know basic computer security. A firewall is just good hygiene, whether it's Windows or Linux, though most home routers have one built-in nowadays anyways.

Re:Are Computer Crooks Renting Out Your PC?

[Gordonjcp]

By Microsoft's own figures, Linux has the majority of server market share. Why are there no viruses for Linux, exactly?

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

Does my answer's precision make or break the accuracy of my statement?

Your statement was unfounded FUD. The question is whether Windows is fundamentally less secure than Linux. Too many Linux fanboys just repeat memes that have been passed around for about 20 years.

Although I suspect that you were responding to Raenex's post

I wasn't talking to myself.

The Linux box and Macs run bareback. Imagine if that was a Windows machine?

I've run for years without a virus scanner, since the DOS days. I've never had a problem. I'm only running Security Essentials now because of work and VPN policy.

But the Windows culture doesn't see their problems as problems. It has to be stupid users, market share, or anything other than Windows responsibility.

That's because it is stupid users and market share that make Windows less secure. That's why I ask what, in particular, makes you think Linux is more secure. Either you have an answer or you don't.

Re:Are Computer Crooks Renting Out Your PC?

Any box can be pawnd. I can root a linux box just as easy as a windows or a mac. In fact a lot of times linux boxes are easier to hack given that:

  1) must of us hacker types use it a lot.
  2) It's open source so exploits can be written and tested very easily

I can tell you from my experience exploiting computer systems, that if you keep your system up to date and have some sort of antivirus that is used occasionally you are fine.

if you want to dispute this then go ahead and try to remote exploit a windows 7 box fully updated.

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

Servers don't run web browsers and email clients, and in general don't have consumers who know next to nothing about security, like installing random video codes.

However, for sure there are Linux servers out there running unpatched software, and there have been plenty of security issues released over the years for Linux.

Re:Are Computer Crooks Renting Out Your PC?

[Ol+Olsoc]

I speak only from experience. I don't have a "Windows is less secure because of ABC" answer. I do know there were plenty of "features" turned on that had to be turned off before programs like the email programs weren't a threat. Macros in Word and PowerPoint were originally enabled and would run. I do know that there are a lot of security patches, many more than my Apple Machines or Linux box. I can go to sites with my Mac that won't screw up my computer like they will with a PC. I forget the specific site, that I was hit by, but I was searching for a garage door opener, and the site placed that annoying semi virus on the PC that tells you you have a virus, and this nice company will sell you the software to remove it. That was the last time I put a Symantec program on my computer. I've repaired many spyware and virus ridden computers that quit working. Not one Mac with those problems. Is it just coincidence? Luck? Maybe I'm lying?

Market share and stupid users? There are plenty enough Macs out there to form a nice botnet, especially since so many are unprotected. It would be well worth it to write that software, because equal vulnerability with no protection is going to be like taking candy from a baby. And stupid users? Most Windows fans I know are convinced that Mac users are stupid. That's a double hit. Why aren't they being taken advantage of? And that is about the precision of my answers. I don't have to understand the precise mechanism of a knife cutting me to observe that it does cut, and to know that it does hurt. I fix PC's with screwed up software, I fix Macs with the occasional hardware failure.

Now, since you've thought to make me look like a fool, how about telling me the precise mechanism of how Linux and OSX are equally as vulnerable as the Windows platform? Either you have a precise answer or you don't. Your tactic is the same as the tobacco companies declaring that there is no proof that tobacco causes cancer, when it was known in the mid 1800's that tobacco did just that.

Re:Are Computer Crooks Renting Out Your PC?

I partially agree with you that Windows users are dumb, but the idea that Windows isn't still a security nightmare is stretching it a bit. How many new viruses hit Windows each month? How many hit Linux?

Further:

..FACT...When Linux becomes a big enough target IT WILL BE PWNED.

This very common fallacy is smartly rebutted by the following: http://en.wikipedia.org/wiki/Linux_Viruses#Linux_vulnerability. And before you say "Wikipedia isn't reliable" you may also read what I'm trying to tell you here: http://linuxmafia.com/~rick/faq/index.php?page=virus#virus4

Re:Are Computer Crooks Renting Out Your PC?

[melikamp]

The grandparent mentioned the words 'AV software' and you lambast him for claiming it's the magical pill.

That was step 1 of his solution to secure Windows. I claimed, it does worse than nothing. It doesn't just fail to be a magical pill, it fails to do anything at all.

And what does 'proprietary = insecure' mean?

I should have said "closed source".

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

Market share and stupid users? There are plenty enough Macs out there to form a nice botnet, especially since so many are unprotected.

But why bother, when there's so many more Windows machines?

Now, since you've thought to make me look like a fool, how about telling me the precise mechanism of how Linux and OSX are equally as vulnerable as the Windows platform?

Simple. They have the same kinds of vulnerabilities and essentially the same security model. Let's say you want to run some random application being offered on the Net. You run it, and it now has access to everything your account does. No, it doesn't have admin access, but it doesn't need to. It can participate in a botnet, spy on your tax documents, etc.

And what about software exploits, where a trusted app has a security bug? Linux and OS X have those, too. Fall behind on your updates or get hit with a zero-day, and it's the same thing.

Re:Are Computer Crooks Renting Out Your PC?

[hairyfeet]

I put the FACT in front to separate points, as making lists in /. comments is kinda hit or miss right now in my version of Chromium and since anyone that doesn't suck down the kool aid will be labeled a 'ShillTrollAstroturfer(TM)" I might as well point out that most FOSSie bullshit is INDEED bullshit. And I noticed you STILL haven't answered the main question: What are you doing wrong, that your competitors doing right?

Because if you were actually correct and "ItWorksForMe(TM)" applied to more than just you then why has every B&M and OEM ran away from your product like it is the black death? I'll tell you why because your driver model is a picture of a turd with "Fix it yourself LOL!" written underneath. here try to defend the words of Linus Torvalds himself where he says there is NO PLAN for the kernel and he just "lets it grow like a virus". Yeah Linus its called an STD and that kind of Mickey Mouse shit would get you FIRED anywhere else. Can you imagine telling your boss on a multimillion dollar project "Plans? We don't need no steenkin plans! We gonna let it grow like teh clap LOL!"

And let me see if I have your complaint correct: You use an OS which everyone acknowledges is broken which even Ballmer himself said was "a mistake" at one of his speeches, use an even more broken OEM disc filled with trialware garbage, which BTW it is trivial to turn into a "good" (which is a relative term with Vista, aka "WinMe Part Deux") DVD with VLite or any number of freeware tools, and THEN you bitch it doesn't work?

Well I could use a FOSSie meme and say "ItWorksForMe(TM)" but instead I'll just point out you are using an abandoned OS that NO major OEM is putting on their devices now, that most retailers (myself included) wouldn't take a crate of if you gave it to us for free, and which will NEVER be fixed. Throw away WinME II and get Win 7 and you'll have a beautiful experience. Besides isn't that what FOSSies do on the "BiannualDeathMarch(TM)" with Ubuntu?

But its okay, you just keep right on believing there is nothing wrong, and that myself and millions of other B&M stores are avoiding your product because its a "Conspiracy(TM)" while Ignoring the fact that if your product actually worked on bigger than basement scale retailers could increase profits by not having to shell out for Windows licenses, and in the cutthroat world of PCs any money saved would make us better at competing.

You just ignore that Walmart, Staples, Best Buy, hell even little shops like myself have found your product to be a fiddly little bitch, or that I can provide link after link after link showing retailers RUNNING AWAY and users simply not touching it (Be sure to notice in the last link how JAVA ME is actually kicking your ass LOL!) but hey, those are just numbers right?

But I would point out this final bit of wisdom: If your product costs $0, and would save both the B&Ms and OEMs significant money by adopting, yet they refuse to take it over competitors that cost a minimum $100 and $700 respectfully? Then something IS rotten in Denmark friend. If your shit didn't stink then everyone in the business wouldn't be treating it like a turd in the urinal, and going out of their way to avoid it so.

Re:Are Computer Crooks Renting Out Your PC?

[McTickles]

Firstly it is not a product as such no one is trying to sell anything (aside from support contracts for specific distros) thus there is no humongous advert budget like MS or Apple, also people are so used to Windows or OSX now that it would require a leap of faith from them.

Honestly OEMs are not running away from linux as such, more like entry level users do not realize that there are other things out there than the Windows version preinstalled on their box, so OEMs stick with what people know to not frighten them away with new things.

Well, let me explain something, since GNU/Linux is not a product, aside from the support contracts, there is obviously no plan, you have to understand most of the work on GNU/Linux is done by people in their free time and therefore they cannot be expected to have clear plans on whats next.
Also no real budget, no plans set in stone. Also there is no boss/management to tell people what to do.

Ballmer of course would say Linux is a mistake, it is competition, man, I bet you just love trolling.
I dont have a complaint, everything works here with Linux... I think you may have mistaken me for someone else... GNAA maybe.

Nvidia and AMD are pushing hard nowadays to have good drivers on Linux and I'd call them major...
You are retailer, you are obviously in it for the money, not the love of the game, so do yourself a favor just buy cheap HP Pavillions and sell them to noob consumers (the word customer is reserved for people who actually know something about what they are buying)

I avoid B&M stores because I can do it myself for much cheaper by buying the parts I really want with the OS i really want.

Walmart, Staples and Best Buy dont exist in Europe and hell I would never buy a proper machine from a supermarket...

Java ME is not an OS, stop comparing potatoes and tomatoes.

One again your links show statistic for consumer-grade machines not customer grade gear...

B&Ms and OEMs once again cater mostly to CONSUMERS who are used to Windows and don't know about alternatives because Linux being free doesn't have much of an advertising budget. ALSO, let me point out that apparently you are getting ripped off if you have to pay that much for a Windows license, big OEMs get theirs for FREE from MS because it increases Microsoft's market share.

What has Denmark to do with it? Some yankee joke I guess...

Re:Are Computer Crooks Renting Out Your PC?

[Gordonjcp]

It must be hard work running around with those goalposts like that ;-)

Anyway, as I mentioned earlier, Windows 7 is irrelevant since it cannot run the software I use daily. That's my main reason for using Linux instead of Windows.

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

Who's moving the goalposts? You are the one who started talking about Linux servers, when before we were talking about desktops. They're different markets with different attack vectors.

However, just search for "linux botnet" if you don't think that Linux servers aren't compromised.

Re:Are Computer Crooks Renting Out Your PC?

[syousef]

The amusing thing about your post is you just confirmed what he said. You didn't get infected by just hooking up to the Net (as was the case in the old days -- no browsing required), and you fell into the category of an outdated Adobe product. You were even saved by Microsoft Security Essentials.

You need a basic lesson in logic if you think that confirms what he says. I've demonstrated one instance of what he says BUT also demonstrated that several of the defenses I used were defeated. If my antivirus had not picked the file up as a trojan my PC would have been trashed. No antivirus has a 100% detection rate. So having an exploit get so far as to actually start a process that Security Essentials blocked is downright scary.

What more do you want? By the way, as for Adobe Reader, disable browser integration. Seriously. I'm also pretty sure the latest Reader products check for updates automatically, so if you're running an older product with known and fixed bugs, what's your excuse?

Are you kidding me????? What do I want? An environment where browsing to a web page doesn't automatically execute anything outside the browser. A product that is patched well enough so that new exploits aren't discovered every other week. Are you seriously telling me a product that requires updates every week to stay safe is a good one?

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

You need a basic lesson in logic if you think that confirms what he says.

The facts are what they are. You were running an old Adobe and Security Essentials saved you. The best security is layered and not an all-or-nothing proposition.

Are you kidding me????? What do I want? An environment where browsing to a web page doesn't automatically execute anything outside the browser. A product that is patched well enough so that new exploits aren't discovered every other week. Are you seriously telling me a product that requires updates every week to stay safe is a good one?

Yet if you installed Adobe Reader on Linux, or at the very least Flash, as many people do, you'll get the same bugs. In this case it isn't particular to Microsoft.

I agree, the huge amount of trust you give to running something like a PDF reader or Flash is a problem. However, it isn't unique to Microsoft. In the meantime, all you can do is stay up-to-date on patches and don't allow useless features like web integration for a PDF reader. At least Adobe gives you an option to disable it.

Re:Are Computer Crooks Renting Out Your PC?

[icoer]

Most people probably use the central repositories which mean that they aren't running random code, but rather only code that has been admitted into the repostitory. In addition use of the Linux repositories means that ALL your programs get updated as the updates are available, compared to windows where individual software either has to install its own update, or wait for the user to manually check for an update. Its also worthy to note that until Vista/7 users pretty much had to run as admin to actually use their computers. This left the entire system open to attack rather than just the user account. Making this a habit among Windows users has led to lots of users disabling UAC in 7. This is not to say that Linux is not succeptable to virus/malware/idiot user, but you did ask for specifics and those were the first 2 I thought of.

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

Most people probably use the central repositories which mean that they aren't running random code, but rather only code that has been admitted into the repostitory.

Yet there's often software people want to use that is not in the repository, and I see it advised all the time on how to grab a package file from a 3rd party site and run a sudo command to install it. Ditto for things like Firefox Add-ons.

In addition use of the Linux repositories means that ALL your programs get updated as the updates are available, compared to windows where individual software either has to install its own update, or wait for the user to manually check for an update.

And how many people actually update diligently? Is the default in Ubuntu to automatically apply security updates?

Its also worthy to note that until Vista/7 users pretty much had to run as admin to actually use their computers. This left the entire system open to attack rather than just the user account.

Installing all your software as admin isn't much better. Also, if your user account is cracked, it's pretty much game over anyways. You can be part of a botnet. All your sensitive information is available.

In other words, there isn't much difference here. If the masses moved to a Linux desktop, you'd see the same problems.

Re:Are Computer Crooks Renting Out Your PC?

[icoer]

I'll agree with you straight up on Firefox addons as well as Flash and Acrobat which are in the repos. However my experience (ymmv) with users on Linux is that if your smart enough to Sudo install software your smart enough to protect yourself and verify your sources. The average home user won't use the command line to install software, if its not in the repositories. If I remember correctly, Ubuntu by default is set to pop up the update manager daily. I think they do some updates automatically in the background as well, but I couldn't swear to it. As I said, I'm not claiming Linux to be unhackable... just that there are some legitimate areas where it is by default more secure. I'll also admit that MS is making great progress with their newer systems and we can hope that this trend continues.

Re:Are Computer Crooks Renting Out Your PC?

[Raenex]

The average home user won't use the command line to install software, if its not in the repositories.

The average user can follow simple instructions. "click here in the menu, type this in".

If I remember correctly, Ubuntu by default is set to pop up the update manager daily.

Which means it'll just get ignored by a large percentage of people.

I think they do some updates automatically in the background as well, but I couldn't swear to it.

There is an option, but I don't think it's enabled by default. It isn't in the 10.10 amd64 version I'm running. I think Microsoft got it right by making security updates happen automatically by default.

As I said, I'm not claiming Linux to be unhackable... just that there are some legitimate areas where it is by default more secure.

The problem is that these days it really isn't. Having the repositories is a bit more secure, but people will always be tempted to install or run random stuff.

Are Computer Crooks Renting Out Your PC?

[1s44c]

Are Computer Crooks Renting Out Your PC?

No, I don't run windows and I set it up right.

I knew it

[fwarren]

Windows Vista was not that bloated. Microsoft was just monetizing spare CPU cycles on the Russian Black Market.

Re:I knew it

And they have the cheek to STILL sell at that price! The greedy bastards! Honestly!

Re:I knew it

[zill]

I'm just glad Microsoft didn't charge extra for this involuntary cloud computing client feature.

Re:I knew it

[Noitatsidem]

They didn't?

Warning: Safety Protection Must Be Worn

[Haedrian]

Tinfoil hats on.

Re:Warning: Safety Protection Must Be Worn

You stupid baz tards. Get it the phuck right! If you have a "tin" foil hat, I want one too. All I have is aluminium. And it clear is not making the conspiracies go away. Kuu nt.

Are Computer Crooks Renting Out Your PC?

[Greymoon]

If you outlaw renting computer bots only criminals will rent computer bots. ...profit

I smell a rat

[tloh]

How did Krebs get access to an "invite only" service? I can't help but feel this is someone's shrewd way of advertising the illegal. Either that or someone is getting whacked for bragging about knowing too much.

Re:I smell a rat

[Haedrian]

I would expect just like policemen have contacts in the criminal underworld, I would assume security researchers would do the same thing.

Re:I smell a rat

And thus the irony of the ISC^2 code of conduct is finally revealed:
It doesn't take a genious to realize that you keep your friends close and your enemies closer

Re:I smell a rat

Or...they are one and the same.

Nice to see the bad guys facing the facts...

[fuzzyfuzzyfungus]

The news on computer security is usually relentlessly bad. It is nice to see an instance where the economic realities of non-targeted attacks make the bad guys slightly more vulnerable. Even if our antivirus overlords are pitifully incapable of keeping us from getting 0wn3d, which seems to be the case, they are in a fairly good position to monitor the 'underground' marketplace and reduce the value of compromised PCs. That won't save the strategically valuable targets; but anything that reduces the rental value of Joe Broadband's horribly compromised porn box is good for Joe, and for the internet generally.

Brian Krebs?

I will wait for a report from his cousin, Maynard G. Krebs.

Hospitals are no surprise

[HangingChad]

>Santiam Memorial Hospital in Stayton, Ore.

I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!". Seriously, there were places I wanted to take a shower after leaving because their workstations were so riddled with spyware and trojans.

Re:Hospitals are no surprise

[hedwards]

It depends how they're set up, but I wouldn't be surprised if that was often the case. The computers that they use at the clinic I go to are pretty locked down, they only seem to run one program, and they don't seem to do anything else. It's a lot easier to harden a system if there's only one application that's allowed and it's one that you control.

Re:Hospitals are no surprise

[mjwx]

I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

I provide tech support for a few local retail chains here, everything I've seen has made me _not_ want to use my CC anywhere. Senor POS terminals run Windows XP on Celeron Processors. Senor recommend turning off Windows update. Staff are typically too lazy to type in passwords so the default "senor" user is often left without a password. Access to USB simply requires you to open the access panel at the bottom (not even screwed into place)

The EFTPOS system is a software client provided by the bank run on a Windows XP box out back which the staff use for general internet access. The client is SSL so it goes over the general internet.

At least the Pronto system is relatively secure, running on AIX or Linux (prefer Linux, fewer things like backup clients run on AIX these days). of course the client wont update the software so I use the term "relatively secure".

Of course the client in this case wont let us tighten security. Password everything, move the EFT client to headless machine, silicon up the USB ports, restrict internet access to 80,110 and 443.

Sticking to cash, the AU banknote has more security measures built into it then Senor POS terminals.

Phone call !

Anyone phoned the hospital to warn them ?
LOL I knew you hadn't :D

Hey! Mine's for rent -- cheap.

[SlithyMagister]

Well not so cheap, Call me and we can discuss terms. If you're a crook, I don't want to know, OK? Oh, and I do run windows, and its set up right, just sose ya know...

GOATSE alert

Parent is goatse fag.

There are reasons for that...

[damn_registrars]

Santiam Memorial Hospital in Stayton, Ore.

I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

That happens for several reasons:

• The software they use as part of their work requires admin access (bad vendor programming)
• The hardware they need to access requires admin access (more bad vendor programming)
• They consider needing an additional password for admin function to be "too inconvenient" (bad user education)
• They didn't need to do it when they used 3.x/NT/98/etc ... why should they need it now? (also bad user education)
• They were told that their anti* software would protect them, even without ever updating it - or anything else (bad vendors meeting up with badly educated users)

Re:There are reasons for that...

[dwarfsoft]

Most of the "Bad Vendor Programming" I've seen in this situation did not actually require Admin Access, but required specific permissions set for Users to be able to get the programs to function. The reason that these users were ever added to Local Admin was due to "Bad IT Admin" more than anything else.

After I re-trained the one guy who kept adding users into Local Admin on how to determine (regmon/filemon/procmon) which folders/files/regkeys needed additional permissions (and how to manage a local group for those settings) and he continued to do it, I was only too happy to remove his access to be able to change any security settings or add any users to any groups. Problem was solved.

It wouldn't surprise me if far too many people in those Workstation Admin roles don't fully understand security, particularly in places like Hospitals where Doctors think they have the authority to tell everybody how things should be done.

Re:There are reasons for that...

[jd2112]

And any patches applied to computers attached to medical equipment must have FDA approval.

Re:There are reasons for that...

[swb]

The other reason left out are the number of doctors who are prima donna assholes and insist that going to med school has made them CERTIFIABLE GENIUSES IN EVERY FIELD.

I work for a small consulting firm and we've had a half-dozen clients in the medical & dental fields and without exception they have all been complete assholes, the dentists worse than the doctors.

One guy literally tried to physically intimidate me to the point I had to actually push him away. I walked from the office 20 minutes later and told my boss and our owner what happened and that I wasn't going back. We finally quit that account after every single guy assigned to that account refused to go back.

I'm not sure how many of them we have left, but I pretty much refuse to work at any of them due to their arrogant attitudes.

Re:There are reasons for that...

[damn_registrars]

It sounds to me that you were doing consulting for physicians in private practice. By my experience they are egotists to a much larger degree that those associated directly with hospitals. I attribute this in part to the dilbert factor that plays in when a physician pursues private practice - now they are business managers as well as physicians. By my experience most physicians who work primarily at or with hospitals are much better grounded (especially teaching or research hospitals).

On a related observation I have rarely seen the physicians with doctoral experience (as in the MD/PhD doctors who have actually done doctoral research) in private practice. They almost invariably stay with a hospital, regardless of whether or not they want to continue with research or teaching.

Re:There are reasons for that...

[Billly+Gates]

Hospitals are anal and hypocritical because they want to make sure everything is ready in case of an emergency where a doctor can quickly type a vital or update a record and walk away without interruption.

I finished a contract with a hospital a few months ago. They still use service pack 2 of XP! I asked why wont they use service pack 3 at least. The staff mentioned it is because of testing and they do not want to inconvenience any doctors. Meanwhile they are so anal with hippa that they encrypt all the drives and restrict USB to protect records. What is troubling is someone can install a keylogger with the holes in the network and steal the data that way or install a worm.

I do not want to know how many vulnerabilities are on these pcs that service pack 3 fixes. I feel they are so focused putting metal gates and locks on all the windows that they leave the front door right open.

Re:There are reasons for that...

[pedestrian+crossing]

Most of the "Bad Vendor Programming" I've seen in this situation did not actually require Admin Access, but required specific permissions set for Users to be able to get the programs to function. The reason that these users were ever added to Local Admin was due to "Bad IT Admin" more than anything else.

While I would agree that just granting admin access is Bad IT Admin, the fault still lies with the vendor, who usually shrugs and says that admin access is necessary even though they are the ones in the position to know exactly what folder/file/regkey access is necessary.

Since we are usually talking proprietary software, the Good IT Admin's only option is to apply reverse engineering (regmon/filemon/procmon).

So the fundamental problems are "Bad Vendor Programming" and especially "Bad Vendor Documentation and Support".

Re:There are reasons for that...

[phorm]

The reason that these users were ever added to Local Admin was due to "Bad IT Admin" more than anything else.

Software needing admin permissions that comes to mind includes some of the older autodesk (AutoCAD) etc software. Most of the ways to get them to run as a non-admin user were - in themselves - hacks, and often generated as many issues as they fixed.

For the applications

[sourcerror]

Why would I go out of my way to use an OS that takes extra work to secure?

Because you want it to use for 3D design, music/film production etc.

Re:For the applications

[sortius_nod]

So you're saying you use Mac OS?

Re:For the applications

[MobileTatsu-NJG]

So you're saying you use Mac OS?

Not if you're doing 3D work.

Re:For the applications

So you're saying you use Mac OS?

Security through obscurity is no security at all.

Re:For the applications

[subk]

Because you want it to use for 3D design, music/film production etc.

I wish this weren't true! A lot of people have post the question "which 'killer app' would make Linux desktop adoption take off?" I think it should be Adobe CS6.

Re:For the applications

Sure it is, thats why I never get hacked.. I run OpenBSD!

Re:For the applications

[Gordonjcp]

I use Linux for audio production. There's nothing worth using on Windows.

Re:For the applications

[sourcerror]

I use Psycle (OSS) and FL Studio, both are Windows only. (But it's only a hobby for me.)
Can you suggest some good OSS DAW?

Re:For the applications

[Gordonjcp]

Ardour. It does damn near everything I need, and as an added bonus has a workflow rather like that of "proper" HDR systems.

I never really got my head around FL Studio but it doesn't really look like Ardour would do the same job. I don't work the way that FL Studio wants you to, so it doesn't really make sense for me.

I hope not

[50000BTU_barbecue]

For their sake... I still run a PIII with W2K.

Re:I hope not

[craigminah]

Wow, you still got your C-64?

Re:I hope not

[Yaa+101]

Yes... Und?

Need to go after them **AA-style

[mysidia]

Since the ***AA's campaign was so effective... How about CUAA... Computer Users Associatlion of America

The deal is, every computer joins this association, and grants the organization the right to sue on their behalf, to collect damages resulting from malware, in exchange for a percentage of the damages awarded.

Once enough computer users join this association, the association goes after anyone making or distributing malware. (Including infected websites)

Using **AA-style tactics, sending threatening letters to the ISPs of servers propagating malware, etc..

Re:Need to go after them **AA-style

[Noitatsidem]

We don't want Adobe to go bankrupt that fast, do we?

Re:Need to go after them **AA-style

[Noitatsidem]

Well, I haven't heard of a single piece of (non-OS) software that enables more 0-day attacks than Adobe's.

No

[scream+at+the+sky]

It's more like they're squatting, renters at least give some cash back!

also some vendor hardware / systems block updates

[Joe+The+Dragon]

also some vendor hardware / systems block windows updates / are setup so they can't be installed / the vendor has to do the admin work on them.

If he can do it, why can't ISPs?

[rudy_wayne]

If Brian Krebs can figure out that The Securities Group LLC, The Limited; Santiam Memorial Hospital, North Shore Medical Center; McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority are part of a botnet, then the ISPs used by those companies can do the same. Which points out the real problem with spam, malware and botnets: ISPs refuse to lift a finger to secure their networks.

Every person or business identified as being part of a botnet should be notified that their Internet access is being terminated immediately and will not be restored until they fix the problem.

Re:If he can do it, why can't ISPs?

[loftwyr]

Then they go beyond "Common Carrier" status and become responsible for the traffic on their network. That would include all the illegal software/media/etc. downloaded through that.

They'd rather die that have to police your downloads, so they let you have your viruses.

Re:If he can do it, why can't ISPs?

Where did you get this silly idea that ISPs are threated as common carriers? They're already doing traffic shaping, deep packet inspection, DNS hijacking (you can't even query a different server directly on some ISPs, they'll redirect traffic to their servers and spoof the answer), interfering with P2P and VoIP connections, censoring domains, deleting e-mails and attachments they consider dangerous and so on. So what is stopping them from warning you're being part of a botnet?

Pretty Cool Actually

[kramulous]

At first I thought 'Bloody Crooks' ... but then thought about it a little (note: a little).

Global computer usage efficiency just increased. Fewer systems are being used by more people to perform more work. Cool.

I realise that they are not compensating owners of the property but, too bad. Learn to secure your machine or just turn it off when you're not using it. And if you are using the machine and don't notice other work being done, what that say about how crap Windows has gotten (haven't used it in a decade) or how minor your usage is?

Re:Pretty Cool Actually

And if you are using the machine and don't notice other work being done, what that say about how crap Windows has gotten (haven't used it in a decade) or how minor your usage is?

I don't know. What does it say about Linux, which is responsible for nine out of every ten pieces of spam that arrives at my Inbox? (And I'm not even counting the stuff that gets slain out of hand due to an overly high score.)

Linux security is shit... Because a great many Linux users are shit. Any tool who thinks merely running a specific operating system will make them 'secure' should have their Internets license revoked.

Re:Pretty Cool Actually

What does it say about Linux, which is responsible for nine out of every ten pieces of spam that arrives at my Inbox?

That it's used in a ton of mail servers?

Re:Pretty Cool Actually

[Nutria]

What does it say about Linux, which is responsible for nine out of every ten pieces of spam that arrives at my Inbox?

Why do you say (i.e., what evidence do you have) that 90% of spam you receive is generated by Linux?

Re:Pretty Cool Actually

maybe its cos you splash your email address everywhere and keep signing up to porn sites.

an outgoing (smtp, exchange, etc) mail server just serves outgoing mail. that's its job. to assume it should do more is just ignorance on your part. the responsibility of managing spam is at the receiving end.

the definition of spam is grey at best, so the best place for filtering spam is at the user's mail reader (be it hotmail, outlook, evolution, squirrel, etc) where they can select settings that best suit them. this is how it should be because otherwise you may end up missing out on messages that you want to receive because your receiving mail server may incorrectly interpret a message as spam.

if you want to reduce the amount of spam you receive, the only real solution is to reduce the publicity of your email address.

also, you can only get info on the server from where the spam originates, and obviously sender mail servers aren't going to necessarily filter their customers outgoing mail. particularly if someone is sending out what is obviously spam, they are going to set up their own (probably linux-based) mail server and as if the spammer is going to filter their own outgoing mail.

management of spam isn't the responsibility of outgoing mail servers. you are ultimately responsible for how far and wide your email address is spread.

i have three email addresses; one attached to my isp account, which is just for family, another one for work, which is used for work contacts (duh) and a hotmail account for everything else. a browser based mail reader like hotmail good for managing spam because it has a spam filter which can be tailored to suit my preferences, and i don't download all my messages when i log in as for a mail client like outlook or evolution so at most i only download a list of spam subject lines if i click on my spam folder. also, if my hotmail account becomes unusable i can just make another one and start fresh. this stuff isn't rocket science. you should try it. oh, and maybe hold off on submitting your email address to so many porn sites.

pi

Anyone said anything about OSX?
Or non-GUI's?

Let's compare Linux 2.6x KERNEL ONLY, vs. Win7

See subject-line, & then figures/facts from SECUNIA.COM:

(Especially vs. this statement quoted from you next below)

"Actually it is window's fault that it's insecure by design." - by 1s44c (552956) on Sunday April 10, @05:20PM (#35776068)

In fact, I'll show you that Microsoft's ENTIRE ARRAY/FULL GAMUT of development for business (Office Suite, Database Server, Internet Server, Internet Browser, & Development Studio/IDE + Windows 7 itself) has LESS THAN 3x++ the known security issues, unpatched, that Linux 2.6, kernel only mind you, has - &, that # on Linux is more, & goes "up, Up, UP & AWAY...", especially once you toss on the rest of what comes with a Linux distro (e.g./i.e.-> Webbrowsers, GUI shells, Windows managers, & far more)...

---

Vulnerability Report: Microsoft Windows 7: (04/10/2011)

http://secunia.com/advisories/product/27467/?task=advisories

Unpatched 10% (6 of 59 Secunia advisories)

---

AND, of those 6 vulnerabilities, yes... 3 are "remote". HOWEVER, they're:

1.) In subsystems (like FAX) NOT installed "by default" (means I don't use it here & most others won't either...)

2.) Have valid & EASY work-arounds (e.g. - mhtml bug & Ms' "FIX IT Tool" for it, gui easy...)

3.) Are caused/utilized by faulty 3rd party apps (e.g., & of ALL things? Apple stuff uses a known bugged API in Visual Studio, see above, triggers one, ITunes another, iirc, etc. but no other apps are KNOWN to - go figure, eh?).

4.) PLUS, "MS 'Patch Tuesday'" is only 2 days away now, actually less, & is patching 64 problems across ALL of their wares (meaning the holes here on Windows are soon just a bad memory too, not that they are, because they have easy & valid work-arounds for a lot of them!)

I.E.-> "NO PROBLEMO!"

---

Vulnerability Report: Microsoft Office 2010: (04/10/2011)

http://secunia.com/advisories/product/30529/?task=advisories

Unpatched 0% (0 of 4 Secunia advisories)

---

Vulnerability Report: Microsoft SQL Server 2008: (04/10/2011)

http://secunia.com/advisories/product/21744/

Unpatched 0% (0 of 4 Secunia advisories)

---

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (04/10/2011)

http://secunia.com/advisories/product/17543/

Unpatched 0% (0 of 6 Secunia advisories)

---

Vulnerability Report: Microsoft Visual Studio 2010:(04/10/2011)

http://secunia.com/advisories/product/30853/?task=advisories

Unpatched 17% (1 of 6 Secunia advisories)

(The single 1 here also, like Windows 7 above, has an EASY work-around, & thus? Again, "NO PROBLEMO"!)

---

Vulnerability Report: Microsoft Internet Explorer 9.x:
(04/10/2011)

http://secunia.com/advisories/product/34591/

Unpatched 0% (0 of 0 Secunia advisories)

---

Well - "Read 'em & WEEP", /.'s "Pro-*NIX crew"... & "argue w/ the #'s" & good luck: You'll NEED it!

APK

P.S.=> NOW - Here's Linux's "latest/greatest", next below... (complete with a REMOTE EXPLOIT TOO, no less, in the "ROSE" subsystem):

---

Vulnerability Report: Linux Kernel 2.6.x: (04/10/2011)

http://secunia.com/advisories/product/2719/?task=advisories

Unpatched 7% (19 of 259 Secunia advisories)

--

Re:Let's compare Linux 2.6x KERNEL ONLY, vs. Win7

[moonbender]

From the Secunia statistics you linked to:

Windows 7, 6 out of 59 unpatched. The most severe unpatched issue is a remote issue rated highly critical, and has been reported 2010-12-27 (FWIW it also affects Vista and XP).
Overall criticality: 2% Extremely critical, 39% Highly critical, 17% Moderately critical, 37% Less critical, 5% Not critical
Overall "where": 61% From remote, 10% From local network, 29% Local system

Linux 2.6.x, 19 out of 260 unpatched. Most severe unpatched issue is a remote issue rated moderately critical and has been reported 2011-03-22.
Overall criticality: 0% Extremely critical, 0% Highly critical, 11% Moderately critical, 49% Less critical, 40% Not critical
Overall "where": 16% From remote, 12% From local network, 73% Local system

Re:Let's compare Linux 2.6x KERNEL ONLY, vs. Win7

[subk]

Thank you, moonbender, for that "highly critical" retort. The AC who posted the grandparent obviously didn't READ any of the Secunia advisories.

Re:Let's compare Linux 2.6x KERNEL ONLY, vs. Win7

[subk]

Some of us "Linux Cronies" work in heterogeneous environments and have used EVERY major OS there ever was and ever will be. As an MSDN member, I probably had Windows 7 before you did. I personally did not "like" it, but it seems pretty solid. However, my Solaris, Macintosh, Gentoo and even FreeBSD boxes ALL write to (fiber san) disk significantly faster than my most tweaked out Windows images. Which really sucks for me, because the main app I support is Adobe CS5!

Re:Let's compare Linux 2.6x KERNEL ONLY, vs. Win7

[Chris+Tucker]

Anonymous Coward spews data.

TL:DR

Because, you know, it's from an Anonymous Coward.

This is known in the gaming industry for a long ti

[Dainsanefh]

Go to utube, look up "Xbox host boot", you shall see ppl sellin bots for you to DOS your online opponent, gain level in Halo for example, for $2 a bot.

Heck, I am a master admin in a peer-2-peer 3D game call Power Soccer [powerchallenge.com], and have cheaters who speed hack and hex edit our game etc. Guess what, I wrote a keylogger and send it to the dev team, every time when the game patches and installed, the thing will also install. Everytime we encounter a perpertual cheater will turn on the keylogger, colect all his infomation, and fight him back by loggin in to his facebook account and do shit. We release all real names of cheaters and hackers and we expose them, label them racist and myg0t etc.

Here is one of our victims haha:

http://learnaboutfabio.blogspot.com/ [blogspot.com]

Without the keylogger we would never know who this person is!

If you have questions or want my technology vist my website: http://dainsanefh.webs.com/ [webs.com] or email dainsanefh@gmail.com

PS: sory for my bad ingles. I am immigrant from argentina.

.NET does not have the same problems as java

[judeancodersfront]

There aren't .NET applets or plug-ins. It's either full blown local or server side.

Re:.NET does not have the same problems as java

[zach_the_lizard]

There is a .NET plugin, it's called Silverlight, available for Windows and Mac OS X, plus it's basically what you have to use to write WP7 apps.

Re:.NET does not have the same problems as java

[judeancodersfront]

Silverlight includes a subset of .NET, it doesn't require a framework to be installed. Installing the .NET framework does not put you at risk for web attacks. As for Silverlight I haven't heard of a single drive-by attack.

As for WP7 you don't need .NET to write applications but if anything it is safer than Win32 applications due to using managed code. .NET in no way should be lumped in with Java when it comes to security. Don't smear .NET with Java's problems.

Security is nearly nonexistant commercially

[Cito]

Example I worked at Wachovia in Atlanta for 3 years, the password on every pc was just wachovia and a number so to log in admin access on all the boxes was username: wachovia password: wachovia1 or wachovia2 or wachovia3 and so on and so forth. All these pc's were seperate xp boxes and there was really no restrictive access, they rely mainly on "dumb employees" that know no better. Hell there are 2 boxes to this day I can still remote desktop into from anywhere... talk about sad state of affairs

They don't know what admin access is

[judeancodersfront]

That's the more common problem.

Cut their balls off

[bogie]

There I said it. Cut the balls off enough of these people who treat millions of people's important personal property like a plaything and maybe they'll start having second thoughts. I'm tired of it being so easy to reach out an fuck with something that at this point is so critical to most individuals daily lives. And while we can blame MS and the user, lets not forget who the real culprit is. The time and money and IT frustration that results from the work of these assholes is immeasurable.

You don't see criminals thinking they can walk down the street and then try to break into every single house in a city and then squat in every one that has an unlocked door. I don't know why anyone ever thought it was ok to do the equivalent in the digital domain. I blame not strong enough penalties at the start of pc hacking. If we had started with fingers we probably wouldn't have ever even had to go to balls. But here we are so I vote, balls.

Can you tell I had to deal with with someone's malware infested pc who had no backup recently?

Re:Cut their balls off

[gl4ss]

you think some deterrent is going to stop 14 year olds from hacking? because they do hack too. and you can't hold them responsible legally for it.. only for damages, which are pretty hard to convert to cash.

just run your systems better, m'kay? obscurity wont help you when the shit hits the fan for real and it would be pretty harsh to take away fingers just for messing with your library that you left open and connected to other people. sometimes it's hard enough to try to tell which part was supposed to be for public consumption. and it's pretty easy to frame someone for it.

squatting laws are actually usually erected for the sake of the squatters and for the sake of the city. so that some ahole doesn't just buy the whole city for the property value or to "clean out all the bad people"...

but this story, it's just a rehash of a rehash of a rehash. he should've tried buying some computing time from the crooks, to render some pictures or whatever. that would have been true journalism.

Old news?

So basically... are you part of a botnet? And you're just now getting around to asking us this now? And on /. of all places?

I'm fairly certain that the vast majority of /. users already knew what a botnet was and if they were part of one.

Most of the computers that these crooks use are unpatched windows xp machines in south america and asia anyway.

Alex Belits: U can tell me 2 "die in a fire", but

LMAO - You're the 1 that ALWAYS GETS BURNED - case in point/e.g./to wit (2 examples thereof):

---

1.) Where you didn't even REALIZE Android IS A LINUX VARIANT vs. MYSELF where you trolled me before:

http://linux.slashdot.org/comments.pl?sid=2006166&cid=35321956

(Funniest part of THAT was that you seem to be a "Pro-*NIX zealot" around here too... funny I had to "educate you" there, eh?)

---

2.) AND, THAT INSTALLATION WITHOUT USER PERMISSION WAS POSSIBLE ON LINUX VARIANTS, from the very same exchange as above:

http://linux.slashdot.org/comments.pl?sid=2006166&cid=35312558

AND more there also, albeit on BOTH Linux AND MacOS X, again - in MY favor -> http://linux.slashdot.org/comments.pl?sid=2006166&cid=35300528 (regarding disk/file access by a bot on both Linux &/or MacOS X)

as well as -> http://linux.slashdot.org/comments.pl?sid=2006166&cid=35301464 (regarding the Koobface malware having COMPLETE ACCESS on Linux)

----

"This is like all Microsoft shills' tactics superimposed on each other. Die in a fire." - by Alex Belits (437) * on Sunday April 10, @09:52PM (#35777246) Homepage

Ahem: Something about my post here originally/initially (facts NOT IN LINUX's FAVOR vs. MICROSOFT on SECURITY NO LESS) bother you?

Truth maybe?? Truth hurts, doesn't it??? ... So, "That all 'said & aside'"? Some MORE TRUTHS (especially about YOU & based on your behaviour before from the links above, where GERMANY DUMPED LINUX TO GO BACK TO WINDOWS NO LESS, lol!):

Again, per my subject-line above & you having trolled me before much the same way, just not as "enraged" as you are now, possibly with GOOD REASON (lol, see above):

  You SURE you want to tell me to "die in a fire", when you're the one that ALWAYS GETS BURNED, trying to "take me on"?

(Refer to the above, especially before you make a decision... See, the way I figure it, as to why you have trolled me here now? Well - You're probably just doing this because you're "smarting" from our last "encounter", lol, as shown above! You didn't come in their "FoAMiNg @ ThE MoUtH" like you are THIS time... gosh, I wonder why (NOT))

APK

P.S.=> Trust me: I state that, simply because if the last time this happened from you, trolling, directed my way?

Well... obviously as can be seen above, Your name-tossing "ad hominem attacks" just aren't going to do it vs. myself (especially when I come armed with solid, concrete, visible & verifiable data @ my side & disposal vs. such poor tactics)... apk

Here's WHY Alex Belits did it rockfistus

http://it.slashdot.org/comments.pl?sid=2077414&cid=35778010

It says, and SHOWS, it all (as to his motivations)...

I.E./In Summation:

Alex Belit's tried this before with me, & it's shown in the links above... which only ended up with him getting egg on his face - I don't like doing it either, I just want truth/facts out there vs. b.s. is all... & the "Pro-*NIX Penguins" around here are some of the worst in THAT capacity online imo... not as bad as they used to be, but, there ARE SOME 'DIEHARDS'...

Alex Belits? He MAY be one of those diehards!

Which I felt was rather funny then when Alex Belit's tried doing this before to myself, to his own dismay, & even ODD, that I had to "school" a "Pro-*NIX Penguin" on "things Linux" vs. he no less, before!

(Only just not as much trolling & name tossing + profanity last time from him... Which only leads me to believe he's childishly seeking 'revenge' of somekind vs. myself, perhaps? I don't know)

What I DO KNOW, is that I just use facts: Documented, concretely verifiable and current news visible, as my "weapons" usually (until the poster doesn't respond to logic, or recognize it, & THEN I SPEAK IN TERMS THEY UNDERSTAND (their own language, even if it's trollery! When in Rome? Do as the ROMANS DO!)

Still, facts... vs. TROLLS?

For "some reason" (not), it really "lights a fire" under the Penguins' butts around here, lol... "Gee - I wonder WHY?"

(NOT, they're worse than religious zealots/fanatics is why - & not all the truth & documented facts in the WORLD gets thru to "that kind", period!))

APK

P.S.=> Sorry for the rant, but DO enjoy the read in the URL above - as it was my reply to Alex Belits, directly... & thank you for reprimanding him for his rather reprehensible behaviors here today as well... apk

U need 2 read my post closer (fixes exist 4 MS)

There are "security issues" unpatched for MS products already though... I noted that!

3 of them have WORKING work-arounds (easy ones)

OR

Are in subsystems many folks don't use (especially if the subsystem's not used by default)...

OR

Have VALID & easily installed fixes, via "MS FIX IT" tool services Ms gives users, for free...

Plus? Well - "Time's on my side" here too (1 day only)...

How so??

Well - as I noted in my init. post - As of the end of the day today (Monday here)? Microsoft "Patch Tuesday" is going to put 64 KNOWN SECURITY ISSUES TO REST (including ones that already have valid working "work-arounds" or "Fixes" I noted, & even ones NOT already patched - I read their "advance notice bulletins" is why I note this, & with some "specifics")...

So... Your point is, what?

(Advice for your own "FYI" here - You MIGHT want to "dig in" a bit deeper, & read some of the actual ones in the Windows 7 and say, Microsoft Visual Studio 2010 listings... what I meant above, and yes below also in my 'p.s.' apply on this note...)

APK

P.S.=> On this Tuesday? E.G. -> The single MSVC++ issue's supposed to be patched also, which ODDLY? Fixes the 1 windows issue that Apple's software (ITunes & 1 other) calls the faulty API for, allowing the vulnerability, & they are the ONLY ONES KNOWN WITH IT...

So, talk about "killing 2 birds with 1 stone" by MS, on THAT one... & others too, 64 more of them are going to get "fixes" across ALL their wares 1 day from now!

And, again - The others have work-arounds, or aren't default installed, & or "MS FIX IT" (e.g. - MHTML Bug) fixes that work already in place for users to use (easy to use, GUI tools too)... apk

"Believe it or not, I DO like linux." - SO DO I

See my subject-line above, & we are alike: "Surprise, surprise"...

Yes - I actually LIKE & USE Linux myself even (KUbuntu 10.10x here recently, as I like KDE desktops)... & I think it's gotten to the point where it won't just be "testing" for me once in a while anymore, but an OS I actually LIKE & will setup another system for in the future, again!

No - it's not "1/2 bad" as a desktop even & has improved WORLDS since I last tried it circa 1999-2000, iirc.... on the dates, that is.

See - I was "turned on" to it again last summer (again actually, been using/trying/testing Linux since Slackware 1.02 circa 1994 iirc, & later RedHat distros 5.2-6.0) by family while I travelled thru Central/Eastern Europe last summer! PC-BSD too... but I like Linux better (easier console/tty term commands than BSD variations of them imo is why & KDE peforms faster on NVidia stuff than PC-BSD does (drivers weak probably there is my guess)).

So, it was KUbuntu 10.10x here, all thru the summer & into the fall until around 1-2 months back!

It ran SOLID for 7 months or so, & I could fully use all my hardware too... bonus & something older Linux "back in the day" mid-to-late 1990's, couldn't say all the time for myself @ least!

That's MOST LIKELY because, like most folks, I buy hardware for Windows first, of course, & HOPE that Linux supports it (most of the "big name" widely used stuff they do a GOOD JOB on nowadays pretty much - not perfect ALL the time, but a LOT BETTER than Linux distros used to be this is CERTAIN!)

KUBuntu was "A-OK" & fine, that is, until an "update" to KDE turned into a "downdate" & blew my GUI Shell or Window mgr. being able to use KDE @ all - I did this out of the GUI package mgt. tools in KUbuntu too, which REALLY "upset me" some!

(Which was fine too, in the GUI rpm/deb/yum style manager they have for updates in KUbuntu, & I did it a LOT while I used it, wanting to have the "latest greatest" especially on KDE moving from 4.4-4.5-4.6 - what can I say: I like KDE!)

However, it blew it SO BAD, that not even startx @ a tty term/console bootup would restart it!

I think I'll wait a bit on Linux KUbuntu & KDE to "mature/cook just a WEE BIT MORE" though, before I hop into it again...

(To be fair? Sure, I think I can recall across ALL Windows OS since Win3.x, perhaps 1-2 "downdates" like that, but it was a LONG time ago only, not recently! Could I have done the research & fixed the GUI shell in KUbuntu? Sure, but, I have been SO DAMNED BUSY LATELY, it's not a want thing, it's a TIME thing!)

---

"Windows 7 fucking rocks. Yeah, I said it." - by rockfistus (1445481) on Sunday April 10, @09:28PM (#35777152)

Oh, I'm with you, 110%... using it here "WRITE NOW, as I RIGHT this to you" (lol, little 'play on words/turn of a phrase')... it is, great stuff.

---

"I never thought a version of Windows would come out that has been as solid as it is.... It's almost like Shock & Awe. But never the less... It's fucking true." - by rockfistus (1445481) on Sunday April 10, @09:28PM (#35777152)

I agree, but I always felt Windows was SOLID since Windows 2000 personally, because I always ran my NT-based OS, especially since 2k, for YEARS of uptime, usually... they can be security-hardened well, but they do not ship that way as I am sure you know (then again, even SeLinux distros & MacOS X on Apple doesn't go out the door/oem "Super-Hardened for SECURITY" either!)

You have to do some "leg work" yourself (On Windows? Around 1-4 hours work, but fun stuff, IF you're into it, & the 'goal' of doing it - a more reliable piece of machinery that also will perform faster afterwards! Purest hot-rodding really, same mentality!)

---

"All of the Linux cronies have been so busy defending there homebase that they haven't even tried Win7 I'd ima

Did U read them, or my points in my post entirety?

Obviously not: Linux 2.6x is a KERNEL ONLY, vs. Windows 7 an ENTIRE FULL COMPLETE OS DISTRO! Those bugs in Linux security go up once you toss on parts the KERNEL doesn't have, but... Linux distros, do (& those extra parts for a FULL LINUX? DO HAVE SECURITY ISSUES!)

http://it.slashdot.org/comments.pl?sid=2077414&cid=35778120

That about "takes care of that" below, from you:

"The AC who posted the grandparent obviously didn't READ any of the Secunia advisories." - by subk (551165) on Sunday April 10, @11:01PM (#35777684)

Still, since you've demonstrated that you do not read well, or fully, from the postings of others? I will restate PART of my points from that URL here, again:

YOU and moonbeam there also didn't read an IMPORTANT POINT I made in my 1st post as well:

That point is THAT THERE IS FAR MORE TO A LINUX DISTRO THAT ADDS MORE "SECURITY BUGS/ISSUES" TO AN ACTUAL LINUX DISTRO THAN THE KERNEL ALREADY IS KNOWN TO BEAR! (19 of them, vs. only 6 on Windows, of which 3 have fixes already LONG ago users can apply via Windows update or manually no less).

Once more - stressing that point of mine you BOTH OVERLOOKED rather "conveniently" in my estimation:

Ahem: Linux's 2.6x KERNEL has 3x++ as many security issues UNPATCHED, as Windows ALONE has in its ENTIRETY (vs. only the kernel bugs for Linux, which again, rises MORE once you show the bugs in attendant parts installed from a FULL Linux DISTRO!)

Please - DO "drink that point in, & digest it", because you can be certain others will read it also here...

APK

P.S.=> AND, ALSO/LASTLY, to "drive my point home" further:

Linux has nearly 3x as many in its kernel ALONE, not counting all else that Linux distros have for installation mind you, has 3x the "bugs" that MS stuff does in their ENTIRE MICROSOFT BUSINESS DEVELOPMENT SUITE IN ITS ENTIRETY (SQLServer DB Server, IIS 7.x Internet Information Server WebServer, MS-Office 2010, Microsoft Internet Explorer 9.x, & Microsoft Visual Studio 2010 (1 error only, rest are ALL zero except the OS, & after today? Might be ZERO for Windows 7 AGAIN, too (yes it was there for a LONG time too))... apk

fsdfrsd fvgdg

planchas ghd Hair Straightener last IV curling promise, movies and waves, and perfectly straight hair. What? GHD hair irons makes plancha del pelo ghd ceramic the test to see if it can ensure that each day is a good hair plates day.GHD launched for sale in limited edition pink Taylor that there must be an attachment in GHD IV Styler the packaging, including a heat resistant bag, a hairbrush, hair clips a. This pack comes with a warranty of two years, ghd IV sets, free delivery and 10 of each purchase will go to a charity for breast cancer research.
        Every girl wants to be the envy of your friends and have a product, ghd Hair Straightener, and a sort of limited series.Busy Scissors is a game produced by Little orbit hair, GHD South Africa, Redken LLC, which allows players of color, shampoo, cut, dry hair and style, while trying to achieve their virtual exhibition of his son. This ghd Hair Straightener Kiss Pink industry is the first video game, supported, enabling players to get something that is quite realistic in the field, allowing players to create realistic hair and jackets styles.moncler hairnew sale, Moncler coat, moncler jackets are selling children in the factory. onlinehere moncler Quilts with free shipping

Re:fsdfrsd fvgdg

[Flipstylee]

fucker

Re:This is known in the gaming industry for a long

[Nutria]

Guess what, I wrote a keylogger and send it to the dev team, every time when the game patches and installed, the thing will also install. Everytime we encounter a perpertual cheater will turn on the keylogger, colect all his infomation, and fight him back by loggin in to his facebook account and do shit.

I don't know about how things are (not) done in South America, but in the US and Europe is highly illegal.

Not MY PC they aren't

[macs4all]

I have a Mac.

Now before you punish-mod me into oblivion; let me explain:

I just happened to look at my security logs about a week ago, and there has been a steady (and I DO mean steady!) stream of ne'er-do-wells banging on my ssh port (yes, I use port 22. Call me smug).

The logfiles (that only went back to January, mind you) had SO many login attempts that I literally couldn't email them to a friend due to a 15 MB email attachment limit!

I gave up trying to convert the logs to PDF at 6,000+ pages (!!!) Not one successful login, other than my own. And there were dictionary attacks, Kerebos Attacks, attempts at root, some sort of attack to try and get Mach to spit out SOMETHING; you name it; people (bots) tried. And tried. And tried.

So yes, I feel a bit smug at this point.

Contrast with my friend's Dell running fully-patched XP SP3, with TWO firewall/AV packages running: Opened up an RDC port: BLAM!!! Hosed in a few days with some horrible thing that is completely and utterly un-killable. Keeps spawning SVCHOST.EXE processes, and the quicker you try to eradicate them, the more aggressively it spawns more! Never seen anything like it. No choice to "wipe and reload".

Ick.

Re:Not MY PC they aren't

You realise if you load up your Mac with an OS that is 4+ years out of date and 2 conflicting AV (you don't even tell which AV's, so we can't assume they were useful ones? AVG was one of them? :P) programs - they don't play well on their own, let alone when there's others trying to the same job on the same system - and then start opening ports, you're probably going to have a fucked machine as well.

IF you're going to offer anecdotes as evidence, at least lie and make sure the sample machines are on equal ground.

Come on man: Does it MATTER who put it out?

"Anonymous Coward spews data." - by Chris Tucker (302549) on Monday April 11, @01:25AM (#35778436) Homepage

Chris Tucker spews B.S.

---

"TL:DR" - by Chris Tucker (302549) on Monday April 11, @01:25AM (#35778436) Homepage

Same to you.

---

"Because, you know, it's from an Anonymous Coward." - by Chris Tucker (302549) on Monday April 11, @01:25AM (#35778436) Homepage

Because, you know, it's from a "REGISTERED LUSER."

APK

P.S.=> Per my subject-line though: Would it be "better data" (even if from the SAME VALID & RESPECTED SOURCE as I used) IF A "ReGiSTeReD LuSeR" put it up? The answer is NO... SO, please - enough w/ the trolling guys... apk

C.T.: Hard 2 tell IF you were "ribbing" or not, so

IF you weren't "ribbing/picking" on me in your reply here:

http://it.slashdot.org/comments.pl?sid=2077414&cid=35778436

Then I am sorry for interpreting your replies' statements as such, in my reply to YOU, here:

http://it.slashdot.org/comments.pl?sid=2077414&cid=35782938

(Man... it's just sort of tough to tell man, from how you phrased it is all!)

APK

P.S.=> I.E./E.G.-> See... Plus, I keep thinking of Chris Tucker from the movies (& he's a wise guy is why I figured it was an "attack" on myself, because I cannot HELP but think what you said is a "rib session", albeit on me (He's funny as hell though))... apk

Even LESS for MS now boys, 4x less vs. LINUX

DOWN TO 5 UNPATCHED SEC. VULNS IN THE ENTIRE MS PRODUCT LINE (almost) I NOTED IN MY LAST REPLY:

---

Vulnerability Report: Microsoft Office 2010: (04/12/2011)

http://secunia.com/advisories/product/30529/?task=advisories

Unpatched 0% (0 of 4 Secunia advisories)

---

Vulnerability Report: Microsoft SQL Server 2008: (04/12/2011)

http://secunia.com/advisories/product/21744/

Unpatched 0% (0 of 4 Secunia advisories)

---

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (04/12/2011)

http://secunia.com/advisories/product/17543/

Unpatched 0% (0 of 6 Secunia advisories)

---

Vulnerability Report: Microsoft Visual Studio 2010: (04/12/2011)

http://secunia.com/advisories/product/30853/?task=advisories

Unpatched 17% (0 of 6 Secunia advisories)

---

Vulnerability Report: Microsoft Internet Explorer 9.x: (04/12/2011)

http://secunia.com/advisories/product/34591/

Unpatched 0% (0 of 0 Secunia advisories)

---

Vulnerability Report: Microsoft Windows 7: (04/12/2011)

http://secunia.com/advisories/product/27467/?task=advisories

Unpatched 8% (5 of 59 Secunia advisories)

AND, of those 5 vulnerabilities, yes... 2 are still "remote". HOWEVER, they have EASY work-arounds, OR, are caused/utilized by faulty 3rd party apps you can just avoid, as there's usually an alternate app for most anything!

(E.G.., & of ALL things? Apple stuff triggers one, ITunes another, iirc, etc. but no other apps are KNOWN to - go figure, eh?).

The remaining can be avoided by not just downloading & running "anything" etc. (being utterly stupid in other words, or just ignorant (which in the case of a child, I could excuse (not an adult)).

I.E.-> "NO PROBLEMO!"

&

ALMOST 4x LESS THAN IS PRESENT ON THE LINUX 2.6x KERNEL ALONE (toss on the rest of what goes into a Linux distro? That # goes "up, Up, UP & AWAY...", bigime, "increasing that lead, that Linux has", lol, in more unpatched known security bugs present that is (a dubious honor/win, lol, to say the least!)

---

So, that "all said & aside"?

Microsoft's doing a HELL OF A GOOD JOB on the security front!

APK

P.S.=> Compare a "*NIX/Open SORES" OS in Linux's "latest/greatest"?:

---

Vulnerability Report: Linux Kernel 2.6.x (04/12/2011)

http://secunia.com/advisories/product/2719/?task=advisories

Unpatched 7% (19 of 259 Secunia advisories)

---

THAT? That's more than 4x as many as Windows 7 has that are unpatched, & has a REMOTE BUG UNPATCHED in the "ROSE" subsystem... PLUS, I'd wager there aren't EASY workarounds for them (or as many as MS has shown above)...

AGAIN - THAT'S ONLY THE LINUX KERNEL MIND YOU, not the entire 'gamut/array' of what actually comes in a Linux distro (such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO), THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE!

So, so much for "Windows is less secure than Linux" stuff you see around here on /., eh?

(It gets even WORSE for 'Linuxdom' when you toss on ANDROID (yes, it's a LINUX variant too), because it's being shredded on the security-front lately, unfortunately)

BOTTOM-LINE:

What this all comes down to, is all