Slashdot Mirror
Flame Malware Hijacks Windows Update
wiredmikey writes "As more research unfolds about the recently discovered Flame malware, researchers have found three modules – named Snack, Gadget and Munch – that are used to launch what is essentially a man-in-the-middle attack against other computers on a network. As a result, Kaspersky researchers say when a machine attempts to connect to Microsoft's Windows Update, it redirects the connection through an infected machine and it sends a fake malicious Windows Update to the client. That is courtesy of a rogue Microsoft certificate that chains to the Microsoft Root Authority and improperly allows code signing. According to Symantec, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing. The findings have prompted Microsoft to say that it plans to harden Windows Update against attacks in the future, though the company did not immediately reveal details as to how."
And an anonymous reader adds a note that Flame's infrastructure is massive: "over 80 different C&C domains, pointed to over 18 IP addresses located in Switzerland, Germany, the Netherlands, Hong Kong, Poland, the UK, and other countries."
and you thought Conficker was bad!
The security surrounding Windows Update is rather pathetic, certificate or no certificate. It's cost me many, many extra hours and headaches, while they're "hardening up" windows update, they should also make a vastly improved repair utility for it. I hate spending all that time removing a virus from a customer computer just to find out at the end that Windows Update is irreparably broken and SFC, their own fixit tool, 3rd party mass re-registration tools, and registry utilities all cannot fix it so I have to reinstall. Considering that an OS install is classified as "totaled" if Windows Update no longer works, maybe they should protect it better AND make a flawless, end-to-end reinstaller that resets it to absolute default settings and fully repairs it.
Funny thing to say about any version of Windows.
Question remains: how comes those people are so dumb? Being at de-facto cyberwar with a country, and still use closed source program originating from it?
Another one: Be rich and smart enough to have a nuclear research, but not smart enough to roll its own IT infrastructure base on code they can audit?
http://opencm3.net, http://www.nongnu.org/gm2/
A lot of people are predicting poor sales for Win8 because they dislike Metro; but there is probably going to be more visibility of the new "reset" capabilities of Windows 8, now that malware authors have raised their game to a new level.
http://support.microsoft.com/kb/971058
http://support.microsoft.com/kb/943144
Anyone know what this is about it's in the last paragraph "It's interesting to mention that these machines mostly run Windows XP and Windows 7 32 bit, but none of them run Windows 7 64 bit, which seems impervious against this and most other malware." Is that due to driver signing requirements?
Everyone that disagrees with me is a paid shill
OK, my notebook that still has Windows on it (out of pure laziness) has been nagging me about a security update for a couple of days, yesterday I went ahead and updated. Should I worry?
Free Martian Whores!
Way to spin it guys. Unsecured with plans in the future to do something about it. And its using their own certificate mechanism. I don't hold much hope in their ability to fix anything.
I don't think you're being fair. Microsoft has fixed more security holes than all the other software companies on the planet combined. And I have every faith that they will continue to fix thousands and thousands of security holes every year for a long, long time to come.
Of course, it's running Windows.
The preceding was meant tongue-in-cheek but even having said that there'll probably still be Linux/MS fanbois who want to take it seriously and start a flamewar.
Violence is like duct tape. If it doesn't solve the problem, you didn't use enough.
I'm not sure it works like that. It would be like me building a table with two legs and then getting kudos for adding two more legs a year later...
or best?
There are two types of people in the world: Those who crave closure
Damn. I knew I should have used a "/sarcasm" tag.
disable NetBIOS ?
I don't think I'm using it for anything... even my printer is set up with an IP address.
Captain Hindsight? Is that you?
Is that due to driver signing requirements?
Driver signing doesn't mean squat for security. Third-party drivers with security holes and back doors are a dime a dozen, and there are even some in Microsoft drivers, of course. I have a publicly-available CPU diagnostic utility that comes with a signed 64-bit driver that allows user mode to write to any desired MSR. That easily leads to executing arbitrary code execution, most easily by changing the syscall vector. Malware that acquires administrator privileges can just install some company's vulnerable driver.
Driver signing is really about DRM. Hollywood was strongly concerned about fake video card and sound card drivers being used to dump unencrypted content from protected sources. The proof of my statement is what happens when you boot the Vista/7/8 kernel in debug or test signing mode: everything works except Blu-Ray movies and other DRM content.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
If you are on a network that already features Flame, you should probably just wipe and reinstall now.
Otherwise, that security update was probably Microsoft's emergency blacklisting of the signing keys that were used to make the Flame components pass as MS-signed software...
Well, I am not an expert on the topic but there are a few things you might want to consider before you get all overexcited on that...
First, there are hardly any infections outside the Arab-world. (my guess is that it just takes a look at the keyboard driver in use) Going by your username you're not an Arab guy.
Second, the virus seems to be activated by some kind of a human operator, and well... you are probably not important enough (read: high level nuke scientist or something)
Third, this thing is in the wild since 2010, maybe even as early as 2007, and you didnt get infected in all the updates since then (I assume), or it is to late anyway.
Fourth, you use Windows and then ask if you might catch a virus? Seriously?
Fifth, to be absolutely safe: format your HD a couple of times, get OpenBSD on it with a strong root password (at least 128 characters), get the battery out and pack the thing in a lead box with walls at least 5 inch thick, fill the rest of the box with epoxy and bury the whole thing on a depth of at least 10 feet... on Pluto...
rm -rf --no-preserve-root /
According to the article, they say that infected machines will respond to NetBIOS name queries for Windows Update servers. That strikes me as odd. Don't you have to enable NetBIOS for DNS resolution in the Windows NT series? And aren't traditional BIND name servers a higher protocol bind order by default?
I thought I had read elsewhere that the problem was actually due to the insecurity of having "Automatically detect [proxy] settings" enabled for IE. When Windows Update fires off, it checks for the default proxy server on the subnet and an infected machine responds. If that's true, then we either need to move to a model where auto-discovery of proxy servers is disabled by default or that clients won't trust proxy servers without it having a trusted cert issued by a local authority.
Wouldn't help. Slashcode doesn't support it.
Faster! Faster! Faster would be better!
Why is Windows Update using netbios? I thought the A record DNS results for update.microsoft.com and related were hard coded in the OS to prevent these sort of spoofing attacks.
Is this something with the WSUS based updating procedure?
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
So if these things are government "cyberweapons", they are something like a cyber-landmines, with huge collateral damage. This will not go on for long.
You may want to build system images of important machines and just "re-image" after a virus infection. I do that with the few Windows machines we have here.
Clonezilla is fantastic for this. It's free and it make simple images that can be stored on any file share. It doesn't yet image to drives smaller than the original source machine, but I'm confident they will add that in the future. For now, I image to drives equal in size or larger.
Sure Acronis, Ghost and the like work as well, but it's hard to argue with free.
-ted
I saw an article about this already on Ars Technica. However, Ars included one detail that the Slashdot and Security Week stories don't:
Microsoft issued an emergency update Sunday that updated the Windows Certificate Revocation List specifically to expire the certificate used by this exploit.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
To fix a security hole, you have to release software with those holes first. Maybe all the rest can't compete, because they can't add up so many huge security holes.
Hindsight is when something is obvious in retrospect. a paper published before the infection is not hindsight, but foresight.
That said, I love how clicking on the link to a paper about a security vulnerability leads to my browser giving a security certificate warning....
When Windows Update was introduced, the first thought to go through my mind was, "I wonder how long until someone compromises this and uses it to push out malware." It took a lot longer than I thought.
That's just not the way malware works any more.
Early viruses were great, they did something obvious like put dialog boxes on your screen, ask for cookies, wipe your hard drive, or other obvious malicious behaviour. This was a good thing because it meant that they would never really spread that far because once infected, people knew they were infected, and the infection caused enough trouble to be worth fixing.
Modern malware is a completely different beast, the goal of modern malware is to be unnoticed by the end user so as to live as long as possible in the machine, and spread to as many others as possible. usually with the goal of leeching bandwidth from these machines for use in various botnets. As such, malware that causes your machine not to boot would defeat the purpose of modern malware. a machine that isn't booted up will not join a botnet, and will not spread to other machines.
What is more likely is that the virus writers will intercept the keys used by UEFI, manage to sign their own bootloader, and still run windows in a way that the average end user can't tell the difference. this will make the virus almost impossible to remove as it will then have more access to the system than even the operating system itself does. On the bright side, once the UEFI keys are in the wild, the various free operating systems can use those same keys to sign their own bootloaders allowing people to run non-windows software in a signed way on windows only hardware (call it jailbroken...)
Only if you're a Queensryche fan.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
If you read the summary of the article, you can deduce that a computer on your own subnet needs to be already infected before your machine can be infected.
I always have a fiber of suspicion when I update software from the Internet. Noob question: What precautions do the big distros like Fedora take to prevent "man in the middle" attacks for package updates? I ran the update tool on my new clean Fedora 17 install and there were a bzillion updates.
If this malware is part of a cyberwarfare effort by the US against Iran + Co, then isn't Microsoft - a US company - borderline committing treason by offering to patch the security hole?
Seven puppies were harmed during the making of this post.
Funny how when these problems arise, the government is especially silent...
But when there is someone infringing on COPYRIGHT the guns come out and they will issue international manhunts to bring the perpetrators down (even if only suspected). When there is a virus doing REAL WORLD DAMAGE, that's no biggie.
All packages are signed by Fedora or whoever the distro is, unless you turn off the gpgcheck feature then it won't install the package if it hasn't been signed. The gotcha is that if you can steal Fedoras gpg key or somehow create a collision attack, they are also screwed as well so they have the same issue.
Thanks for taking the fun out of it.
I am literally 3000 tokens away from the chaotic crossbow --Stephen
The US government has admitted to authorizing stuxnet. Now it looks like Flame is probably also a government authorized weapon.
My question is where did the money for the C&C servers come from? Those C&C domains were paid for with stolen credit cards and stolen identities. The same thing was used to purchase the VPSs used as the C&C servers. Why isn't there an outcry because the US government stole the identities and credit card numbers of private individuals to make these botnets? Where did they get these stolen identities? Did they use criminal means and buy them on the black market from other botherders? Did they just open their own files and roll the dice choosing people at random?
And then nuke it from orbit.
Oh crap. I was surprise last night when I got a Windows 7 update notification that was off the normal super Tuesday windows update. ::crosses fingers::
Iran is an Arab country now? Did anybody let them know? The rest of the comment is unfounded speculation and recycled nonsense. To everyone who modded "informative": doh!
Most Americans can't understand the differences between Persia and East Boise.
I think it may be better to say it is an attack targeted at specific regions or countries. Kaspersky had most of the module signatures in their database over 2 years ago and decided not to flag them as active malware. Most malware programs are small in size and spend a good deal of time trying to masquerade or hide itself from virus scanners. In Flames case it was a huge program using SQLLite and other normal business related applications to do the work. It was made to look like a normal business application which basically was hiding in plain sight that virus scanners determined harmless. The guys who built Flame and Stuxnet make Anonymous and other script kiddies look ridiculously stupid. As more and more applications get flagged as malware the only thing people will be able to actually run is the OS.
Of course. Americans are all idiots but somehow stil manage to lead the world in economic, military, and computer technology. It's a mystery.
All the people who say "if you run windows you will get a virus" make me laugh. I have run windows OS's for 15 years and have only been infected by one virus
I agree, that's pretty funny. Did you not believe them?
I am literally 3000 tokens away from the chaotic crossbow --Stephen
Of course I know the difference between Persians and East Boisans. Persians have the annoying tendency to say "Bro" after every other word, drive Mercedes and threaten to cut your balls off if you even look at a Persian girl. East Boisans say "Y'all" after ever other word, drive Ford F150s and fantasize about their sisters.
Greetings from LA.
If you were me, you'd be good lookin'. - six string samurai
Flame is not "Arab-centric". The tool kit exists now, and it will spread around the world. Every micro-generation has to learn the same lesson... and promptly to forget it: dump Windows. It's beyond compromised. That's why businesses and spooks like it. It defines police state software... sigh.
...Oh, wait.
OTOH, go to a network with no Windows systems, download update containing certificate revocations, and burn to CD before reinstalling and updating.
No because that was the root cert revocation that MSFT released to cancel TFA. if you are truly worried about Windows update frankly there is NO reason to run it the old fashioned way, especially when you have more than one machine as it'll just be a waste of bandwidth.
Instead just use WSUS Offline which will get the updates directly from MSFT using WGET and drop them in the folder of your choice, all nice and neat and complete with a simple .exe launcher. It can also take care of .NET, MSE updates, and MS Office from 2K3 up if you have any of those that also need updating. Its great and takes the hassle out of updating, especially on a new build but works just as well for any Windows from XP-Win 7 X64. Combine this with Ninite for third party software and frankly anybody can have a Windows system fully patched and loaded with the basics with almost zero effort.
ACs don't waste your time replying, your posts are never seen by me.
First, there are hardly any infections outside the Arab-world. (my guess is that it just takes a look at the keyboard driver in use) Going by your username you're not an Arab guy.
I doubt it looks at keyboard drivers to decide who to infect. I know a lot of people here in the US that have Arab keyboard drivers on their computers that aren't Arab, or obviously even in the Middle East. I'm one of them. Pretty much any university student studying Arabic has an Arabic keyboard downloaded for their computer. Simply looking at that would cause the malware to spread way too far, and cause way too much collateral damage if it's intended to be a targeted attack.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
No mystery. Numbers.
Even if the bell curve is skewed in the wrong direction (I'm not saying it is but many people seem to think so) the shear number of people means that there are plenty in the population near the top end of the curve capable of great innovation and there are so many at "reasonable average" levels such there is brawn and brain power available to make innovations work for the economy and feed back into the population to complete the cycle (overpowering the effect of the agents at the lower end of the curve and/or giving them jobs that help fuel (or at least lubricate) the economy further).
Same reason China has grown so fast in recent decades: once a chunk of that massive population was actually put to useful work (from the point of view of the economy, local and global) big things started happening.
Throwing people at a hard problem is often counter productive, but throwing people at implementing the solution to a solved problem often is, so being ahead in the numbers games can be a significant advantage.
amen. I'm sure there are Russian hackers right now thinking "oh no, we can't copy Flame for our own purposes because it only attacks Arab countries".
I wonder if a Flame variant is already out there, quietly waiting to do its thing after the fuss has died down a little? If Windwos Update tries to download a special certificate hotfix from mikrosoft.ru, I'd be reinstalling the entire OS.
I spent some time working in Saudi and I'd like to know how to check to see if I have have this crap on my computer. It's Wonderful that I can't check with Microsoft.
It's the only way to be sure
sag
The climate is better in Persia and there are a lot fewer Mormons.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Debateable/Possibly: I wouldn't use hosts for INTERNAL networks unless I used it for "failover" purposes actually. I'd rely more on ActiveDirectory Services (which is, of course, DNS dependent). I'd keep it around as a 'failsafe' then only.
Hosts are good/better, for other things... mainly online "layered security"/"defense-in-depth", better speed/bandwidth + faster resolutions of IP addresses to host-domain names.
(I've posted it here many times before, but I wouldn't rely on them solely (though they're EASY to 'migrate' to end user rigs via logon scripts for example)).
APK
P.S.=> SORT of IMPORTANT, on that note (Since you mentioned hosts):
I just picked up the C&C server list that's known so far for the "FLAME" malware here:
http://www.securelist.com/en/blog/208193540/The_Roof_Is_on_Fire_Tackling_Flames_C_C_Servers
I integrated it into my hosts file - also for my roommate who uses Windows Server 2003 32-bit...
(However/Again: I am "impervious" so far @ least, via Windows 7 64-bit as I noted here in the reply you responded to, plus the patch for this issue -> http://www.start64.com/index.php?option=com_content&view=article&id=5779:update-for-windows-7-for-x64-based-systems-kb2718704&catid=38:64bit-update&Itemid=98 )
I built a new custom hosts file using that 1st url - just for "layered-security"/"defense-in-depth" purposes (what you can't touch can't hurt you) as well as firewall rules tables for the IP addressed servers it communicates with also...
I can't "proof myself" any better than that @ this point, since my systems are always "security-hardened" anyhow... apk
why people think it's OK to break the law, so long as you're doing it with tax dollars. Forget the other threats to the country, tolerate that long enough and you're practically begging for despotism.
I find it easier and more sane, if Windows is necessary, to run linux or BSD on the iron, and install Windows to a virtual machine while network isolated, no updates, no patches, no AV, though install all necessary applications that are otherwise actually useful, Office stuff, whathaveyou, have a mounted shared folder from the VM on the actual real HD for documents, and then zip the machine before plugging in the net cable. After every use, nuke the VM, unzip a new instance, a freshly clean install in a min. or so... If there's any concern about what's in the shared doc folder, set up a cron on the *nix side to scan it once in while... or just gmail the documents folder to yourself and let Google disinfect it... but otherwise never update the WinVM, never scan it, never let your processor do anything that isn't actually work. Wash, rinse, repeat... I just never could get the hang of Tuesdays. Though your idea is neat too... presumably you get some nice bug fixes I won't... but my way takes less steps and is far more secure... theoretically, of course. Also, I bet anything my unpatched unupdated system is much much faster and more responsive, even virtualized, than your fully patched, updated, and periodically virus scanned system is running on your bare iron. Not ideal for gaming... but this would work in any office environment well, once tweeked so office-types don't keep stumbling out of the VM and into the real system, and with a cron nuking the machine every night (or every hour) when they logout.
The Admin and the Engineer
This smells an awful lot like natural selection for biological pathogens - if one is so virulent that it kills the host at the cost of its reproductive ability, it will eventually be replaced by those pathogens that don't kill the host, but affect it as little as possible while borrowing its infrastructure. Neat.
Hey Bro! Y'all getting in rain down there in Lower Alabama?
If you are on a network that already features Flame, you should probably just wipe and reinstall now.
Otherwise, that security update was probably Microsoft's emergency blacklisting of the signing keys that were used to make the Flame components pass as MS-signed software...
The MS description of the update said it was to update the CRL list, so yes it was basically blacklisting the compromised certificate.
>the shear number
In the stress tensor, the shear is represented by two components, so there cannot be a shear number.
On the other hand, if you meant sheer, then it makes one wonder in which portion of the curve you write about you are... unless this curve is so "skewed in the wrong direction", to use your words, that it got sheared...
"Politicians and diapers must be changed often, and for the same reason."
We do, but just like you we have to clean crap off the machines of other people that install bonzi buddy or similar, or who are unlucky enough to get infected with a new virus before an antivirus update is available.
Interesting link there but since I deal with linux in a workplace the criticism doesn't deal with any situation I ever come across, so I can't really comment one way or another.
Microsoft backups have consistently been incomplete enough to spawn an industry of third party tools to fill the gap. NTBACKUP was nice until you wanted to recover the registry or those important status tracking documents that some users always have open. Reboot and clone with something outside the OS is still the only way to be sure despite nearly every OS that predated NT being able to do proper backups without much trouble.
If you read the summary, the infected machine spoofs microsoft domain names. So if you are part of network that has an infected machine, using windows update directly or wgetting from microsoft would produce the same results. And WSUS uses the same key to verify the signature too.
Its just that linux users notice these things, and tend to complain about it. Windows only users tend to believe in the status quo (that how it has always been done, thats how other operating system do it too, etc), as they have not been exposed to Mac or Linux or BSD.
So which TM are you trying to invoke? is it imaginary problems kill Windows or people who "know" Linux love it or its great once you get "used" to it? If you are gonna spout the usual BS please choose the appropriate TM so we know which bullshit you are going for, thanks.
BTW I'm sorry your OS is totally pointless on the desktop, but it is. Even a tiny bit of common sense keeps Windows running bug and hassle free, hell you don't even have to PERSONALLY have any common sense, just know someone who does who can set the first run up for you, and all the decent software that is FOSS? yeah its all got a Windows port, sorry. Your OS just doesn't have any reason to exist on the desktop, its just a waste of time.
ACs don't waste your time replying, your posts are never seen by me.
I just picked up the C&C server list that's known so far for the "FLAME" malware here:
http://www.securelist.com/en/blog/208193540/The_Roof_Is_on_Fire_Tackling_Flames_C_C_Servers
I integrated it into my hosts file - also for my roommate who uses Windows Server 2003 32-bit...
You mean the servers, which had been operating for years, that went offline immediately after Kaspersky Lab disclosed the discovery of the malware’s existence last week ? http://www.kaspersky.com/about/news/virus/2012/Kaspersky_Lab_Experts_Provide_In_Depth_Analysis_of_Flames_Infrastructure
You mean the servers active for the past 4 years changing name more than 80 (known !) times (+ all the unknown ones) ?
So you were not protected (granted nobody was) while they were online and you're now protected when they are all offline ?
"This sarcasm was brought to you by the AAA".
That is a valid argument, you didn't use my other point though, that it seems to be 'directed or activated' by a human operator.
rm -rf --no-preserve-root /
This Fed black op - if it ever reaches the light of day - will be revealed to be as well thought out as the 'Fast and Furious' debacle of giving guns to Mexican cartels.
The US leads the world in but two things: shit and debt.
Well, we may be more full of shit than anybody else, but Europe is farther in debt than we are. Its debt is dragging the entire world's economy down.
Free Martian Whores!
You would think getting a windows certificate to be almost impossible, yet they managed to get one in order to push the fake updates, how does that happen???
Isn't it funny how all the Linux guys can't seem to keep Windows running and clean, while everybody else doesn't seem to have a bit o' trouble?
I've been hit by exactly two viruses: the Michelangelo boot sector virus I carried home from work on a floppy (that would have been 15-20 years ago) and Sony's XCP trojan rootkit. Most of the last ten years I've used Linux dual-boot, right now I have one Linux box and one Win7 box that will be dual-boot soon.
The Linux box has only 750K of RAM and runs like a top and has for a few years. The notebook (1 gig RAM) used to be fast, but it's six months old and slowing (God damned ever-growing registry).
Linux is a hell of a lot more of a PITA than Windows on its worst day. Don't take my word for it, read this fine article from one of the Red hat devs who says what linux is going through now is its "death cries" from mistakes made in the design at its conception.
I never did like Red Hat, you might want to take that article with a large grain of salt. If there were "mistakes made in the design at its conception" then it would have falen apart long before now, it's twenty years old. And you're wrong about Linux being a PITA; the Linux box gives me no trouble at all, Windows continually pisses me off. Linux updates every few weeks or so, and does so with a single click and no reboots. Windows (or one of the apps running on it) wants to update every two weeks or even more often, and almost always requires a reboot.
If Linux has a quality problem, then why is it Windows that needs patched at least monthy? Why is Windows so much slower on the same computer?
So if you want to spend your weekends fiddling with your PC like a 73 Dodge?
Then Windows is the OS for you!
the rest of us just use a decent AV and a tiny bit of common sense and magically we don't have any problems.
Thoseof us on Linux and Macs need no AV and "magically" have no problems (I could be wrong about Macs, I have no recent experience with them).
Free Martian Whores!
and all the decent software that is FOSS?yeah its all got a Windows port
Awesome, last hurdle to my windows adoption finally cleared. Could you point me to the windows port of ZFS? Or, BTRFS would do too, but I would prefer ZFS.
Remote GUI login FOSS with multiple users logging on simultaneously would be nice too.
A single repository where I can update all my Software including the OS, and find new ones too, using a FOSS adminstration tool would be great.
thanks
Bingo Dictionary - Pragmatist, n. A myopic idealist.
I have always and will continue to bitch about Windows. With each new release of windows the paid-for press and bloggers gush about how "they got it right this time" and each time it turns to crap.
Now we're on the cusp of the Windows 8 release and the usual gushing is going on.
How can people be so dumb? Will they ever learn?
Purely for the lulz alone, I would have loved to been in the position to distribute a faked, nonfunctional, version of that CRL update, signed with the very certificate that it was supposed to be revoking...
Well, the main box is running Linux so I won't worry TOO much. If the Win box craps out, I can always slap Linux on it.
Free Martian Whores!
Yup, you just described a typical military system: Linux, VMware and a Windows VM. Although they do run anti-virus too.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Your OS just doesn't have any reason to exist on the desktop
I have better things to spend my money on than OSes and apps. Like more hardware, guitar strings, beer... it's foolish to spend money on bottled water when it's free out of the water fountain.
I'm a nerd, but I'm not Bill Gates. I have better places to waste my money than Redmond, especially since the free OS is head and shoulders above the paid-for one.
Free Martian Whores!
Actually it says a lot about how good Windows security has become that the only attack vector now is a fake certificate, something way beyond the reach of most hackers and non-government agents. Plus the Russians, or anyone else, won't be able to use Flame's cert anyway as it isn't public, the only people who have it are MS and the creators of the virus.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Nobody gives a shit about ZFS but server admins. Just to make this clear, pathetic as it may be that I have to spell this out for FOSSies but apparently they are too clueless to understand this, that or they know they can't win on the subject at hand so they move the goalposts so here goes: We are NOT talking about your LAMP, your cell phone OR your toaster. the majority does NOT care about these things and are NOT the subject at hand which is DESKTOPS. Go run your benches on your LAMP and post them to "Nobodygivesafuck.com" thanks.
As for repos if you are TRULY not smart enough to go to the site of the person that makes the software and download it? Then you should stay on Linux because you are too retarded to run anything else. But if downloading Adobe Flash is soooo damned difficult for you there is Ninite which is "check box, push button" and I might remind you your much touted repo system? yeah they were serving malware in the form of an infected Quake 3 for over a year and a half, sorry. And that's just one we KNOW about, not telling how many we don't because if you honestly think a handful of guys can check a revolving door of 20,000+ packages and understand even what 25% of them are doing I have some magic beans you might be interested in.
It doesn't change the fact that Linux? completely pointless on the desktop. this is why no B&Ms carry it, why both Walmart and Asus dropped it, its just pointless. The only REAL legitimate gripe, which was Windows requiring one to run as admin, was fixed half a decade ago. Even one of the Red hat engineers admits the Linux desktop model is broken but of course since that goes against your RELIGIOUS DOGMA you will probably say he's a M$ Ninja, sekretly working to attack RMS with fungicide on them nasty feets.
This is why i enjoy laughing at FOSSies, like Moonies or any other religious loonies the amount of hoop jumps they have to go through to justify their dogma in the face of logic is just as funny and entertaining. Just admit your logic follows the circle of loon already, otherwise please go back to compiling something as the vast majority of the world really DOES NOT CARE, it really really don't. Oh and guess what? Android shows what we have been saying all along, that as soon as Linux was a valuable target it would get fucked by the malware writers and surprise! android malware is all over the place. great security you have there chief, really makes it worth the bullshit and hassle. of course if you prefer that "security by obscurity" thing maybe you should go with haiku instead, that would make you REALLY leet, LOL!
ACs don't waste your time replying, your posts are never seen by me.
then it makes one wonder in which portion of the curve you write about you are...
I'm not on that particular curve as I'm not a Statesian. As school I always tested ahead of the curve (sometimes by a statistically significant amount though often by so little it was as likely to be statistical error as anything else) on just about everything, aside from spelling and mental arithmetic.
unless this curve is so "skewed in the wrong direction", to use your words, that it got sheared...
That does sound somewhat like my home town...
not quite - the current vulnerability is via the hacked certificates. The recent update blacklisted 3 certs used in windows update.
That is certainly one way of looking at it, but I think it's actually more that the whole purpose has changed. Early malware was written by people with pure malicious intent, these were practical jokes written either to hurt the victim, or to prove how great the writer's programming skills were. Modern malware is written for profit and power. Modern viruses are designed to amass an army of computing power and bandwidth. After it is there it is used in many different ways. The most common 2 however are spreading spam for profit (hard to block the sending host when there are a million of them spread around the world) and attacking large organizations. Only with the power of a large botnet can you have enough bandwidth at your disposal to effectively knock a large website off the internet (and once again, hard to block the originator when there are a million of them spread accorss the globe). You are no longer distributing the virus to your victim, instead you distribute the virus to millions of other people and then use their computers to attach your true victim.
But I thought you said
and all the decent software that is FOSS?yeah its all got a Windows port
but now you are having to digress from the subject?
Ahh, you were trolling. It must be tragic having to ignore yourself, but your signature would force you to. My sympathies.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
Although they do run anti-virus too.
My understanding is its necessary to prevent the spread to other systems, not necessarily to protect the vm which is easily restorable to a clean state, but documents that are portable and may move from system to system, some of which are real and not virtual, can reak havoc. I guess what makes me nuts is the unexamined notion that anti-virus is an important fundamental part of an operating system, as though by definition, espescially when the vendor that created the entire AV economy by having a defective philosophy towards software development and defective operating system to begin with personally gets into the game with its own (initially non-free) anti-virus offering. Any Windows machine, if secured properly, will spend more processor cycles scanning for virus than doing any other single individual task. This is ridiculous. I, for one, didn't make a significant hardware investment just so I could sit around scanning for virus.
Yup, you just described a typical military system: Linux, VMware and a Windows VM
THANK YOU... This makes me feel all warm and fuzzy inside. I've been evangelizing about this method, which I suppose I came up with on my own in parallel to (at least internally, if not publically) published university (and, now I learn, unpublished military) computer security theory, since 2003. /pats self on back
The Admin and the Engineer
I've been hit by exactly two viruses
This statement, and statements like it, epitomizes the arrogance of even competant Windows admins. They always seem to assume that if they follow the security proscriptions that their systems and their ass is covered.
My suggestion is to assume the opposite: that you are always infected and have no way of detecting it! And then come up with a solution that solves this regardless of your prowess at detecting or eliminating these fucking things. Virtualizing the infectable OS inside one that is not infectable is a step in the right direction.
It's not Windows admins, btw, that are the problem, fundamentally. It is (or was mistakes made in the past yet still relevant due to the insistence upon compatibility with decades old software) a grave mistake of software design and the philosphy of software design that originated with Microsoft and lax security policies within their OS, allowing coders to develop extremely poor security habits regarding their software.
Consider that Microsoft inadvertently created the entire industry of anti-virus, and then once they recognized it as a profitable commercial space, rather than fixing the security deficiencies of the operating system itself, began themselves to compete within this commcercial space. Imagine a car manufacturer doing something like this... selling millions upon millions of cars that are defective, then instead of fixing the design or recalling the vehicles for repair, instead began to compete against the third parties that offered solutions for mitigating the defects. This would immediately make the car manufacturer a target for class action lawsuits brought by customers, and yet Microsoft has yet to see such litigation against them for selling and reselling licensing to an operating system that is, at best defective when it comes to security.
The Admin and the Engineer
"Microsoft has fixed more security holes than all the other software companies on the planet combined. "
No other company had even remotely needed to fix millions of holes. Microsoft is unique.
It's no mystery. The Chinese will sell that shit to anyone but you guys always offer the highest price.
http://en.wikipedia.org/wiki/List_of_countries_by_public_debt
http://en.wikipedia.org/wiki/List_of_countries_by_external_debt
I keep sorting the tables by their columns and watching fascinated how flags are rearranged and can't get a bloody clue... which one is the winner?
***Game Over***Insert Coin***
You are right, of course which is why I never bank nor pay bills via internet, nor have anything on the Windows box (personal info, etc) that could be useful to criminals. Also, I keep backups (that's a lesson from the University of Hard Knox; it doesn't take a cracker or virus to destroy your data, only a head crash).
For the longest time I couldn't figure out why there were so many rabid Windows fans at /., but then, I imagine a lot of folks here make some pretty good money cleaning crap out of Windows machines.
What you describe in the last paragraph is one of the many reasons I went to Linux. I need to get Linux on that notebook, if only to make networking between the two boxes easier.
Free Martian Whores!
The US has already began returning manufacturing facilities and jobs from foreign countries. And the rate of return is increasing yearly. Rare earth elements and car component manufacturing are just a few examples of those US industries abandoning foreign manufacturing sources and going domestic. Even off shore software development is being reduced. And by the way if the US raised the tariffs on China's imports or even stopped importing China's products it would crash China's economy. China makes nothing that the US could not obtain from other foreign countries or produce domestically. Meanwhile China is importing food imports by a factor of 5 over the past 6 years from the US. They have went from a surplus to deficit economy. China is at the limit of adjusting thier currency to balance inflation and export prices. When people talk about China's growth they always use best case models that rely on China always making optimal decisions in regards to their economic policies. And those who say China owns the US don't know what they are talking about. China is investing in the US because they consider the US a safe and stable rate of return. They are not "loaning" the US money.
I'm fixing a hole where the malware gets in
To keep my mind from wandering...
And? It does, which is why there is no damned point in Linux on the desktop. Firefox, gimp, Libre office, all the software other than server shit that nobody gives a fuck about but server nerds is already on windows.
Tell you what sparky, you name me ONE good reason, just one mind you, why ZFS would be useful on a consumer desktop. just one. you won't be able to answer that because there isn't one, its whole function is SERVER fault tolerance and to allowing the pooling of drives, both things that might be nice for your LAMP stack but completely fucking pointless on the desktop.
But if you want to pretend that everyone needs a LAMP stack, that is your business, but considering the FOSSies have had 20 damned years+ now and are still craptastic as far as the numbers go and in fact have started declining, which is even more telling as W3 schools is a nerd heavy site and even THEY aren't seen any growth, well you can't blame the OEMs and everyone else from simply not giving a crap.
ACs don't waste your time replying, your posts are never seen by me.
Irrelevant, Mr Troll.
and all the decent software that is FOSS?yeah its all got a Windows port
If you are saying ZFS is not "decent", I have no more hopes of sanity from you.
Else, you are contradicting yourself.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
You really need some serious anger management therapy and some reality injected into your life.