Trying to disinfect Linux from the inside is relatively easy. Never have critical components as modules (they should be compiled in for security and for performance) and disinfect via single-user mode.
Riddle me this: If someone obtained root privileges, why couldnt they... *replace/bin/sh with a symlink to their own infected process? *replace the bash, ksh, and csh binaries with infected copies? *infect grub with a boot virus? *add trust for a 3rd party root certificate (or add third party GPG keys) and tamper with your hosts file so your next update pulls (signed) updates from a malicious host? *simply replace your sources.list /.repos with ones that point to malicious hosts? *Infect various binaries so that any particular one, when run, would reinfect the system? (good luck hunting each instance down without a specialized tool)
By the way, most of these have been done on windows. Trying to disinfect a system from within is sometimes possible, but a well written rootkit makes it an absolute nightmare, because you can never tell if the MBR is clean, or if the drivers have been infected, or if your filesystem is lying to you, or if your registry editors have been subverted.
Granted, on a hardened Windows or Linux system, the infection should never take place to begin with; but when you compare desktop Windows to desktop Linux, I dont think youll find that Linux is that much superior, if at all.
This is why conventional wisdom says, once a machine is compromised, the only true way to trust it again is to format (including boot sector) the drive and start again. Hell, given the ability to write BIOS / firmwares from the OS, and the increasing sophistication of viruses, it may not be long before that too is not enough.
That was the same person, its the first time ive heard it mentioned, and they didnt label it with a name or give any sort of way to check their facts. It would be like if I accused the UK of having imprisoned an indeterminate number of minorities and torturing them at some point in the past 100 years; how the hell are you supposed to fact check that?
By the way, name calling? Thats at least as much of a fallacy as what you accuse me of.
Its what hes accused of, and what people are defending him for. If youre arguing "if acquitted, Manning should be freed", I would wholeheartedly agree with you.
Incidentally, thats a really really bad example. Jesus crime was that the Jews didnt like him and managed to drum up false witnisses. Thats always been a miscarriage of justice. Crucifixion was always reserved for high crimes, and in Jesus case because the accusations amounted to "insurrection".
Regardless, we have avoided death penalties that involve torture since the very founding of our country. If youre asking "has treason always gotten a death penalty", the answer is basically "yes".
Lynch mobs continued to exist even after congress made them illegal, because on a local level there was heavy support for them. I think thats what parent was going after.
Also, there's whistleblower protection. If you are uncovering corruption, rather than giving aid to the enemy, your actions are not criminal.
Problem is, the vast vast vast majority of what Manning uncovered was NOT corruption, it was just classified. Even if you say "this document's leak was protected, and so was that one", hes still in pretty deep trouble.
People still havent answered this: Even if we were to assume your statements were 100% accurate, it STILL doesnt answer the question, "why release the other 99,000 documents?"
According to Wired Magazine, "WikiLeaks may have just bolstered one of the Bush administration’s most controversial claims about the Iraq war: that Iran supplied many of the Iraq insurgency’s deadliest weapons and worked hand-in-glove with some of its most lethal militias. The documents indicate that Iran was a major combatant in the Iraq war, as its elite Quds Force trained Iraqi Shiite insurgents and imported deadly weapons like the shape-charged explosively formed penetrator bombs into Iraq for use against civilians, Sunni militants and U.S. troops."[
Thats damning stuff right there.
Seriously, did you even read that list? The first 10 or so talk either about interesting statistics that may have been misreported, and several issues of the Iraqi security forces. The worst you can really pin on our military (at least from the first several bullets there) is that we classified the reuters reporters killed in the gunship incident as enemy combatants.
You mean that war that was agreed to in a landslide congressional vote? Yes, its TOTALLY our military's fault for following the Commander in Chief's orders which were grounded on a Congressional declaration of war.
What was unlawful about keeping classified the diplomatic wires?
Noone really seems to want to address that, even though its been brought up in basically every thread on Manning since his arrest. The best answer ive seen is that there shouldnt be any secrets, and diplomacy should occur in the public; but thats what we call a preference grounded in fantasy.
And if it were to rain doughnuts we wouldnt have to deal with starvation, but obesity would become a problem. What do either of those scenarios have to do with Manning? Did he discover evidence of such?
So you want Manning punished for publishing classified info.
I think thats what we're saying, yes.
Do you want those who improperly classified info to be punished, as well?
As that is neither a violation of oaths, nor military code, nor US law, I think the appropriate response is to determine who is at fault and hold them accountable through the normal democratic process.
And yet there remains a chain of command. Manning can take a risk and go by his own morality, thats true; but to expect the military not to try him in a military court is absolutely insane. A huge part of letting this whole thing work is the fact that their remains consequences if you choose to defy orders for what you see to be the greater good (otherwise, you could never try a soldier for anything, ever).
And Im still a little fuzzy on what specific atrocities were unveiled by the diplomatic cables that he leaked; care to clear that up?
The best that people seem to be able to scrape together for "crimes that Manning revealed" is the whole "collateral murder" thing which was the biggest example of bias in reporting Ive seen in my life. Once you remove Assange's whole "make a hero out friendly-fire casualties and bash the US whilst we're at it" commentary, and watch the raw footage, you get a much different picture. I suppose if youve seen the commentaried version first, it will color subsequent viewings, but having seen both, I think that it doesnt take wacky, far-fetched conspiracy theories to explain what seems to be pretty simple-- people obeying the chain of command but making a mistaken ID.
Or was there a better example of "crimes" that you can come up with out of the leaks?
Spin is when someone takes a military personel's violation of his oaths and betrayal of trust as something that should be ignored or lauded. Of course the public wants to know military secrets, that doesnt make it any less against the law, and any less deserving of a military trial.
Mod me down, but ask yourself this-- if this were 1863, and manning has spilled military secrets to the papers, do you think A) he would have been given a medal B) he would have languished in a cell until after the war was over, given a trial, and hung as a traitor?
This is neither new, nor surprising. When you get cleared to handle sensitive information, and when you are in the military no less, violating that trust has really serious implications.
Everything you complained about is true of OSX, BSD, and Linux. Getting a virus to run on boot is just a matter of symlinking or messing with run-level scripts. Trying to disinfect it-- potentially after kernel modules has been loaded-- is foolhardy from within the compromised system.
What you describe is a reality of malicious executables launched with root privileges-- theres simply no easy answer.
All AV software can do is get a copy of the new variant, and update their definitions to suit.
Thats not really accurate. If it was simply a matter of doing database lookups, most AV engines would be basically the same. What sets them apart is how they deal with unknown threats-- which usually involves heuristics (most AVs) or sandboxing (which Avast does, probably others), or other attempts to go beyond simple hashing to figure out whether what the unknown program wants to do is essentially the same as a known virus.
How well they do that differentiates them.
Note, for example, that GMER's anti-rootkit program hasnt been updated in something like 2 years, but it remains able to detect many rootkits-- without any definition files. Instead of looking for hash matches, it actually looks for symptoms of an infection (dll hooks, mis-reported system file hashes, MBR tampering, etc).
And also - what kind of anti-virus will be first on the list of the malware producers to circumvent?
Today there are many different AV solutions and it's almost impossible to evade them all, but now there will be one main target.
This is the real tragedy of it. Right now Microsoft Security Essentials is good, I would guess, largely because it is NOT the most common AV. Norton and McAfee (which are garbage anyways) still seem to be the biggest targets, and of course they get attacked the hardest, which lets the slim and fast MSSE (and others like Avast) remain excellent and somewhat off the radar.
Integrating Antivirus into the OS is useless. Whens the last time Windows Defender caught anything? Any thoughts on why that might be?
Windows has made great strides in security over the past 10 years, but that doesn't make it a secure OS.
Youre comparing hardened enterprise server Linux distros to Windows desktop installations where users are browsing the web with plugins daily. Thats not even a remotely fair comparison. Compare Windows Server 2008 Core (or even Standard) to your Linux enterprise servers, and then we can talk.
Compare linux server infections to Windows Server infections, and you have a viable comparison. Comparing Linux desktop viruses to WIndows would be a little more fair, but not really, since youre talking 0.1% of the market and there really isnt anyone who would want to spend time writing a virus for a heavily fragmented, highly technical userbase with a tiny percentage of the market.
Windows, on the other hand, has a highly cohesive UI across its base (double-clicking an EXE will generally execute it, whereas double-clicking a.desktop,.RPM, or.deb in Ubuntu vs CentOS vs Arch will do wildly different things) and a huge market share, and a lot less problems with dependency hell-- you can generally be assured that a virus written for Windows XP will run on Vista, 7, 2003, 2008, and SBS 2011.
How many of those colo servers are browsing the internet with Flash and Java plugins enabled?
Factor that into "potential targets for my Flash plugin 0-day virus", and GP's comments are a lot more on-point. Those big servers dont factor in for viruses, because they way they get compromised isnt the same as how desktops do-- they require either automated or targetted login attempts, not browser exploits (which is what the discussion was about-- computer compromise by way of a malicious executable).
It causes the worst kind of confusion when people bring brute-force login attempts into a discussion about malicious executables, since the causes and mitigations for the two are completely different.
You deploy GPOs which lock down which programs the user can run, and restrict them to IT- department approved applications. All user-writeable locations would notably be in the "do not allow" list.
Whats that, you meant for home users? Yea, theres no fix for that (not even OSX), sorry. So long as a user can run content from areas that he can write to, he will be able to be tricked into running malicious code. It is, unfortunately, a feature of open systems that the computer will run whatever code you tell it to.
The comparison to anarchy was not meant to be derogatory, but accurate. Both anarchy and BSD license would state that "freedom" means "no restrictions" whereas governmental systems and GPL would both say that it is necessary to curtail some freedoms in order to be guarenteed others.
I like both licenses, incidentally, but depending on your goals, GPL might be more practical. Anarchy, communism, democracy, etc are also only rough parallels when used in comparison to software licenses and methods-- whereas the "communism model" of OSS is actually workable because people can have real jobs, and BSD license is workable in ways that anarchy is not (because the BSD license exists inside of a system with laws), the actual political models do not work.
Drug companies pushing the FDA into saying that only drugs can cure diseases which means anyone using non Big Pharma approved remedies can go to prison?
FDA doesnt write laws, genius. It DOES rule on drug classifications, and rightly says that 80% of alternative medicines are bogus. Your defense of them kind of indicates the direction this discussion is headed though, so Im just going to back slowly away now.
Trying to disinfect Linux from the inside is relatively easy. Never have critical components as modules (they should be compiled in for security and for performance) and disinfect via single-user mode.
Riddle me this: If someone obtained root privileges, why couldnt they... /bin/sh with a symlink to their own infected process? .repos with ones that point to malicious hosts?
*replace
*replace the bash, ksh, and csh binaries with infected copies?
*infect grub with a boot virus?
*add trust for a 3rd party root certificate (or add third party GPG keys) and tamper with your hosts file so your next update pulls (signed) updates from a malicious host?
*simply replace your sources.list /
*Infect various binaries so that any particular one, when run, would reinfect the system? (good luck hunting each instance down without a specialized tool)
By the way, most of these have been done on windows. Trying to disinfect a system from within is sometimes possible, but a well written rootkit makes it an absolute nightmare, because you can never tell if the MBR is clean, or if the drivers have been infected, or if your filesystem is lying to you, or if your registry editors have been subverted.
Granted, on a hardened Windows or Linux system, the infection should never take place to begin with; but when you compare desktop Windows to desktop Linux, I dont think youll find that Linux is that much superior, if at all.
This is why conventional wisdom says, once a machine is compromised, the only true way to trust it again is to format (including boot sector) the drive and start again. Hell, given the ability to write BIOS / firmwares from the OS, and the increasing sophistication of viruses, it may not be long before that too is not enough.
That was the same person, its the first time ive heard it mentioned, and they didnt label it with a name or give any sort of way to check their facts. It would be like if I accused the UK of having imprisoned an indeterminate number of minorities and torturing them at some point in the past 100 years; how the hell are you supposed to fact check that?
By the way, name calling? Thats at least as much of a fallacy as what you accuse me of.
Its what hes accused of, and what people are defending him for. If youre arguing "if acquitted, Manning should be freed", I would wholeheartedly agree with you.
Incidentally, thats a really really bad example. Jesus crime was that the Jews didnt like him and managed to drum up false witnisses. Thats always been a miscarriage of justice. Crucifixion was always reserved for high crimes, and in Jesus case because the accusations amounted to "insurrection".
Regardless, we have avoided death penalties that involve torture since the very founding of our country. If youre asking "has treason always gotten a death penalty", the answer is basically "yes".
Ok, then we can use World War 1, or World War 2, or the Revolutionary war. All that would change is whether you were hung or shot.
Lynch mobs continued to exist even after congress made them illegal, because on a local level there was heavy support for them. I think thats what parent was going after.
Also, there's whistleblower protection. If you are uncovering corruption, rather than giving aid to the enemy, your actions are not criminal.
Problem is, the vast vast vast majority of what Manning uncovered was NOT corruption, it was just classified. Even if you say "this document's leak was protected, and so was that one", hes still in pretty deep trouble.
People still havent answered this:
Even if we were to assume your statements were 100% accurate, it STILL doesnt answer the question, "why release the other 99,000 documents?"
According to Wired Magazine, "WikiLeaks may have just bolstered one of the Bush administration’s most controversial claims about the Iraq war: that Iran supplied many of the Iraq insurgency’s deadliest weapons and worked hand-in-glove with some of its most lethal militias. The documents indicate that Iran was a major combatant in the Iraq war, as its elite Quds Force trained Iraqi Shiite insurgents and imported deadly weapons like the shape-charged explosively formed penetrator bombs into Iraq for use against civilians, Sunni militants and U.S. troops."[
Thats damning stuff right there.
Seriously, did you even read that list? The first 10 or so talk either about interesting statistics that may have been misreported, and several issues of the Iraqi security forces. The worst you can really pin on our military (at least from the first several bullets there) is that we classified the reuters reporters killed in the gunship incident as enemy combatants.
You mean that war that was agreed to in a landslide congressional vote? Yes, its TOTALLY our military's fault for following the Commander in Chief's orders which were grounded on a Congressional declaration of war.
What was unlawful about keeping classified the diplomatic wires?
Noone really seems to want to address that, even though its been brought up in basically every thread on Manning since his arrest. The best answer ive seen is that there shouldnt be any secrets, and diplomacy should occur in the public; but thats what we call a preference grounded in fantasy.
And if it were to rain doughnuts we wouldnt have to deal with starvation, but obesity would become a problem. What do either of those scenarios have to do with Manning? Did he discover evidence of such?
So you want Manning punished for publishing classified info.
I think thats what we're saying, yes.
Do you want those who improperly classified info to be punished, as well?
As that is neither a violation of oaths, nor military code, nor US law, I think the appropriate response is to determine who is at fault and hold them accountable through the normal democratic process.
And yet there remains a chain of command. Manning can take a risk and go by his own morality, thats true; but to expect the military not to try him in a military court is absolutely insane. A huge part of letting this whole thing work is the fact that their remains consequences if you choose to defy orders for what you see to be the greater good (otherwise, you could never try a soldier for anything, ever).
And Im still a little fuzzy on what specific atrocities were unveiled by the diplomatic cables that he leaked; care to clear that up?
The best that people seem to be able to scrape together for "crimes that Manning revealed" is the whole "collateral murder" thing which was the biggest example of bias in reporting Ive seen in my life. Once you remove Assange's whole "make a hero out friendly-fire casualties and bash the US whilst we're at it" commentary, and watch the raw footage, you get a much different picture. I suppose if youve seen the commentaried version first, it will color subsequent viewings, but having seen both, I think that it doesnt take wacky, far-fetched conspiracy theories to explain what seems to be pretty simple-- people obeying the chain of command but making a mistaken ID.
Or was there a better example of "crimes" that you can come up with out of the leaks?
Spin is when someone takes a military personel's violation of his oaths and betrayal of trust as something that should be ignored or lauded. Of course the public wants to know military secrets, that doesnt make it any less against the law, and any less deserving of a military trial.
Mod me down, but ask yourself this-- if this were 1863, and manning has spilled military secrets to the papers, do you think
A) he would have been given a medal
B) he would have languished in a cell until after the war was over, given a trial, and hung as a traitor?
This is neither new, nor surprising. When you get cleared to handle sensitive information, and when you are in the military no less, violating that trust has really serious implications.
Everything you complained about is true of OSX, BSD, and Linux. Getting a virus to run on boot is just a matter of symlinking or messing with run-level scripts. Trying to disinfect it-- potentially after kernel modules has been loaded-- is foolhardy from within the compromised system.
What you describe is a reality of malicious executables launched with root privileges-- theres simply no easy answer.
All AV software can do is get a copy of the new variant, and update their definitions to suit.
Thats not really accurate. If it was simply a matter of doing database lookups, most AV engines would be basically the same. What sets them apart is how they deal with unknown threats-- which usually involves heuristics (most AVs) or sandboxing (which Avast does, probably others), or other attempts to go beyond simple hashing to figure out whether what the unknown program wants to do is essentially the same as a known virus.
How well they do that differentiates them.
Note, for example, that GMER's anti-rootkit program hasnt been updated in something like 2 years, but it remains able to detect many rootkits-- without any definition files. Instead of looking for hash matches, it actually looks for symptoms of an infection (dll hooks, mis-reported system file hashes, MBR tampering, etc).
And also - what kind of anti-virus will be first on the list of the malware producers to circumvent?
Today there are many different AV solutions and it's almost impossible to evade them all, but now there will be one main target.
This is the real tragedy of it. Right now Microsoft Security Essentials is good, I would guess, largely because it is NOT the most common AV. Norton and McAfee (which are garbage anyways) still seem to be the biggest targets, and of course they get attacked the hardest, which lets the slim and fast MSSE (and others like Avast) remain excellent and somewhat off the radar.
Integrating Antivirus into the OS is useless. Whens the last time Windows Defender caught anything? Any thoughts on why that might be?
There is a large and interesting attack target.
Not for browser-based exploits it isnt.
Windows has made great strides in security over the past 10 years, but that doesn't make it a secure OS.
Youre comparing hardened enterprise server Linux distros to Windows desktop installations where users are browsing the web with plugins daily. Thats not even a remotely fair comparison. Compare Windows Server 2008 Core (or even Standard) to your Linux enterprise servers, and then we can talk.
Compare linux server infections to Windows Server infections, and you have a viable comparison. Comparing Linux desktop viruses to WIndows would be a little more fair, but not really, since youre talking 0.1% of the market and there really isnt anyone who would want to spend time writing a virus for a heavily fragmented, highly technical userbase with a tiny percentage of the market.
Windows, on the other hand, has a highly cohesive UI across its base (double-clicking an EXE will generally execute it, whereas double-clicking a .desktop, .RPM, or .deb in Ubuntu vs CentOS vs Arch will do wildly different things) and a huge market share, and a lot less problems with dependency hell-- you can generally be assured that a virus written for Windows XP will run on Vista, 7, 2003, 2008, and SBS 2011.
How many of those colo servers are browsing the internet with Flash and Java plugins enabled?
Factor that into "potential targets for my Flash plugin 0-day virus", and GP's comments are a lot more on-point. Those big servers dont factor in for viruses, because they way they get compromised isnt the same as how desktops do-- they require either automated or targetted login attempts, not browser exploits (which is what the discussion was about-- computer compromise by way of a malicious executable).
It causes the worst kind of confusion when people bring brute-force login attempts into a discussion about malicious executables, since the causes and mitigations for the two are completely different.
You deploy GPOs which lock down which programs the user can run, and restrict them to IT- department approved applications. All user-writeable locations would notably be in the "do not allow" list.
Whats that, you meant for home users? Yea, theres no fix for that (not even OSX), sorry. So long as a user can run content from areas that he can write to, he will be able to be tricked into running malicious code. It is, unfortunately, a feature of open systems that the computer will run whatever code you tell it to.
The comparison to anarchy was not meant to be derogatory, but accurate. Both anarchy and BSD license would state that "freedom" means "no restrictions" whereas governmental systems and GPL would both say that it is necessary to curtail some freedoms in order to be guarenteed others.
I like both licenses, incidentally, but depending on your goals, GPL might be more practical. Anarchy, communism, democracy, etc are also only rough parallels when used in comparison to software licenses and methods-- whereas the "communism model" of OSS is actually workable because people can have real jobs, and BSD license is workable in ways that anarchy is not (because the BSD license exists inside of a system with laws), the actual political models do not work.
Drug companies pushing the FDA into saying that only drugs can cure diseases which means anyone using non Big Pharma approved remedies can go to prison?
FDA doesnt write laws, genius. It DOES rule on drug classifications, and rightly says that 80% of alternative medicines are bogus. Your defense of them kind of indicates the direction this discussion is headed though, so Im just going to back slowly away now.