How did I misunderstand and twist what he said? He made a negative comment about something he presumably hates, instead of telling us the wonders of something he loves. Honestly, I can only surmise that what he loves is worse since he could have just told us the wonders of it. I did hit submit when I meant to hit preview so I left some editing errors in, but generally that's what I said and meant.
If I didn't know anything about the Tea party of their opposition, I would assume the Tea Party were the best from reading your post. Why? Because you did not dedicate that time and energy telling us the wonders of the other what you believe in, so must not be much to tell..
I answer this question so much I should just put it on my blog and link to it. System 7.5 - Mac OS 9 had NO SECURITY whatsoever and software was shared with write-able disks, and so, many people wrote malware for fun and fame in those days. Since around Mac OS X's release, software is distributed on read-only media (CDs, DVDs. blu-ray is still a bag of hurt I hear) and the threats come from exploiting programs over the network or social engineering to trick the user to download a trojan. Exploiting a program and social engineering mean selecting mac users on web sites when they are outnumbered 10:1 by Windows users typically, with malware being profit driven now-a-days because all of the mainstream OSes are basically secure against the trivial threats of 90's malware, it hardly ever makes sense to target 5% over 90%. In the same sense that most games are not available for macs, the profit incentive is not there. The argument that your logic leads to is that Macs are not infected because they can not be infected, but this and other malware prove that wrong. Mac malware thusfar does not do anything profound that Windows malware doesn't do, basically the user is tricked into downloading it and it does what it wants. It's not like mac malware so-far is some mission impossible type stuff and more difficult to deploy than windows malware..
There was a smoke grenade thrown, but we do not know many pertinent details. Was visibility *totally* obscured for everyone? It's possible someone would have gotten a clear shot on the guy before he killed and injured most of the people he did. Of course, I guess it's possible it was about as much visibility as a moonless desert night, and everyone would of shot each and died too, but I find that extremely unlikely. Also, if everyone was armed, I doubt people such as the shooter would even attempt this, they'd usually be too scared they'd get shot too fast before causing lots of damage, and thus waste their one chance for fame and glory.
What are you talking about? You do not get 'checked' when a business has a sign that says no guns, it simply means if you are a law abiding citizen with a CCW and someone finds out you have a gun in there, you will get charged. Of course, anyone who goes to these places to shoot people, is not going to care about the sign or being charged for breaking the business' no-guns policy.
What? Exploiting a flaw in a vulnerable web browser on a mobile device has little to do with standard Unix/Linux permissions. The malware inserted into the browser will run with the privileges of the browser, which is more than enough to cause a lot of grief. Even if the browser is sand boxed, the malware can steal any data put into the browser such as credit card #s or email/banking logins. It's very useful to make this as hard as possible.
This is not the air-tight argument you imagine it is. 1. it makes it difficult for average users to run programs they need, thus presenting another reason they will avoid linux. 2. if your response is 'they can learn how to mark those programs executable' or even if it is not, the users will just mark malware executable, perhaps with instructions in the email/webpage/whatever they got the malware from. Typing a few commands in a command line is not going to slow down the average drooling computer user that wants to run jenniferlopez3some.pl, especially after they've done it a few times. I can't understand how you don't get this.
Now, it's been a while since I looked into this so don't bite my head off if my information is not current, but last I checked Java had problems with DEP and ASLR and did not opt into them (on Windows). Even if a flaw is not 0-day, it's much easier to attack without DEP and ASLR, so in my opinion that's another reason to heap a high level of scorn upon it.
Found this from June 2010: http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf - not sure if anything has changed with java but I know some of the other apps have switched on DEP and ASLR.
Who needs a soul or magic? With nanobots and AI, someone could torture someone (or everyone), well, forever. What would people do if they knew that, and knew such technologies were coming soon? Perhaps this is the reason most people call the singularity a 'nerd rapture' and other things, there are very unpleasant possibilities inherent in a very technologically advanced universe and it's better if nobody acknowledge they're coming to keep people from panicing.
Picture something like the Matrix, except..There is no possibility EVER of the "One", no escapees from the system, no resistance, no nothing just slaves in a system. Might look like this world, might look like something else. Assuming some mad man that controls nanobots/AI doesn't decide to say, kill all the men and take the women as slaves..*forever*. Pleasant dreams..
I would posit: no. Consider, today it is considered magic to say a killer's heart transplanted into your body will cause ill effects. However, this will not always be strictly magical thinking, along with most anything you can think of as magic. It would take me a much longer post to explain, but if you assume nanobots and Artificial intelligence are possible, then an entity with these technologies could actually apply an ill effect to your life because you have a killer's heart transplanted into your chest.
But you would know if someone developed this technology right? Not necessary, of course there is the possibility of an ET applying it to our environment in a stealth fashion, along with humans developing it before you were born then simulating an 'ancient' planet like today's earth and applying such 'magical' constructs as the aforementioned ill effected killer's heart.
Since you can not physically rule out such things (though you can say it's highly unlikely anything would be that childish with such advanced technology) you have to accept that such magic may actually be a physical property of your reality.
And to top it off, there's no sensible way to approach this, the simulators/ET/whatever with AI/nanobots may give you good luck for being smart enough to say there's nothing wrong with a killer's heart, or they may say the complete opposite and say you should know better since so many average people think it's a bad idea. Statistically it might even out, but realistically you wouldn't be able to rely on statistics. Kind of mindfucking isn't it?
Of course I didn't mean to imply it could not ever happen, but you're risk is substantially lower thanks to real security features. Allow me to use a stupid analogy; Using a condom typically prevents AIDS and pregnancy, but not always, but I'll take some protection over almost none. Microsoft's Security Intelligence Report states that XP boxes are 10 times more likely to have malware over Windows 7 boxes, but the risk is never going to be eliminated completely (well, not until we get to a different computing architecture, maybe AI controlled molecular computing or something.)
Yea pretty much this. XP lacks key security features, like ASLR and browser sandboxing, ACL'ed services and so on. Win 7 (and Vista) also have better multicore support, more widely supported and compatible x64 versions, and better SSD support. So I would say to all these "XP ain't broken" comments, that it depends very much on your definition of "broken" because XP seems very broken to me (in this age, though it might have been dandy back in 2002.)
If you depend on specialized apps or games that don't run in Win 7 or you're poor, then yea you're stuck, but pretty everyone else should dump XP and upgrade. I upgraded my friends and family to Vista and Win 7, and now I never get malware help calls, I'm loving it.
"It seems reasonable to me that if there were a healthy mix of desktop operating systems in the marketplace malware authors would have a much harder time spreading their trash around and Windows users would be much better off."
Gosh, you know I hate to seem like a tyrant, I know people like the other operating systems, but I can't help but to think from a purely technical perspective, this situation leads to things like Java, which gets exploited more and more and apparently the makers of java can't use DEP (and ASLR?) because of the nature of generating code and executing it, or it's very hard to use effectively and java is accounting for more and more flaws including multiplatform trojans that Run Anywhere.
I think multiplatform only seems like a viable route because the current multiplatform situation is such that malware writers have no incentive to attack the other (non-windows) platforms. Once they have incentive, I see no reason they will not expand to include everyone, nevermind java, just plain attacking based on user agent..
Also, what happens to the market when you need 3 (and why limit it to three, why not 100 equally distributed OSes?) to run all the different programs you want. To a large degree there will be multiplatform releases, but realistically what would happen is you'd want a program for platform #1 that's not available for platform #2, a program that's available for platform #2 and #3 but not #1 and so on. Sorry but I'll take Windows ANY day over that, and I actually as you said, like Windows, I can't help it, despite all the barrage of attacks on the internet from posters and blogs against Windows, I find it works, I haven't seen a crash not caused by hardware in years, I haven't had malware since 2003 when I made the mistake of plugging XP RTM into the internet (thank god MS enabled the firewall by default in SP2 and later), and it runs all my games, programs, plays media, etc. I just hope they continue to improve it as with Vista and Win 7. *shrug*
Which general purpose OS will stop the user from DOWNLOADING a piece of malware? Pretty much none, except something like iOS but users would scream bloody murder if MS only allowed whitelisted applications to run on Windows. The DOJ would have Balmer's head before he finished the sentence declaring that was MS' new course.
I think of the term 'malware chaser', it's like 'ambulance chaser' but applies to alternative OS users who see a story about malware on Windows. Always there to pimp their OS which is no better just less used.
+5 informative? None of these programs generates a warning for downloading. I just don't get slashdot, you all consciously lie and go along with it. It's not at all true, maybe it's funny? Certainly I don't understand an high informative mod for something that is categorically false.
You know, there are legal avenues a shareholder can pursue if he/she feels that MS is lying. I'm guessing you don't feel like putting your money where your mouth is however.
How can you claim that linux isn't vulnerable to browser drive-by attacks? If you are referring to 0-day holes in the browser, any OS can have them. What does 'automatic email' even mean, as opposed to 'manual email' which is secure? And Windows boxes are 99% likely to be broken into when the user disables auto-updates because some paranoid told him MS uses them to spy on them, or because they download Porn.exe for FreeSuperAV.exe. Linux would have the same problem if it had a large ignorant user base as Windows does. They would download files and execute them, and elevate, and get pwned. The only reason this doesn't happen is because 1. nobody targets linux because it has so little market share 2. the few who use linux are self-selecting, and they tend to be more educated about computers (almost all of them know how to program as opposed to average Windows users who think computers are black magic) so social engineering, the big attack on windows, doesn't work on them. Also if an attack were working, it'd be reported on sites like slashdot, where almost all linux users go to for news.
Linux has no 'superior Security model', actually quite the opposite, from it's "12 bits of security ought to be enough for anybody", to it's trojanable elevation prompts", unlike Windows with ACLs since NT was introduced in '93 and secure desktop to prevent interaction/spoofing of password prompts.
Windows is secure, it has to be because of how much it's attacked and used, but you can't make a security feature that defeats human stupidity, people will do anything to run porn.exe, the more hoops you put in, the more you turn off average users from using the system, but idiots will still do whatever is necessary to run the trojan they think is jennifer lopez in a lesbian tripple X scene.
BTW, NSA key is to allow the NSA to implement their own security algorithms without having to have them signed and therefore analyzed and looked at by MS. This is important because MS does not have clearance for NSA algorithms.
So your theory of why this doesn't mention linux is utterly destroyed.
Like the other guy said, it's a good thing for the Admin to be able to bypass this security when and where he needs to. The point of these protections is to prevent unwanted code on the internet from running on the user's box. And they do that just fine. BUT if the Admin wants to make exceptions for specific sites (for corporate intranet sites that need this or whatever) then he can, but that's all. Normally, without an Admin setting an exception in group policy, active-x can not auto-install and you can not bypass the IE sandbox. Not sure how much more clear I can make this...
"the ActiveX Installer Service checks whether the URL requesting the ActiveX control installation is approved in Group Policy."
The URL has to be approved (by the administrator of the PC) before active-x can be auto-installed. You did know this right? The second link talks about making your own broker process to bypass IE sandbox, but you need again code running (and authorized by the user) on the box first.
Slashdot Mirror
How did I misunderstand and twist what he said? He made a negative comment about something he presumably hates, instead of telling us the wonders of something he loves. Honestly, I can only surmise that what he loves is worse since he could have just told us the wonders of it. I did hit submit when I meant to hit preview so I left some editing errors in, but generally that's what I said and meant.
If I didn't know anything about the Tea party of their opposition, I would assume the Tea Party were the best from reading your post. Why? Because you did not dedicate that time and energy telling us the wonders of the other what you believe in, so must not be much to tell..
Great, now I'll need to find some matching sun glasses to go with my tin foil hat..
I answer this question so much I should just put it on my blog and link to it. System 7.5 - Mac OS 9 had NO SECURITY whatsoever and software was shared with write-able disks, and so, many people wrote malware for fun and fame in those days. Since around Mac OS X's release, software is distributed on read-only media (CDs, DVDs. blu-ray is still a bag of hurt I hear) and the threats come from exploiting programs over the network or social engineering to trick the user to download a trojan. Exploiting a program and social engineering mean selecting mac users on web sites when they are outnumbered 10:1 by Windows users typically, with malware being profit driven now-a-days because all of the mainstream OSes are basically secure against the trivial threats of 90's malware, it hardly ever makes sense to target 5% over 90%. In the same sense that most games are not available for macs, the profit incentive is not there. The argument that your logic leads to is that Macs are not infected because they can not be infected, but this and other malware prove that wrong. Mac malware thusfar does not do anything profound that Windows malware doesn't do, basically the user is tricked into downloading it and it does what it wants. It's not like mac malware so-far is some mission impossible type stuff and more difficult to deploy than windows malware..
As opposed to being mowed down like helpless sheep and cattle?
There was a smoke grenade thrown, but we do not know many pertinent details. Was visibility *totally* obscured for everyone? It's possible someone would have gotten a clear shot on the guy before he killed and injured most of the people he did. Of course, I guess it's possible it was about as much visibility as a moonless desert night, and everyone would of shot each and died too, but I find that extremely unlikely. Also, if everyone was armed, I doubt people such as the shooter would even attempt this, they'd usually be too scared they'd get shot too fast before causing lots of damage, and thus waste their one chance for fame and glory.
What, you mean like Mexico and other Latin American Countries? "Oh, wait.." as people here frequently like to say..
What are you talking about? You do not get 'checked' when a business has a sign that says no guns, it simply means if you are a law abiding citizen with a CCW and someone finds out you have a gun in there, you will get charged. Of course, anyone who goes to these places to shoot people, is not going to care about the sign or being charged for breaking the business' no-guns policy.
What? Exploiting a flaw in a vulnerable web browser on a mobile device has little to do with standard Unix/Linux permissions. The malware inserted into the browser will run with the privileges of the browser, which is more than enough to cause a lot of grief. Even if the browser is sand boxed, the malware can steal any data put into the browser such as credit card #s or email/banking logins. It's very useful to make this as hard as possible.
This is not the air-tight argument you imagine it is. 1. it makes it difficult for average users to run programs they need, thus presenting another reason they will avoid linux. 2. if your response is 'they can learn how to mark those programs executable' or even if it is not, the users will just mark malware executable, perhaps with instructions in the email/webpage/whatever they got the malware from. Typing a few commands in a command line is not going to slow down the average drooling computer user that wants to run jenniferlopez3some.pl, especially after they've done it a few times. I can't understand how you don't get this.
Now, it's been a while since I looked into this so don't bite my head off if my information is not current, but last I checked Java had problems with DEP and ASLR and did not opt into them (on Windows). Even if a flaw is not 0-day, it's much easier to attack without DEP and ASLR, so in my opinion that's another reason to heap a high level of scorn upon it. Found this from June 2010: http://secunia.com/gfx/pdf/DEP_ASLR_2010_paper.pdf - not sure if anything has changed with java but I know some of the other apps have switched on DEP and ASLR.
Who needs a soul or magic? With nanobots and AI, someone could torture someone (or everyone), well, forever. What would people do if they knew that, and knew such technologies were coming soon? Perhaps this is the reason most people call the singularity a 'nerd rapture' and other things, there are very unpleasant possibilities inherent in a very technologically advanced universe and it's better if nobody acknowledge they're coming to keep people from panicing.
Picture something like the Matrix, except..There is no possibility EVER of the "One", no escapees from the system, no resistance, no nothing just slaves in a system. Might look like this world, might look like something else. Assuming some mad man that controls nanobots/AI doesn't decide to say, kill all the men and take the women as slaves..*forever*. Pleasant dreams..
I would posit: no. Consider, today it is considered magic to say a killer's heart transplanted into your body will cause ill effects. However, this will not always be strictly magical thinking, along with most anything you can think of as magic. It would take me a much longer post to explain, but if you assume nanobots and Artificial intelligence are possible, then an entity with these technologies could actually apply an ill effect to your life because you have a killer's heart transplanted into your chest.
But you would know if someone developed this technology right? Not necessary, of course there is the possibility of an ET applying it to our environment in a stealth fashion, along with humans developing it before you were born then simulating an 'ancient' planet like today's earth and applying such 'magical' constructs as the aforementioned ill effected killer's heart.
Since you can not physically rule out such things (though you can say it's highly unlikely anything would be that childish with such advanced technology) you have to accept that such magic may actually be a physical property of your reality.
And to top it off, there's no sensible way to approach this, the simulators/ET/whatever with AI/nanobots may give you good luck for being smart enough to say there's nothing wrong with a killer's heart, or they may say the complete opposite and say you should know better since so many average people think it's a bad idea. Statistically it might even out, but realistically you wouldn't be able to rely on statistics. Kind of mindfucking isn't it?
Of course I didn't mean to imply it could not ever happen, but you're risk is substantially lower thanks to real security features. Allow me to use a stupid analogy; Using a condom typically prevents AIDS and pregnancy, but not always, but I'll take some protection over almost none. Microsoft's Security Intelligence Report states that XP boxes are 10 times more likely to have malware over Windows 7 boxes, but the risk is never going to be eliminated completely (well, not until we get to a different computing architecture, maybe AI controlled molecular computing or something.)
Yea pretty much this. XP lacks key security features, like ASLR and browser sandboxing, ACL'ed services and so on. Win 7 (and Vista) also have better multicore support, more widely supported and compatible x64 versions, and better SSD support. So I would say to all these "XP ain't broken" comments, that it depends very much on your definition of "broken" because XP seems very broken to me (in this age, though it might have been dandy back in 2002.) If you depend on specialized apps or games that don't run in Win 7 or you're poor, then yea you're stuck, but pretty everyone else should dump XP and upgrade. I upgraded my friends and family to Vista and Win 7, and now I never get malware help calls, I'm loving it.
"It seems reasonable to me that if there were a healthy mix of desktop operating systems in the marketplace malware authors would have a much harder time spreading their trash around and Windows users would be much better off."
Gosh, you know I hate to seem like a tyrant, I know people like the other operating systems, but I can't help but to think from a purely technical perspective, this situation leads to things like Java, which gets exploited more and more and apparently the makers of java can't use DEP (and ASLR?) because of the nature of generating code and executing it, or it's very hard to use effectively and java is accounting for more and more flaws including multiplatform trojans that Run Anywhere.
I think multiplatform only seems like a viable route because the current multiplatform situation is such that malware writers have no incentive to attack the other (non-windows) platforms. Once they have incentive, I see no reason they will not expand to include everyone, nevermind java, just plain attacking based on user agent..
Also, what happens to the market when you need 3 (and why limit it to three, why not 100 equally distributed OSes?) to run all the different programs you want. To a large degree there will be multiplatform releases, but realistically what would happen is you'd want a program for platform #1 that's not available for platform #2, a program that's available for platform #2 and #3 but not #1 and so on. Sorry but I'll take Windows ANY day over that, and I actually as you said, like Windows, I can't help it, despite all the barrage of attacks on the internet from posters and blogs against Windows, I find it works, I haven't seen a crash not caused by hardware in years, I haven't had malware since 2003 when I made the mistake of plugging XP RTM into the internet (thank god MS enabled the firewall by default in SP2 and later), and it runs all my games, programs, plays media, etc. I just hope they continue to improve it as with Vista and Win 7. *shrug*
Which general purpose OS will stop the user from DOWNLOADING a piece of malware? Pretty much none, except something like iOS but users would scream bloody murder if MS only allowed whitelisted applications to run on Windows. The DOJ would have Balmer's head before he finished the sentence declaring that was MS' new course. I think of the term 'malware chaser', it's like 'ambulance chaser' but applies to alternative OS users who see a story about malware on Windows. Always there to pimp their OS which is no better just less used.
+5 informative? None of these programs generates a warning for downloading. I just don't get slashdot, you all consciously lie and go along with it. It's not at all true, maybe it's funny? Certainly I don't understand an high informative mod for something that is categorically false.
You know, there are legal avenues a shareholder can pursue if he/she feels that MS is lying. I'm guessing you don't feel like putting your money where your mouth is however.
How can you claim that linux isn't vulnerable to browser drive-by attacks? If you are referring to 0-day holes in the browser, any OS can have them. What does 'automatic email' even mean, as opposed to 'manual email' which is secure? And Windows boxes are 99% likely to be broken into when the user disables auto-updates because some paranoid told him MS uses them to spy on them, or because they download Porn.exe for FreeSuperAV.exe. Linux would have the same problem if it had a large ignorant user base as Windows does. They would download files and execute them, and elevate, and get pwned. The only reason this doesn't happen is because 1. nobody targets linux because it has so little market share 2. the few who use linux are self-selecting, and they tend to be more educated about computers (almost all of them know how to program as opposed to average Windows users who think computers are black magic) so social engineering, the big attack on windows, doesn't work on them. Also if an attack were working, it'd be reported on sites like slashdot, where almost all linux users go to for news. Linux has no 'superior Security model', actually quite the opposite, from it's "12 bits of security ought to be enough for anybody", to it's trojanable elevation prompts", unlike Windows with ACLs since NT was introduced in '93 and secure desktop to prevent interaction/spoofing of password prompts. Windows is secure, it has to be because of how much it's attacked and used, but you can't make a security feature that defeats human stupidity, people will do anything to run porn.exe, the more hoops you put in, the more you turn off average users from using the system, but idiots will still do whatever is necessary to run the trojan they think is jennifer lopez in a lesbian tripple X scene. BTW, NSA key is to allow the NSA to implement their own security algorithms without having to have them signed and therefore analyzed and looked at by MS. This is important because MS does not have clearance for NSA algorithms. So your theory of why this doesn't mention linux is utterly destroyed.
ever deserved a friendly 10 gigabit DDOS from anonymous, these guys are it.
"True, but with free software, you choose on whom to depend."
Just like you can choose to depend on MS. BTW, which linux distro releases patches for 10 year old releases, I'm curious..
Like the other guy said, it's a good thing for the Admin to be able to bypass this security when and where he needs to. The point of these protections is to prevent unwanted code on the internet from running on the user's box. And they do that just fine. BUT if the Admin wants to make exceptions for specific sites (for corporate intranet sites that need this or whatever) then he can, but that's all. Normally, without an Admin setting an exception in group policy, active-x can not auto-install and you can not bypass the IE sandbox. Not sure how much more clear I can make this...
"the ActiveX Installer Service checks whether the URL requesting the ActiveX control installation is approved in Group Policy." The URL has to be approved (by the administrator of the PC) before active-x can be auto-installed. You did know this right? The second link talks about making your own broker process to bypass IE sandbox, but you need again code running (and authorized by the user) on the box first.