Good post. Another thing the OP is wrong about is that Windows does do sandboxing, and it does it by default. IE runs in a sandbox, so does office (to what extent, I'm not sure though), chrome does, and so does the new Adobe Reader X.
Enable protected mode in trusted and intranet zones if you are concerned about it. But I'm guessing you're less interested in a solution, than just whining about the problem.
It doesn't give admin access. It's still better than Firefox, since firefox doesn't have a sandbox at all. And you can disable this bypass easily by enabling protected mode in the intranet and trusted zones. Another clueless reply on slashdot about Windows security, "color me shocked."
Loading programs at higher integrity levels can be disabled completely (vs. the default prompt that you say people 'cick through'), it's in internet options->security->custom level->allow applications and unsafe files to be run. Set to disabled. Assuming you are actually talking about the integrity level aspect, and not the download metadata as someone else supposed.
Total nonsense, you are going to need every security bell and whistle in unix and people are going to be trying to break through it on unix as well. And the security will not be exactly the same, but it's more or less equivalent on both unix and Windows. Saying things like DEP provides more protection on unix than Windows is hogwash, in some specific circumstances they will be different but unless there's some evidence to show otherwise, it's probably insignficant and could go either way (more secure in Windows or more secure in Unix, for instance.)
Probably my post. Anyway, you can (and I have for a while) just enable Protected Mode in the intranet and trusted zones to defeat this 'bypass'. Even without that, the malware has to bypass ASLR, DEP, SEHOP, GS, and possibly several other things. But even so, what's your point? These are the same protections unix OSes have. If Windows is insecure while using them, then so is unix. (and supposively Windows ASLR, for instance, is a lot more secure than Mac OS X's.)
I run no AV, I see no reason. I run Windows 7 x64, enable DEP and SEHOP for all processes, and max out UAC. With DEP, ASLR, stack/heap smashing protection, SEHOP, UAC, and sandboxing (Windows Mandatory Access Controls) the system is about as secure as it gets. I also enable per-site activex, so only sites I approve can run active-x controls, and don't run binaries unless it's from well known companies (nvidia, intel, microsoft, apple, valve, etc.) I've been programming assembly language since the early '90s, and worked at an AV company back in 96 or so (Norman Data Defense, dunno if they are still around or what happened to them) and I KNOW what to look for, and there has never been anything on my Vista or Windows 7 boxes. I also run occasional scans with MSE and Malware Bytes, but don't use the active protection (and uninstall MSE when I'm done.) Never anything. Running Malware free in modern Windows (I.E. not XP) can be done, it just takes a little common sense.
Modern Windows basically have all the same protection measures that Linux and Mac OS X have, it is the users and the amount of targets that is different. Most Windows users are not hacker types unlike Linux guys, and are targeted so heavily that a lot more infections are inevitable. In fact, Charlie Miller, probably the world's most famous hacker, winner of pwn2own 3 times, *and* a Mac OS X user, has said that 3 year old Vista is more secure than brand new Snow Leopard (less attack surface and better ASLR were the reasons I saw given.) I'd be modded a troll if I said the same thing, here, without attributing the original source.
So it makes no sense to say Windows is insecure, you might as well say all general purpose OSes are insecure, since they all use the same protection techniques.
Strange defition of success and failure that passes around these parts. Mac OS with 3.5% worldwide market share after 20 years is a 'smashing success', Linux with 1% after 15 years is likewise a smashing success. Vista with 20% market share in 3 years is a utter failure, and windows mobile with a sizeable amount of the smart phone market is likewise an utter failure. Do you guys attend some special North Korean-esque reeducation camp to learn all this stuff?
For the 50 millionth time, Bill Gates didn't make any such claim about 637K, 640K or whatever. The memory limit in MS-DOS was dictated by the CPU, the 8086 made by Intel, and chosen by IBM for the IBM PC. Sorry to be off topic but I get sick of people slandering this guy, who would never say a bad word about IBM and Intel for doing exactly what they accuse Bill Gates of, because of their support of Linux and Apple.
That is an application flaw, they should use the proper API (and fixed paths) instead of the one that loads.DLLs from the current freakin directory. That's like coding a script file of 'rm / -rf' (or whatever the command is) and saying linux is a cruft of compatibility and security vulnerabilties.
Give me a break. NT IS the rewrite of Windows, compared to Windows 9x, like OS X compared to OS 9. People, especially here, just can't wrap their heads around the fact that MS had a stable, pre-emptive multitasking, secure OS before Apple, so they just randomly throw out that NT needs to be rewritten. Besides nebulous empty rhetoric like Windows having a broken design, what's wrong with it that a rewrite would fix? You guys have neglected to spell this out, though I know the routine, now that I ask I'll get a bunch of ad-hoc crap about the registry or whatever (like a re-write would be necessary to go back to Windows 3.1.INI files, which WAS truely a broken design) just so you guys can say you knew. And especially in a security context, Windows has all the security features of OS X and Linux, like guarenteed seperation of users and Admins, ASLR, DEP, sandboxed browser, ACLs, MACs, and so on. The only thing 'broken' about the design of Windows that a re-write would fix, is that its market share crushes Mac OS X and Linux. Granted they could switch to managed code, but since neither Linux nor Mac OS X use managed code I fail to see how this constitutes a broken design in Windows. Seems every time we have a vulnerability in Windows we have to have this same lame discussion, but whenever there is an equiv. vulnerability in Linx/Mac OS X, everyone accepts the obvious and sane sentiment that vulnerabilties happen in all code, they get fixed, and life moves on.
All the viruses are for Windows, for the same reason all the games are for Windows, not cause they won't run on unix but because Windows is 90% of the market. Some games get rewritten for linux, because developers are saps and feel sorry for linux users, virus writers have no such pity, so it looks like a windows specific problem, when it is not. World famous hackers like Charlie Miller, who is a mac user btw, has said that 3 year old Vista is more secure than brand new Snow Leopard. So please put your cup of kool-aid down and verify what your unix friends tell you, because most of it is propaganda with the aim of saying anything at all to increase unix's pathetic market share.
Depends on if you want 30 fps or 60 fps, and if you want high levels of AA and AF or none, and if you want high resolution or medium resolution. I'm getting a gtx 580 to replace my gtx 480, which I play to sell, because of lower noise and improved performance.
I find 30 fps to be choppy, in fast paced FPS games, so I tend to go for 60, along with all the options cranked up.
www.emule-project.com - open source, so it can't be shut down. I guess the servers could be shut down, but it also operates with a distributed peer2peer network
as back up. I've been using it for years, it has almost everything.
You mean IBM and Intel, or their associated personel who designed the 8086 and chose it for the IBM PC. MS was constrained by the memory limit of the system with DOS, there's nothing MS could've done to increase the memory addressability limit of the damn CPU. But you knew that right, mr. super hacker?
And if MS doesn't respond, it's because they're flustered and incapable of a proper response. If they do respond, they're desperate
and scared and see the competitor as a 'threat.' Great is there any option, EVER, except MS is scared and on the run? While making record profits every year...
... Read the story or read the other comments, or read SOMETHING. The town DOESN'T have a fire dept., they decided not to have a fire dept.
and instead have citizens pay $75 if they want protection from a different town's fire dept. that has NO obligation to protect people in other towns. But yes it's pretty retarded I'll agree there, but if the town decided that's what they want to do then you need to pay or else stfu when your shit burns down.
Lots of people are saying this, "pay the full price of putting out the fire instead of the $75" but still that wouldn't work, it sounds 'fair' but there are probably so few fires, that the fire dept. would lose lots of money maintaining, training, equipping the fire fighters and so on. You'd have to pay some price (not sure what to call it) that covers what ever the F.D. would get from everyone who now opts not to pay the $75, divided by the number of people who have fires. Would be way to much money probably than anyone could afford and they'd just say 'let the house burn' anyway.
Not really. We don't know everything about them but we know a lot (we'll people who take time to study the field do, not average lay people, which is obvious from the other posters in this thread.)
Anyway this thread is degrading into a contrarian contest of "yes it will", "no it won't", "yes it will", etc. so I'm probably going to go do something useful.
If throwing money at the problem is not going to fix it, what will? Wishful thinking and wasting the money instead on bullshit that is barely or not at all helpful?
"Major engineering obstacles" is meaningless, everything high-tech has major engineering obstacles, especially to people who don't understand the field.
| Nanorobots are some magical panacea that will solve all our problems.
Freudian slip? But since nobody says they will solve ALL problems I should not even bother replying, they will just solve many pressing problems and are definitely worth funding/building. More so than just about any other endeavor that we spend billions on.
And a jetpack would be an easy device to make with nanorobotics, so yes you will be commuting to work when I get nanobots.
Well I guess we'll never know because thanks to people like you it won't get funded probably ever, meanwhile we'll spend billions testing plant compounds to see if they can cure cancer and give people 10
extra years of life. How forward thinking.
Slashdot Mirror
Windows 7 is not affected, for people who are too lazy to click the link.
Good post. Another thing the OP is wrong about is that Windows does do sandboxing, and it does it by default. IE runs in a sandbox, so does office (to what extent, I'm not sure though), chrome does, and so does the new Adobe Reader X.
Enable protected mode in trusted and intranet zones if you are concerned about it. But I'm guessing you're less interested in a solution, than just whining about the problem.
It doesn't give admin access. It's still better than Firefox, since firefox doesn't have a sandbox at all. And you can disable this bypass easily by enabling protected mode in the intranet and trusted zones. Another clueless reply on slashdot about Windows security, "color me shocked."
Loading programs at higher integrity levels can be disabled completely (vs. the default prompt that you say people 'cick through'), it's in internet options->security->custom level->allow applications and unsafe files to be run. Set to disabled. Assuming you are actually talking about the integrity level aspect, and not the download metadata as someone else supposed.
Total nonsense, you are going to need every security bell and whistle in unix and people are going to be trying to break through it on unix as well. And the security will not be exactly the same, but it's more or less equivalent on both unix and Windows. Saying things like DEP provides more protection on unix than Windows is hogwash, in some specific circumstances they will be different but unless there's some evidence to show otherwise, it's probably insignficant and could go either way (more secure in Windows or more secure in Unix, for instance.)
Probably my post. Anyway, you can (and I have for a while) just enable Protected Mode in the intranet and trusted zones to defeat this 'bypass'. Even without that, the malware has to bypass ASLR, DEP, SEHOP, GS, and possibly several other things. But even so, what's your point? These are the same protections unix OSes have. If Windows is insecure while using them, then so is unix. (and supposively Windows ASLR, for instance, is a lot more secure than Mac OS X's.)
I run no AV, I see no reason. I run Windows 7 x64, enable DEP and SEHOP for all processes, and max out UAC. With DEP, ASLR, stack/heap smashing protection, SEHOP, UAC, and sandboxing (Windows Mandatory Access Controls) the system is about as secure as it gets. I also enable per-site activex, so only sites I approve can run active-x controls, and don't run binaries unless it's from well known companies (nvidia, intel, microsoft, apple, valve, etc.) I've been programming assembly language since the early '90s, and worked at an AV company back in 96 or so (Norman Data Defense, dunno if they are still around or what happened to them) and I KNOW what to look for, and there has never been anything on my Vista or Windows 7 boxes. I also run occasional scans with MSE and Malware Bytes, but don't use the active protection (and uninstall MSE when I'm done.) Never anything. Running Malware free in modern Windows (I.E. not XP) can be done, it just takes a little common sense. Modern Windows basically have all the same protection measures that Linux and Mac OS X have, it is the users and the amount of targets that is different. Most Windows users are not hacker types unlike Linux guys, and are targeted so heavily that a lot more infections are inevitable. In fact, Charlie Miller, probably the world's most famous hacker, winner of pwn2own 3 times, *and* a Mac OS X user, has said that 3 year old Vista is more secure than brand new Snow Leopard (less attack surface and better ASLR were the reasons I saw given.) I'd be modded a troll if I said the same thing, here, without attributing the original source. So it makes no sense to say Windows is insecure, you might as well say all general purpose OSes are insecure, since they all use the same protection techniques.
On top of that, I would add, run an OS with modern security features like ASLR and sandboxed web browser. Vista or Win 7, for Windows users.
Strange defition of success and failure that passes around these parts. Mac OS with 3.5% worldwide market share after 20 years is a 'smashing success', Linux with 1% after 15 years is likewise a smashing success. Vista with 20% market share in 3 years is a utter failure, and windows mobile with a sizeable amount of the smart phone market is likewise an utter failure. Do you guys attend some special North Korean-esque reeducation camp to learn all this stuff?
For the 50 millionth time, Bill Gates didn't make any such claim about 637K, 640K or whatever. The memory limit in MS-DOS was dictated by the CPU, the 8086 made by Intel, and chosen by IBM for the IBM PC. Sorry to be off topic but I get sick of people slandering this guy, who would never say a bad word about IBM and Intel for doing exactly what they accuse Bill Gates of, because of their support of Linux and Apple.
That is an application flaw, they should use the proper API (and fixed paths) instead of the one that loads .DLLs from the current freakin directory. That's like coding a script file of 'rm / -rf' (or whatever the command is) and saying linux is a cruft of compatibility and security vulnerabilties.
Give me a break. NT IS the rewrite of Windows, compared to Windows 9x, like OS X compared to OS 9. People, especially here, just can't wrap their heads around the fact that MS had a stable, pre-emptive multitasking, secure OS before Apple, so they just randomly throw out that NT needs to be rewritten. Besides nebulous empty rhetoric like Windows having a broken design, what's wrong with it that a rewrite would fix? You guys have neglected to spell this out, though I know the routine, now that I ask I'll get a bunch of ad-hoc crap about the registry or whatever (like a re-write would be necessary to go back to Windows 3.1 .INI files, which WAS truely a broken design) just so you guys can say you knew. And especially in a security context, Windows has all the security features of OS X and Linux, like guarenteed seperation of users and Admins, ASLR, DEP, sandboxed browser, ACLs, MACs, and so on. The only thing 'broken' about the design of Windows that a re-write would fix, is that its market share crushes Mac OS X and Linux. Granted they could switch to managed code, but since neither Linux nor Mac OS X use managed code I fail to see how this constitutes a broken design in Windows. Seems every time we have a vulnerability in Windows we have to have this same lame discussion, but whenever there is an equiv. vulnerability in Linx/Mac OS X, everyone accepts the obvious and sane sentiment that vulnerabilties happen in all code, they get fixed, and life moves on.
All the viruses are for Windows, for the same reason all the games are for Windows, not cause they won't run on unix but because Windows is 90% of the market. Some games get rewritten for linux, because developers are saps and feel sorry for linux users, virus writers have no such pity, so it looks like a windows specific problem, when it is not. World famous hackers like Charlie Miller, who is a mac user btw, has said that 3 year old Vista is more secure than brand new Snow Leopard. So please put your cup of kool-aid down and verify what your unix friends tell you, because most of it is propaganda with the aim of saying anything at all to increase unix's pathetic market share.
Depends on if you want 30 fps or 60 fps, and if you want high levels of AA and AF or none, and if you want high resolution or medium resolution. I'm getting a gtx 580 to replace my gtx 480, which I play to sell, because of lower noise and improved performance. I find 30 fps to be choppy, in fast paced FPS games, so I tend to go for 60, along with all the options cranked up.
www.emule-project.com - open source, so it can't be shut down. I guess the servers could be shut down, but it also operates with a distributed peer2peer network as back up. I've been using it for years, it has almost everything.
You mean IBM and Intel, or their associated personel who designed the 8086 and chose it for the IBM PC. MS was constrained by the memory limit of the system with DOS, there's nothing MS could've done to increase the memory addressability limit of the damn CPU. But you knew that right, mr. super hacker?
| There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I've seen this sig of yours for years now, am I supposed to reset to 'soap box' each time I read it then? I smell a gimmick...
And if MS doesn't respond, it's because they're flustered and incapable of a proper response. If they do respond, they're desperate and scared and see the competitor as a 'threat.' Great is there any option, EVER, except MS is scared and on the run? While making record profits every year...
... Read the story or read the other comments, or read SOMETHING. The town DOESN'T have a fire dept., they decided not to have a fire dept. and instead have citizens pay $75 if they want protection from a different town's fire dept. that has NO obligation to protect people in other towns. But yes it's pretty retarded I'll agree there, but if the town decided that's what they want to do then you need to pay or else stfu when your shit burns down.
Lots of people are saying this, "pay the full price of putting out the fire instead of the $75" but still that wouldn't work, it sounds 'fair' but there are probably so few fires, that the fire dept. would lose lots of money maintaining, training, equipping the fire fighters and so on. You'd have to pay some price (not sure what to call it) that covers what ever the F.D. would get from everyone who now opts not to pay the $75, divided by the number of people who have fires. Would be way to much money probably than anyone could afford and they'd just say 'let the house burn' anyway.
Not really. We don't know everything about them but we know a lot (we'll people who take time to study the field do, not average lay people, which is obvious from the other posters in this thread.) Anyway this thread is degrading into a contrarian contest of "yes it will", "no it won't", "yes it will", etc. so I'm probably going to go do something useful.
If throwing money at the problem is not going to fix it, what will? Wishful thinking and wasting the money instead on bullshit that is barely or not at all helpful?
"Major engineering obstacles" is meaningless, everything high-tech has major engineering obstacles, especially to people who don't understand the field.
| Nanorobots are some magical panacea that will solve all our problems.
Freudian slip? But since nobody says they will solve ALL problems I should not even bother replying, they will just solve many pressing problems and are definitely worth funding/building. More so than just about any other endeavor that we spend billions on.
And a jetpack would be an easy device to make with nanorobotics, so yes you will be commuting to work when I get nanobots.
Sure, after you tell them that 10 more years of life IF that is better than indefinite life spans, end of poverty, crime and all diseases.
Well I guess we'll never know because thanks to people like you it won't get funded probably ever, meanwhile we'll spend billions testing plant compounds to see if they can cure cancer and give people 10 extra years of life. How forward thinking.