Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. What are you talking about? on Open Letter to a Digital World · · Score: 1
    Of course I got fucking scanned, the trick is to make sure they don't get through. You can never secure a machine completly but you can make damn sure that it's not as an attractive target as the machine next door which is enough if someone hasn't decided to target you personally.
    There is nothing you can do to "make damn sure that it's not as an attractive target as the machine next door".

    The scans are automated processes running scripted exploits.

    If you're vulnerable, you'll be cracked.

    They will not skip over your machine if there is a more "attractive" machine next to it. They don't understand the concept of "attractive".

    There are only TWO ways to prevent that.
    #1. Stay up-to-date on ALL of your patches.

    #2. Run a firewall blocking all outside access to those ports.

    The scanning machines don't care if you're "attractive" or not. They only care if your machine is exploitable or not.

    Since you have stated that you do NOT run a firewall ...
    Yes, and since I'm a good user I get whatever temporary fix is available until a patch is available. I said I didn't run continual AV or a firewall, I didn't say I was stupid.
    Which means you must spend a LOT of time digging through all the material when a new patch/exploit is announced.

    Personally, I'd rather not spend that much time hunting down some work-around that may not even exist when I can just setup a firewall correctly and run some anti-virus software.
  2. Whatever. on Open Letter to a Digital World · · Score: 1
    You sound like the guy that always loses in sports/cards/whatever and keeps telling himself it's always "bad luck". Get over it. Realize that common sense can keep you safe enough.
    The point is that you are not using "common sense" since you are running Windows without active anti-virus software or a firewall.

    I'm the network administrator for a small company of about 300 users and I see how many email viruses I block every day.

    I'm also responsible for the firewall so I know how many worm attacks are out there.
    Also, you expose the fact that you know absolutely nothing. Can you name one single proper release of warez containing a trojan? Didn't think so.
    "proper release of warez"?

    "Warez" do not have a "proper release".

    "Warez" are cracked commercial programs.

    Can I name one trojan distributed via "warez"?
    http://216.239.63.104/search?q=cache:m-1tmuPK3u0J: www.markme.com/jd/archives/004705.cfm+warez+trojan &hl=en&lr=lang_en

    Hmmm, seems I can.

    http://channels.lockergnome.com/news/archives/0097 82.phtml

    My previous statement still stands.
    I you actually perform all those unsafe acts WITHOUT running proper precautions AND you haven't been infected, it is pure luck.

    You aren't using "common sense".
  3. The method of infection will change. on Open Letter to a Digital World · · Score: 1

    Right now, most of the spyware I see is installed without the user's permission (via ActiveX with IE).

    Spyware can be installed on Linux, but the user will have to take an active role in installing it.

    That by itself will cut out a huge chunk of the infections.

    Security will never 100%.

    But you can get it so each avenue of attack is 100x more difficult than with Windows.

    Eventually, the easiest way for them to get spyware on your machine will be for them to break into your house, install a hardware keystroke capture device and then come back in a week, read your password and install the spyware.

  4. Let's just look at the facts, okay? on Open Letter to a Digital World · · Score: 1
    The majority of "viruses" for Windows are now spread via email, either as attachments or exploits to Outlook.

    It is possible to avoid all of those. Usually that means that you have no friends or all of your friends are more pro-active and have taken the appropriate precautions (the ones you haven't). Of course, there is the extremely lucky factor.

    While you may be hitting Windows Update on a daily basis (you do not say whether you are or are not), it is still possible for patches to not install correctly. I've seen it a few times with the DCOM RPC vulnerability and patched machines still being cracked by welchia. Firewalls prevent that. Or you can rely upon luck.

    You download warez and you haven't been hit by a trojan. That's pure luck.

    The same with spyware.

    So, the reason you haven't been infected yet is ..... luck.

    Not because you take appropriate precautions with your system.

    Not because Windows has a good security model.

    But just plain luck.

    Why rely upon luck? You already know what threats are out there.
    So I have to ask myself, what to do all these people do to get their computers so messed up? Why isn't it happening to me, when I run the same Windows without any protection? Is it really Windows fault?
    Well, from your statements, they follow the same precautions you do.

    Therefore, since the other factors are equal, it is Windows' fault.
  5. Yo! Iz mo' money, mo' money, mo' money! on Microsoft May Charge for Security Tools · · Score: 1
    Users/companies pay for licenses of Windows which is somewhat costly when you compare what other solutions can do for a fraction of a price (Linux?!) and on top of that, they want to potentially sell you crap so their crap can be more secure using the previous crap.
    Think of the invoice.

    MS Windows 500 seats $100/seat $50,000
    MS Office 500 seats $100/seat $50,000
    MS anti-virus 500 seats $10/seat $5,000
    MS anti-spyware 500 seats $10/seat $5,000

    Secret leaked internal memo:
    Re: More revenue!
    Guys, we're looking at increasing the per seat charge of our anti-virus package. Don't worry about fixing all the OS bugs on the next version, if you know what I mean (aItyd).

    Bill
  6. Defrag in Win2K is crippled Diskeeper on Microsoft Acquires Spyware Removal Company · · Score: 1

    http://techupdate.zdnet.com/techupdate/stories/mai n/0,14179,2654011,00.html

    I don't have a problem with Microsoft bundling apps, particularly good apps. As long as I can remove them and replace them with ones I like.

    But putting in intentionally cripped software?

  7. A band-aid is not a cure. on Microsoft Acquires Spyware Removal Company · · Score: 1

    Great. So now I'll have another reason to hit Windows Update on a daily basis.

    This is a band-aid to the real problem which is Microsoft's flawed security model.

    If they would fix that, then I wouldn't be dependent upon so many daily signature updates.

  8. Here's another problem. on Microsoft Acquires Spyware Removal Company · · Score: 1

    http://www.pchell.com/support/aboutblank.shtml

    I hate cool web search and others like that. But mostly, I hate Microsoft for allowing an app to hide a file from me when I'm running as local administrator.

    And why the hell does only RegLite show the file? What is it with Microsoft's continuing desire to hide files (and extensions) from me?

  9. False dichotomy alert! on Microsoft Acquires Spyware Removal Company · · Score: 5, Interesting
    As far as I'm concerned, Microsoft makes good products.
    I'm sure that's true. For suitably broad definitions of "good".
    Sure there are security holes, but you hypocrites fail to remember (when its convenient) that no large scale software application is 100% bug free.
    #1. Learn what "hypocrites" actually means.

    #2. There are far more options than
    a. "riddled with spyware"
    and
    b. "100% bug free"

    Linux is not "100% bug free" but its security model is far better than Microsoft's and, as a result, it is far less likely to be infected.
    Knowledgeable users know this and make use of hardware and software firewalls, antivirus apps and spyware detection apps.
    I'm sure they do, for a suitable definition of "Knowledgeable".

    Or, to put it another way, there are lots and Lots and LOTS of infected Windows machines out there so maybe the requirements to be considered "Knowledgeable" are a little too extreme?
    Security will always be a problem.
    But there is a continuum there, not a binary state.

    Sure, security might be a "problem", right below hard drive crashes and CPU fan failures.

    The idea is to remove/reduce the potential threats so that your system is not cracked within 10 minutes of going online.
    There is no single magic bullet solution and Microsoft realizes this.
    That is correct. But there are LOTS of bullets available that Microsoft is ignoring.

    The biggest is to change IE from an "allow everything except what is specifically denied" security model to one such as Firefox's "deny everything except what is specifically allowed".

    Sure, a "knowledgeable user" could configure both systems to have the same, effective security, but as I've stated before, there doesn't seem to be a lot of those "knowledgeable" users around.

    The second biggest thing is to TURN OFF UN-NECESSARY SERVICES. Look at a stock Win2000 or WinXP machine and see all the services that are on by default.
    With so many millions of people running Windows there are always going to be alot of targets for the unscupulous to prey upon. -Mike
    Yep. But the least Microsoft can do is to make their system as secure as possible.

    Cracking is all about access.

    If the bad guys cannot get access to your system (no ports open), then they lose an entire avenue of attack.
  10. Mod parent up! on Debugging Indian Computer Programmers · · Score: 0, Troll

    If you are moving to this country to LIVE, that is great!

    It's the ones taking the jobs over here on a TEMPORARY basis that I have a problem with.

    When you live here, you share the same set of circumstances. The same housing costs. The same medical costs. The same everything.

    If you are just here to work for a few years and then go home and retire in a country with 1/10th the cost of living, that's a problem.

  11. Here's the status quo. on Le Guin Peeved About Earthsea Miniseries · · Score: 1
    Luckily, a basic familiarity with the SciFi channel library will show very little status quo (you see, that phrase means "keeping things as they currently are," and barely even applies here) and recently a relatively small amount of mediocrity.
    And in the very next paragraph, you contradict that.
    As was done with Taken, both Dunes, PK Wars, battlestar galactica, etc etc etc. Which channel besides HBO puts this much effort into shows which aren't the same old NBC drivel?
    Dune was already made into a movie. Doing it again is "status quo".

    Battlestar Galactica was already a series. Doing it again is "status quo".

    PK Wars was a sequel to Farscape. Unless you believe "Return to Gilligan's Island" was "pushing the envelope" that is pure "status quo".

    Remakes and sequels are the status quo.
    Amusingly, the formula you're making accusations about - sticking to standard issue plots and franchises - was broken about nine years ago when it changed management inside Turner Networks, and that's when the channel began to become as immensely profitable as it now is. The further SciFi steps from traditional televised science fiction, the more profitable it becomes.
    Perhaps you should watch the mini-series under discussion, then.

    Strange how something could be broken 9 years ago, yet still be the recurring theme in their productions.
  12. Nah, we get shock all the time. on Le Guin Peeved About Earthsea Miniseries · · Score: 1
    No, to get something memorable, you write to the timeless elements of human nature, both the good and bad. Tolkien is a classic because he retells what he called the "Great Myth." Stories of sacrifice, loss, redemption, the triumph of good over evil. These stories will be memorable.
    Maybe. But the "envelope" is ....

    Boy and sidekick find Boy's Love interest.
    Boy and sidekick lose Boy's Love interest to Bad Guy.
    Boy and sidekick go to rescue Love interest.
    On the way to save Love interest, Boy must save Sidekick because Sidekick is clumsy / dumb / cowardly.
    Boy battles Bad Guy.
    Love interest helps Boy at critical moment to defeat Bad Guy.
    All laugh.
    Fade to black.
    Roll credits.
    Pushing the envelope is just another way of saying offend traditional sensibilities with pop-culture trash or faddish ideologies. Pushing the envelope is about getting a shock reaction, not creating something memorable.
    We've been seeing that in the teen-slasher flix for years. All that's been changing is the FX tech to make it look more realistic (or even more realistic than reality).

    Pushing the envelope would be a story when "good" and "evil" are not clearly defined. Where each side has their own goals and the audience can sympathize with both sides.

    Or where the hero's sacrifice does NOT lead to redemption or success.

    Or where loss is loss. You learn that life isn't always sweet and nice and sometimes you lose but it isn't the end of the world.

    Even in LotR, at the end, Frodo left. He didn't get the girl and live happily ever after. He saved the world, but in saving it, he changed and couldn't be a part of it anymore.

    THAT is pushing the envelope.
  13. But it isn't mass appeal. on Le Guin Peeved About Earthsea Miniseries · · Score: 2, Insightful
    What gave you the impression that Sci-Fi (or any other non-subscription TV channel) is interested in anything other than mass-appeal, lowest-common-denominator mediocrity? High concept doesn't attract masses of viewers, and masses of viewers are required to keep those ad revenues up.
    Compare The Matrix's revenues and popularity to any other Sci Fi channel's "original" movie.

    When you aim for mediocrity, you hit mediocrity. Low popularity, etc. The sort of movie that is forgotten as soon as you finish watching it.

    To get mass appeal, you have to aim above mediocrity.

    They didn't buy the rights to some mediocre novel. They wanted the rights to a series with a big time name recognition and a big fan-base.

    She didn't get those by writing mediocre novels about "safe" subjects with stereotypical characters and plots.

    You will turn a profit on a mediocre movie if you can keep the hype up and the costs down.

    Like I've said, they don't want to break a profitable formula.

    But they'll never see mass appeal or profits like The Matrix or The Lord of the Rings.

    Mediocre is what people will choose when they don't have anything better. Welcome to the Sci Fi channel.
  14. And the typical reply. on Le Guin Peeved About Earthsea Miniseries · · Score: 1

    They want to make that movie for a reason.

    The problem is, the author does not understand the reason they want to make the movie.

    The author believes that it is because they want to film the story told in the book.

    The real reason is to save advertising dollars and link a movie to a book that already has name recognition and a decent fan-base.

    A good director can make a good movie that follows the book. And this was a mini-series so they aren't limited to a set number of hours. They can run it up to 10 hours if they want to.

    The director did not care about her story. The director just wanted the names (including her's) so they could be used to hype the film. That's all. Pure marketing. Don't waste money or resources trying to follow the book. Go with the stock formula.

  15. I think that is why she was upset. on Le Guin Peeved About Earthsea Miniseries · · Score: 1
    The mini-series was not awful, but it certainly wasn't very good, either. The actors were so understated as to be boring; the only reason I cared about Tinar is because she was cute. ;) As for the main character, he was a stereotypical pretty boy; his sidekick Vetch was the traditional pudgy geek. The best character was a dragon, who figures in about three minutes of screen time.
    Exactly. Another Boy + Sidekick + Love interest mini-series. All stereotyped.

    Change the title and some of the names and you would not know that it had anything to do with EarthSea.
  16. /me raises hand on Le Guin Peeved About Earthsea Miniseries · · Score: 4, Insightful
    I know the answer! I know the answer!

    "No."
    Does anyone think that the Sci Fi channel will ever get actual decent Sci Fi authors to do their scripts and come up with series for them?
    No. Because they aren't interested in Science Fiction. They want the tech-fantasy crap.

    The stuff that will be guaranteed to appeal to the 12 - 24 year old male audience.

    This isn't even about "low budget". Look at Red Dwarf's first few seasons. They had no budget, yet they had great characters and amusing plots.

    They haven't realized that going with the status quo will always result in mediocrity.

    In order to produce something memorable, they have to push the envelope.

    Watching their crap, I get the feeling that the actor's salaries, the FX, everything is calculated to the exact penny and matched against the ad revenues. They know exactly how many people will watch another rendition of the same-old same-old and they're not going to break a profitable formula.
  17. My final post. on IT Practice Within Microsoft · · Score: 1

    Services like a GUI? Both are a communications channel that applications use to commnicate with users.
    I'm bringing up services because you said that NT without TS wasn't multiuser becuase only the console got a GUI. That is the ONLY specific reason you have provided that NT isn't multiuser and it isn't valid because services do not make the system multiuser, as you said yourself.

    No. I said that NT without Citrix/Terminal Services was not multi-user because every user did not have the same access to features and functionality. The console GUI was an example of one feature that the other users did not have access to.

    Services do not make a OS multi-user.

    The inability to provide all the services to all the users, concurrently means that the OS is NOT multi-user.

    A text terminal on a serial port does not provide the GUI that the console can have, which is the exact reason you said NT wasn't multiuser:

    But if the console has a GUI, I can get that on a different connection. At the same time as the console has it.

    A text console from the network provides the same functionaility as a text console from a serial port or a text console in a local window or local fullscreen text, and you can have as many as you want concurrently, owned and operated by different users, Windows or Linux. You don't need TS to have as many concurrent text consoles of equal and full functionaility as you want.

    But not the GUI on the console. As I've stated in the past.

    If no remote services are required for a multiuser system then a NT box without SSH or telnet or RDP or any other service is still a multi-user operating system.

    No it is not because there is no way for a 2nd user to be logged in, concurrently with the console user and have all the features and functionality that the console user has.

    Ok then, even if remote users can't see the console GUI, they can still access it. Any process can get a handle to the local interactive desktop and create or manipluate windows there given the required permission, even if that process is owned by a user connected remotely.

    "even if remote users can't see the console GUI, they can still access it". Riiiigggggghhhhhhhttttttt.

    It will be very interesting to watch you play minesweeper that way. What? You say you can't? You can just launch the game, move the window and kill the process?

    Yes, I thought as much.

    If the console is disabled, you can't use it to re-enable itself. When the OS starts, you get a black screen; all input from the keybard, mouse and USB HID devices are ignored. That's why it's called disabled. It must be re-enabled remotely by any user that has permission.

    And if telnet and ssh and so forth are not enabled? Well, that means that the machine needs to be rebooted with a recovery disk.

    And it has no console. All access must be done remotely, just like a NT box with the console disabled or a Linux box with the console disabled, or one of those with the console hardware removed.

    Actually, it does have a local console. I believe it is accessed via a 5250 connection. Look up "LCS" if you don't believe me.

    And if there IS no console, what then?

    Then it isn't Windows.

    Windows ships with a console. It is a GUI console.

    With Citrix (a multi-user version of Windows) it is possible to still get a console even after all the damage you're trying to do to the box.

    A multi-user system is a step UP from a single-user system.

    You are trying to REMOVE functionality in order to meet the definition.

    It doesn't work like that.

    Windows ships with a console. In order for Windows to be multi-user, it must provide that console to all concurrent users.

    You keep tryin

  18. Again, you're wrong. on IT Practice Within Microsoft · · Score: 1
    Under that definition, a UNIX machine that is multiuser in every way except that the console has sound support and there is no remote sound support, becomes not-multiuser until I remove the sound card? It's a feature that not all clients have access to.
    Okay, I'm going to guess that you're pretty young.

    The reason I'm going to guess that is because you're thinking in terms of telnet and such.

    Telnet is a service that runs on a server. Telnet can run on a single-user system.

    With Linux, you can hook up multiple terminals via the serial ports. They have ALL of the functionality that the console has.

    They can ALL be use concurrently.

    A Linux box without ssh or telnet running or ANY OTHER SERVICE LIKE THAT is STILL a multi-user operating system.

    Even if they cannot hear the sound card, they can still access it.
    What if I disable the local Win32 GUI so no one can have it?
    Okay, what if? The console can still re-enable it and use it. That functionality is not available to others.
    What if I take the video card right out; unplug the keyboard and mouse so there is no console, only the network? (like an AS/400)
    The AS/400 is a multi-user operating system.
    You can have remote GUI sessions on NT 3.1 by running X-Windows client apps; is it multiuser then? Even if it's the only option available to all clients?
    Answer that yourself. The key was not a GUI, but whether every other user had access to all the features and functions that the console user has.

    You're flailing.
    These are normal and supported scenarios for Windows.
    Right. Sure they are.
  19. Bingo! on Do Unsubscribe Links Stop Spam? · · Score: 1
    And, face it, it could easily be broken by someone you trust putting your e-mail address in to a website to send you a webpage or something. Then you'd have to go through even more hassle...
    Particularly those "free" sites sending "eCards" with cute holiday messages (or birthdays or whatever).

    Some idiot uses one of those and they collect TWO addresses (the idiot's and the idiot's friend's).

    Security through obscurity does not work.

    Your address gets out one time and you're on the spam lists forever.
  20. And a counter anecdote. on Do Unsubscribe Links Stop Spam? · · Score: 1

    I'm running SpamAssassin at work. I flag all the spam and forward it to the end user (so they can find any false positives).

    One woman set up a rule to delete the flagged spam AND to send a reply asking that they not send any more. It was very polite.

    Yes, she was getting TONS of spam. I noticed it when she was on vacation and her mailbox usage stats shot up because she wasn't in the office to delete the hundreds of emails arriving every day.

    Personally, I find it hard to believe that any spammer will remove any address from their list when I see "dictionary spam" every day (email sent to every last name in the phone book in the hopes that it might get through to a real person).

    I have also set up a few fake names to use with SpamAssassin. I just use them to register at some sites and reply to them and they keep getting more spam. They keep getting spam.

    Rule #1. Spammers lie. Remember that.

  21. Nope. The headers are usually forged. on Do Unsubscribe Links Stop Spam? · · Score: 2, Insightful

    That would work if the spam correctly reported its origin.

    But that's not in the spammer's best interest. It's better for them to use zombies and open relays.

    You'll bounce their message to a server that didn't send it and they'll bounce a message to you saying that such-and-such person isn't there...

    It's better to just delete them (after sending the headers to spamcop).

  22. Which brings us full circle. on IT Practice Within Microsoft · · Score: 1
    Multi-user means that every user has access to all features and functions as every other user at the same time.

    Therefore, if only the console user has a GUI, the OS is not multi-user.

    That is why Citrix and Terminal Services make NT multi-user. Each user has the same access to features and functionality as the console user.
    Microsoft said that as a marketing gimmic to get people to buy the product. It is the only way to get multiple GUI sessions via Win32, but graphical sessions are not a requirement of being multiuser.
    GUI sessions are not a requirement for multi-user, as long as none of the users have a GUI. Once that functionality is available to the console user, a multi-user OS would provide it to all users.
    In order for an OS to be multiuser, it must have those things. I still may not be multiuser, but before it can be, it must have those things; it's a prerequisite.
    Like I said, "Whatever".
    You claimed that under my definition, DOS was multiuser too. I clairified my definition to include some prerequisites that DOS does not satisfy.
    No. What you are doing is attempting to add requirements every time I show that your definition is flawed because you want NT to be multi-user even when Microsoft admits that it was not.
    You can have multiuser sessions through telnet on NT without TS, just like you can have multiuser sessions through telnet on UNIX without X-Windows.
    Which brings us back to MS-DOS being multi-user under your definition.

    Full circle.

    Buh bye now.
  23. Whatever. on IT Practice Within Microsoft · · Score: 1
    Really? MS-DOS provided preemptive multitasking? No.
    MS-DOS provided and enforced object security? No.
    MS-DOS prevented processes from interfering with each other? It doesn't even HAVE processes.
    MS-DOS had privilages? No.
    MS-DOS had a user database and a protected component that authenticated users? No.
    Okay, this might take a while. It seems you don't know anything about multi-user.

    #1. "MS-DOS provided preemptive multitasking? No."
    That's right. But that only means that DOS was not a pre-emptive, multi-tasking OS.

    You may note that this is the first time you've brought that up. Prior to this you've been going on about telnet and ssh.

    Windows95 was pre-emptive and multi-tasking with Win32 apps. Yet Win95 was not a multi-user OS.

    Yet I could get a telnet login to a Win95 box.

    #2. "MS-DOS prevented processes from interfering with each other? It doesn't even HAVE processes."

    See above re: Win95

    #3. "MS-DOS had privilages? No."

    same

    #4. "MS-DOS had a user database and a protected component that authenticated users? No."

    and so on.
    Specifics. I want names of services that UNIX provides that NT doesn't required for multi-user capibility.
    Name one multi-user thing that NT3.1 can't do that a UNIX server can.
    I'll let Microsoft answer that one. http://www.microsoft.com/ntserver/ProductInfo/term inal/WhyUpgrade.asp

    Look for the phrase "More than a million users run Windows® based applications today using Citrix WinFrame*, which is a multiuser version of Microsoft Windows NT Server 3.51 platform."
    The ONLY thing that Terminal Services provides is multiple graphical sessions through Win32. Multiple users logged on by the network with text sessions has always been suported.
    Again, getting a telnet prompt is not the same as being multi-user.

    Even Microsoft's web page admits it.
  24. Ummm, no, again. on IT Practice Within Microsoft · · Score: 1
    Multi-user. As in multiple users logged on at the same time with different identities and privileges where normal users can't interfere with others or the system. Telnet, SSH, SMB, at and the like are services that take advantage of multi-user capabilities; I meant them as examples of things you could use to exploit NT's multiuser capabilities.
    By that definition, MS-DOS was "multi-user".
    What does Windows NT lack in the first version (3.1), or any subsequent version that prevents it from being multi-user?
    Actual multi-user functionality. That was added later by Citrix and eventually by Microsoft as "terminal services".
  25. Ummm, no. on IT Practice Within Microsoft · · Score: 1
    You can log in as many times as you want, remote or local. This has been true since the very first version of NT; NT has always been multi-user. See AT, telnet, any one of the many SSH servers, etc. Oh, you meant GUI sessions? Does UNIX require X to be multi-user?
    Telnet, SSH, etc are all connections.

    Even old MS-DOS could run a telnet server and handle multiple connections.

    That didn't make DOS "multi-user".

    Unix does not require X to be multi-user. Being multi-user requires the ability to run X if the user so desires (and it is installed).