Point being: i/others shouldn't HAVE to engage the services of a programmer for this stuff. The riposte to open source being "not everyone is a programmer" is because if you need to pay a programmer for stuff like this (in money, beer, chocolate or whatever) then you may as well pay a company who actually has an obligation to support their product instead.
Everyone you know may know a programmer, but there are millions upon millions of users out there who don't.
If you firewall windows appropriately, make use of IE security zones, don't log in as admin, keep it patched and don't run dodgy shit then it is secure enough.
This is basic security 101 whatever OS you are on - if you run 3-9 year old un-firewalled Linux distributions as root without patching then you'll get owned as well.
Windows' infection rate is as much to do with the user as any amount of software vulnerability.
No, thats not the entire problem. If Linus/kernel team stopped fucking with the kernel to break the way binary drivers can possibly work, hardware manufacturers might give a shit about developing drivers.
Also retarded shit like changing the order PCI slots/network drivers are scanned for NICs from kernel to kernel. I've had that happen before - a firewall box with 2 NICs, eth0 and eth1 - that magically swapped after a kernel upgrade (so my DMZ became my outside, and vice versa). What the fuck?
That was one of the major nails in the coffin of Linux for me.
Thanks for the heads up. I guess i overlooked that its just branding. Previously the BIOS was there in your face saying it was AMI or Award or Phoenix.
True enough I guess. Perhaps i should have added "in the wild", presumably malware that valuable is kept fairly secret and used on an as needed basis against strategic targets. Not for basic e-mail spam.
FYI, I've seen the ability to lock the MBR in bios versions as old as 1992. I'm not sure if the option went away for a while, but back when MBR viruses were the norm (dos days) this was a popular thing to do. People very rarely had any reason to touch the MBR (all it did was boot DOS for 99% of PC people), and people very rarely ever upgraded DOS.
However, given that there were also a couple of particularly nasty viruses out there that could embed themselves into the BIOS, locking out sector 0 was not a silver bullet.
I agree to an extent, though Windows' track record on security prior to 7 has been less than stellar, which hasn't helped. The platform targeting started back in the DOS days, when there was absolutely ZERO security, the virus market simply moved on from there.
I find it especially hilarious when people suggest that they can fix machines that have had worms on them that respond to IRC commands, etc. You have literally NO IDEA what the malware may have done to your machine. You may have an idea of what it has definitely done as part of the infection process, but there's nothing to say that it hasn't been commanded to do other nefarious things in addition to the standard infection.
To be 100% sure, as others have mentioned you need to vet / bin your devices that contain read/write firmware as well (anything that can be done from within the OS, including writing to firmware and potentially more can be done by the virus), but thats not practical (too expensive) for most people, and fortunately there are very few firmware infecting viruses out there any more.
But if i was responsible for somewhere that HAD to be 100% secure or people die (nuclear reactor, mil spec stuff, etc)? I'd bin the hardware in a second. Its not worth the risk.
If its in the bios, sure. It gets called/run before the OS does. The only saving grace we currently have is that to write viruses that do that is quite a bit more complex due to the size constraints and lack of operating system support to do things you want to do. Also, because BIOS / EFI firmware is a lot more complex these days and there are far more different variants out there. Back in the 90s it was basically AMI or Phoenix bios and you could cover 95% of PCs in use.
Its entirely possible though, back in the day there was a particularly nasty virus that played music out of your internal PC speaker whatever OS you were running, even if you were stuck at the "No operating system found" boot prompt. One "work around" was to disconnect the PC speaker, but it still used CPU and made the machine run slow doing its thing.
That we don't have this sort of thing today is simply because the effort required vs coverage you would obtain is not worth it. That, and the development of such nasties is a lot tricker as you're messing with actual hardware/firmware - brick your PC during development, and a replacement isn't cheap (vs simply writing viruses in a Windows VM that you can trash/test with as you see fit).
We really need to go back to a simple (so it can be bug free) boot ROM that is proper ROM, not read/write flash. Hold key sequence to select boot media, and then boot from known-clean media. Anything that is read/write and involved in the boot process can potentially be fucked with to own your box. In the past, there have been BIOS viruses which were extremely difficult to remove - essentially as soon as the machine powers up it is owned and ready to infect whatever media you give it or intercept the operation of AV programs.
Its really only because the extra effort isn't worth it that we don't have far more serious viruses out there that are infecting EFI boot partitions, BIOS and other bits of firmware that Windows and its virus scanner software can't fix, these days.
The QT example merely proves my point. The toolkit was originally made by a small, paid team with a coherent vision of what they wanted to achieve. GTK is an exception, but even that has had large amounts of resources and paid full-time developers thrown at it in recent years by redhat and others.
Before QT and GTK, the unix desktop was a collossal cluster-fuck of things as basic as OK/cancel buttons being on different sides of the dialog box. Don't get me wrong, there is and was some very powerful and useful software available, but the small "polish" things are what is missing.
And gnome's removal of features to simplify things is kinda missing the point. You don't need to totally remove everything, just make it logical and consistent.
If the games are written to make use of touch, control isn't a problem. Sure i can't play the same type of game with a touchscreen, but is that enough to justify carrying around some extra piece of hardware, when the point of portable gaming is merely to keep me amused when I'm waiting to be somewhere else (in transit) or waiting for someone briefly when I get somewhere?
So, it will cost you about $4 to download?
Of you dont like it, dont use it. The old way works fine.
Citation needed
Actually, apple gave up contributing because the gcc devs didnt care for implementing obj-c related stuff.
Because gcc is shit and clang is far superior
First online service i used was over 1200/75 turbo modem. (75 up, 1200 down). Do i get a prize?
Point being: i/others shouldn't HAVE to engage the services of a programmer for this stuff. The riposte to open source being "not everyone is a programmer" is because if you need to pay a programmer for stuff like this (in money, beer, chocolate or whatever) then you may as well pay a company who actually has an obligation to support their product instead.
Everyone you know may know a programmer, but there are millions upon millions of users out there who don't.
So what is your hourly rate for something like this?
If you firewall windows appropriately, make use of IE security zones, don't log in as admin, keep it patched and don't run dodgy shit then it is secure enough.
This is basic security 101 whatever OS you are on - if you run 3-9 year old un-firewalled Linux distributions as root without patching then you'll get owned as well.
Windows' infection rate is as much to do with the user as any amount of software vulnerability.
To be fair, back in the windows 98 and early XP days, Linux was fairly easy to root via sendmail, bind exploits, etc as well.
Yup, thats why i turned it off myself. But for 99% of the DOS/Windows (ONLY) using population back in the 90s and previous, it was a godsend.
No, thats not the entire problem. If Linus/kernel team stopped fucking with the kernel to break the way binary drivers can possibly work, hardware manufacturers might give a shit about developing drivers.
Also retarded shit like changing the order PCI slots/network drivers are scanned for NICs from kernel to kernel. I've had that happen before - a firewall box with 2 NICs, eth0 and eth1 - that magically swapped after a kernel upgrade (so my DMZ became my outside, and vice versa). What the fuck?
That was one of the major nails in the coffin of Linux for me.
If you want Linux without the upgrade cycle API breaking brain damage, go FreeBSD.
So when I infect your BIOS, how does booting from CD fix that?
Thanks for the heads up. I guess i overlooked that its just branding. Previously the BIOS was there in your face saying it was AMI or Award or Phoenix.
True enough I guess. Perhaps i should have added "in the wild", presumably malware that valuable is kept fairly secret and used on an as needed basis against strategic targets. Not for basic e-mail spam.
FYI, I've seen the ability to lock the MBR in bios versions as old as 1992. I'm not sure if the option went away for a while, but back when MBR viruses were the norm (dos days) this was a popular thing to do. People very rarely had any reason to touch the MBR (all it did was boot DOS for 99% of PC people), and people very rarely ever upgraded DOS.
However, given that there were also a couple of particularly nasty viruses out there that could embed themselves into the BIOS, locking out sector 0 was not a silver bullet.
I agree to an extent, though Windows' track record on security prior to 7 has been less than stellar, which hasn't helped. The platform targeting started back in the DOS days, when there was absolutely ZERO security, the virus market simply moved on from there.
I find it especially hilarious when people suggest that they can fix machines that have had worms on them that respond to IRC commands, etc. You have literally NO IDEA what the malware may have done to your machine. You may have an idea of what it has definitely done as part of the infection process, but there's nothing to say that it hasn't been commanded to do other nefarious things in addition to the standard infection.
To be 100% sure, as others have mentioned you need to vet / bin your devices that contain read/write firmware as well (anything that can be done from within the OS, including writing to firmware and potentially more can be done by the virus), but thats not practical (too expensive) for most people, and fortunately there are very few firmware infecting viruses out there any more.
But if i was responsible for somewhere that HAD to be 100% secure or people die (nuclear reactor, mil spec stuff, etc)? I'd bin the hardware in a second. Its not worth the risk.
If its in the bios, sure. It gets called/run before the OS does. The only saving grace we currently have is that to write viruses that do that is quite a bit more complex due to the size constraints and lack of operating system support to do things you want to do. Also, because BIOS / EFI firmware is a lot more complex these days and there are far more different variants out there. Back in the 90s it was basically AMI or Phoenix bios and you could cover 95% of PCs in use.
Its entirely possible though, back in the day there was a particularly nasty virus that played music out of your internal PC speaker whatever OS you were running, even if you were stuck at the "No operating system found" boot prompt. One "work around" was to disconnect the PC speaker, but it still used CPU and made the machine run slow doing its thing.
That we don't have this sort of thing today is simply because the effort required vs coverage you would obtain is not worth it. That, and the development of such nasties is a lot tricker as you're messing with actual hardware/firmware - brick your PC during development, and a replacement isn't cheap (vs simply writing viruses in a Windows VM that you can trash/test with as you see fit).
Conversely, OS X is still very own-able.
We really need to go back to a simple (so it can be bug free) boot ROM that is proper ROM, not read/write flash. Hold key sequence to select boot media, and then boot from known-clean media. Anything that is read/write and involved in the boot process can potentially be fucked with to own your box. In the past, there have been BIOS viruses which were extremely difficult to remove - essentially as soon as the machine powers up it is owned and ready to infect whatever media you give it or intercept the operation of AV programs.
Its really only because the extra effort isn't worth it that we don't have far more serious viruses out there that are infecting EFI boot partitions, BIOS and other bits of firmware that Windows and its virus scanner software can't fix, these days.
The QT example merely proves my point. The toolkit was originally made by a small, paid team with a coherent vision of what they wanted to achieve. GTK is an exception, but even that has had large amounts of resources and paid full-time developers thrown at it in recent years by redhat and others.
Before QT and GTK, the unix desktop was a collossal cluster-fuck of things as basic as OK/cancel buttons being on different sides of the dialog box. Don't get me wrong, there is and was some very powerful and useful software available, but the small "polish" things are what is missing.
And gnome's removal of features to simplify things is kinda missing the point. You don't need to totally remove everything, just make it logical and consistent.
If the games are written to make use of touch, control isn't a problem. Sure i can't play the same type of game with a touchscreen, but is that enough to justify carrying around some extra piece of hardware, when the point of portable gaming is merely to keep me amused when I'm waiting to be somewhere else (in transit) or waiting for someone briefly when I get somewhere?
If you have an MS volume license, the Win7 DaRT is pretty decent, too.
No, but the article made it sound like AV software wasn't paying attention to changes to the MBR *before* the infection takes place.