Some have discounted the more targetted point of view because Apache is reportedly far more popular. Ok, granted. But now for my sad analogy... Single family homes are far more popular in the United States than skyscrapers, but when terrorists want to make a point, what types of buildings do they attack?
You're forgetting these worms aren't targeted at all, they choose random IP addresses to attack. It would be like your terrorists choosing targets by opening the phone book and picking entries at random.
You'd think an Apache worm would be able to find enough Apache IPs to spread itself the same way the IIS ones do. So what makes IIS worms more sucessful than Apache ones?
More bad analogies (or puns maybe)... IIS provides much more fertile soil for worms to live in (maybe it's all the bullshit MS spreads around).
Sorry, IIS runs with localsystem priviledges (more control over the server than Administrator has). Sure IIS will then switch to IUSR_* for any anonymous request, but if you are hit with a buffer overflow the exploit will happen before this switch can take place and viola the exploit has localsystem access.
The reason IIS needs localsystem rights is so it can switch it's security context to the user (or IUSR_* for unauthenticated requests) who is making the request.
IUSR_* is the account designated for determining the access rights for anonymous users, not the account IIS runs under.
Re:Headcasting not as important as true Dual-Displ
on
Talking with Matrox
·
· Score: 1
I was under the impression that recent drivers for the G400 and G450 had also got around this as well.
Well, structural members that were designed for a tension load would now be under compression and could easily buckle. eg the wings wouldn't have been designed to bend the other way like that.
For a reasonable sized office (>10 people) running Windows, I think you'll be happiest with an NT 4.0 Domain with a PDC and BDC, but you can then do your file sharing off your SAMBA boxes. This saves a LOT on NT CALs, as you don't need NT CALs for PDC/BDC access, just file/print sharing.
I think you'll want to reread those EULAs - unfortunately you will need a CAL for every machine that authenicates against an NT DC.
My W2K machine can already do this (in one direction only though). Every 3rd link I click on in IE, and the OS transports itself 1 minute into the future. Its a real bummer waiting for local time to catch up to it!
You are right about capabilities, but ACLs are just finer grained permission lists. There is nothing stopping the capabilities implementation using ACLs to configure those rights.
ACLs don't have to be limited to just filesystem permissions. Admittedly that has been the only place I've heard them talked about wrt to Linux.
I seem to recall that if you use a proxy server to connect to a SSL website, isn't the connection between you and the proxy still unencrypted. ie only the proxy to website connection is encrypted.
I don't like MS anymore than you do, but some of you're 'facts' are a little warped.
Development of Operating Systems Memory usage MS-DOS used 640k ram. Windows 98 could only use 640k ram and needed advanced memory shuttling to use the upper memory
That's DOS you're thinking of there, and wasn't that problem due to the original IBM/Intel 16bit real mode X86 architecture. Fixed by the 386 and 32bit protected mode OSes.
NTFS FAT Once converted to NTFS, it cannot go back
Why would you want to? That's a security measure. Office suites Backward compatability issues for '97 and '95. Expectation that corporations will shell out US$400/license every 3 years. (This is the backlash that brought about fixes to some above mentioned problems in backward compatability)
Yup, very braindead! (or extreme arrogance)
ODBC (this should be self explanatory--good idea, great innovation but dropped so that SQL Server would not have competition.)
Huh? Since when has ODBC been dropped?
And the hits just keep on coming: NetBEUI, the Registry (don't get me started on this), drive letters, and other obvious lack of planning failures at MS. Didn't Netbeui and drive letters come from IBM originally?
I reckon the major problems with wintel, were the poorly concieved x86 arch, and the lack of guts to boot out legacy stuff when required. The whole MS monopoly is the reason they didn't have to change the outdated crap they started with.
Slashdot Mirror
Some have discounted the more targetted point of view because Apache is reportedly far more popular. Ok, granted. But now for my sad analogy... Single family homes are far more popular in the United States than skyscrapers, but when terrorists want to make a point, what types of buildings do they attack?
You're forgetting these worms aren't targeted at all, they choose random IP addresses to attack. It would be like your terrorists choosing targets by opening the phone book and picking entries at random.
You'd think an Apache worm would be able to find enough Apache IPs to spread itself the same way the IIS ones do. So what makes IIS worms more sucessful than Apache ones?
More bad analogies (or puns maybe)... IIS provides much more fertile soil for worms to live in (maybe it's all the bullshit MS spreads around).
Tell that to the Wallabies.
Aussie Aussie Aussie
Heh - he did say 'historically'
We will rise again! Without the mighty John Eales to protect you, we will crush you like the ants you are! Mwahahahahahaha!!!!!!
It must've been very embarrassed if it went rouge!
Sorry, IIS runs with localsystem priviledges (more control over the server than Administrator has).
Sure IIS will then switch to IUSR_* for any anonymous request, but if you are hit with a buffer overflow the exploit will happen before this switch can take place and viola the exploit has localsystem access.
The reason IIS needs localsystem rights is so it can switch it's security context to the user (or IUSR_* for unauthenticated requests) who is making the request.
IUSR_* is the account designated for determining the access rights for anonymous users, not the account IIS runs under.
I was under the impression that recent drivers for the G400 and G450 had also got around this as well.
Either way, he's still in zone 4
In Wellington we have:
;-)
Cable
ADSL
Wireless
Satelite
available to most residential areas.
The inner city also has 10/100/1000Mbps fiber options for businesses or apartment blocks.
So it's not as bad as most other 3rd world areas
Well, structural members that were designed for a tension load would now be under compression and could easily buckle. eg the wings wouldn't have been designed to bend the other way like that.
Until AmigaBasic came along wheeeee.... (even if it was written by MS and very buggy - a forerunner of VB no doubt)
For a reasonable sized office (>10 people) running Windows, I think you'll be happiest with an NT 4.0 Domain with a PDC and BDC, but you can then do your file sharing off your SAMBA boxes. This saves a LOT on NT CALs, as you don't need NT CALs for PDC/BDC access, just file/print sharing.
I think you'll want to reread those EULAs - unfortunately you will need a CAL for every machine that authenicates against an NT DC.
What about the poor shark?
My W2K machine can already do this (in one direction only though). Every 3rd link I click on in IE, and the OS transports itself 1 minute into the future. Its a real bummer waiting for local time to catch up to it!
You are right about capabilities, but ACLs are just finer grained permission lists. There is nothing stopping the capabilities implementation using ACLs to configure those rights.
ACLs don't have to be limited to just filesystem permissions. Admittedly that has been the only place I've heard them talked about wrt to Linux.
According to www.matroxusers.com ProMax are using the G400 chipset to make dualhead videocards for the Mac.
See here for more info.
I seem to recall that if you use a proxy server to connect to a SSL website, isn't the connection between you and the proxy still unencrypted. ie only the proxy to website connection is encrypted.
Don't quote me on that though.
I don't like MS anymore than you do, but some of you're 'facts' are a little warped.
Development of Operating Systems
Memory usage
MS-DOS used 640k ram.
Windows 98 could only use 640k ram and needed advanced memory shuttling to use the upper memory
That's DOS you're thinking of there, and wasn't that problem due to the original IBM/Intel 16bit real mode X86 architecture. Fixed by the 386 and 32bit protected mode OSes.
NTFS FAT Once converted to NTFS, it cannot go back
Why would you want to? That's a security measure.
Office suites
Backward compatability issues for '97 and '95. Expectation that corporations will shell out US$400/license every 3 years. (This is the backlash that brought about fixes to some above mentioned problems in backward compatability)
Yup, very braindead! (or extreme arrogance)
ODBC (this should be self explanatory--good idea, great innovation but dropped so that SQL Server would not have competition.)
Huh? Since when has ODBC been dropped?
And the hits just keep on coming: NetBEUI, the Registry (don't get me started on this), drive letters, and other obvious lack of planning failures at MS.
Didn't Netbeui and drive letters come from IBM originally?
I reckon the major problems with wintel, were the poorly concieved x86 arch, and the lack of guts to boot out legacy stuff when required. The whole MS monopoly is the reason they didn't have to change the outdated crap they started with.