Did you just compare OS X to Win 98 and Win Me? If that's what you are basing your whole OS X / Windows argument on, there is your problem. No self respecting Windows user would be caught dead using an OS that old. It would be like running Mandrake 2.x or something. Why would you bother?
Exactly. That's why I'm comparing OS X to Win 98 and ME in terms of virus activity. They have similar market share (roughly 5%), and 98/ME is innundated with current day viruses. An OS X virus would have as much impact economically/socially, but vastly more impact in the media (Worlds First Automated OS X worm).
However, whether you like it or not, computers are as accessible as they are largely because of Microsoft and not because of *nix or Apple.
That's a goofy statement. There's no way to prove it true or false, but I see no reason why OS/2, Novell's GUI efforts, XFree86, or Macintosh OS could have made computing accessible.
The reason I hate Microsoft is not because they are successful. The reason I hate Microsoft is because they ruthlessly (and unethically) bash companies into the ground via illegal tactics. And this is not a disputable claim; it's been verified, repeatedly, in court. Even worse, the above merely refers to contractual fraud/deception; include monopoly tactics, and the picture is bleaker.
Even the venerable IE has its roots in a shady deal with a company (SpyGlass) who would have _never_ licensed to Microsoft had they known what Microsoft was planning.
Maybe MSDN is different, but I've never seen anything resembling documentation for "Home User" or "Small Business" varieties of Windows.
The SuSE documentation blows it out of the water, in terms of both categories, including device drivers, and manuals for all the installed packages in/usr/share/doc/packages
I can believe that it is different at the Enterprise level.
The best approach is for Google not to self censor. Google should offer a Chinese language portal, and make the results as broad as the English language portal.
Should China's firewall decide to censor certain portions of the portal, or certain search terms, thats not a big deal; that's China's responsibility.
This means: A) Google doesn't _really_ have to pull out; they just have to run their operations off-shore (from China). B) Google doesn't have to actively work to circumvent Chinese law. That would be illegal. Rather, Google provides Chinese language search results to the whole world, and China is reponsible for filtering content at the ISP level. C) Savvy internet users in China may be able to circumvent the law, similar to the way they current use proxies to get at unfiltered English language results.
This paints Google as a bastion of freedom, while still maintaining best-possible service in the Chinese language, and dumping all the responsibility of censoring to China's state-run ISPs.
You are _referencing_ failed companies, you know. As-in, loosers in capitalism.
Capitalism never guarantes against failure; in fact, it requires failure. Don't make any money, and collapse.
Enron didn't collapse because of faulty accounting. Enron collapsed because they were loosing boatloads of money. The accounting scandal was fraud conducted above and beyond the failure of the company, and was an attempt to protect the principals (yes, CEO, CFO, and others) of the company.
Congratulations on your stand against Windows! Yet another naieve Mac user. You smell like a troll. Consider that I run Linux. Consider than Linux and Linux-like environments (no more different than NT-like environments) comprise more of the server market than NT-alikes.
Yet the Linux servers don't get compromised, and the Windows servers do.
You believe that because you are a Mac user that you are immune from spyware/malware/viruses. The fact of the matter is that you and two other people own Macs. Writing the above for your three users would be akin to Al Qaeda launching a large-scale terrorist attack in the middle of a corn field in Kansas. Sure...it's a terrorist attack, but who cares? Nobody was there to see it! Nonsense. Look at all the publicity over those Mac "viruses" that require you to double click on an icon and type in your administrator password. A Mac virus would be absolutely HUGE news. Not to mention a Linux virus (the primary server platform) would be a real blockbuster, bigger than Windows worms.
Besides, less exposure is not an excuse for 0 viruses. Less exposure = less viruses. But in 8 years of OS X, we've seen 0. Not one.
And that's why even one automated remote exploit would be huge news.
Make no mistake about it...if there were more than three Mac users in the world, all Windows users would be bashing Steve Jobs and not Steve Ballmer and Bill Gates. Just like Apache (which is bigger than IIS, yet immune to worms). Just like Unix/Linux (bigger than NT). Just like Firefox, which holds 11% of the market now.
Look at MSSQL. 16% of the market; but that's where SQL worms attack.
Good luck with your Mac and the two games you play. But hey, you got pong, right? Meh. I play World of Warcraft, Unreal Tournament 2004, Doom 3, Halo: Combat Evolved, all without booting out of OS X. I can boot into Linux and play Half-Life 2, Guild Wars, attleField 2, World of WarCraft, Dungeon Siege 2, Madden 2006, City of Villains, WarCraft III and Star Wars Galaxies, just to name a few.
Not to mention that Wine on OS X is about to natively support DirectX 9, and Cedega on Linux/OS X is in the midst of implementing Pixel Shaders 2.0 and above, using GLSL.
I wonder if the stuff in Vista will take advantage of the clever idea MS research published a year or so ago: They scan the whole system both from within the system and from a known-good boot environment and look for any differences. In a normal system, all of the files look the same whether you examine them from the system itself or when booted from clean media, but a system with malware trying to hide itself will be different. It's very clever since it means you don't have to know what the malware looks like in order to recognize its presence. The mere fact that it tries to hide itself is what gives it away.
That *is* a clever idea!
I wonder if it is patented. Sounds like a great addition to a Linux toolkit;-)
That's because the other posters, like yourself, sleep soundly at night with your heads up your collective asses.
Re:A tribute to the techs cleaning up after M$
on
Ballmer Beaten by Spyware
·
· Score: 4, Interesting
Do you charge for this service?
You should; otherwise you, and countless others, are subsidizing Microsoft by lowering their effective TCO.
If you include the cost of your time & effort, I'd argue that Mac Mini's are significantly cheaper than anything else other there.
In order to not seem heartless, I've decided on the following rule for any of my associates/friends/family. If you ask me for advice when purchasing your computer, or if I've warned you about the hazards of Windows and my standard of not supporting it, and you decide to go ahead and purchase a Windows system anyway, I won't support it.
I continue to support "grandfathered" systems, and people who don't know any better. But I make it a point now to warn everyone around me, and I make it a point for them to truly understand that if they go ahead and purchase a Windows system they should allocate funds to hire service technicans to clean out there system, or to pre-protect their system in advance.
I won't do it; my time is worth something, and the difference between a Mac Mini and a Dell crap-box is less than the worth of a few hours of my time. These days, I even tell people I am more than willing to help them setup a boot camp system, and/or a Linux system. But I won't help with Windows problems, because my life is too short, and I'm not interested in covering the hidden external costs of an MS system.
And that comes down to nothing more than installing software because a dialog box pops up. (I'm assuming that you're referring to Sony's recent blunder -- one of many.)
No, actually, I'm refering to malware/virus/wormware-style rootkits. Malware that gets into your system, and _cannot_ be removed. That's why the sentence was linked to an article. (not trying to be a smart ass)
Which is the perfect time to wise up and start being proactive instead of reactive. ... And where did I say that prevention is to be the sole method of defense? Ok, perhaps I mis-interpreted you.
I think, but am not sure, that we agree. I'll sum up what I'm trying to say like this:
1. Prevention is a good thing. You should catch things on the way into your system. 2. If you catch something ON your system, i.e. not an e-mail attachement, not a file from removable/network storage, but an executable somewhere on your drive that you cannot account for, or worse, a process in memory, malware-removal tools are not safe enough. 3. Point #2 is NOT stressed enough. Virus/malware scans are really only useful for telling you something is there. Once you've already executed the malware code as administrator, you're far better off wiping/reinstalling. It doesn't need to be catastrophic to get to this point; once NOD32, or whatever you use, detects Code Red or something like it you've already lost the battle.
I don't think it is safe to say things like this: And those are only a few small things that can be done to prevent the need for any kind of rebuild. The "An ounce of prevention..." comes to mind.
You can never prevent the need for any kind of rebuild. You can reduce the chance that you'll need to rebuild, but given the statistics of the modern world of Windows computer security, I'd say that the possibility of needing to rebuild your system is non-trivial. 'Catastrophic' infection is too high a standard of caution. Once you've had foreign, untrusted code run as adminstrator on your system, you should no longer trust _anything_, and you should assume that malware-removal tools will not work. Again, script kiddie-type code can be probably be removed by anti-virus, but medium to high-end rootkits should be considered unremovable. And that's not me saying it, that's the vendors of malware-removal software saying it.
I don't know who thought it was a good idea from him to do that, or who told him that would work out well.......... That's the first time I've seen that. I'm still creeped out.
With good news like this, who needs bad news? Quite frankly, Microsoft is literally walking into the advertising of their competitors. I don't doubt that MS PR is planting this stuff; but for god sakes, why?
make an image of your clean system, and periodically restore from that. Right. And this assumes you never install new software, never update existing software, never install system patches. Never save data files on your system volume. Never change your options in any program that saves them to the registry...
I keep hearing this solution offered, and it just doesn't play well in the real world.
Unix rootkits? They most certainly do exist. Most have patches out there, or take advantage of "social" hacking. It doesn't always take a remote exploit to get root access, you know; sometimes the best exploit is the "user" exploit.
Don't even come close to thinking I'm saying that running Unix systems are risky. However, it is an _excellent_ principle that if your Unix system is compromised, you _must_ boot from read-only known-good media, and either reinstall, or verify MD5 sums of all your executables.
As Windows anti-malware tools do neither, they are not reliable, and should not be trusted.
Regardless of whether its a Linux system, OpenBSD, Windows, or whatever; once your system is rooted, you CANNOT fix it without booting from known-good media, and either testing MD5 sums of each executable, or a wipe/re-install.
"I cannot beat a rootkit". "I cannot beat a rootkit". "I cannot beat a rootkit".
The only way to know your system is clean after you've been rooted is to wipe and reinstall from known-good media. Whether this is the Windows install disk, or a system image you built yourself is up to you. But once a system is infested, there's no point trying to clean it up.
Virus scanners/malware scanners are only useful for catching invaders at the "borders" of your system. Once you've found something in $WINNT\system32, its time to wipe/re-install.
Once your system is owned, unless it is by a script kiddie du jour, you *have* to wipe and reformat. There's simply no other way to know that you clear out the infection. A high-end rootkit that has succesfully taken over your system will not expose itself to malware scanners.
Here's a quote for ya: According to Russ Cooper, who founded and moderates the NTBugtraq newsletter, looking for the kinds of techniques that rootkits use is a good idea. But Cooper doesn't think that rootkit infections are on the rise. "Rootkits are no more prevalent now than they've ever been," he believes. And as for rootkit removal tools, Cooper remarks that "only a person with very little knowledge would try to remove a rootkit," adding that the one certain cure is to wipe the hard disk and reinstall the OS. Mikko Hypponen, F-Secure's director of antivirus research, mostly concurs with Cooper, but points out that Blacklight can address situations where no known good backup is available.
If you maintain md5 signatures of all your installed executables, and you boot from known-good media (read only), perhaps you can verify that your system is clean. If you're booting into an infected system, however, all bets are off. The long and the short of it is that virus/malware tools are only really useful as tripwires. Once you've found something that shouldn't be there, you've already lost. The exception, of course, is things that are caught at the entry points; virus scanners on incoming attachments, or network shares and the like.
That worm you found in system ram, with copies all over $WINNT\system32; don't even bother. You're screwed already.
Although that might be a quick-and-clean way of restoring your system in the event of a catastrophic infection (yes, I admit that phrase sounds weird), it's absolutely ridiculous to say that the only way to insure safety is to make an image. Bullshit. It's called "preventative actions."
In the event of catastrophic infection, it is a decent assumption to assume that a sophisticated rootkit has made its way into your system. Unless you think your preventative action is 100% effective, maintaing backup images of ANY Windows system on a regular basis is necessary.
You make it sound like keeping a Windows system clean is easy. Statistically, that's simply not the case. Check out my links here. Roughly 85% of PCs worldwide are infected with some kind of spyware, and 20% of PCs worldwide are infected with viruses. Keep in mind that most of those results are corporate PCs, not home users.
Preventative action as your Maginot line makes sense in situations like the Measles, where we have virtually eradicated the disease. In the computing world, where infections are rampant, preventative action should only be one tool in your arsenal.
I guess the systems I've kept uninfested for years without reinstalling are just figments of my imagination ?
Most likely, yes.
Between spyware and viruses/worms, 80-90% of systems are infected with some kind of malware.
Microsoft itself indicates that it's worm removal tool scores about 200 million successful "hits" per month.
Saying that you keep a Windows system clean is no different than saying you run a Linux desktop. Neither is out of reach for a power user; both are not the norm.
I'd be willing to bet money that in a three way study, of casual users, you'd see the following results in terms of "ease of acheivability":
1. Transition to Mac OS X as a primary desktop. 2. Transition to Linux as a primary desktop. 3. Mainting an uninfested Windows system.
That is, if you had a large enough sample size so that you would actually see some causal users succesfully acheive #3.
Viruses/malware are not a joke. Your anecdotal evidence proves absolutely nothing; statistically, the vast majority of computer users are infested, badly. More computer users are infested with viruses/malware than vote in the presidental election. More computer users are infested than support ANY given political issue, *including* the concept of first amendment rights.
Statistically, you are in a minority category similar to OS X users and Linux Desktop users. The level of sophstication (or at least market savvyness) needed to achieve your position is no less than for those of us administering Linux Desktops, and probably significantly higher than people who use OS X as a primary desktop.
When the first two snag everything they can snag, reboot the PC with Knoppix and if you know what you are looking for, start deleting the spyware DLLs, hidden folders and other nastiness from the spyware makers.
This is too bloody difficult. No, I'm not being sarky.
Finding all this hidden/tucked away crap is far more difficult than administering a Linux system. I won't do it anymore; people tell me Windows takes less time to administer, and Apple's are too expensive;
Well, fix your own damn computer (it doesn't take less time to fix Winders; it takes LESS of YOUR time, and more of MINE), or hire someone to fix it for you (There's your TCO).
Frigging Steve Ballmer had to turn over the computer to a team of Microsoft engineers.
He lumped the thing back to Microsoft's headquarters and turned it over to a team of top engineers, who spent several days on the machine, finding it infected with more than 100 pieces of malware, some of which were nearly impossible to eradicate.
How does this calculate into the TCO of Windows?
And if Steve Ballmer can't fix it, why the HELL should John Doe be expected to?
They both have terrible accuracy, and its because of the data they rely upon. They can't really correct for NavTech (or the other company, I can't recall the name).
Mapquest has often sent me to the wrong places, too. I would consider both "guidelines", at best.
Notice that if you type in your directions query into Google Search ("[Address],[City],[State], to [Address],[City],[State]") you get links to Google maps, mapquest, and yahoo maps. I like that Google encourages you to check your results.
Although the Google Talk client is kind of sucky, I do like that the service is Jabber. I happily run with iChat, and a variety of other clients.
I still believe that Google search is better than MSN, Live.com, and/or Yahoo (and I check periodically). Google scholar is pretty good, and Writely is impressive as well.
I haven't experimented with Google Pages (is that what is it called?) but it has been a hit with my relatives. And Picassa is the best photo management app on Windows, bar none, for causal users.
Hell, even Google Video seems to work better than YouTube.
Which is, of course, why almost all non-UMA graphics architectures work this way. Reading from the local memory of a PC graphics card is also an extremely slow process. We're talking tens of megabytes per second over a 4GB AGP bus. That really doesn't hurt anything --- because you almost never need to read from GPU memory.
Which is why AGP has been relegated to "legacy" status, and PCIe is the future of GPUs.
In the second article, they reference the PS3, but I'm guessing that if the Cell is incapable of properly reading from the GPU's local memory (or causes a ridiculous system stall while doing so) we'll never seen high-end physics processing on the PS3, which is lame.
The video demonstrations I've seen of hardware accelerated physics are simply amazing. Imagine pixel/vertex shaders for geometry. It's beautiful, and adds a tremendous amount to gameplay. There's a game up-and-coming which takes advantage of the PhysX processor, and I'm guessing that Havok (from their interviews) is going to start accelerating all their physics operatins on PCIe accelerates in Havok 3.
All of this is denied to the PS3. If they can shoe-horn this into XBox 360 titles, the 2007-2008 line of XBox games will be visually superior to PS3 games, and that's not good for a system released two years after the XBox 360.
I say this as a serious anti-Microsoft person. I hope the Wii can beat both;-)
Slashdot Mirror
Did you just compare OS X to Win 98 and Win Me? If that's what you are basing your whole OS X / Windows argument on, there is your problem. No self respecting Windows user would be caught dead using an OS that old. It would be like running Mandrake 2.x or something. Why would you bother?
Exactly. That's why I'm comparing OS X to Win 98 and ME in terms of virus activity. They have similar market share (roughly 5%), and 98/ME is innundated with current day viruses. An OS X virus would have as much impact economically/socially, but vastly more impact in the media (Worlds First Automated OS X worm).
However, whether you like it or not, computers are as accessible as they are largely because of Microsoft and not because of *nix or Apple.
That's a goofy statement. There's no way to prove it true or false, but I see no reason why OS/2, Novell's GUI efforts, XFree86, or Macintosh OS could have made computing accessible.
The reason I hate Microsoft is not because they are successful. The reason I hate Microsoft is because they ruthlessly (and unethically) bash companies into the ground via illegal tactics. And this is not a disputable claim; it's been verified, repeatedly, in court. Even worse, the above merely refers to contractual fraud/deception; include monopoly tactics, and the picture is bleaker.
Even the venerable IE has its roots in a shady deal with a company (SpyGlass) who would have _never_ licensed to Microsoft had they known what Microsoft was planning.
Furthermore, Microsoft fills the airwaves with disgusting, falsehood-ridden fud. "Linux is a cancer" "Our customers aren't interested in interoperability" "Linux is 10 times as expensive to run as Windows" "Linux was stolen from Minix"
Not to mention Microsoft contribution of both FUD and $$ to the SCO case.
Yes, its safe to say I hate them. In terms of business ethics, Microsoft is pretty much as low as you can go.
Maybe MSDN is different, but I've never seen anything resembling documentation for "Home User" or "Small Business" varieties of Windows.
/usr/share/doc/packages
The SuSE documentation blows it out of the water, in terms of both categories, including device drivers, and manuals for all the installed packages in
I can believe that it is different at the Enterprise level.
I want to see how they evaluted uptime.
I find this extremely difficult to believe. I smell something fishy.
At a minimum, reboots for patches give Linux servers an edge.
The best approach is for Google not to self censor. Google should offer a Chinese language portal, and make the results as broad as the English language portal.
Should China's firewall decide to censor certain portions of the portal, or certain search terms, thats not a big deal; that's China's responsibility.
This means:
A) Google doesn't _really_ have to pull out; they just have to run their operations off-shore (from China).
B) Google doesn't have to actively work to circumvent Chinese law. That would be illegal. Rather, Google provides Chinese language search results to the whole world, and China is reponsible for filtering content at the ISP level.
C) Savvy internet users in China may be able to circumvent the law, similar to the way they current use proxies to get at unfiltered English language results.
This paints Google as a bastion of freedom, while still maintaining best-possible service in the Chinese language, and dumping all the responsibility of censoring to China's state-run ISPs.
Huh?
You are _referencing_ failed companies, you know. As-in, loosers in capitalism.
Capitalism never guarantes against failure; in fact, it requires failure. Don't make any money, and collapse.
Enron didn't collapse because of faulty accounting. Enron collapsed because they were loosing boatloads of money. The accounting scandal was fraud conducted above and beyond the failure of the company, and was an attempt to protect the principals (yes, CEO, CFO, and others) of the company.
Congratulations on your stand against Windows! Yet another naieve Mac user.
You smell like a troll. Consider that I run Linux. Consider than Linux and Linux-like environments (no more different than NT-like environments) comprise more of the server market than NT-alikes.
Yet the Linux servers don't get compromised, and the Windows servers do.
You believe that because you are a Mac user that you are immune from spyware/malware/viruses. The fact of the matter is that you and two other people own Macs. Writing the above for your three users would be akin to Al Qaeda launching a large-scale terrorist attack in the middle of a corn field in Kansas. Sure...it's a terrorist attack, but who cares? Nobody was there to see it!
Nonsense. Look at all the publicity over those Mac "viruses" that require you to double click on an icon and type in your administrator password. A Mac virus would be absolutely HUGE news. Not to mention a Linux virus (the primary server platform) would be a real blockbuster, bigger than Windows worms.
Besides, less exposure is not an excuse for 0 viruses. Less exposure = less viruses. But in 8 years of OS X, we've seen 0. Not one.
And that's why even one automated remote exploit would be huge news.
Not to mention that OS X marketshare is greater than Windows 98 and ME, but we still see 9x viruses/worms circulating.
Make no mistake about it...if there were more than three Mac users in the world, all Windows users would be bashing Steve Jobs and not Steve Ballmer and Bill Gates.
Just like Apache (which is bigger than IIS, yet immune to worms). Just like Unix/Linux (bigger than NT). Just like Firefox, which holds 11% of the market now.
Look at MSSQL. 16% of the market; but that's where SQL worms attack.
Good luck with your Mac and the two games you play. But hey, you got pong, right?
Meh. I play World of Warcraft, Unreal Tournament 2004, Doom 3, Halo: Combat Evolved, all without booting out of OS X. I can boot into Linux and play Half-Life 2, Guild Wars, attleField 2, World of WarCraft, Dungeon Siege 2, Madden 2006, City of Villains, WarCraft III and Star Wars Galaxies, just to name a few.
Not to mention that Wine on OS X is about to natively support DirectX 9, and Cedega on Linux/OS X is in the midst of implementing Pixel Shaders 2.0 and above, using GLSL.
You're right, I cannot play ALL games. Just most.
I wonder if the stuff in Vista will take advantage of the clever idea MS research published a year or so ago: They scan the whole system both from within the system and from a known-good boot environment and look for any differences. In a normal system, all of the files look the same whether you examine them from the system itself or when booted from clean media, but a system with malware trying to hide itself will be different. It's very clever since it means you don't have to know what the malware looks like in order to recognize its presence. The mere fact that it tries to hide itself is what gives it away.
;-)
That *is* a clever idea!
I wonder if it is patented. Sounds like a great addition to a Linux toolkit
Amended statement:
"Rootkits CANNOT be reliably cleaned from within an infected environment."
Sorry.
That's because the other posters, like yourself, sleep soundly at night with your heads up your collective asses.
Do you charge for this service?
You should; otherwise you, and countless others, are subsidizing Microsoft by lowering their effective TCO.
If you include the cost of your time & effort, I'd argue that Mac Mini's are significantly cheaper than anything else other there.
In order to not seem heartless, I've decided on the following rule for any of my associates/friends/family. If you ask me for advice when purchasing your computer, or if I've warned you about the hazards of Windows and my standard of not supporting it, and you decide to go ahead and purchase a Windows system anyway, I won't support it.
I continue to support "grandfathered" systems, and people who don't know any better. But I make it a point now to warn everyone around me, and I make it a point for them to truly understand that if they go ahead and purchase a Windows system they should allocate funds to hire service technicans to clean out there system, or to pre-protect their system in advance.
I won't do it; my time is worth something, and the difference between a Mac Mini and a Dell crap-box is less than the worth of a few hours of my time. These days, I even tell people I am more than willing to help them setup a boot camp system, and/or a Linux system. But I won't help with Windows problems, because my life is too short, and I'm not interested in covering the hidden external costs of an MS system.
And that comes down to nothing more than installing software because a dialog box pops up. (I'm assuming that you're referring to Sony's recent blunder -- one of many.)
...
No, actually, I'm refering to malware/virus/wormware-style rootkits. Malware that gets into your system, and _cannot_ be removed. That's why the sentence was linked to an article. (not trying to be a smart ass)
Which is the perfect time to wise up and start being proactive instead of reactive.
And where did I say that prevention is to be the sole method of defense?
Ok, perhaps I mis-interpreted you.
I think, but am not sure, that we agree. I'll sum up what I'm trying to say like this:
1. Prevention is a good thing. You should catch things on the way into your system.
2. If you catch something ON your system, i.e. not an e-mail attachement, not a file from removable/network storage, but an executable somewhere on your drive that you cannot account for, or worse, a process in memory, malware-removal tools are not safe enough.
3. Point #2 is NOT stressed enough. Virus/malware scans are really only useful for telling you something is there. Once you've already executed the malware code as administrator, you're far better off wiping/reinstalling. It doesn't need to be catastrophic to get to this point; once NOD32, or whatever you use, detects Code Red or something like it you've already lost the battle.
I don't think it is safe to say things like this:
And those are only a few small things that can be done to prevent the need for any kind of rebuild. The "An ounce of prevention..." comes to mind.
You can never prevent the need for any kind of rebuild. You can reduce the chance that you'll need to rebuild, but given the statistics of the modern world of Windows computer security, I'd say that the possibility of needing to rebuild your system is non-trivial. 'Catastrophic' infection is too high a standard of caution. Once you've had foreign, untrusted code run as adminstrator on your system, you should no longer trust _anything_, and you should assume that malware-removal tools will not work. Again, script kiddie-type code can be probably be removed by anti-virus, but medium to high-end rootkits should be considered unremovable. And that's not me saying it, that's the vendors of malware-removal software saying it.
Frankly, that video is scary.
... ... ...
Very scary.
I don't know who thought it was a good idea from him to do that, or who told him that would work out well.
That's the first time I've seen that. I'm still creeped out.
LOL
I hope they keep "planting" stories like this.
Look at the FUD coming out of Microsoft lately:
"Veritas/Symantec suing us! We won't let them put an injunction on Vista!"
"Adobe is going to sue us! We won't let them put an injunction on Vista, either!"
"We can't even fix our OWN XP systems from Viruses/Malware. Upgrade to Vista, save yourselves NOW!"
"We (Microsoft) are launching OneCare! You should pay us some money; you wouldn't want anything BAD to happen to that computer of yours, now would you? By the way; that McAfee, Norton, and other junk; it's a security risk, too. Who KNOWS what might happen if you combine Microsoft and non-Microsoft protection software?"
"DirectX 10? Of course; all new games REQUIRE a $200 OS upgrade."
"Ebay? Google? Dell? Yahoo? Ask.com? We don't need no sticking allies..."
With good news like this, who needs bad news? Quite frankly, Microsoft is literally walking into the advertising of their competitors. I don't doubt that MS PR is planting this stuff; but for god sakes, why?
make an image of your clean system, and periodically restore from that.
Right. And this assumes you never install new software, never update existing software, never install system patches. Never save data files on your system volume. Never change your options in any program that saves them to the registry...
I keep hearing this solution offered, and it just doesn't play well in the real world.
The point is that in a world where rootkits exist, there *isn't* another solution. Rootkits CANNOT be reliabled cleaned.
there is somekind of switch with rpm that allows you verify every installed file on your system
The SuSE install DVD/CDs have a repair function, and one of the check boxes is "verify ALL installed packages".
If you stick to RPMs, you can verify your system as "known-clean" fairly easily.
Kernel trojan? Probably not.
Unix rootkits? They most certainly do exist. Most have patches out there, or take advantage of "social" hacking. It doesn't always take a remote exploit to get root access, you know; sometimes the best exploit is the "user" exploit.
Don't even come close to thinking I'm saying that running Unix systems are risky. However, it is an _excellent_ principle that if your Unix system is compromised, you _must_ boot from read-only known-good media, and either reinstall, or verify MD5 sums of all your executables.
As Windows anti-malware tools do neither, they are not reliable, and should not be trusted.
What you said, plus:
Rootkits CANNOT be reliably cleaned up.
Regardless of whether its a Linux system, OpenBSD, Windows, or whatever; once your system is rooted, you CANNOT fix it without booting from known-good media, and either testing MD5 sums of each executable, or a wipe/re-install.
There simply isn't any other way to look at it.
Repeat after me:
"I cannot beat a rootkit".
"I cannot beat a rootkit".
"I cannot beat a rootkit".
The only way to know your system is clean after you've been rooted is to wipe and reinstall from known-good media. Whether this is the Windows install disk, or a system image you built yourself is up to you. But once a system is infested, there's no point trying to clean it up.
Virus scanners/malware scanners are only useful for catching invaders at the "borders" of your system. Once you've found something in $WINNT\system32, its time to wipe/re-install.
That's computing 101. You get this one for free.
This doesn't work.
Modern rootkits cannot be removed without booting from "known-good" media.
Once your system is owned, unless it is by a script kiddie du jour, you *have* to wipe and reformat. There's simply no other way to know that you clear out the infection. A high-end rootkit that has succesfully taken over your system will not expose itself to malware scanners.
Here's a quote for ya:
According to Russ Cooper, who founded and moderates the NTBugtraq newsletter, looking for the kinds of techniques that rootkits use is a good idea. But Cooper doesn't think that rootkit infections are on the rise. "Rootkits are no more prevalent now than they've ever been," he believes. And as for rootkit removal tools, Cooper remarks that "only a person with very little knowledge would try to remove a rootkit," adding that the one certain cure is to wipe the hard disk and reinstall the OS. Mikko Hypponen, F-Secure's director of antivirus research, mostly concurs with Cooper, but points out that Blacklight can address situations where no known good backup is available.
If you maintain md5 signatures of all your installed executables, and you boot from known-good media (read only), perhaps you can verify that your system is clean. If you're booting into an infected system, however, all bets are off. The long and the short of it is that virus/malware tools are only really useful as tripwires. Once you've found something that shouldn't be there, you've already lost. The exception, of course, is things that are caught at the entry points; virus scanners on incoming attachments, or network shares and the like.
That worm you found in system ram, with copies all over $WINNT\system32; don't even bother. You're screwed already.
Although that might be a quick-and-clean way of restoring your system in the event of a catastrophic infection (yes, I admit that phrase sounds weird), it's absolutely ridiculous to say that the only way to insure safety is to make an image. Bullshit. It's called "preventative actions."
In the event of catastrophic infection, it is a decent assumption to assume that a sophisticated rootkit has made its way into your system. Unless you think your preventative action is 100% effective, maintaing backup images of ANY Windows system on a regular basis is necessary.
You make it sound like keeping a Windows system clean is easy. Statistically, that's simply not the case. Check out my links here. Roughly 85% of PCs worldwide are infected with some kind of spyware, and 20% of PCs worldwide are infected with viruses. Keep in mind that most of those results are corporate PCs, not home users.
Preventative action as your Maginot line makes sense in situations like the Measles, where we have virtually eradicated the disease. In the computing world, where infections are rampant, preventative action should only be one tool in your arsenal.
I guess the systems I've kept uninfested for years without reinstalling are just figments of my imagination ?
Most likely, yes.
Between spyware and viruses/worms, 80-90% of systems are infected with some kind of malware.
Microsoft itself indicates that it's worm removal tool scores about 200 million successful "hits" per month.
Saying that you keep a Windows system clean is no different than saying you run a Linux desktop. Neither is out of reach for a power user; both are not the norm.
I'd be willing to bet money that in a three way study, of casual users, you'd see the following results in terms of "ease of acheivability":
1. Transition to Mac OS X as a primary desktop.
2. Transition to Linux as a primary desktop.
3. Mainting an uninfested Windows system.
That is, if you had a large enough sample size so that you would actually see some causal users succesfully acheive #3.
Viruses/malware are not a joke. Your anecdotal evidence proves absolutely nothing; statistically, the vast majority of computer users are infested, badly. More computer users are infested with viruses/malware than vote in the presidental election. More computer users are infested than support ANY given political issue, *including* the concept of first amendment rights.
Statistically, you are in a minority category similar to OS X users and Linux Desktop users. The level of sophstication (or at least market savvyness) needed to achieve your position is no less than for those of us administering Linux Desktops, and probably significantly higher than people who use OS X as a primary desktop.
When the first two snag everything they can snag, reboot the PC with Knoppix and if you know what you are looking for, start deleting the spyware DLLs, hidden folders and other nastiness from the spyware makers.
This is too bloody difficult. No, I'm not being sarky.
Finding all this hidden/tucked away crap is far more difficult than administering a Linux system. I won't do it anymore; people tell me Windows takes less time to administer, and Apple's are too expensive;
Well, fix your own damn computer (it doesn't take less time to fix Winders; it takes LESS of YOUR time, and more of MINE), or hire someone to fix it for you (There's your TCO).
Frigging Steve Ballmer had to turn over the computer to a team of Microsoft engineers.
He lumped the thing back to Microsoft's headquarters and turned it over to a team of top engineers, who spent several days on the machine, finding it infected with more than 100 pieces of malware, some of which were nearly impossible to eradicate.
How does this calculate into the TCO of Windows?
And if Steve Ballmer can't fix it, why the HELL should John Doe be expected to?
They both have terrible accuracy, and its because of the data they rely upon. They can't really correct for NavTech (or the other company, I can't recall the name).
Mapquest has often sent me to the wrong places, too. I would consider both "guidelines", at best.
Notice that if you type in your directions query into Google Search ("[Address],[City],[State], to [Address],[City],[State]") you get links to Google maps, mapquest, and yahoo maps. I like that Google encourages you to check your results.
Well.....
Although the Google Talk client is kind of sucky, I do like that the service is Jabber. I happily run with iChat, and a variety of other clients.
I still believe that Google search is better than MSN, Live.com, and/or Yahoo (and I check periodically). Google scholar is pretty good, and Writely is impressive as well.
I haven't experimented with Google Pages (is that what is it called?) but it has been a hit with my relatives. And Picassa is the best photo management app on Windows, bar none, for causal users.
Hell, even Google Video seems to work better than YouTube.
Which is, of course, why almost all non-UMA graphics architectures work this way. Reading from the local memory of a PC graphics card is also an extremely slow process. We're talking tens of megabytes per second over a 4GB AGP bus. That really doesn't hurt anything --- because you almost never need to read from GPU memory.
e archid=9435
;-)
Which is why AGP has been relegated to "legacy" status, and PCIe is the future of GPUs.
The Xbox 360 is capable, and has seen good performance, using Havok's physics libraries, doing physics calculations on the GPU.
http://www.firingsquad.com/news/newsarticle.asp?s
http://www.gamespot.com/news/6136639.html
In the second article, they reference the PS3, but I'm guessing that if the Cell is incapable of properly reading from the GPU's local memory (or causes a ridiculous system stall while doing so) we'll never seen high-end physics processing on the PS3, which is lame.
The video demonstrations I've seen of hardware accelerated physics are simply amazing. Imagine pixel/vertex shaders for geometry. It's beautiful, and adds a tremendous amount to gameplay. There's a game up-and-coming which takes advantage of the PhysX processor, and I'm guessing that Havok (from their interviews) is going to start accelerating all their physics operatins on PCIe accelerates in Havok 3.
All of this is denied to the PS3. If they can shoe-horn this into XBox 360 titles, the 2007-2008 line of XBox games will be visually superior to PS3 games, and that's not good for a system released two years after the XBox 360.
I say this as a serious anti-Microsoft person. I hope the Wii can beat both
Well, for one, this means that the PS3 will never use the RSX as a physics processor, correct?
Xbox360 can do this, IIRC.