I'm still confused as to why people believe that VMs are inherently secure
You're missing the point. No system is secure. What's nice about VMs is... as many as you need, same price. So just chuck them often, don't even worry about checking them to see if they've been compromised. How awesome would it be if we could just destroy and replace physical desktops and servers 100 times a day? That would get expensive... but not with VMs, which allows you to move the security layer back to the image, and screw securing the actual running system.
Yes... That way they can re-build the vulnerable system. I hear it takes a long time to steal credit card information...
Or, you're right he didn't apply them.
Export training restrictions can boil down to "If in doubt, don't". If you aren't a lawyer, why take the chance of inadvertently violating a federal law or company policy?
It seems like you want your cake and to eat it too.
Yes, Windows had broken security. Badly. And they made some mistakes - big ones. But you can't compare Windows 98 to Mac OSX.
Android malware (which I could be off on) is because they have an open market place - in the wild exploitation is a whole different problem. Someone mentioned the dancing bunnies problem - you can't fix stupid. And because of that, you can't call an OS secure/insecure because the user can be tricked to running a malicious binary with elevated privileges.
Maybe I'm missing something here -
Windows has a fundamental security issue that it cannot spawn nor escalate a security token higher than the parent token. In short, that means to do something as root, you have to be or ask a root process to do it for you.
Is the root process the OS...? I'm going to need an example here, because I'm not really aware of a good reason to elevate your permissions in the middle of a task. So if you cannot spawn a privileged process from within yourself without asking a "root" process (like say... the OS?) why is that a problem?
Can you give me an example of a different OS, a parent process spawning a more priveleged process that it fully controls? Or why you'd ever want that? Doesn't that BREAK security? I would really appreciate an example here. I understand the security token concept, and that you cannot just blindly elevate it... because well... that makes sense.... But I don't see the request to this mythical fundamental root process..... For that matter, can you arbitrarily elevate your process to root in the middle of execution without some kind of OS intervention, or say, the OS having to do it for you?
UAC isn't really a privilege escalation function, it's more of a watchdog function that acts as a gatekeeper whenever something asks to write something to certain areas of the system.
I'm not quite sure that you are describing UAC... UAC happens when a process is launched with elevated privileges - AND if properly configured, requires credentials to be entered. Please provide an example of a process that MID PROCESS does this before accessing a system area....
I'll give you a solid example of why: Try creating a service that runs with no privileges, serves many users, and allow said users to execute OS calls as themselves, with only their own privileges. You would want to do this to exploit the OS's security handling and auditing which are certified instead of writing your own. You are allowed to request credentials.
oooook.... So let me understand this, you have a specific use case, which a different OS handles better.... You have not proven that windows security is fundamentally broken, just that this use case is.... And maybe windows isn't the best choice for what you want. Since i haven't done this exact process, I can't speak to its ease or difficulty on any OS... But how is that limitation proof of insecurity? I can't use my TV as a boat, but that doesn't mean its fundamentally broken... or insecure...
AFAIK, dynamic code injection into system code (in-memory) from an unprivileged thread was still possible as in 2008 R2 as of Jan 2010. That dates after the Win7 release. I know, because I considered (only briefly) doing it myself when I was researching the (as of then) undocumented removal of security token manipulation routines.
Still not really sure how easy this is... Since the process security model should not allow this.... Are we talking possible as in "There is a Windows API InjectCodeToMemory(0xaddr,"exec virus")" or, an exploit exists that allows that....
Thanks for the UEFI/EFI clarification... Again... security relevance? Microsoft doesn't make hardware... so this is really just a note that apple introduced a technology... which I guess is proof that Macs are safer? Not really sure on that one...
Same with abstraction - how does abstraction = security? more abstraction = larger at
None require a base root process to spawn an escalated privilege process like Windows does, even today in its latest incarnation - it's part of that fundamental insecurity built into the very foundation of windows.
What is that process? UAC is what provides that barrier - much like linux sudo, you don't just get to launch an un-trusted process as root without some confirmation.
All *nix systems can elevate a process by providing proper credentials. So, properly setup, there's almost nothing that can be done on a *nix system unless additional credentials are supplied.
Windows is the same way - when properly set up. IF there is a vulnerable process or binary, that is owned by root, and has the setid bit on, it doesn't matter. No prompting.
There is nothing like Active X on any system but Windows - thank goodness
But there are browser plugins, and just because there is a sandbox, doesn't mean it is impossible to break out.
Regarding DLLs/Shared objects, no OS allows generic dynamic code injection into system code from an unprivileged account, except. of course, Windows
This hasn't been true since the "UAC band-aid". If you are trying to compare current securities, you can't argue that "Windows is insecure because Windows XP is insecure", by that logic, Max OS 9 didn't have ASLR, but that doesn't mean apple is an inherintly insecure platform.
Macs have had EFI, actual process security that didn't need UAC's bandaid, sandboxed processes, and well defined abstraction layers for years.
Why is UAC a band-aid? Is sudo a bandaid? So you want process security, but don't like the fix? I'm a little confused here. While I don't know anything about EFI (except what I found on wikipedia), unless apple has something magic they also call EFI, I don't see how that's relevant. I also don't understand how abstraction layers have anything to do with inherent OS security....
There is a false sense of security by running non-windows. Malware authors are risk-reward. Why write a virus to turn your computer into a mindless zombie but only target a small market share (I won't quote numbers, since I don't know them, and don't feel like looking them up, but Mac market share Windows market share). If most malware authors focus on 1 thing, then that OS will get the hardest hit.
On a properly set up system, it isn't easy - the problem is improperly set up systems. If I turn off my AV, turn off UAC, and run as administrator, ya, its gonna be way easier to exploit my system. If I run my linux machine with no root password, and run myself as root, its not going to be secure.
Really, I'm more curious on your claims about windows security, because they seem a little bit.... off....
They were doing the equivalent of setting up a ladder on the sidewalk and taking multiple telephoto photos through each house's front windows on each block, in every town, in every state, then compiling and analyzing the data so they could better advertise to each household.
There is overwhelming evidence to show that piracy leads to an increase in sales. It doesn't make sense to dispute that anymore.
Given that taking copies doesn't cost anyone anything nor deprive anything from anyone, yet can lead to further contributions to society, it only makes sense.
TL;DR - No, they can only block IP addresses and domains for infringing sites. The rules for what make up infringement are there. Yes, it does punish violations of the DMCA and copyright by foreign companies, but its making websites targeted at the US primarily (see definitions below) play by the same rules our businesses have to. To your example of IRC, individual IRC servers could be at risk IF they are there primarily for piracy, not that piracy happens on them (For instance, YouTube vs. Pirate Bay - Infringement happens on youtube, it is encouraged on TPB).
I never read anything about protocol level blocking - SOPA deals with blocking IP addresses, not specific protocols. Internet site is also defined as
The term `Internet site' means the collection of digital assets, including links, indexes, or pointers to digital assets, accessible through the Internet that are addressed relative to a common domain name or, if there is no domain name, a common Internet Protocol address.
So, from that definition, no.
For dedicated to promoting piracy -
"DEDICATED TO THEFT OF U.S. PROPERTY- An `Internet site is dedicated to theft of U.S. property' if--
(A) it is an Internet site, or a portion thereof, that is a U.S.-directed site and is used by users within the United States; and
(B) either--
(i) the U.S.-directed site is primarily designed or operated for the purpose of, has only limited purpose or use other than, or is marketed by its operator or another acting in concert with that operator for use in, offering goods or services in a manner that engages in, enables, or facilitates--
(I) a violation of section 501 of title 17, United States Code;
(II) a violation of section 1201 of title 17, United States Code; or
(III) the sale, distribution, or promotion of goods, services, or materials bearing a counterfeit mark, as that term is defined in section 34(d) of the Lanham Act or section 2320 of title 18, United States Code; or
(ii) the operator of the U.S.-directed site--
(I) is taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the U.S.-directed site to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code; or
(II) operates the U.S.-directed site with the object of promoting, or has promoted, its use to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code, as shown by clear expression or other affirmative steps taken to foster infringement."
So, breaking that down for that definition:
A) Targeted at US users
The term `U.S.-directed site' means an Internet site or portion thereof that is used to conduct business directed to residents of the United States, or that otherwise demonstrates the existence of minimum contacts sufficient for the exercise of personal jurisdiction over the owner or operator of the Internet site consistent with the Constitution of the United States, based on relevant evidence that may include whether--
(A) the Internet site is used to provide goods or services to users located in the United States;
(B) there is evidence that the Internet site or portion thereof is intended to offer or provide--
(i) such goods and services,
(ii) access to such goods and services, or
(iii) delivery of such goods and services,
to users located in the United States;
(C) the Internet site or portion thereof does not contain reasonable measures to prevent such goods and services from being obtained in or delivered to the United States; and
(D) any prices for goods and services are indicated or billed in the currency of the United States.
I read as: Sells stuff to US people, or doesn't explicitly prohibit the sale to US citizens (Like a Russian pharmacy, selling only to russians, would not fall under this definition, assuming they made reasonable effort not to deliver to US addresses)
The other provisions above:
B)
(I-III) Has a limite
" a foreign Internet site or portion thereof is a `foreign infringing site' if--
(1) the Internet site or portion thereof is a U.S.-directed site and is used by users in the United States;
(2) the owner or operator of such Internet site is committing or facilitating the commission of criminal violations punishable under section 2318, 2319, 2319A, 2319B, or 2320, or chapter 90, of title 18, United States Code; and
(3) the Internet site would, by reason of acts described in paragraph (1), be subject to seizure in the United States in an action brought by the Attorney General if such site were a domestic Internet site."
Which then follows up with:
(2) IN REM- If through due diligence the Attorney General is unable to find a person described in subparagraph (A) or (B) of paragraph (1), or no such person found has an address within a judicial district of the United States, the Attorney General may commence an in rem action against a foreign infringing site or the foreign domain name used by such site.
It also covers:
DEDICATED TO THEFT OF U.S. PROPERTY- An `Internet site is dedicated to theft of U.S. property' if--
(A) it is an Internet site, or a portion thereof, that is a U.S.-directed site and is used by users within the United States; and
(B) either--
(i) the U.S.-directed site is primarily designed or operated for the purpose of, has only limited purpose or use other than, or is marketed by its operator or another acting in concert with that operator for use in, offering goods or services in a manner that engages in, enables, or facilitates--
(I) a violation of section 501 of title 17, United States Code;
(II) a violation of section 1201 of title 17, United States Code; or
(III) the sale, distribution, or promotion of goods, services, or materials bearing a counterfeit mark, as that term is defined in section 34(d) of the Lanham Act or section 2320 of title 18, United States Code; or
(ii) the operator of the U.S.-directed site--
(I) is taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the U.S.-directed site to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code; or
(II) operates the U.S.-directed site with the object of promoting, or has promoted, its use to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code, as shown by clear expression or other affirmative steps taken to foster infringement.
And they technically only cover 2 site types for support (ad companies, and payment processors).
Now, IANAL, but that to me says:
1) Site has to be dedicated to promoting piracy. (violating those above codes or counterfeit goods)
2) The operator has to be notified first
3) The operator has to ignore the initial request for action
Slashdot Mirror
I'm still confused as to why people believe that VMs are inherently secure
You're missing the point. No system is secure. What's nice about VMs is ... as many as you need, same price. So just chuck them often, don't even worry about checking them to see if they've been compromised. How awesome would it be if we could just destroy and replace physical desktops and servers 100 times a day? That would get expensive... but not with VMs, which allows you to move the security layer back to the image, and screw securing the actual running system.
Yes... That way they can re-build the vulnerable system. I hear it takes a long time to steal credit card information...
Or, you're right he didn't apply them. Export training restrictions can boil down to "If in doubt, don't". If you aren't a lawyer, why take the chance of inadvertently violating a federal law or company policy?
Windows has a fundamental security issue that it cannot spawn nor escalate a security token higher than the parent token. In short, that means to do something as root, you have to be or ask a root process to do it for you.
Is the root process the OS...? I'm going to need an example here, because I'm not really aware of a good reason to elevate your permissions in the middle of a task. So if you cannot spawn a privileged process from within yourself without asking a "root" process (like say... the OS?) why is that a problem? Can you give me an example of a different OS, a parent process spawning a more priveleged process that it fully controls? Or why you'd ever want that? Doesn't that BREAK security? I would really appreciate an example here. I understand the security token concept, and that you cannot just blindly elevate it... because well... that makes sense.... But I don't see the request to this mythical fundamental root process..... For that matter, can you arbitrarily elevate your process to root in the middle of execution without some kind of OS intervention, or say, the OS having to do it for you?
UAC isn't really a privilege escalation function, it's more of a watchdog function that acts as a gatekeeper whenever something asks to write something to certain areas of the system.
I'm not quite sure that you are describing UAC... UAC happens when a process is launched with elevated privileges - AND if properly configured, requires credentials to be entered. Please provide an example of a process that MID PROCESS does this before accessing a system area....
I'll give you a solid example of why: Try creating a service that runs with no privileges, serves many users, and allow said users to execute OS calls as themselves, with only their own privileges. You would want to do this to exploit the OS's security handling and auditing which are certified instead of writing your own. You are allowed to request credentials.
oooook.... So let me understand this, you have a specific use case, which a different OS handles better.... You have not proven that windows security is fundamentally broken, just that this use case is.... And maybe windows isn't the best choice for what you want. Since i haven't done this exact process, I can't speak to its ease or difficulty on any OS... But how is that limitation proof of insecurity? I can't use my TV as a boat, but that doesn't mean its fundamentally broken... or insecure...
AFAIK, dynamic code injection into system code (in-memory) from an unprivileged thread was still possible as in 2008 R2 as of Jan 2010. That dates after the Win7 release. I know, because I considered (only briefly) doing it myself when I was researching the (as of then) undocumented removal of security token manipulation routines.
Still not really sure how easy this is... Since the process security model should not allow this.... Are we talking possible as in "There is a Windows API InjectCodeToMemory(0xaddr,"exec virus")" or, an exploit exists that allows that.... Thanks for the UEFI/EFI clarification... Again... security relevance? Microsoft doesn't make hardware... so this is really just a note that apple introduced a technology... which I guess is proof that Macs are safer? Not really sure on that one... Same with abstraction - how does abstraction = security? more abstraction = larger at
None require a base root process to spawn an escalated privilege process like Windows does, even today in its latest incarnation - it's part of that fundamental insecurity built into the very foundation of windows.
What is that process? UAC is what provides that barrier - much like linux sudo, you don't just get to launch an un-trusted process as root without some confirmation.
All *nix systems can elevate a process by providing proper credentials. So, properly setup, there's almost nothing that can be done on a *nix system unless additional credentials are supplied.
Windows is the same way - when properly set up. IF there is a vulnerable process or binary, that is owned by root, and has the setid bit on, it doesn't matter. No prompting.
There is nothing like Active X on any system but Windows - thank goodness
But there are browser plugins, and just because there is a sandbox, doesn't mean it is impossible to break out.
Regarding DLLs/Shared objects, no OS allows generic dynamic code injection into system code from an unprivileged account, except. of course, Windows
This hasn't been true since the "UAC band-aid". If you are trying to compare current securities, you can't argue that "Windows is insecure because Windows XP is insecure", by that logic, Max OS 9 didn't have ASLR, but that doesn't mean apple is an inherintly insecure platform.
Macs have had EFI, actual process security that didn't need UAC's bandaid, sandboxed processes, and well defined abstraction layers for years.
Why is UAC a band-aid? Is sudo a bandaid? So you want process security, but don't like the fix? I'm a little confused here. While I don't know anything about EFI (except what I found on wikipedia), unless apple has something magic they also call EFI, I don't see how that's relevant. I also don't understand how abstraction layers have anything to do with inherent OS security.... There is a false sense of security by running non-windows. Malware authors are risk-reward. Why write a virus to turn your computer into a mindless zombie but only target a small market share (I won't quote numbers, since I don't know them, and don't feel like looking them up, but Mac market share Windows market share). If most malware authors focus on 1 thing, then that OS will get the hardest hit. On a properly set up system, it isn't easy - the problem is improperly set up systems. If I turn off my AV, turn off UAC, and run as administrator, ya, its gonna be way easier to exploit my system. If I run my linux machine with no root password, and run myself as root, its not going to be secure. Really, I'm more curious on your claims about windows security, because they seem a little bit.... off....
They were doing the equivalent of setting up a ladder on the sidewalk and taking multiple telephoto photos through each house's front windows on each block, in every town, in every state, then compiling and analyzing the data so they could better advertise to each household.
Citation needed.
Good point, I hear ubuntu is the only Linux distribution out there now too. Did they also remove the ability to install packages in 12.04 too?
Citation needed
I never read anything about protocol level blocking - SOPA deals with blocking IP addresses, not specific protocols. Internet site is also defined as
So, from that definition, no. For dedicated to promoting piracy -
So, breaking that down for that definition: A) Targeted at US users
I read as: Sells stuff to US people, or doesn't explicitly prohibit the sale to US citizens (Like a Russian pharmacy, selling only to russians, would not fall under this definition, assuming they made reasonable effort not to deliver to US addresses)
The other provisions above: B)
(I-III) Has a limite
" a foreign Internet site or portion thereof is a `foreign infringing site' if--
(1) the Internet site or portion thereof is a U.S.-directed site and is used by users in the United States;
(2) the owner or operator of such Internet site is committing or facilitating the commission of criminal violations punishable under section 2318, 2319, 2319A, 2319B, or 2320, or chapter 90, of title 18, United States Code; and
(3) the Internet site would, by reason of acts described in paragraph (1), be subject to seizure in the United States in an action brought by the Attorney General if such site were a domestic Internet site."
Which then follows up with:
(2) IN REM- If through due diligence the Attorney General is unable to find a person described in subparagraph (A) or (B) of paragraph (1), or no such person found has an address within a judicial district of the United States, the Attorney General may commence an in rem action against a foreign infringing site or the foreign domain name used by such site.
It also covers:
DEDICATED TO THEFT OF U.S. PROPERTY- An `Internet site is dedicated to theft of U.S. property' if--
(A) it is an Internet site, or a portion thereof, that is a U.S.-directed site and is used by users within the United States; and
(B) either--
(i) the U.S.-directed site is primarily designed or operated for the purpose of, has only limited purpose or use other than, or is marketed by its operator or another acting in concert with that operator for use in, offering goods or services in a manner that engages in, enables, or facilitates--
(I) a violation of section 501 of title 17, United States Code;
(II) a violation of section 1201 of title 17, United States Code; or
(III) the sale, distribution, or promotion of goods, services, or materials bearing a counterfeit mark, as that term is defined in section 34(d) of the Lanham Act or section 2320 of title 18, United States Code; or
(ii) the operator of the U.S.-directed site--
(I) is taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the U.S.-directed site to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code; or
(II) operates the U.S.-directed site with the object of promoting, or has promoted, its use to carry out acts that constitute a violation of section 501 or 1201 of title 17, United States Code, as shown by clear expression or other affirmative steps taken to foster infringement.
And they technically only cover 2 site types for support (ad companies, and payment processors).
Now, IANAL, but that to me says:
1) Site has to be dedicated to promoting piracy. (violating those above codes or counterfeit goods)
2) The operator has to be notified first
3) The operator has to ignore the initial request for action
(Text: http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3261:)
So, a post on a forum would not ACTUALLY be enough to shut the site down, whereas The Pirate Bay would be eligible
Only on Thursdays
Sometimes for work, but never for anything personal. Besides - who uses e-mail for anything anymore?
Downloading my TV shows from the pirate bay so I can stop paying for cable?
If human beings are stupid and corrupt then they will corrupt the institutions (media, school, business, government, activist groups)
FTFY