Much of what you're getting at happens automatically. Question. If it breaks on SCO is that a bug or a feature? (That's without changing any code or documentation;)
IBM is the role-model here, as well as the champion of our battle.
Hogwash! IBM as a disinterested observer is closer to the reality. IBM will, in their own time and for their own purposes do its thing, but for the most part, IBM will just sit back and watch.
Try this for size. Install Linux, install everything, "just in case". Watch security stuff. Disable, uninstall, workaround anything that comes up. See how long you can go without patching or updating anything.
Unix is simply designed and developed much more with security and securability in mind.
From an old fart, I gotta take exception to that. The design is from Multics, which is arguably secure, down to something that is doable on a departmental minicomputer. The design doesn't preclude some degree of security but all the emphasis is on getting something useful done. That said, Unix probably does manage to get the most useable security out of the fewest bits theoretically possible. I suspect that Unix is as simple as it can be and have any pretense to security.
NT does have security "features". It has lots of them, and they take lots of bits. They are stuck in strange places. If I have a lot of files to manage, I will not be using those features. I do a DIR. I see date and time and file size. No security information whatever. Must not be important.
Unix, if I do just an ls, just gives back the file names. If I do an ls -l to see dates and file sizes, back comes a mess of x's and hyphens. Must be important. Further, these are in my face every time I'm looking at files.
Multics was designed to be secure. Unix wasn't. Windows was designed to be able to claim the most "features"
Copy a directory from one place to another, where you don't have permission to read some of the files or write some of the targets. Windows will give a pop-up and die when it runs into trouble. Unix will copy what it can and give you the error messages with it dying breath. Windows security. Even a little bit can be too much. Unix security. I haven't seen it get in the way, and I haven't really got into groups yet. (Big gripe. I can't have NT users and groups with the same name. Stupid.)
the user base for Linux is inherently more systems-savvy and internet-knowledgable than the Windows user base
Probably, but methinks its more fundamental than that. The "magic" is that Linux users should be much less gullible than Windows users.
We're running an NT domain, Word, Outlook, Excel. Unpatched except for service packs ranging from 3 to 6a. Anti-virus only on new computers, where it has been disabled as soon as it gets in the way of anything. A user base nowhere near "systems-savvy". Very few hits, and those few come from the more "systems-savvy". I clean up ONE SoBig whatever and I (still) think it's funny. (I got some good help on that one. Bounce from a Linux machine that was kind enough to return the headers.) My system is extremely insecure but my users are not gullible. Next year they'll still be doing fine while "everybody else" is scrambling trying to play catch-up.
You might be right. The combination of hidden file extensions and using those hidden file extensions to differentiate between executable and non-executable files seems incredibly dangerous.
Seems like hiding HAZMAT labels on tank trucks because they make motorists nervous.
While you're at it, why not have them announce that FSF ftp site was hacked and they didn't find out for 3 months. Linux is not secure either.
Hmmmm, lets think about that one. Hacked for 3 months and apparently nothing altered. I wonder how well Microsoft's sources would stand having their server hacked for 3 months.
I didn't have ANY trouble with SoBig.. or Blaster.. why, because I didn't patch my system. Oh a few things like clobbering Windows Scripting Host and setting things so I see the file extensions, but hardly enough to call it "secured". It's insecure. I know it's insecure.
No one sat around a conference table in a code review and said.... you know what.. this isn't insecure.. we need to change that. But did anyone ever say "this isn't secure.. we need to change that."?
In the design balance between fundamental security and "user experience", has any weight ever been given to security in the design phases? Surely Microsoft does something they call "design" for this stuff.
"you're telling me that a business is trying to get stupid people to click on ads through a little deception?" you're telling me that malware is trying to get stupid people to click on worms through a little deception?
Operating System, Browser, Mail client all desperately want to hide the gory details from the EU. End Users who dutifully believe that if they aren't seeing it it isn't happening.
Maybe I've just got better trained users. No anti-virus software. (Well, some that's rather old and unupdated that nobody bothers to run) I have to clean up something maybe once or twice a year. I mean seriously, look at them. They are booby traps designed to catch boobies.
I hear you, but I'd take the opposite stance. The system you patch today is secure yesterday and insecure tomorrow. You can try to keep up, but consider that the malware writers also have access to the latest anti-virus software. You will never catch up. The only question is how far behind you are.
Antiviral software is virtually a must to avoid the myriad of malware that circulates the WWW Rubbish. This is from NT4 Workstation, running IE and Outlook. Unpatched for last 3 years or so, and from what I've seen lately, unlikely to ever be patched in the future. Secure? Best Practices? Don't be ridiculous! A few tweaks so that viruses don't run so good on it and I'm in better shape to face tomorrows worms than your "properly secured" system.
The vaccination isn't completely effective, since so many people obviously aren't hardening their systems [Emphasis added] Thanks. That's a critical point. Yesterday's anti-virus software is effective against yesterday's viruses. Yesterday's hardening is effective against tomorrow's viruses. The occasional booby that clicks on a booby trap is excusable. Hiding file extensions so that booby traps look safe is not excusable. Hmmmmm, maybe it's all the hiding that Microsoft likes to do that's really the problem.
Still waitin' for the big one, though. Yep. Seems like there is some sort of progression starting with Melissa. Backup early, backup often, backup to as different a system as possible.
Nah, you don't do a declaration. You don't have to do anything. It just becomes irrelevant whether anything works on SCO or not. What will happen is that in all of the minutia (the devil is in the details) everything slowly becomes more and more SCO-unfriendly. Bug? What bug? It works for me. I don't see a bug. If I had anything running on SCO, I'd be looking for a way out. FAST! Time by itself is enough, but I wouldn't rule out someone accidentally on purpose helping it out a bit. Sure it says it's supported, but that doesn't mean that I would do anything, even removing the "supported" notice, about it.
Actually it has. Where does the Secret Service buy food for the president and his entourage? Same places you and I do, but they are unpredictable and are not repeat customers.
Here is a special compiler just for compiling your voting software. Here is a stock compiler from a semi-stale RedHat box.
It'd be a real sweet plum if someone could take "ownership" of linux.
Methinks not.
I suspect that Linux is doing so well for IBM precisely because not only does IBM not "own" it, IBM doesn't even have its own distribution of Linux. Among other reasons, there are problems with single-vendor lockins. IBM does not want to lock itself into a single Linux vendor, even (especially?) if that vendor is IBM itself. I wouldn't "evangelize" IBM, but everything I've seen indicates that IBM has and as far as I know always had a very strong ethical sense. IBM is supporting Linux because the choice from the top was to support it or stop using it. From the other side, that (with a bit of sensitivity on IBM's part) looks close enough. "Pulling the rug out from under Linux"? Nah, completely out of character.
Hmmm, methinks that to have a conspiracy the conspirators must conspire.
IBM spokeswoman Trink Guarino declined to comment on McBride's allegations other than to say, "the open community is completely capable of reacting on its own to SCO's allegations."
I knew there was a reason I'd pretty much given up on patching my Microsoft Windows systems. I'm typing this on my unpatched NT4 Workstation in IE 5 or some such, unpatched of course. Enough works that I can do what I need to do but most everything the worms depend on is broken. I wouldn't call it secure but I think I'm in much better shape to face next months worms than if I were fully patched.
I do. On Microsoft. This is from NT Workstation. Hasn't been patched since Service Pack 5. With a bit of the gizmo-happy stuff crippled I'm probably in much better shape to laugh at the next round of Microsoft wormage than an up-to-date patched XP system. If I never patch the Linux boxes I'm using I will not have the same problems. *NIX boxes are actually better targets. More tools and better stability, but there are also more and better tools to harden it. More importantly, Linux and the BSDs tend to go out of their way to be informative about what is going on rather that going out of their way what is going on. Linux patches also tend to be much, much safer than Microsoft's. They also tend to be sufficiently informative that if there is a hole in a service that you don't want, it's relatively easy just to get rid of it instead of patching it.
Slashdot Mirror
Much of what you're getting at happens automatically.
Question. If it breaks on SCO is that a bug or a feature?
(That's without changing any code or documentation;)
Sabatoged Computer Operations ??
IBM is the role-model here, as well as the champion of our battle.
Hogwash!
IBM as a disinterested observer is closer to the reality.
IBM will, in their own time and for their own purposes do its thing, but for the most part, IBM will just sit back and watch.
There's one problem with yours.
Your middle is undistributed.
Rain in the Sahara: possible.
Rain in Redmond: possible.
Must be dry in Redmond.
In my last job, I was a bit of a security hawk
Try this for size.
Install Linux, install everything, "just in case".
Watch security stuff. Disable, uninstall, workaround anything that comes up.
See how long you can go without patching or updating anything.
Now try it with Windows.
Unix is simply designed and developed much more with security and securability in mind.
From an old fart, I gotta take exception to that.
The design is from Multics, which is arguably secure, down to something that is doable on a departmental minicomputer. The design doesn't preclude some degree of security but all the emphasis is on getting something useful done. That said, Unix probably does manage to get the most useable security out of the fewest bits theoretically possible. I suspect that Unix is as simple as it can be and have any pretense to security.
NT does have security "features". It has lots of them, and they take lots of bits. They are stuck in strange places. If I have a lot of files to manage, I will not be using those features. I do a DIR. I see date and time and file size. No security information whatever. Must not be important.
Unix, if I do just an ls, just gives back the file names. If I do an ls -l to see dates and file sizes, back comes a mess of x's and hyphens. Must be important. Further, these are in my face every time I'm looking at files.
Multics was designed to be secure.
Unix wasn't.
Windows was designed to be able to claim the most "features"
Copy a directory from one place to another, where you don't have permission to read some of the files or write some of the targets.
Windows will give a pop-up and die when it runs into trouble.
Unix will copy what it can and give you the error messages with it dying breath.
Windows security. Even a little bit can be too much.
Unix security. I haven't seen it get in the way, and I haven't really got into groups yet. (Big gripe. I can't have NT users and groups with the same name. Stupid.)
the user base for Linux is inherently more systems-savvy and internet-knowledgable than the Windows user base
Probably, but methinks its more fundamental than that. The "magic" is that Linux users should be much less gullible than Windows users.
We're running an NT domain, Word, Outlook, Excel. Unpatched except for service packs ranging from 3 to 6a. Anti-virus only on new computers, where it has been disabled as soon as it gets in the way of anything. A user base nowhere near "systems-savvy". Very few hits, and those few come from the more "systems-savvy". I clean up ONE SoBig whatever and I (still) think it's funny. (I got some good help on that one. Bounce from a Linux machine that was kind enough to return the headers.) My system is extremely insecure but my users are not gullible. Next year they'll still be doing fine while "everybody else" is scrambling trying to play catch-up.
Or.
...
He has mastered hyperlinking.
As much lookee lookee clikee clikee as has been going on,
Anybody interested can surely copy/type the link into a browser.
You might be right.
The combination of hidden file extensions and using those hidden file extensions to differentiate between executable and non-executable files seems incredibly dangerous.
Seems like hiding HAZMAT labels on tank trucks because they make motorists nervous.
While you're at it, why not have them announce that FSF ftp site was hacked and they didn't find out for 3 months. Linux is not secure either.
Hmmmm, lets think about that one. Hacked for 3 months and apparently nothing altered. I wonder how well Microsoft's sources would stand having their server hacked for 3 months.
Fact: File extensions are still hidden by default.
I didn't have ANY trouble with SoBig.. or Blaster.. why, because I didn't patch my system. Oh a few things like clobbering Windows Scripting Host and setting things so I see the file extensions, but hardly enough to call it "secured". It's insecure. I know it's insecure.
No one sat around a conference table in a code review and said.... you know what.. this isn't insecure.. we need to change that.
But did anyone ever say "this isn't secure.. we need to change that."?
In the design balance between fundamental security and "user experience", has any weight ever been given to security in the design phases? Surely Microsoft does something they call "design" for this stuff.
You touched on something significant.
"you're telling me that a business is trying to get stupid people to click on ads through a little deception?"
you're telling me that malware is trying to get stupid people to click on worms through a little deception?
Coincidence?
by clinging on to an anachronistic method of communication?
When all of the modern stuff doesn't work (due to natural disasters, etc.), the hams manage to get communications through.
Operating System, Browser, Mail client all desperately want to hide the gory details from the EU.
End Users who dutifully believe that if they aren't seeing it it isn't happening.
Maybe I've just got better trained users. No anti-virus software. (Well, some that's rather old and unupdated that nobody bothers to run) I have to clean up something maybe once or twice a year. I mean seriously, look at them. They are booby traps designed to catch boobies.
I hear you, but I'd take the opposite stance.
The system you patch today is secure yesterday and insecure tomorrow. You can try to keep up, but consider that the malware writers also have access to the latest anti-virus software. You will never catch up. The only question is how far behind you are.
Antiviral software is virtually a must to avoid the myriad of malware that circulates the WWW
Rubbish. This is from NT4 Workstation, running IE and Outlook. Unpatched for last 3 years or so, and from what I've seen lately, unlikely to ever be patched in the future. Secure? Best Practices? Don't be ridiculous! A few tweaks so that viruses don't run so good on it and I'm in better shape to face tomorrows worms than your "properly secured" system.
The vaccination isn't completely effective, since so many people obviously aren't hardening their systems [Emphasis added]
Thanks. That's a critical point.
Yesterday's anti-virus software is effective against yesterday's viruses.
Yesterday's hardening is effective against tomorrow's viruses.
The occasional booby that clicks on a booby trap is excusable.
Hiding file extensions so that booby traps look safe is not excusable.
Hmmmmm, maybe it's all the hiding that Microsoft likes to do that's really the problem.
Still waitin' for the big one, though.
Yep. Seems like there is some sort of progression starting with Melissa.
Backup early, backup often, backup to as different a system as possible.
Nah, you don't do a declaration. You don't have to do anything. It just becomes irrelevant whether anything works on SCO or not.
What will happen is that in all of the minutia (the devil is in the details) everything slowly becomes more and more SCO-unfriendly. Bug? What bug? It works for me. I don't see a bug.
If I had anything running on SCO, I'd be looking for a way out. FAST! Time by itself is enough, but I wouldn't rule out someone accidentally on purpose helping it out a bit. Sure it says it's supported, but that doesn't mean that I would do anything, even removing the "supported" notice, about it.
Old problem. Been solved elsewhere.
Actually it has.
Where does the Secret Service buy food for the president and his entourage?
Same places you and I do, but they are unpredictable and are not repeat customers.
Here is a special compiler just for compiling your voting software.
Here is a stock compiler from a semi-stale RedHat box.
The problem is that the sequence of votes is in exactly the same order as the sequence of voters.
It'd be a real sweet plum if someone could take "ownership" of linux.
Methinks not.
I suspect that Linux is doing so well for IBM precisely because not only does IBM not "own" it, IBM doesn't even have its own distribution of Linux. Among other reasons, there are problems with single-vendor lockins. IBM does not want to lock itself into a single Linux vendor, even (especially?) if that vendor is IBM itself.
I wouldn't "evangelize" IBM, but everything I've seen indicates that IBM has and as far as I know always had a very strong ethical sense. IBM is supporting Linux because the choice from the top was to support it or stop using it. From the other side, that (with a bit of sensitivity on IBM's part) looks close enough. "Pulling the rug out from under Linux"? Nah, completely out of character.
But there's no conspiracy against SCO
Hmmm, methinks that to have a conspiracy the conspirators must conspire.
IBM spokeswoman Trink Guarino declined to comment on McBride's allegations other than to say, "the open community is completely capable of reacting on its own to SCO's allegations."
No conspiracy needed.
I knew there was a reason I'd pretty much given up on patching my Microsoft Windows systems. I'm typing this on my unpatched NT4 Workstation in IE 5 or some such, unpatched of course. Enough works that I can do what I need to do but most everything the worms depend on is broken. I wouldn't call it secure but I think I'm in much better shape to face next months worms than if I were fully patched.
Why don't you place the blame where it belongs
I do. On Microsoft.
This is from NT Workstation. Hasn't been patched since Service Pack 5.
With a bit of the gizmo-happy stuff crippled I'm probably in much better shape to laugh at the next round of Microsoft wormage than an up-to-date patched XP system.
If I never patch the Linux boxes I'm using I will not have the same problems. *NIX boxes are actually better targets. More tools and better stability, but there are also more and better tools to harden it. More importantly, Linux and the BSDs tend to go out of their way to be informative about what is going on rather that going out of their way what is going on. Linux patches also tend to be much, much safer than Microsoft's. They also tend to be sufficiently informative that if there is a hole in a service that you don't want, it's relatively easy just to get rid of it instead of patching it.
Until you have to replace a broken ethernet card, take your laptop to a branch office, replace a dead motherboard or cpu.