Slashdot Mirror


User: drsmithy

drsmithy's activity in the archive.

Stories
0
Comments
12,153
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,153

  1. Re:It works both ways, but it's worse for MS on No Defense Against Windows Rootkits? · · Score: 1
    [ ] Enable loadable module support, and build your kernel static

    And don't forget to say goodbye to any vendor certifications after you do...

  2. Re:automated attacks more difficult on No Defense Against Windows Rootkits? · · Score: 1
    The variety makes it much harder to write a worm that is effective againt a significant percentage of Linux boxes.

    Most exploits target userspace code, not the kernel.

    An automated attack against a RedHat box will usually fail miserably against a Slackware box, even if they have the same packages and security configuration (which they probably won't).

    I can't see many reasons why that should be true (assuming they have the same version of some exploitable daemon). A few files being in slightly different (but still quite predictable) places shouldn't slow down well-written code (whether or not it's well written, is another story...). I mean, how often do you bump into a Linux machine without bash, find, grep, perl, awk, etc, etc ?

  3. Re:They keep flogging this outdated line of reason on No Defense Against Windows Rootkits? · · Score: 1
    For one, better user accounts and software that doesn't require root access to run (Windows is just getting there now).

    This is neither a design problem, nor even a Windows problem. Software that (unnecessarily) requires Administrator access to run is the fault of the software developer, not Microsoft/Windows.

    For another, better separation of executables making it very easy to lock out system binaries while still giving access to applications (sbin and bin).

    You mean like, say, %SYSTEM% and %PROGRAMFILES% ?

    Let's not forget that with XP Home, Windows still defaults everyone to being an administrator. I think even Pro does that for the first user created.

    Again, this is not a _design_ issue, it's a default configuration issue. A _design_ issue would be if there were no way of creating non-Admin users (eg: like Windows 9x).

    Maybe, but we're not always talking about social engineering. There are plenty of real software vulnerabilities. Social engineering must be dealt with by proper training.

    It's not just social engineering. An experienced user will not only have a machine that is harder to penetrate, but also be able to identify that a machine has been exploited sooner, and fix it quickly.

    Or, to put it another way, desktop users are highly unlikely to ever know their machine has even been exploited in the first place, let alone fix it.

    Are you conceding that Unix is more secure, but using this as an excuse?

    I'm pointing out why the GP's reasoning is specious. How secure a machine is has 99% to do with the user(s) and software and 1% to do with the OS.

    Even if it's a valid excuse, it still means Unix is more secure, which is all that's important.

    And if life were that simple, you'd have a point - but it isn't. It's just as possible to run a secure Windows machine as it is an insecure unix one. It's the user that has the biggest impact, not the OS.

    I'd say that huge databases of credit card numbers and other personal information is very useful.

    Certainly - it's also very difficult, because the people responsible for the servers know they have a juicy target and treat it appropriately (in both the pre-emptive and reactive sense).

    I reckon that Unix servers are probably the most useful to break into since they're run by banks and the government as well as large corporations.

    And I reckon they're among the hardest to break into and get away with it - thus making them highly unattractive targets.

    Some turd's desktop is ok at sending spam, but the big hackers would be after the big servers.

    "Big hackers" aren't using spyware and web-browser exploits.

  4. Re:They keep flogging this outdated line of reason on No Defense Against Windows Rootkits? · · Score: 0, Troll
    This has been refuted time and again yet the various Windows-friendly analyst continually trot this one out as a rationale for the ( admittedly much improved but still ) relatively weak security design of M$ Windows.

    That design being ?

    Windows leads by a huge margin ON THE DESKTOP. On the server side the disparity, if one exists is a completely different story.

    On the server-side - and particularly the non-Windows server side - the single biggest vulnerability and attack vector - the user(s) - have a substantially different profile.

    Also, since there are many open source versions of Unix, such as Linux, *BSD, and Solaris, some of which have been available for more than a decade, it should have been relatively easy for Windows-loving, Unix-hating programmers to have designed the Unix-slaying, self-propagating daemon years ago. To date, the only thing that has come close was the Morris worm way back in the late '80s.

    Sure, if you ignore the long, glorious history of unix exploits (BIND, Sendmail ? I'm looking at you), that's true.

    Not to mention the significant factor the user demographic plays in the equation. A seasoned unix user is inherently less vulnerable than the average desktop Windows PC user.

    This is before even getting to the simple fact that unix has had 20 years more to harden itself from attackers.

    If Windows represent a bigger target, it SUPPOSEDLY has the "advantage" of being closed-source but the open source Unices, which are fewer in number SHOULD be an easier target.

    Targets are not only chosen because they're easy, but also because they're useful.

    It's time to focus on what the true flaws of each platform are - their relative prevalence is no longer relevant to the discussion ( aka flamefest ).

    Their relative prevalence is fundamental to the discussion - not only from a simple statistical perspective, but also because of the other factors that correlate with prevalence. To say platform prevalance is irrelevant ignores not only common sense, but mathematical fact.

  5. Re:Unacceptable for national defense on No Defense Against Windows Rootkits? · · Score: 1

    c) They are neither with us, nor against us, but looking after their own interests.

  6. Re:Speed limit? on Nuna 3 wins World Solar Cup for the 3rd Time · · Score: 1
    Is there no speed limit in Australia?

    Heh, we can but dream...

    In all Australian states except the Northern Territory (where about half of this race is run) the "default" speed limit on the open road is 100km/h. There are also growing stretches of divided, dual-carriageway (or bigger) highways throughout the country that have posted speed limits of 110km/h (many of equal or better design and condition than German autobahns).

    Also, these speed limits are *brutally* enforced (for example, in Victoria, more than 3km/h over the limit will get you fined - most states will give you up to 10% leeway, however) as the State Governments depend heavily on the revenue raised to balance their budgets.

    In the Northern Territory (from the starting point to about halfware down the course) there is no limit on the open road, although parts (usually around towns) have 100km/h or 110km/h limits. There has been a lot of pressure on the NT government lately to remove the unrestricted speed limits to lower the road toll (even though most of the road deaths aren't due to speeding). Quite frankly, I'm amazed the NT hasn't already jumped on the revenue-raising bandwagon.

    Here in Europe, 90 km/h is the maximum you are allowed to drive outside cities on normal roads.

    But how far is the typical distance you're driving on one of those roads and how common are freeways with higher (if not unrestricted) speed limits ? Australia is a big, sparsely populated country - it's not unheard of to hold 120km/h - 140km/h for _hours_ on the inland roads without even seeing another vehicle and the typical distances between major population centres are well into the 100s of kilometres (probably over 1000km once you venture away from the east coast).

    A lot of tourists don't realise how big this place is - I'll never forget the two US exchange students who I once overheard talking about "flying over to Perth for a day trip" (from Brisbane).

  7. Re:What is the merit of replacing an Exchange serv on Zimbra Collaboration Suite Launched · · Score: 1
    So in the new setup, I used Postfix and Courier IMAP:

    It's great that you were able to replace Exchange with Postfix and Courier, but the simple fact is if your userbase had actually been using the fancy features that make Exchange useful, you wouldn't have been able to.

    The users have only one complaint: they cannot set up an Out of Office auto-responder like they could on Exchange. I thought that was good, and tried to explain why auto-responders range between useless and evil, but had no success. They want it anyway. So I'm setting up vacation in their .forward files when needed, and looking for a good web interface so they can do it themselves. The Webmin interface I tried didn't work well, so I'm still looking, and may have to work on the Webmin module myself.

    Try creating a special "Out Of Office" (or similar) folder in their $MAILDIR, have them save an out-of-office message in that, then use procmail to check if it exists and send it whenever a mail arrives for that user. Depending on your existing setup, it might be easier. More importantly, it's easier for end users to managed without moving outside of outlook.

  8. Re:What is the merit of replacing an Exchange serv on Zimbra Collaboration Suite Launched · · Score: 1
    If Zimbra has a decent Web-based client (can't tell - site is ./ed), then *in theory* those email+browser+scheduler people will only need a Web browser to do their entire job. A Web browser can run on any platform, so they're now independent of Windows and can migrate to a lower cost platform once Zimbra has been bedded in.

    The trouble is, web-based calendaring and email clients all suck (or, at least, every one I've ever tried did). Sure, you could replace the Exchange+Outlook[+AD] combo with some web-based setup, but you probably won't get much support form the people who actually use it intensively (ie: management).

  9. Re:Incorrect assumptions on Zimbra Collaboration Suite Launched · · Score: 1
    You can implement everything that Exchange/Outlook does with other software, cheaper, with more reliability, and on less hardware.

    Really ? How ? Be _specific_.

  10. Re:What is the merit of replacing an Exchange serv on Zimbra Collaboration Suite Launched · · Score: 1
    Exchange's hardware requirements are 10-100x more demanding than an equally-functional setup using, for example, sendmail and dovecot.

    Given "sendmail and dovecot" only prove 1/10th - 1/100th the functionality of Exchange, I'd say that's a fair trade.

    People on Slashdot seem to love saying "Exchange? We can just replace that with {sendmail|postfix|qmail|$MTA} and {dovecot|squirrelmail|courier-imap|$IMAP_SERVER}". I can only assume these people have never actually *used* Exchange, or have never dealt with people who actually use Exchange. Exchange does a hell of a lot more than just bouncing a few emails back and forth.

  11. Re:Fact of Life in Australia on 24 Mb Consumer Broadband Launched · · Score: 1
    P.S Unlike the U.S Australia is not covered all over in HFC/Cable networks for DOCSIS - two telcos discovered in the mid-1990s that no one watches subscription TV and stopped rolling out new cable.

    I think you'll find it's not so much that people don't watch pay TV (although given the cost, I can understand why many don't) - more that satellite can deliver the same service cheaper and easier. For example, my apartment in Toowong, Brisbane (only about 5-6km from the CBD) was "wired" for Foxtel - but the actual signal (for the whole 70-odd unit complex) comes from a single satellite dish on the roof.

  12. Re:Lose, lose situation for RIAA on RIAA Suit Rejected With Prejudice · · Score: 1
    I always thought stealing meant taking something that isn't yours without the permission of the owner.

    When you take something, the victim no longer has it.

    When you copy it, they do.

  13. Re:Recognizing the need for the GPL... on RMS Previews GPL3 Terms · · Score: 1
    Calling everything you disagree with "arbitrary" doesn't validate your position.

    Neither does calling everyone you disagree with a "freeloader".

    It's not arbitrary, [...]

    Copyright laws most certainly are arbitrary. They are inconsistent, have no basis in the physical world and continue to expand their sphere of influence - and duration - for no justifiable reason.

    [...] and it's not circumvention.

    What else would you call coming up with a bunch of arbitrary rules primarily to control the inherent aspects of a something, for the express purpose of trying to make it behave like some other fundamentally different thing ?

    Your fundamental argument is that because the ability exists to do something, it should be legal to do it. This insane position doesn't even merit a response.

    Keep attacking that straw man. They love punishment.

    Which is why we have massive legal alternatives like iTunes which are currently competing with and surpassing piracy.

    I doubt that. Record companies are already trying to jack the prices up and line their pockets further.

    So it seems your arguments about the "obsolete business model" (Slashdot's favorite phrase) are already invalid, having been addressed years ago.

    Addressed by what ? iTunes ? iTunes wouldn't even be selling within an order of magnitude the number of songs that are distributed in a copyright-infringing fashion - and that's just the ways that infringe copyright /today/.

    Funny, your own argument supports the idea of licenses.

    And...?

    You're wrong, of course--CDs are physical goods--but nonetheless, it's amusing you don't even realize it.

    Given that - by your own admission - you have no idea what I'm talking about, it's a bit weird you feel you have the authority to say I'm wrong.

    "CDs" are not the end product of an artist's labour, the music is. Funny how someone using iTunes as an example doesn't understand the difference between "intellectual property" (music) and physical property (a CD).

    You don't really think copyright is unfair.

    Yes, yes I do.

    You just don't like it because it makes you pay for stuff, and you would prefer getting stuff without paying for it. Nothing more.

    In case you haven't noticed, copyright doesn't stop people "getting stuff" without paying for it. And that's before even starting on "getting stuff" in a copyright-infringing manner.

    Hey, I bet you think copyright infringment is the same thing as theft, don't you ?

    No, it's about wanting to get paid for something.

    Over and over and over and over again. Not once. Many times. For the same labour. I can certainly see the attraction - I'd love to work for a week and still be being paid for it 90 years after I die - but it's hardly "fair".

    Nobody is forcing you to pay over and over for something, and frankly, I don't even know what you're referring to.

    Here, I'll paint a picture. Just imagine a big mallet hitting you over the head and it might sink in.

    When an artist produces a piece of work, copyright law allows them to sell copies of that work, and/or certain legal privileges to use that work in ways regular people cannot. They are able to do this multiple times for the same work, because they always retain "rights" to the "original work". Or, in other words, they are able to "sell" their piece of "intellectual property" multiple times.

    This is not at all like physical property, where selling physical property can only be done once, as the seller no longer has the item once it has been sold.

    But, hey, pirates love the "victim" mentality to justify everything.

    Unfortunately, "artists" are usually just as much victims of copyright as consumers are.

    Ah, let's call it "arbitrary" again because we disagree with it. Hey, your position is arbitrary!

    I suggest you consul

  14. Re:Recognizing the need for the GPL... on RMS Previews GPL3 Terms · · Score: 1
    How is wanting to get paid for something you put out on sale "circumventing the inherent nature of intellectual property?"

    It's not. Inventing a bunch of arbitrary rules as to what can and can't be copied, under certain circumstances, using certain methods for certain goals, is the attempt to circumvent the inherent nature of "intellectual property".

    "Intellectual property" is not the same as physical property. The two are fundamentally different. Yet the whole point of copyright is to try and make "intellectual property" the same as physical property, so the same economics principles can be applied to it. This worked back in the day when the conceptual schism between the two was practically invisible (since, typically, "intellectual property" was tied to physical property of some sort - books, tapes, records, etc). Now that it's trivial for *anyone* to quickly, easily and transparently capture and reproduce information, the fundamental difference between physical property and "intellectual property" - and the futility of trying to apply ideas and laws governing the former to the latter - is obvious. Nowhere is this plainer to see than the music industry, where the business model built on the assumption the producing, reproducing and distributing music is expensive and difficult has been obseleted by technology that makes music production (relatively) cheap and easy, and global distribution trivial and fast.

    The product of artists' endeavours are more like a service than a physical good. Copyright is broken because it ignores this and tries to make out artists' products *are* physical goods. Copyright is unfair because it doesn't carry the emulation of physical goods through to conclusion, instead stacking the deck grossly in favour of "intellectual property" producers by only enforcing the "physical property" aspect of the equation on consumers.

    The problem with copyright is that it's not about "wanting to get paid for something", it's about "wanting to get paid for the same thing over and over and over and over again, but only put the effort to produce it in once". I have no problem with paying artists for their work. I have big problems with arbitrary laws that try to control the inherent attributes of information, just so broken business models can be sustained and "intellectual property producers" can make money without working.

    Artists wouldn't like it if copyright went away ? Of course they fucking wouldn't - it would mean they'd have to go out and work every day like real people do, rather than riding the "make it once, sell it until my great-great-granchildren are dead" gravy train.

    I love that you put right in quotation marks. Apparently, a creator has no rights whatsoever over their works.

    They have the "right" to distribute their work to whomever they choose. The don't have any "right" to restrict what those people go on to do with the information they have been given, anymore than the carpenter I buy a desk chair from has the "right" to tell me what I can and can't do with it.

    You're 100% wrong that an artists' rights end after you hear something.

    Legally speaking, yes. Practically and morally speaking, no.

    This issue will *really* come to the forefront once science and technology have advanced sufficiently such that it's possible to "record" and then "replay" arbitrary sensory inputs and memories, or technology like Star Trek's replicators become feasible.

    Thanks for the info. I'll be sure to violate the copyright of the GPL the next chance I get.

    Go for it. I have little more than disdain for the GPL and I think copyright is an obselete, broken concept.

    No, copyright exists to protect the ability for people to sell something and get paid for it [...]

    By using legal constructs to impose artificial scarcity on it because, fundamentally, scarcity - or the appearance of scarcity - is the only system we have for assigning value.

    [...] and prevent getting

  15. Roll your own NAS or SAN on Data Storage For Home? · · Score: 1
    Just get a nice big case (I have one with 15x5.25" bays and 2x3.5" bays). Build a cheap PC out of it (CPU power and RAM aren't particularly important). Then just buy drives as necessary and add them to the storage pool. Run Linux or Windows on it and share the space up with Samba, NFS, or whatever. Investigate iSCSI if you want it to look like a real physical drive on the client side.

    I buy drives four at a time, along with a 4 channel disk controller. I put them into Coolermaster 4-in-3 drive cages that have a big 12cm fan on the front (to keep the drives cool). I RAID5 the drives, then add them to an LVM VG which I use to divvy the space up into LVs as I need it. I started with 4x40GB drives about 5 years ago, then got another 4x120 and recently 4x250. I'm nearly out of space again, I'm just waiting for 300G drives to hit a nice price point before I grab another 4 of them. One luxury I have afforded myself is a second-hand, high end server motherboard with 4 PCI-X busses and 5 PCI-X (+1 PCI) slots, so the RAID rebuilds if/when the machine crashes don't overwhelm the machine and take half a day to finish.

  16. Re:Recognizing the need for the GPL... on RMS Previews GPL3 Terms · · Score: 1
    Just because you think they don't respect customers doesn't suddenly mean artists don't have rights to their music.

    They don't (well, not yet). They have legal _privileges_ bestowed in an effort to circumvent the inherent nature of "intellectual property", making it conform to the only system we have for giving things value - scarcity.

    An artists "right" to control their work ends at my 5 senses. After that, it's just legal semantics.

    Copyright - despite it's name - is not a "right", it's a legal construct. One that was invented back in the days when the creation, reproduction and distribution of even trivial works of "intellectual property" was a tedious, time-consuming and expensive task. It's an anachronism in today's world of quick, easy and cheap production, reproduction and distribution. To say nothing of the ability to easily reach vast audiences that simply wasn't even conceivable when copyright was first created and welfare removing most of the pressure for simple survival. Copyright terms should be getting _shorter_, not longer, to reflect how much easier it is to create and distribute "intellectual property".

    There's a slim chance some sanity might come to the copyright debate once all parties acknowledge it's nothing more than an economics issue, rather than some form of enlightened altruism. Copyright exists to impose scarcity on something that otherwise has none, thus giving it value - not to better society as a whole or engender "human rights".

  17. Re:OSX Virus on Computer Security Still Totally Inadequate · · Score: 1
    You mean like enable a network service or open a port in the firewall?

    You mean the firewall that isn't turned on by default ?

    A user process is quite capable of starting a daemon and making sure that daemon is restarted whenever the user logs in. Since most machines are single user, that's functionally the same as making it part of a system-level startup procedure.

    Added to that, Admin users can write to /Applications, so malicious code run by an Admin would be able to infect everything in /Applications, making it very likely every user on the machine would eventually have their accounts infected.

    There is not much malware that needs root (or sudo) access on Windows, but that is just because everyone is running as an administrator [...]

    Actually it needs 'root' for just the same things on Windows as it does on OS X - not much.

    [...] Admin on windows does not ask for the admin password to perform many operation that it probably should.

    No, it should not. Administrator on Windows and Admin on OS X are completely different things. Administrator on Windows is somewhat similar to root on OS X (but still fundamentally different). The closest Windows analogy to an OS X 'Admin' would be a 'Power User'.

    See above.

    OS X's firewall isn't on by default, so malware would assume that it wasn't on at all. That said, since the firewall is software controlled, any malware could certainly turn it off, possibly requiring the user to enter an Admin password (which, with only a tiny amount of social engineering, most will happily do). Starting up a daemon to listen on the network is trivial. Configuring a program to start whenever a user logs in is also trivial. Scanning through a user's documents for email addresses and mass-mailing malware to them all is trivial. Deleting or modifying the user's data is trivial. Allowing a remote shell to allow an attacker an interactive login is trivial.

    As I said, there's not a lot malware might want to do that it needs root access to do.

    OK, I'll use really small words for you. Windows: users are not prompted for a password. OS X: Users are prompted for a password. I think it is clear that malware is more likely to arouse a user's suspicion if they are running OS X, since it alerts them.

    OS X users are /frequently/ prompted for an admin password - most type it without even thinking, let alone verifying what has asked. Social engineering in such an environment is simple.

    This is assuming they even *need* an Admin password - there's not much malware might want to do that requires anything more than a bog-standard user account (mainly fancy stuff like installing keyboard sniffers, or overwriting low-level system binaries and libraries).

    Please re-read my comments. Outlook has at many times in the past automatically executed scripts attached to mail delivered to it either immediately, when the mail is previewed, or when the mail is opened.

    But never by design, as you claimed - and such bugs have tended to be fixed fairly quickly.

    The last time I bothered to look, it still executed scripts and executables when they were double clicked without providing a warning that they were executable, not data.

    Every version of Outlook has - by default - raised a dialog before executing attachments. Over the years this has gone from a generic "Open or save" to "It's a really bad idea to run attachments you receive as email, you shouldn't do this" (with a default selection of 'Save', not 'Open'). to "I won't let you execute certain types of attachments at all".

    Outlook has never exhibited the behaviour you describe, by design, by default.

    All of the above is a security nightmare which is why pretty much every security conscious company with a clue has banned outlook as an e-mail client.

    Which explains why Outlook is one of the cornerstones of the average busine

  18. Re:And so it begins... on Korean Mozilla Binaries Infected · · Score: 1
    If you run it as root, then you've compromised the entire system. BIG difference between Windows and *nix in that regard.

    Actually, no, the situation is identical.

    Which would you rather lose? The entire system requiring a complete OS and application reinstall?, or your user's home dirs?

    The OS. I can reinstall an OS and applications in an hour or so manually, and half that time in an automated process. Recreating all the data I have access to (and thus could potentially damage) , OTOH, isn't even physically possible.

    Personally, I'm not interested in reinstalling the entire OS and applications. That's stupid. It's much easier to just remove the infected software wipe your users, restore their data and be back up and running in short order.

    Spoken like someone who has never had to actually do it, or works in a *very* small environment. Reinstalling an OS is *trivial* - shit, if you're in anything approaching a well-run environment it'll be a completely automated procedure that requires little more than booting from the network or a specific CD. Recreating user data may not even be possible. Even restoring from backups will likely take a minimum of hours, and probably days, if you have more than a trivial amount (particularly if backups are off-site).

    It's a struggle to think of _any_ scenario where losing user data would be preferable to losing system data.

  19. Re:Lenovo on IBM Thinkpads now in Titanium · · Score: 1
    I am still waiting for something exicting to happen here. When the sale went through I thought that Lenovo would try to break away from the wintel model and do something cool with PPC and linux.

    I'd guess they're more interested in making things people are likely to buy.

  20. Re:OSX Virus on Computer Security Still Totally Inadequate · · Score: 1
    There's a simple answer to that: Just don't make the procedures for installing software from locations other than the distribution maintainer's package repository user-friendly.

    Microsoft do not have this luxury.

  21. Re:OSX Virus on Computer Security Still Totally Inadequate · · Score: 1
    Root users are an extreme rarity, [...]

    This point gets overplayed a *lot*. There's very little that malware needs (or wants) to do that requires root privileges.

    [...] local privilege escalation is non trivial, [...]

    I would propose the local privilege escalation is trivial - just pop up one of those graphical sudo prompts (or a good impersonation thereof) and you've got it.

    [...] and the system does a fair job of restricting access to vital functions via the admin password.

    Like what ? What "vital functions" - from a malware perspective - do you think are protected by the "admin password".

    Many users will just enter it anyway (if they admin their own machine) but not all of them and it is enough to make many users suspicious (possibly helping to identify a virus early).

    Many people are suspicious (or smart) enough to avoid malware on Windows, as well - but they're certainly nothing like a majority.

    Outlook automatically runs all sorts of executable files due to its buggy implementation and automatically fetches remote files from the internet without user intervention, by default.

    This is not correct. Outlook has never automatically executed attachments by default.

    IE has been pounded on again and again and most of the obvious bugs have been shaken out, but it remains a good target because it runs with escalated privileges far beyond what a web browser needs.

    IE runs at the same privilege level as the user (ie: the same "privileges" as any other app, or web browsers on other platforms). Certainly, typically, this is an Administrator - but that's not an *IE* flaw, it's a poor (albeit understandable) choice for the default configuration. IE does not have any "special" privileges, permissions or access - it's just another app.

    Contrast this with Safari and Mail.app and you'll see programs that, while not perfect, at least don't make huge, fundamental security mistakes in their basic architecture.

    The architecture of Safari (+WebCore) is basically identical to IE. Safari has also had a couple of big-ish flaws from an architectural perspective as well, IIRC.

    OS X does make it difficult to create a successful virus or worm.

    Not really. The biggest technical obstacle is a lack of listening network servces by default - and that only protects again remotely propogating worms (interestingly, OS X ships with the firewall *off*). There's very little to stand in the way of user-installed malware, the type typically found on Windows machines.

  22. Re:Are you sure? on Mini-Microsoft Shakes Things Up · · Score: 1
    MS's character flaw is hubris, the "We know it all, we know what's best for everyone,.. we are above the law... we are can do no wrong... etc." attitude that they swagger around with and sneer at everyone else.

    Hang on, I thought that was Apple ?

  23. Re:OSX Virus on Computer Security Still Totally Inadequate · · Score: 4, Insightful
    I've been an OSX user for nearly 5 years. Still waiting...

    So am I, but I don't kid myself the lack of OS X viruses is because of something in the OS making them impossible (or even difficult) to create.

  24. Re:A corporate IT disaster on Computer Security Still Totally Inadequate · · Score: 1
    So, supposing for a minute, that one had an interest in partaking in such matters (which I don't), and that one also had sufficient motive for such irresponsible behaviour (which I haven't), how would one go about composing such a combination of Slammer and a BIOS eraser?

    No need for anything so complicated. Just sent a company-wide email (from somebody else's account, of course) with some sort of destructive attachment (BIOS eraser, hard disk formatter, recursive file deleter (don't forget any mapped network shares), etc). Make the subject line something like:

    "Video of $HOT_SECRETARY and $HOT_MIDDLE_MANAGER blowing $MARRIED_UPPER_MANAGER at the Christmas party"

    (Substitute site-localised names as appropriate).

    I guarantee you'd wipe out about 3/4 of the machines in the typical office.

  25. Re:OSX Virus on Computer Security Still Totally Inadequate · · Score: 1
    Sure there are people who would type in their admin password for something like an applet on a web page...... There are also people who drive their cars into brick walls. I don't worry that the former could bring down the Internet, any more than I worry about the latter stopping highway traffic.

    You should, because that's how most of that Windows malware gets installed.

    It amazes me, after all the evidence to the contrary, that there are still people out there who think most users won't install and run any software that pretends to be even marginally interesting and that "but they have to type in an admin password" is actually seen as an effective security measure.