Wrong. The malware would do nothing. It would affect fake resources.
By definition it would have access to the user's files and be able to interact with the network, which covers about 99% of everything the average piece of malware might want to do.
Unless you want to try and argue the user himself wouldn't be able to run programs that access his own files and the network ?
See the Eros operating system and its derivatives.
I'm not aware of them being used for mainstream, general-purpose computing. Do you have any examples ?
You mean that you don't know any.
No, I don't, though it isn't because I haven't looked. Instead of being a pretentious ass, maybe you could just give some examples ?
Why does the fact that you remember something give you the right to have it for free?
Why should something being "intellectual" property gives its creator the right to dictate how it is used after selling it ? Why should they be allowed all the benefits of an infinite supply, but none of the consequences ?
One part of my job is to do that kind of thing dozens of times a day. It is a useless waste of my will to live. I was able to discover the hid-away setting for how to eliminate the 4th of those boxes, which saves 33% of my sanity.
If you are having to rename files dozens of times a day, the proper solution is to fix the process that is producing files needing to be renamed.
An alternative would be to make sure those files are created with the rename privilege granted to you (or some proxy user). That way you won't have to deal with UAC at all.
Any competent manager (but what competent manager would choose MS) would have to ask, do I again design my new software with MS lockin considering their habit of abandoning their customers?
What habit is that ? As numerous people have pointed out in this discussion, Microsoft strives to a fault *not* to "abandon their customers" - their single biggest selling point is legacy support.
Do you think that kind of backwards compatibility is easy?
Actually if your application developers only use the documented and published APIs, it's pretty easy. Doesn't require any underhanded trickery on behalf of the OS vendor at all.
Full virtualization of system resources per user would allow a user to have full administrator rights over his machine, without compromising the operating system. For example, a user may modify the file kernel32.dll, but it would be a copy of the file that would be modified.
But the malware could still do whatever it wanted within the "virtual session". Practical difference == zero.
Finally, capability-based security has been proven to work brilliantly as a security paradigm.
Proven where ?
You don't need any particular design methods, you only need to use a programming language that has runtime protection for the most basic of flaws, i.e. buffer overflows. Had Microsoft used Ada, instead of C, for example, 99% of the problems would not exist.
The lack of any general purpose OSes written in Ada should help demonstrate the real world isn't so simple.
drivers are not installed from CDs or various internet sites.
Yes they are. Even on Linux systems. It happens often enough on Enterprise servers (and is often required to get meaningful support from the hardware vendor), and would most certainly happen more frequently as Linux became more popular.
Drivers are allowed into kernel space, applications are not.
So, just like Windows then ?
there is no need for a graphical environment.
Irrelevant.
usually, the filesystem does not hide extensions to the user.
This is a function of the shell, not the filesystem, and is basically irrelevant since 99% of people either don't know, or are happy to ignore/change, what the file extension specifies.
nor does any executable have the rights to promote itself to administrator without explicit allowance
Yes they do - SUID and GID bits. Note that Windows has no direct equivalent to this gaping and designed-in security hole, the closest being a UAC whitelist that can be secured by setting UAC to the highest level.
admistration and users are clearly separated by design.
How are they not in Windows ?
groups/users play an important role in unix systems. they are used through and through. there are more than 3+some hidden groups by default.
Not sure what your point is here. Groups are used in Windows as well, but unlike (traditional) UNIX the security model is not fundamentally based on them - and this is a GOOD thing, because it make permissions applicable per-user, rather than per-group.
there are no workaround patches in the OS to get APPLICATIONS running again in a new version. microsoft did adapt their system to partners. the one i remember was sim city.
That was Windows 95. You might want to be a bit clearer as to why this is inherently a problem, as well.
configuration is mostly very well documented. it is commonly accessible on the machine even offline via manpages or info.
Documentation in Linux and most open source applications is, as a general rule, awful. This is especially true if you don't already know what you're doing (since most documentation assumes that and is written as a reference, rather than a guide) and/or cannot read source code (as the typical response to outdated and/or nonexistent documentation is "look at the source").
I never saw my system autostarting something after mounting a CD or USB drive, just because there was a hidden autorun.inf there.
This hasn't been true in Windows for two releases now (at least not by design).
True. Windows95 was the kind of OS which you never plugged into a direct internet connection at ANY TIME because of the EOT bug. I think it was called winnuke. you would have also been instantly infected. Also true, linux was not quite there yet either. I still had this issues with win2k, until my internet got NATed.
Zillions of people happily ran Windows 95 plugged directly into the internet. Also, winnuke was a DoS attack. It crashed the machine, but it didn't allow any remote exploit.
If any OS gets desktop and customer oriented, you have to deal with people downloading stuff, installing it and running it. The greatest security leak is always the user itself.
Correct. The platform itself - particularly for the last decade - has been largely irrelevant. Most security problems occur due to end-user ignorance (and this is as true for professionally run systems as it is for home desktops).
I still think, it's harder to break unix oses by design, [...]
Why ?
I mean come on. We could take over Windows machines for years with an End Of Tape signal across the network, or spreading subnet clients. At least that was the thing when I was in school and win95 got out. Most of us moved on. And every generation had its tools and bots and viruskits:)
I can't say that particular vulnerability rings any bells, but Windows 95 is a completely different animal anyway.
One obvious example is Windows' default behaviour of loading.DLL files from the current directory, which allows you to infect arbitrary executables by starting a program from a directory wihch contains a malware DLL. 'But we can't change that because it will break WhizzbangSoft 2003!'
If you already had the ability to write to the EXE file, why would you bother with the roundabout method of doing it via a DLL load ?
It would be bordering on suicide for Microsoft to lose backwards compatibility -- because people could be swayed to end up someplace else.
And where would they go ? Mac, and pay twice as much ? Linux, and have to deal with vendors who barely give a crap about whether their systems do what the customers want ?
If this bug is as you say, and it exploits "left over junk from older OSes" that only means one thing: there has been more than adequate time for an internal security audit to have found and fixed this bug.
So the day after Windows 8 is released, will that have been "more than adequate time for an internal security audit to have found and fixed" a bug.
Consider the personnel and capital available to the OpenBSD group, then compare that to the personnel and capital available to Microsoft. You're telling me Microsoft couldn't do better than the OpenBSD group?
Are you trying to say there has never been a single bug in OpenBSD that's existed for more than one release cycle ?
Microsoft has the capital to develop a new operating system from the ground up.
They did. It's called Windows NT.
This bolting on of security solutions like UAC isn't going to to cut it anymore.
It's not "bolted on". It's just a more user-friendly interface over the same security capabilities that have existed in the system since it was first released.
I am a technology atheist, so I don't get religious about platforms, but what Apple did by porting OSX for Intel in parallel says volumes about their company.
Windows has been cross-platform for nearly two decades, what does that say about Microsoft ?
Don't just speculate based on false equivalence; don't just make shit up. Prove to me that Linux and Mac OS are not only equally susceptible to malware infection, but that a flood of exploits is the inevitable result of widespread adoption.
Because it's quite possible, and not especially difficult, to run a Windows PC without problems. Clearly, the issues are *not* inherent to the system, otherwise that would be impossible.
This means we need to look elsewhere for the key factors, the two biggest of which are ignorant end users, and buggy third party software. Neither of these are going to change if Linux and/or OS X become dominant.
So hacking personal computers is more lucrative, than, e.g. the servers on the internet?
Yes. By far. In no small part because pretty much everything on the server is also accessible from the clients, but more importantly because the clients are not being managed and protected by trained, responsive professionals, but by ignorant end users.
Obligatory car analogy: Imagine you have to steal 50 cars. Which plan do you think is most likely to succeed:
1. Get 50 guys and break into a car dealership or holding yard with 50 vehicles and drive them all away ?
2. Get 50 guys to go out on the streets and each steal a single car ?
It is interesting, isn't it, that people go to such efforts to find Windows-specific exploits when they could find exploits on other systems with far less effort?
Who said it would be *less* effort ?
But to suggest, as the GP does, that this somehow excuses the appallingly poor security models, practices and culture [...]
For example ?
And that, my friend, is why I find the contention that 'Linux and Mac OS will be just as bad when they get popular' to be inane, misleading and, frankly, intellectually lazy.
The reason it's true is because the biggest security vulnerability in the system is the end user, and the end user isn't suddenly going to change. The second biggest security vulnerability in the system is third party software which, again, isn't going to change.
Only a minority of "exploits" are actually exploiting an unpatched OS flaw.
How much money can you make by compromising the computer of millions of home users, so you can send billions of spam mail hoping a few thousand idiots will give you some credit card information, and not being able to use the cloned cards to buy shit without being profiled and probably arrested at some point?
Considering your chances of getting caught or prevented are basically zero, due to an overwhelmingly large proportion of ignorant users, quite a lot.
Now how much money can you make by compromising a big company's server (a market segment dominated by linux) to steal some industrial secrets and sell that to competitors?
Considering your chances of getting caught or prevented are quite high, due an overwhelmingly large proportion of skilled and knowledgeable users, quite high.
I doubt any serious companies would use a windows machine as a router / firewall to protect it's network. what we can see is that about 99% of all the firewalls installed in the internet to protect windows machines from the outside world are running linux... what does that tell us about the security flaws in windows and linux?
Ignoring the ludicrous assertion that "about 99% of all the firewalls installed in the internet [are running linux]", absolutely nothing, because the risk profile for a router and the risk profile for an end user desktop are nothing alike.
Since Microsoft has a virtual monopoly on operating systems installed on computers you can buy, the vulnerabilities make Microsoft more money because the average person cannot fix an infected computer and buys a new computer with another copy of Windows. See the New York Times article: Corrupted PC's Find New Home in the Dumpster. [nytimes.com]
The average person being unable to fix an infected computer has absolutely nothing to do with Microsoft's "monopoly".
Another solution is to use anti-trust law to make Windows more fair for buyers. Should users of Windows Vista pay for an entirely new version of Windows, when Vista was troublesome and a court case showed that Vista was knowingly released before it was ready? There are only small differences between Windows Vista and Windows 7. Why should users pay for an entirely new copy of Windows?
The differences between Vista and Windows 7 are *at least* as significant as the differences between any two OS X releases, and certainly as big as those between previous Windows releases like 2000 and XP, or XP and 2003.
It is my opinion that the present practices of selling something almost everyone with a computer must have are unfair and against the common welfare.
When has anyone, especially Microsoft, ever cared about them? Even the anti-malware outfits are just exploiting the fundamentally insecure nature of Windows to extract money from those clueless users.
How is it fundamentally insecure ? What features and capabilities are missing ?
It's a sick ecosystem, and I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it.
Its not the penis itself that will cause mental trauma. However accidentally watching slutty nurse cut one up and eat it while beating off a horse, yeah, that will cause trauma... (on that note, fuck you internet)
If anything I want to see legislation that just forces porn makers to label and/or tag all porn. That way not only can I avoid what I don't want to see, but I can find the stuff I do want to see. Its win/win for all.
The problem in this situation isn't the porn makers, it's the fuckwits from places like 4chan who troll with "shock" images and videos.
Slashdot Mirror
Wrong. The malware would do nothing. It would affect fake resources.
By definition it would have access to the user's files and be able to interact with the network, which covers about 99% of everything the average piece of malware might want to do.
Unless you want to try and argue the user himself wouldn't be able to run programs that access his own files and the network ?
See the Eros operating system and its derivatives.
I'm not aware of them being used for mainstream, general-purpose computing. Do you have any examples ?
You mean that you don't know any.
No, I don't, though it isn't because I haven't looked. Instead of being a pretentious ass, maybe you could just give some examples ?
Why does the fact that you remember something give you the right to have it for free?
Why should something being "intellectual" property gives its creator the right to dictate how it is used after selling it ? Why should they be allowed all the benefits of an infinite supply, but none of the consequences ?
So ... I'm sorry, what was your point again?
The source of the problem isn't the system, it's the people and, to a lesser extent, the third party software developers.
One part of my job is to do that kind of thing dozens of times a day. It is a useless waste of my will to live. I was able to discover the hid-away setting for how to eliminate the 4th of those boxes, which saves 33% of my sanity.
If you are having to rename files dozens of times a day, the proper solution is to fix the process that is producing files needing to be renamed.
An alternative would be to make sure those files are created with the rename privilege granted to you (or some proxy user). That way you won't have to deal with UAC at all.
Any competent manager (but what competent manager would choose MS) would have to ask, do I again design my new software with MS lockin considering their habit of abandoning their customers?
What habit is that ? As numerous people have pointed out in this discussion, Microsoft strives to a fault *not* to "abandon their customers" - their single biggest selling point is legacy support.
Do you think that kind of backwards compatibility is easy?
Actually if your application developers only use the documented and published APIs, it's pretty easy. Doesn't require any underhanded trickery on behalf of the OS vendor at all.
Full virtualization of system resources per user would allow a user to have full administrator rights over his machine, without compromising the operating system. For example, a user may modify the file kernel32.dll, but it would be a copy of the file that would be modified.
But the malware could still do whatever it wanted within the "virtual session". Practical difference == zero.
Finally, capability-based security has been proven to work brilliantly as a security paradigm.
Proven where ?
You don't need any particular design methods, you only need to use a programming language that has runtime protection for the most basic of flaws, i.e. buffer overflows. Had Microsoft used Ada, instead of C, for example, 99% of the problems would not exist.
The lack of any general purpose OSes written in Ada should help demonstrate the real world isn't so simple.
And no, the Mac and Linux are not just as vulnerable in that scenario, which you would know if you knew much about Unix-level security.
I know about "Unix-level security" and I fail to see how it's any better in this regard. Please elaborate.
drivers are not installed from CDs or various internet sites.
Yes they are. Even on Linux systems. It happens often enough on Enterprise servers (and is often required to get meaningful support from the hardware vendor), and would most certainly happen more frequently as Linux became more popular.
Drivers are allowed into kernel space, applications are not.
So, just like Windows then ?
there is no need for a graphical environment.
Irrelevant.
usually, the filesystem does not hide extensions to the user.
This is a function of the shell, not the filesystem, and is basically irrelevant since 99% of people either don't know, or are happy to ignore/change, what the file extension specifies.
nor does any executable have the rights to promote itself to administrator without explicit allowance
Yes they do - SUID and GID bits. Note that Windows has no direct equivalent to this gaping and designed-in security hole, the closest being a UAC whitelist that can be secured by setting UAC to the highest level.
admistration and users are clearly separated by design.
How are they not in Windows ?
groups/users play an important role in unix systems. they are used through and through. there are more than 3+some hidden groups by default.
Not sure what your point is here. Groups are used in Windows as well, but unlike (traditional) UNIX the security model is not fundamentally based on them - and this is a GOOD thing, because it make permissions applicable per-user, rather than per-group.
there are no workaround patches in the OS to get APPLICATIONS running again in a new version. microsoft did adapt their system to partners. the one i remember was sim city.
That was Windows 95. You might want to be a bit clearer as to why this is inherently a problem, as well.
configuration is mostly very well documented. it is commonly accessible on the machine even offline via manpages or info.
Documentation in Linux and most open source applications is, as a general rule, awful. This is especially true if you don't already know what you're doing (since most documentation assumes that and is written as a reference, rather than a guide) and/or cannot read source code (as the typical response to outdated and/or nonexistent documentation is "look at the source").
I never saw my system autostarting something after mounting a CD or USB drive, just because there was a hidden autorun.inf there.
This hasn't been true in Windows for two releases now (at least not by design).
True. Windows95 was the kind of OS which you never plugged into a direct internet connection at ANY TIME because of the EOT bug. I think it was called winnuke. you would have also been instantly infected. Also true, linux was not quite there yet either. I still had this issues with win2k, until my internet got NATed.
Zillions of people happily ran Windows 95 plugged directly into the internet. Also, winnuke was a DoS attack. It crashed the machine, but it didn't allow any remote exploit.
If any OS gets desktop and customer oriented, you have to deal with people downloading stuff, installing it and running it. The greatest security leak is always the user itself.
Correct. The platform itself - particularly for the last decade - has been largely irrelevant. Most security problems occur due to end-user ignorance (and this is as true for professionally run systems as it is for home desktops).
I still think, it's harder to break unix oses by design, [...]
Why ?
I mean come on. We could take over Windows machines for years with an End Of Tape signal across the network, or spreading subnet clients. At least that was the thing when I was in school and win95 got out. Most of us moved on. And every generation had its tools and bots and viruskits :)
I can't say that particular vulnerability rings any bells, but Windows 95 is a completely different animal anyway.
One obvious example is Windows' default behaviour of loading .DLL files from the current directory, which allows you to infect arbitrary executables by starting a program from a directory wihch contains a malware DLL. 'But we can't change that because it will break WhizzbangSoft 2003!'
If you already had the ability to write to the EXE file, why would you bother with the roundabout method of doing it via a DLL load ?
It would be bordering on suicide for Microsoft to lose backwards compatibility -- because people could be swayed to end up someplace else.
And where would they go ? Mac, and pay twice as much ? Linux, and have to deal with vendors who barely give a crap about whether their systems do what the customers want ?
I remember when they said that Windows Vista was supposed to be a complete rewrite from the ground up, that there would be amazing XYZ features, etc.
Really ? Can you provide a source ? Because I can't ever remember anyone credible saying that Vista would be a group-up rewrite.
If this bug is as you say, and it exploits "left over junk from older OSes" that only means one thing: there has been more than adequate time for an internal security audit to have found and fixed this bug.
So the day after Windows 8 is released, will that have been "more than adequate time for an internal security audit to have found and fixed" a bug.
Consider the personnel and capital available to the OpenBSD group, then compare that to the personnel and capital available to Microsoft. You're telling me Microsoft couldn't do better than the OpenBSD group?
Are you trying to say there has never been a single bug in OpenBSD that's existed for more than one release cycle ?
Microsoft has the capital to develop a new operating system from the ground up.
They did. It's called Windows NT.
This bolting on of security solutions like UAC isn't going to to cut it anymore.
It's not "bolted on". It's just a more user-friendly interface over the same security capabilities that have existed in the system since it was first released.
I am a technology atheist, so I don't get religious about platforms, but what Apple did by porting OSX for Intel in parallel says volumes about their company.
Windows has been cross-platform for nearly two decades, what does that say about Microsoft ?
Don't just speculate based on false equivalence; don't just make shit up. Prove to me that Linux and Mac OS are not only equally susceptible to malware infection, but that a flood of exploits is the inevitable result of widespread adoption.
Because it's quite possible, and not especially difficult, to run a Windows PC without problems. Clearly, the issues are *not* inherent to the system, otherwise that would be impossible.
This means we need to look elsewhere for the key factors, the two biggest of which are ignorant end users, and buggy third party software. Neither of these are going to change if Linux and/or OS X become dominant.
So hacking personal computers is more lucrative, than, e.g. the servers on the internet?
Yes. By far. In no small part because pretty much everything on the server is also accessible from the clients, but more importantly because the clients are not being managed and protected by trained, responsive professionals, but by ignorant end users.
Obligatory car analogy: Imagine you have to steal 50 cars. Which plan do you think is most likely to succeed:
1. Get 50 guys and break into a car dealership or holding yard with 50 vehicles and drive them all away ?
2. Get 50 guys to go out on the streets and each steal a single car ?
It is interesting, isn't it, that people go to such efforts to find Windows-specific exploits when they could find exploits on other systems with far less effort?
Who said it would be *less* effort ?
But to suggest, as the GP does, that this somehow excuses the appallingly poor security models, practices and culture [...]
For example ?
And that, my friend, is why I find the contention that 'Linux and Mac OS will be just as bad when they get popular' to be inane, misleading and, frankly, intellectually lazy.
The reason it's true is because the biggest security vulnerability in the system is the end user, and the end user isn't suddenly going to change. The second biggest security vulnerability in the system is third party software which, again, isn't going to change.
Only a minority of "exploits" are actually exploiting an unpatched OS flaw.
How much money can you make by compromising the computer of millions of home users, so you can send billions of spam mail hoping a few thousand idiots will give you some credit card information, and not being able to use the cloned cards to buy shit without being profiled and probably arrested at some point?
Considering your chances of getting caught or prevented are basically zero, due to an overwhelmingly large proportion of ignorant users, quite a lot.
Now how much money can you make by compromising a big company's server (a market segment dominated by linux) to steal some industrial secrets and sell that to competitors?
Considering your chances of getting caught or prevented are quite high, due an overwhelmingly large proportion of skilled and knowledgeable users, quite high.
I doubt any serious companies would use a windows machine as a router / firewall to protect it's network. what we can see is that about 99% of all the firewalls installed in the internet to protect windows machines from the outside world are running linux... what does that tell us about the security flaws in windows and linux?
Ignoring the ludicrous assertion that "about 99% of all the firewalls installed in the internet [are running linux]", absolutely nothing, because the risk profile for a router and the risk profile for an end user desktop are nothing alike.
If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?
You don't. I certainly never have.
Since Microsoft has a virtual monopoly on operating systems installed on computers you can buy, the vulnerabilities make Microsoft more money because the average person cannot fix an infected computer and buys a new computer with another copy of Windows. See the New York Times article: Corrupted PC's Find New Home in the Dumpster. [nytimes.com]
The average person being unable to fix an infected computer has absolutely nothing to do with Microsoft's "monopoly".
Another solution is to use anti-trust law to make Windows more fair for buyers. Should users of Windows Vista pay for an entirely new version of Windows, when Vista was troublesome and a court case showed that Vista was knowingly released before it was ready? There are only small differences between Windows Vista and Windows 7. Why should users pay for an entirely new copy of Windows?
The differences between Vista and Windows 7 are *at least* as significant as the differences between any two OS X releases, and certainly as big as those between previous Windows releases like 2000 and XP, or XP and 2003.
It is my opinion that the present practices of selling something almost everyone with a computer must have are unfair and against the common welfare.
It is trivially simple to buy a computer without Windows.
When has anyone, especially Microsoft, ever cared about them? Even the anti-malware outfits are just exploiting the fundamentally insecure nature of Windows to extract money from those clueless users.
How is it fundamentally insecure ? What features and capabilities are missing ?
It's a sick ecosystem, and I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it.
How do you propose they fix it ?
Its not the penis itself that will cause mental trauma. However accidentally watching slutty nurse cut one up and eat it while beating off a horse, yeah, that will cause trauma... (on that note, fuck you internet) If anything I want to see legislation that just forces porn makers to label and/or tag all porn. That way not only can I avoid what I don't want to see, but I can find the stuff I do want to see. Its win/win for all.
The problem in this situation isn't the porn makers, it's the fuckwits from places like 4chan who troll with "shock" images and videos.
More common scenario: Little old lady is messing around in her purse at a family gathering and accidentally shoots one of her grandchildren.
For that matter, why run DOS programs on Windows 3.11?
So you could multitask multiple DOS sessions at the same time, along with your Windows applications, and not have to keep restarting everything.