Vista is a released product, the 2.6.x kernel included development branches... All development of Linux takes place in the open, so any bug found by anyone, even in a development version not intended for end users is publicly documented... On the other hand, MS will not publish bugs which were found during internal development.
Those with the source code are best placed to find bugs, it's more time consuming without... Those who have MS source have no incentive to publish any vulnerabilities at all... If 377 vulnerabilities were found without sourcecode, how many more could be found with it?
What do you do about serious windows design flaws, like unsalted passwords, hash passing and poorly designed protocols which allow such attacks, storage of plaintext passwords in memory (google for mimikatz), poorly designed over complex services that offer far more functionality than required and expose functionality pre-auth etc...
If i couldn't find the manual because the company website was crap, i would be looking to buy a different brand as a replacement. With the exception of Apple, there is very little brand loyalty with laptops - they are all pretty much equivalent and easily swappable.
Only on desktops, which aren't very attractive targets anyway. On servers, supercomputers and embedded devices linux has plenty of marketshare and there are lots of people targeting it.
Windows 8 is not "immune" to 85% of malware any more than Linux is... The malware was simply never written for windows 8 and is subsequently incompatible with it. Once malware is specifically written to target windows 8 the situation will change. Windows 7 also suffered very low malware infection rates when it was first released, it just took a little while for new malware to be written and for it to propagate.
It's not just the command line that is great, it's also text based configuration files...
You can edit them with your tool of choice, copy them around at will, back them up into a revision control system and do diffs on them to see exactly who changed what and when, and most configuration files support a form of comments which are often invaluable. Windows is still severely lacking in this regard.
Speaking of command line, does windows come with an ssh server now so you can actually use the command line remotely, or are you still expected to use remote desktop?
Why wouldn't the bots spoof? Anything that causes misdirection and makes it more difficult to track down the bots is going to decrease the rate at which bots are lost.
Also just because an isp performs egress filtering, doesn't mean you can't spoof other local addresses at the isp... Not quite as difficult to trace, but is likely to result in different machines being assumed to be owned.
Would be even more amusing comparing it against 32bit windows running on that hardware, since it would need to fit everything (including the video ram) into the artificially limited 4gb address space.
User reports a bug or makes a feature request - in regard to a really glaring, obvious issue or shortcoming.
Developer response: WIll not fix. It's more boring than developing new features. (or) it's open source, fix it yourself!
Yeah, brilliant marketing there. Way to win friends (for Microsoft and Apple) and influence people (to go back to proprietary OSes)
In comparison to what? MS simply don't respond at all to most user bug reports or feature requests, unless you are a very large customer that's threatening to move to linux.
Linux developers not only give you a response (albeit not the one you want), but also give you the option of fixing it yourself (or hiring someone else to do so) if it's that important to you.
And i have a box with an nvidia card which when running windows boots into generic VESA, and if you install the nvidia drivers the machine fails to boot at all with a black screen, and you have to boot into safe mode and manually remove the drivers (which requires manual registry hacking)... I have no idea how to make the drivers actually work on this box, i eventually gave up on it.
The fact is there is simply too much varied hardware to support everything smoothly... Windows just comes preinstalled with whatever hacks are required already applied, and most users will never reinstall it themselves.
Trying to find software in a search engine is also extremely risky if you are not technically competent, and results in large numbers of such users being tricked into installing malware. Installing software by hand should be strongly discouraged, and left to people who know what they're doing.
And you don't type anything into a command line from a website, you cut+paste it which is far less error prone than following gui based instructions...
There's a difference between something possible and being a good idea... I have seen samba networks setup with zero ongoing maintenance too...
If you don't maintain your servers, they will become more and more of a security liability as time goes on.
AD domains are terribly insecure at the best of times, find a single box in the domain thats got any vulnerability, exploit it and pull off some hashes then spray them across the network to get more boxes, eventually you own the whole domain. And if you think WSUS will ensure everything is updated, try updating a big network and then go around and thoroughly audit it (ie using something that checks for actual vulns or old file versions rather than querying the windows update apis)... You will usually find that a bunch of updates are marked as installed, when in reality they aren't... And all you need is one vulnerable box.
If this guy truly was located in Lebanon, then the FBI have no jurisdiction over him. And while the Lebanese authorities have jurisdiction, it's unlikely they have the expertise to track down such a criminal, nor are they likely to care.
If anything, the more firewall and ids systems you have, the easier you are to dos... A successful attack only needs to saturate one aspect of the target environment, and most firewall or ids systems are based on old server hardware from a few years ago so when faced with a flood of small packets they will often go down much quicker than the servers behind them. Not to mention all the extra ruleset parsing a typical firewall or ids has to do for each and every packet. I have seen numerous occasions where a dos attack was successful because the firewall simply couldn't cope, while both the line and actual servers could easily have coped with that level of attack.
One thing to consider however, is that attackers will often only hit as hard as they need to... You may be face with what looks like a pitiful 20mbit/sec flood of tiny packets that cripples your firewall, and so long as your site stays offline its unlikely to get any worse than that. But as soon as you successfully filter the attack, whoever's attacking is likely to increase their attack. I have seen a few cases like this, a relatively small attack knocks out one user but leaves the ISP mostly unaffected, but once the ISP filtered it a much larger attack was launched which took the ISP down too.
Buying a proprietary system from a single supplier is actually terrible risk management, where is your second source? what happens if that supplier goes bankrupt, or discontinues the product etc? On the other hand, if every supplier has to comply with the same standards then it makes some sense to go with the market leader, as you still have all the other options as second sources.
Linux seems to do better, at least X11 does since its able to automatically read the DPI of the attached display and size fonts etc appropriately.. Of course that only works if the display actually reports its DPI correctly, which many do not because windows never bothers to read it.
I have the same 3 year old macbook pro, and feel exactly the same about the new retina macbooks... I prefer the 17" form factor, but i also want upgradeable ram and the option to use standard drives.
Linux does have stores in the form of app repositories, and has had then for a lot longer, and most of the apps are free which is even cheaper than "dirt cheap"...
The difference is that of control... MS compete directly against valve and control the platform totally, whereas linux distributions generally don't publish games themselves and there are plenty of other distros to choose from.
Great, only group policies are more for convenience rather than security, a lot of them are implemented very insecurely and are easily bypassed so that turning them on actually does more harm than good by creating a false sense of security.
Slashdot Mirror
Vista is a released product, the 2.6.x kernel included development branches...
All development of Linux takes place in the open, so any bug found by anyone, even in a development version not intended for end users is publicly documented...
On the other hand, MS will not publish bugs which were found during internal development.
Those with the source code are best placed to find bugs, it's more time consuming without... Those who have MS source have no incentive to publish any vulnerabilities at all... If 377 vulnerabilities were found without sourcecode, how many more could be found with it?
What do you do about serious windows design flaws, like unsalted passwords, hash passing and poorly designed protocols which allow such attacks, storage of plaintext passwords in memory (google for mimikatz), poorly designed over complex services that offer far more functionality than required and expose functionality pre-auth etc...
If i couldn't find the manual because the company website was crap, i would be looking to buy a different brand as a replacement. With the exception of Apple, there is very little brand loyalty with laptops - they are all pretty much equivalent and easily swappable.
A significant portion of those firewalls themselves are actually running linux you know...
Only on desktops, which aren't very attractive targets anyway.
On servers, supercomputers and embedded devices linux has plenty of marketshare and there are lots of people targeting it.
Windows 8 is not "immune" to 85% of malware any more than Linux is... The malware was simply never written for windows 8 and is subsequently incompatible with it. Once malware is specifically written to target windows 8 the situation will change.
Windows 7 also suffered very low malware infection rates when it was first released, it just took a little while for new malware to be written and for it to propagate.
It's not just the command line that is great, it's also text based configuration files...
You can edit them with your tool of choice, copy them around at will, back them up into a revision control system and do diffs on them to see exactly who changed what and when, and most configuration files support a form of comments which are often invaluable. Windows is still severely lacking in this regard.
Speaking of command line, does windows come with an ssh server now so you can actually use the command line remotely, or are you still expected to use remote desktop?
Why wouldn't the bots spoof? Anything that causes misdirection and makes it more difficult to track down the bots is going to decrease the rate at which bots are lost.
Also just because an isp performs egress filtering, doesn't mean you can't spoof other local addresses at the isp... Not quite as difficult to trace, but is likely to result in different machines being assumed to be owned.
Would be even more amusing comparing it against 32bit windows running on that hardware, since it would need to fit everything (including the video ram) into the artificially limited 4gb address space.
Some of us were running 64bit systems in the 90s...
However that comparison is based on the old version of the drivers, it would be interesting to see how it performs now with updated drivers.
Oh, and I forgot the most important one:
User reports a bug or makes a feature request - in regard to a really glaring, obvious issue or shortcoming.
Developer response: WIll not fix. It's more boring than developing new features. (or) it's open source, fix it yourself!
Yeah, brilliant marketing there. Way to win friends (for Microsoft and Apple) and influence people (to go back to proprietary OSes)
In comparison to what?
MS simply don't respond at all to most user bug reports or feature requests, unless you are a very large customer that's threatening to move to linux.
Linux developers not only give you a response (albeit not the one you want), but also give you the option of fixing it yourself (or hiring someone else to do so) if it's that important to you.
And i have a box with an nvidia card which when running windows boots into generic VESA, and if you install the nvidia drivers the machine fails to boot at all with a black screen, and you have to boot into safe mode and manually remove the drivers (which requires manual registry hacking)...
I have no idea how to make the drivers actually work on this box, i eventually gave up on it.
The fact is there is simply too much varied hardware to support everything smoothly... Windows just comes preinstalled with whatever hacks are required already applied, and most users will never reinstall it themselves.
Trying to find software in a search engine is also extremely risky if you are not technically competent, and results in large numbers of such users being tricked into installing malware. Installing software by hand should be strongly discouraged, and left to people who know what they're doing.
And you don't type anything into a command line from a website, you cut+paste it which is far less error prone than following gui based instructions...
There's a difference between something possible and being a good idea...
I have seen samba networks setup with zero ongoing maintenance too...
If you don't maintain your servers, they will become more and more of a security liability as time goes on.
AD domains are terribly insecure at the best of times, find a single box in the domain thats got any vulnerability, exploit it and pull off some hashes then spray them across the network to get more boxes, eventually you own the whole domain. And if you think WSUS will ensure everything is updated, try updating a big network and then go around and thoroughly audit it (ie using something that checks for actual vulns or old file versions rather than querying the windows update apis)... You will usually find that a bunch of updates are marked as installed, when in reality they aren't... And all you need is one vulnerable box.
If this guy truly was located in Lebanon, then the FBI have no jurisdiction over him.
And while the Lebanese authorities have jurisdiction, it's unlikely they have the expertise to track down such a criminal, nor are they likely to care.
Until they find out what the tunnel endpoint is, and start hitting that instead...
If anything, the more firewall and ids systems you have, the easier you are to dos...
A successful attack only needs to saturate one aspect of the target environment, and most firewall or ids systems are based on old server hardware from a few years ago so when faced with a flood of small packets they will often go down much quicker than the servers behind them. Not to mention all the extra ruleset parsing a typical firewall or ids has to do for each and every packet.
I have seen numerous occasions where a dos attack was successful because the firewall simply couldn't cope, while both the line and actual servers could easily have coped with that level of attack.
One thing to consider however, is that attackers will often only hit as hard as they need to... You may be face with what looks like a pitiful 20mbit/sec flood of tiny packets that cripples your firewall, and so long as your site stays offline its unlikely to get any worse than that. But as soon as you successfully filter the attack, whoever's attacking is likely to increase their attack. I have seen a few cases like this, a relatively small attack knocks out one user but leaves the ISP mostly unaffected, but once the ISP filtered it a much larger attack was launched which took the ISP down too.
And if the source addresses are spoofed, then what?
Buying a proprietary system from a single supplier is actually terrible risk management, where is your second source? what happens if that supplier goes bankrupt, or discontinues the product etc?
On the other hand, if every supplier has to comply with the same standards then it makes some sense to go with the market leader, as you still have all the other options as second sources.
Linux seems to do better, at least X11 does since its able to automatically read the DPI of the attached display and size fonts etc appropriately..
Of course that only works if the display actually reports its DPI correctly, which many do not because windows never bothers to read it.
I have the same 3 year old macbook pro, and feel exactly the same about the new retina macbooks...
I prefer the 17" form factor, but i also want upgradeable ram and the option to use standard drives.
Linux does have stores in the form of app repositories, and has had then for a lot longer, and most of the apps are free which is even cheaper than "dirt cheap"...
The difference is that of control... MS compete directly against valve and control the platform totally, whereas linux distributions generally don't publish games themselves and there are plenty of other distros to choose from.
And thus make your removable media unusable on anything other than a modern windows box... Hence the need for standards.
Great, only group policies are more for convenience rather than security, a lot of them are implemented very insecurely and are easily bypassed so that turning them on actually does more harm than good by creating a false sense of security.