I doubt they would make much money if they ported their stuff over to unix... Most of their users are locked into the whole stack, if you ditch one part of it then suddenly the lock-in starts working against them because their products tend not to work very well with anything else, for instance exchange has lousy imap support, and you cant even access the calendar using anything like caldav, your stuck using the web interface... So if you use exchange, you have to keep outlook and to do that you also have to keep windows clients.
If you ditch exchange then outlook makes a really poor imap client, and won't support a calendar with anything but exchange unless you add plugins to it..
AD is basically just an ldap service with a gui on top, but its let down by an insecure backend, ie passwords stored using ntlm, an auth system that lets you use the hashes without cracking them (google pass the hash), unless you have a pure windows network active directory is a hassle and a big unnecessary security risk, there are much better options out there.
MSSQL is nothing special either, people use it because it integrates with other ms stuff... as a standalone database, theres always oracle, postgres, mysql or db2 at least one of which would be a better choice for virtually any scenario not requiring tight integration with existing ms products.
Take a given piece of malware and upload it to virustotal.com... Most malware gets missed by at least one common AV product, usually more than one... So the question is, how much malware has gotten through and not been blocked by whatever AV you use?
The worst thing is ads that have sound, i find them EXTREMELY intrusive and generally block such ad brokers immediately... I like to open lots of tabs in the background (eg as i scroll down a list of news articles somewhere) and trying to work out which one is offending my ears is a huge pain.
IE is down from 95% of the target audience to about 50% or less in some places, it becomes less attractive to target... Firefox is at about what, 40%? Less attractive target...
On the other hand, flash is still present on 95% of systems regardless of what browser they run, as is acrobat reader and java so the attackers just cast their net in the biggest pond.
Windows still makes up 95% too, so its still the primary target.
As you pointed out, you still got infected despite being up to date and following best practices, and i've seen many other cases of this. What it basically tells me, is that the currently established "best practices" are flawed.
It seems the best way is simply to move yourself out of the target area, you used to be able to do that by ditching IE and using Firefox, but these days ditching windows is probably the only way. Ofcourse there's no way to tell how long (depending what you replace it with) this strategy will be effective.
Work out the address ranges allocated to your local area, and arrange for some ddos attacks to saturate most of their connections all month, then the average will be extremely high... Or just pool resources with your neighbours, if you all download huge amounts that will push the average up too.
Be careful with that, even tho you have no formal overdraft facility some banks will give you an "unarranged overdraft" and charge you stupid fees for it... I used to use a card with an extremely low credit limit for online purchases, until i found that the credit limit isn't the limit that you can spend, its just the limit that you can spend without being charged extra fees.
Well, "full disk encryption" is all the rage these days, despite its obvious flaws...
And if the files are already on a disk you control then logging is easily circumvented, logging is only effective when data has to be downloaded from somewhere else not under the control of an attacker.
And then theres backdoors, at the very least legit users need access to the files which comprise the OS, which would probably be shared with other (perhaps more privileged) users, the unprivileged user could then modify the files to add a backdoor and wait for someone with a higher clearance level to enter their keys.
Doesn't really matter, you can copy the files to the local drive and then take the local drive or boot the system up from alternative media to access the data and copy it to external storage... Sure you could encrypt the drive, but then again this is an attack being carried out by a legitimate user who therefore must have access to the encryption key in order to boot the host.
Most setups i've seen would also let you access network resources, so you take a small network storage device and plug it in via ethernet using a crossover cable or connect it to a spare network port elsewhere.
Or you could print data out, most networks give you a facility to print... Or email for that matter.
And if all else fails, a small camera pointed at the screen works just fine. Most mobile phones have such cameras built in these days, so you not only have a camera but also the ability to transmit the data off site immediately.
The problem for high ranking military officers (and high ranking business executives etc) is that they do not have a technical background, and have to rely on what other people tell them. Many of the people claiming to have technical knowledge aren't as good as they claim to be, and there are countless vendors out there who will blatantly lie to get a sale, safe in the knowledge that the people making the purchasing decision don't know any better.
You have a combination of unscrupulous vendors, incompetent staff (whos incompetence is never exposed because despite being incompetent they know more about it than anyone else there) and a large amount of lock in to existing flawed technology... The end result is that security in virtually all office type environments is fundamentally flawed, and then you have vendors offering products that at best are band aids to cover one or two of the flaws in the fundamentally flawed design only the vendors market them as "the solution to all your security needs"... Now noone wants to rip out the crufty band aided to hell mess they have already and replace it, so they keep adding as many more band aids as they can afford, each time being conned by a vendor into thinking this will be the last.
As i understand it, "leaking information to third parties" was already banned, so anyone looking to do that is already breaking the rules wether they use removable media, steal the internal hard drive, transfer data out over the network, take photographs of the screen or even just print it out...
Banning the use of removable media just makes life harder for those people who do want to play by the rules and do their job efficiently. People who want to steal data will just find a different way to do it.
And this assumes they enforce the banning of removable media effectively, most deployments i saw just had a program running designed to disallow you access to removable media devices, but if you can make this program crash then everything opens up.
If your iphone was unlocked, you could have bought a prepaid simcard for 1GBP and put 10GBP of credit on it. Depending on the provider, 10GBP will buy you 1gb of data or so.
Many countries i visit have the exact same companies operating the mobile networks, and yet they still charge extortionate fees... If you were to buy the most expensive prepaid service in the country your visiting it would still be cheaper than roaming... So given that the operator is clearly willing to offer service at such rates, it's purely a ripoff that roaming is so expensive. It's not like your getting anything extra, since while your roaming you clearly aren't using the service in your home country either.
Incidentally, i think blackberry have deals with various carriers for data usage, since blackberry roaming data seems to be a LOT cheaper than regular data roaming services.
MS have their customers locked in, Sun did not... In order to make money with an expensive product in the face of massively cheaper or free competition you need either a compelling product which is significantly enough better to be worth the price, or some leverage over your customers in order to force them back.
The point of DRM is not even to delay piracy, the purpose of DRM is to stop "casual piracy", that is a kid in school making a quick copy for his friends.
DRM does nothing to stop the organized piracy, where pre-release copies of games will often be leaked such that cracked pirate copies are actually available *BEFORE* non pirated ones. Similarly, many of the people who download pirated games simply wouldn't play the game at all if a cracked copy wasn't available.
Instead, DRM concentrates on extracting maximum revenue from those who are willing to part with it
Many games are available for download before their official release date, this gives those who play the cracked copies plenty of time to identify, report, and have fixed any such bugs. I know several people who are unemployed and really have nothing better to do all day than play the latest cracked games (being unemployed theres no way they could afford to buy games), and due to the shear level of practice they get they are able to complete most games pretty quickly.
Law enforcement is not really going to care about a user running a cracked game... Actually distributing cracked games, potentially for profit perhaps, but simply running one isn't worth their time.
It makes sense to take up space at the sides since wide aspect screens are becoming increasingly common... By contrast, the way windows 7 has a thicker bar at the bottom and thicker window borders/titles just seems totally ridiculous with the current trends towards widescreen.
Well the same is true anywhere, the more potential users a given piece of software has the more interest there is in developing it...
Commercial software works the same way, something with mass market appeal is highly likely to be developed and either result in multiple competitors or serious effort to stifle competition... But something small with a very limited market either won't exist at all, or will be extremely expensive if that niche market has the money to pay for it. Niche products also tend to be rather buggy.
OSS serves certain niches very well, ie those niches occupied by technically minded people who are capable of writing what they need for themselves... Other niches are served somewhat less well because those who would be capable of producing software have no need for it, and those who need it aren't capable of writing it.
You also get a lot of businesses and individuals using software which is extremely poorly suited to their needs because they aren't able to customise it for themselves, and the only people who would be capable of doing so aren't willing to.
I'm sure there are many things that could be improved by being computerized, but where the people capable of producing such software either don't realise or don't care.
Sony are arguably worse, because they initially offered this option and then later made you choose which of the consoles features you'd like to keep. You used to be able to dual boot with linux *AND* play games, however if you keep linux then no modern games will run anymore.
MS/Nintendo never offered the ability to run linux as a feature, and they still offer all of the features they ever did.
Criminal gangs often have mules to collect and launder money for them, these mules are often unsuspecting victims of scams too.
The criminals behind the scams are also often located in countries with very lax law enforcement that either doesn't care about the crimes taking place, or only care that they get their bribes from the criminals.
Not running executables from unknown sources is perfectly practical advice on linux systems where your downloading cryptographically signed packages from the vendor of the distro you already have installed (and therefore already trust)... Similarly on most modern phones which have integrated app stores..
But what about on osx and windows where no such repository exists, and where the default installs are severely lacking in useful applications?
The problem with remote backup, is the bandwidth requirements... Most home users have extremely poor upstream connectivity, so uploading all your data to a remote server is not a terribly practical idea.
I use an external (wireless) networked drive to backup my laptop, so whenever i'm at home it gets backed up automatically... This has saved me from hardware failure and would potentially save me from theft if someone stole my laptop (they are less likely to find the wireless drive which is hidden away in the loft, plus the laptop is more likely to be stolen when its not at home).
Even offsite backup is not foolproof against malicious attack, your machine has to send the data to the offsite system which is storing the backups, a malicious attacker could modify the backup process to write garbage without you noticing.. Also with many remote backup setups, you will typically administer the service from the same machine so again a malicious attacker could steal your login details to the backup service and remove/corrupt the data you have stored there.
So basically the courts are propping up a flawed business model operated by a large telco... Most telcos tie subsidised phones to a long contract to recoup the cost, this model just doesn't work with prepaid phones which is why telcos usually offer massively inferior phones on prepaid plans.
I doubt they would make much money if they ported their stuff over to unix...
Most of their users are locked into the whole stack, if you ditch one part of it then suddenly the lock-in starts working against them because their products tend not to work very well with anything else, for instance exchange has lousy imap support, and you cant even access the calendar using anything like caldav, your stuck using the web interface... So if you use exchange, you have to keep outlook and to do that you also have to keep windows clients.
If you ditch exchange then outlook makes a really poor imap client, and won't support a calendar with anything but exchange unless you add plugins to it..
AD is basically just an ldap service with a gui on top, but its let down by an insecure backend, ie passwords stored using ntlm, an auth system that lets you use the hashes without cracking them (google pass the hash), unless you have a pure windows network active directory is a hassle and a big unnecessary security risk, there are much better options out there.
MSSQL is nothing special either, people use it because it integrates with other ms stuff... as a standalone database, theres always oracle, postgres, mysql or db2 at least one of which would be a better choice for virtually any scenario not requiring tight integration with existing ms products.
Take a given piece of malware and upload it to virustotal.com... Most malware gets missed by at least one common AV product, usually more than one...
So the question is, how much malware has gotten through and not been blocked by whatever AV you use?
The worst thing is ads that have sound, i find them EXTREMELY intrusive and generally block such ad brokers immediately...
I like to open lots of tabs in the background (eg as i scroll down a list of news articles somewhere) and trying to work out which one is offending my ears is a huge pain.
Malware will always target the largest audience..
IE is down from 95% of the target audience to about 50% or less in some places, it becomes less attractive to target... Firefox is at about what, 40%? Less attractive target...
On the other hand, flash is still present on 95% of systems regardless of what browser they run, as is acrobat reader and java so the attackers just cast their net in the biggest pond.
Windows still makes up 95% too, so its still the primary target.
As you pointed out, you still got infected despite being up to date and following best practices, and i've seen many other cases of this. What it basically tells me, is that the currently established "best practices" are flawed.
It seems the best way is simply to move yourself out of the target area, you used to be able to do that by ditching IE and using Firefox, but these days ditching windows is probably the only way. Ofcourse there's no way to tell how long (depending what you replace it with) this strategy will be effective.
Work out the address ranges allocated to your local area, and arrange for some ddos attacks to saturate most of their connections all month, then the average will be extremely high...
Or just pool resources with your neighbours, if you all download huge amounts that will push the average up too.
Be careful with that, even tho you have no formal overdraft facility some banks will give you an "unarranged overdraft" and charge you stupid fees for it...
I used to use a card with an extremely low credit limit for online purchases, until i found that the credit limit isn't the limit that you can spend, its just the limit that you can spend without being charged extra fees.
Well, "full disk encryption" is all the rage these days, despite its obvious flaws...
And if the files are already on a disk you control then logging is easily circumvented, logging is only effective when data has to be downloaded from somewhere else not under the control of an attacker.
And then theres backdoors, at the very least legit users need access to the files which comprise the OS, which would probably be shared with other (perhaps more privileged) users, the unprivileged user could then modify the files to add a backdoor and wait for someone with a higher clearance level to enter their keys.
Doesn't really matter, you can copy the files to the local drive and then take the local drive or boot the system up from alternative media to access the data and copy it to external storage...
Sure you could encrypt the drive, but then again this is an attack being carried out by a legitimate user who therefore must have access to the encryption key in order to boot the host.
Most setups i've seen would also let you access network resources, so you take a small network storage device and plug it in via ethernet using a crossover cable or connect it to a spare network port elsewhere.
Or you could print data out, most networks give you a facility to print... Or email for that matter.
And if all else fails, a small camera pointed at the screen works just fine. Most mobile phones have such cameras built in these days, so you not only have a camera but also the ability to transmit the data off site immediately.
The problem for high ranking military officers (and high ranking business executives etc) is that they do not have a technical background, and have to rely on what other people tell them. Many of the people claiming to have technical knowledge aren't as good as they claim to be, and there are countless vendors out there who will blatantly lie to get a sale, safe in the knowledge that the people making the purchasing decision don't know any better.
You have a combination of unscrupulous vendors, incompetent staff (whos incompetence is never exposed because despite being incompetent they know more about it than anyone else there) and a large amount of lock in to existing flawed technology...
The end result is that security in virtually all office type environments is fundamentally flawed, and then you have vendors offering products that at best are band aids to cover one or two of the flaws in the fundamentally flawed design only the vendors market them as "the solution to all your security needs"...
Now noone wants to rip out the crufty band aided to hell mess they have already and replace it, so they keep adding as many more band aids as they can afford, each time being conned by a vendor into thinking this will be the last.
As i understand it, "leaking information to third parties" was already banned, so anyone looking to do that is already breaking the rules wether they use removable media, steal the internal hard drive, transfer data out over the network, take photographs of the screen or even just print it out...
Banning the use of removable media just makes life harder for those people who do want to play by the rules and do their job efficiently. People who want to steal data will just find a different way to do it.
And this assumes they enforce the banning of removable media effectively, most deployments i saw just had a program running designed to disallow you access to removable media devices, but if you can make this program crash then everything opens up.
If your iphone was unlocked, you could have bought a prepaid simcard for 1GBP and put 10GBP of credit on it. Depending on the provider, 10GBP will buy you 1gb of data or so.
Not all countries require you to give out any information to get a sim card, and yet you don't get cheaper roaming in those countries...
Many countries i visit have the exact same companies operating the mobile networks, and yet they still charge extortionate fees... If you were to buy the most expensive prepaid service in the country your visiting it would still be cheaper than roaming...
So given that the operator is clearly willing to offer service at such rates, it's purely a ripoff that roaming is so expensive. It's not like your getting anything extra, since while your roaming you clearly aren't using the service in your home country either.
Incidentally, i think blackberry have deals with various carriers for data usage, since blackberry roaming data seems to be a LOT cheaper than regular data roaming services.
MS have their customers locked in, Sun did not...
In order to make money with an expensive product in the face of massively cheaper or free competition you need either a compelling product which is significantly enough better to be worth the price, or some leverage over your customers in order to force them back.
The point of DRM is not even to delay piracy, the purpose of DRM is to stop "casual piracy", that is a kid in school making a quick copy for his friends.
DRM does nothing to stop the organized piracy, where pre-release copies of games will often be leaked such that cracked pirate copies are actually available *BEFORE* non pirated ones. Similarly, many of the people who download pirated games simply wouldn't play the game at all if a cracked copy wasn't available.
Instead, DRM concentrates on extracting maximum revenue from those who are willing to part with it
Many games are available for download before their official release date, this gives those who play the cracked copies plenty of time to identify, report, and have fixed any such bugs.
I know several people who are unemployed and really have nothing better to do all day than play the latest cracked games (being unemployed theres no way they could afford to buy games), and due to the shear level of practice they get they are able to complete most games pretty quickly.
Law enforcement is not really going to care about a user running a cracked game...
Actually distributing cracked games, potentially for profit perhaps, but simply running one isn't worth their time.
It makes sense to take up space at the sides since wide aspect screens are becoming increasingly common...
By contrast, the way windows 7 has a thicker bar at the bottom and thicker window borders/titles just seems totally ridiculous with the current trends towards widescreen.
You mean the same fundamental way in which windows moved the close button to the top right with 95?
By your reckoning, you should just use a mac since macos has always kept the close button in the top left.
Well the same is true anywhere, the more potential users a given piece of software has the more interest there is in developing it...
Commercial software works the same way, something with mass market appeal is highly likely to be developed and either result in multiple competitors or serious effort to stifle competition...
But something small with a very limited market either won't exist at all, or will be extremely expensive if that niche market has the money to pay for it. Niche products also tend to be rather buggy.
OSS serves certain niches very well, ie those niches occupied by technically minded people who are capable of writing what they need for themselves... Other niches are served somewhat less well because those who would be capable of producing software have no need for it, and those who need it aren't capable of writing it.
You also get a lot of businesses and individuals using software which is extremely poorly suited to their needs because they aren't able to customise it for themselves, and the only people who would be capable of doing so aren't willing to.
I'm sure there are many things that could be improved by being computerized, but where the people capable of producing such software either don't realise or don't care.
Sony are arguably worse, because they initially offered this option and then later made you choose which of the consoles features you'd like to keep.
You used to be able to dual boot with linux *AND* play games, however if you keep linux then no modern games will run anymore.
MS/Nintendo never offered the ability to run linux as a feature, and they still offer all of the features they ever did.
Criminal gangs often have mules to collect and launder money for them, these mules are often unsuspecting victims of scams too.
The criminals behind the scams are also often located in countries with very lax law enforcement that either doesn't care about the crimes taking place, or only care that they get their bribes from the criminals.
Not running executables from unknown sources is perfectly practical advice on linux systems where your downloading cryptographically signed packages from the vendor of the distro you already have installed (and therefore already trust)...
Similarly on most modern phones which have integrated app stores..
But what about on osx and windows where no such repository exists, and where the default installs are severely lacking in useful applications?
The problem with remote backup, is the bandwidth requirements...
Most home users have extremely poor upstream connectivity, so uploading all your data to a remote server is not a terribly practical idea.
I use an external (wireless) networked drive to backup my laptop, so whenever i'm at home it gets backed up automatically... This has saved me from hardware failure and would potentially save me from theft if someone stole my laptop (they are less likely to find the wireless drive which is hidden away in the loft, plus the laptop is more likely to be stolen when its not at home).
Even offsite backup is not foolproof against malicious attack, your machine has to send the data to the offsite system which is storing the backups, a malicious attacker could modify the backup process to write garbage without you noticing..
Also with many remote backup setups, you will typically administer the service from the same machine so again a malicious attacker could steal your login details to the backup service and remove/corrupt the data you have stored there.
So basically the courts are propping up a flawed business model operated by a large telco...
Most telcos tie subsidised phones to a long contract to recoup the cost, this model just doesn't work with prepaid phones which is why telcos usually offer massively inferior phones on prepaid plans.