Re:Oh, stop with the Windows security remarks alre
on
Clever New Windows Worm
·
· Score: 2, Insightful
Uh, no.
It really makes me sick when linux people automatically refer to Win9x. In NT, you need to be an Administrator to do that kinda stuff. Not a User. And, yeah, if you live in a cave, WinNT ACLs are a far more advanced permissions system than *nix ever dreamed.
So if I wrote and compiled an EXE that did crazy s*it, it's automatically a "clever new windows worm"? This isn't unique --- virii have had SMTP engines in them before. Ooh, I got an idea!!!!
rem --- cool.cmd ---
echo y | format c:/u
There you go Slashdot, a clever new trojan! All you gotta do is run it.
Also, who snooping around their windows directory wouldn't be suspicious of something named 'Winl0g0n.exe' -- I mean, come on.
For all you Linux-heads that haven't installed XP, the installer determines by asking you if you are connected directly to the Internet or if you are connected to a LAN --- if you're directly connected, YOUR CONNECTION IS AUTOMATICALLY FIREWALLED. Which means, that if MS did its math correctly, most people connecting to the Internet should already be protected, patch aside.
Now, what if you're on a LAN? You should already be behind a firewall. So theoretically the only people vulnerable are corporate users vulnerable from attacks INSIDE the company. That narrows it down, doesn't it?
Ooooh, it's a bug!! So what?!? I believe "security by obscurity" has proven to work this time. When did/. hear about this bug? Today. When was the patch released? Prolly before we heard about it. Nuff said.
But then, you know, Linux doesn't have bugs (eyeroll). Why is it that when Win* has bugs, it's headline news on/., but all the bugs in the 2.4 kernel go unnoticed? Oh yeah, heh, I forgot, this is Slashdot. Honestly, guys, grow up.
Like all the Linux boxen running pretty much any version of wu-ftpd and vulnerable versions of BIND (and there are A LOT) are safe. Hah. Why don't you look at the fact before you start posting flamebait......
You know, this Magic Lantern thing will sure make life boring. Whatever happened to the good ole days when the feds actually had to sneak in your house and plant a bug inside your coffeemaker (like in all those cool 80s action movies)? Man the feds are sure getting lazy.
Why can't Linux software include a copy of the dependencies with it? This is anagolous (sp?) to people supplying VB programs in Win32 without the runtime modules. Why can't people switch to a format like InstallShield --- it checks for dependencies and installs them if a newer version is needed, instead of making you get it yourself. Ever remember a program in Windows asking you to go fetch the latest version of MSVCRT.DLL or the latest version of QuickTime yourself? No, most included a version of its dependencies, and installed them if they weren't found -- else it aborted if newer versions were already installed.
Although software writers need to be more versatile at this... I think I have 3 (yes, three) versions of QuickTime installed on my Win2k box. Why? Cause some programs are too stupid to know if they can utilize a new version or not. Actually, QuickTime is the only program off the top of my head that I can remember that is pretty bad about this.
From slackware complaining that it's missing every.o file on the planet, to Red Hat bitching that I need a new version of RPM (and the new version of RPM telling me that I need another dependency... and so on) I've seen it all. But I hear there's this new Linux XP® coming out that'll solve all my problems! All I need to do is upgrade...
Before half of./ creams their jeans, let's get the facts straight:
Entering via the Internet, the "hackers" found they could break many of the passwords protecting accounts, using a tool called a "cracker." Many of the passwords, according to the report, were easy to guess, particularly one -- "passwd" -- which was frequently used.
This had nothing to do with the fact that they were running IIS, Apache, Joe's Web Server, etc. The issue was weak database passwords.
I think I might drop them an e-mail, saying that they don't have the permission to put cookies on my machine unless they have signed a verbal agreement with me. Whaddya think?
And there's not reason to compare everything you dislike to Microsoft. That radio keylock is a Honda option, nobody forced you to buy it, nobody is keeping you from removing that option from your car, and so on. A little time with a pair of diags and a soldering iron will remove the problem forever.
Excellent point. But, people bitch and moan all the time about IE's integration with Windows. Whatever stopped you from typing del iexplore.exe, hmm?
Could it lead to quantum luggage scanners at the airport?
I don't believe so. I personally feel the problem with airport security is not the type of equipment used, but the incompetence of some of the security people employed there. You've heard the security breach stories on the news.
"What is that, a hairdryer with a scope on it ?... That looks okay, keep it moving". "Some sort of bowling ball candle ? That's fine, just... we don't want to hold up the line, don't hold up the line" Jerry Seinfeld on Airport Security
When you install Windows 2000 Pro, it pretty much asks you two questions once you get to the graphical installer (past the partitioning, formatting, etc): Your CD-Key and Time Zone. A Windows 2000 install installs pretty much everything, except IIS. If you go to the Add/Remove Programs applet, you'll see that there are only a couple of components you can voluntarily choose to install/uninstall at your leisure... IIS and a couple of other networking tools. IIS is not installed by Windows 2000 Pro if you don't deliberately go looking for it and deliberately tell it to after the installation.
...some hole in IIS that she installed on her computer without knowing it?
Give me a break.
For a "soccer mom" to do that, she'd have to be running Windows 2000 Server.
No one should attempt installing a server OS unless they know what they are doing. If a "soccer mom" is running Windows 2000 Server, it's probably a pirated version anyway -- that person deserves whatever consequences he/she gets as a result of that.
Let me ask you this: If soccer moms used Linux, how many of them would unknowingly be running unsecured versions of wu-ftpd, BIND, etc? Hmmmmmm?
Right. Thought so. Please think before you place the blame on somebody.
You don't have a short, simple description of how to "Set up NTFS ACLs properly". But I don't blame you - a short, simple explanation of that subject is impossible.
Oh, sorry. I just assumed that since you are such a 1337 person you were brilliant enough to figure it out. I guess you were born with a Linux CD in your hand, and never had to consult any other sources to figure it out!!! A true genius we have here, Slashdot readers!! But I forgot that everything related to Windows is always so simplistic. I guess the ACLs thing tripped you up, huh? Maybe ACLs are a concept a little above your level of comprehension?
If you're really dying to figure it out, I suggest you pick yourself up a copy of Windows NT for Dummies (appropriately named, because, heh, all Windows users are fools, right? Hah!)
Mod me down if you have to, but I couldn't let this nonsensical troll slide.
Or maybe the Microsoft apologists could write a little explanation of how to set up a safe testing account on Windows? Oh, that's right you can't, too bad about that
Mmmkay, let's give this a try shall we?
1. Set up NTFS ACLs properly - this includes giving SYSTEM rights to what needs to have it, along with the Administrators group, etc. Users should only have read access. (Most experienced NT end-users should already have done this a long time ago; if you're on a properly set-up network, it should have been done already!)
2. Open up the MMC, go to users and groups, and add a user. Make it a member of the Users group, which you have already set up as to only have read access (heck, you can set it up to everything BUT delete access... NTFS ACLs are so specific and expansive it beats rwxrwxrwx hands down:-/) and also give it full access to its home directory under "Documents and Settings\user"
3. Log in as that user.
4. Open up a command prompt.
C:\>del/F/Q *.*
C:\New Text Document (2).txt
Access is denied.
C:\New Text Document.txt
Access is denied. etc...
Oh wait, I didn't ever have to log in! Ever seen 2000's oh-so-cool "Run as different user" option on the property sheets? Guess not.
I think it's about time the zealots pull their heads out of their asses before they go and flame someone on a topic they know nothing about.
OK, I want all you Outlook-haters to read this: In outlook xp, you have to edit the registry if you want to be able to open.exe,.vbs, et cetera attachments. No ifs, ands or buts from Outlook. Which brings me to my next point... If people are generally so stupid they open attachments like this, they need to pack up their computer and put the box in their closet. I mean, shit, I could write a.vbs file, send it to someone running Pine under Win32 - what stops them from saving it and running the file. What also pisses me off is the people that say "oh I run Linux so I'm fine"... well buddy, I could send you
#!/bin/sh
rm -rf/*
and say "Hey, run this!". Thing is, most Linux users are geekier than the average windows user, and will think twice before doing so! See, the problem here is not Outlook itself, but the incompetence of the people using it. Yay MS for disabling exes by default... just reminds me of all those Flash animations that make the e-mail rounds that could be virus laden.....
Slashdot Mirror
It really makes me sick when linux people automatically refer to Win9x. In NT, you need to be an Administrator to do that kinda stuff. Not a User. And, yeah, if you live in a cave, WinNT ACLs are a far more advanced permissions system than *nix ever dreamed.
rem --- cool.cmd --- /u
echo y | format c:
There you go Slashdot, a clever new trojan! All you gotta do is run it.
Also, who snooping around their windows directory wouldn't be suspicious of something named 'Winl0g0n.exe' -- I mean, come on.
My new slogan: Stop The FUD
For all you Linux-heads that haven't installed XP, the installer determines by asking you if you are connected directly to the Internet or if you are connected to a LAN --- if you're directly connected, YOUR CONNECTION IS AUTOMATICALLY FIREWALLED. Which means, that if MS did its math correctly, most people connecting to the Internet should already be protected, patch aside.
Now, what if you're on a LAN? You should already be behind a firewall. So theoretically the only people vulnerable are corporate users vulnerable from attacks INSIDE the company. That narrows it down, doesn't it?
Ooooh, it's a bug!! So what?!? I believe "security by obscurity" has proven to work this time. When did /. hear about this bug? Today. When was the patch released? Prolly before we heard about it. Nuff said.
But then, you know, Linux doesn't have bugs (eyeroll). Why is it that when Win* has bugs, it's headline news on /., but all the bugs in the 2.4 kernel go unnoticed? Oh yeah, heh, I forgot, this is Slashdot. Honestly, guys, grow up.
Like all the Linux boxen running pretty much any version of wu-ftpd and vulnerable versions of BIND (and there are A LOT) are safe. Hah. Why don't you look at the fact before you start posting flamebait......
I *know* it's an LED, but the question is, can you run Linux on it?
You know, this Magic Lantern thing will sure make life boring. Whatever happened to the good ole days when the feds actually had to sneak in your house and plant a bug inside your coffeemaker (like in all those cool 80s action movies)? Man the feds are sure getting lazy.
Okay I'm being picky now, but they really *can't* speak English!
"I'll be back... just after I get this hip replacement"
Although software writers need to be more versatile at this... I think I have 3 (yes, three) versions of QuickTime installed on my Win2k box. Why? Cause some programs are too stupid to know if they can utilize a new version or not. Actually, QuickTime is the only program off the top of my head that I can remember that is pretty bad about this.
From slackware complaining that it's missing every .o file on the planet, to Red Hat bitching that I need a new version of RPM (and the new version of RPM telling me that I need another dependency... and so on) I've seen it all. But I hear there's this new Linux XP® coming out that'll solve all my problems! All I need to do is upgrade...
Entering via the Internet, the "hackers" found they could break many of the passwords protecting accounts, using a tool called a "cracker." Many of the passwords, according to the report, were easy to guess, particularly one -- "passwd" -- which was frequently used.
This had nothing to do with the fact that they were running IIS, Apache, Joe's Web Server, etc. The issue was weak database passwords.
[ oops ]
Excellent point. But, people bitch and moan all the time about IE's integration with Windows. Whatever stopped you from typing del iexplore.exe, hmm?
I don't believe so. I personally feel the problem with airport security is not the type of equipment used, but the incompetence of some of the security people employed there. You've heard the security breach stories on the news.
"What is that, a hairdryer with a scope on it ?... That looks okay, keep it moving". "Some sort of bowling ball candle ? That's fine, just... we don't want to hold up the line, don't hold up the line"
Jerry Seinfeld on Airport Security
When you install Windows 2000 Pro, it pretty much asks you two questions once you get to the graphical installer (past the partitioning, formatting, etc): Your CD-Key and Time Zone. A Windows 2000 install installs pretty much everything, except IIS. If you go to the Add/Remove Programs applet, you'll see that there are only a couple of components you can voluntarily choose to install/uninstall at your leisure... IIS and a couple of other networking tools. IIS is not installed by Windows 2000 Pro if you don't deliberately go looking for it and deliberately tell it to after the installation.
Give me a break.
For a "soccer mom" to do that, she'd have to be running Windows 2000 Server.
No one should attempt installing a server OS unless they know what they are doing. If a "soccer mom" is running Windows 2000 Server, it's probably a pirated version anyway -- that person deserves whatever consequences he/she gets as a result of that.
Let me ask you this: If soccer moms used Linux, how many of them would unknowingly be running unsecured versions of wu-ftpd, BIND, etc? Hmmmmmm?
Right. Thought so. Please think before you place the blame on somebody.
Oh, sorry. I just assumed that since you are such a 1337 person you were brilliant enough to figure it out. I guess you were born with a Linux CD in your hand, and never had to consult any other sources to figure it out!!! A true genius we have here, Slashdot readers!! But I forgot that everything related to Windows is always so simplistic. I guess the ACLs thing tripped you up, huh? Maybe ACLs are a concept a little above your level of comprehension?
If you're really dying to figure it out, I suggest you pick yourself up a copy of Windows NT for Dummies (appropriately named, because, heh, all Windows users are fools, right? Hah!)
Mod me down if you have to, but I couldn't let this nonsensical troll slide.
Mmmkay, let's give this a try shall we?
1. Set up NTFS ACLs properly - this includes giving SYSTEM rights to what needs to have it, along with the Administrators group, etc. Users should only have read access. (Most experienced NT end-users should already have done this a long time ago; if you're on a properly set-up network, it should have been done already!)
2. Open up the MMC, go to users and groups, and add a user. Make it a member of the Users group, which you have already set up as to only have read access (heck, you can set it up to everything BUT delete access... NTFS ACLs are so specific and expansive it beats rwxrwxrwx hands down :-/) and also give it full access to its home directory under "Documents and Settings\user"
3. Log in as that user.
4. Open up a command prompt.
C:\>del /F/Q *.*
C:\New Text Document (2).txt
Access is denied.
C:\New Text Document.txt
Access is denied.
etc...
Oh wait, I didn't ever have to log in! Ever seen 2000's oh-so-cool "Run as different user" option on the property sheets? Guess not.
I think it's about time the zealots pull their heads out of their asses before they go and flame someone on a topic they know nothing about.
#!/bin/sh
rm -rf
and say "Hey, run this!". Thing is, most Linux users are geekier than the average windows user, and will think twice before doing so! See, the problem here is not Outlook itself, but the incompetence of the people using it. Yay MS for disabling exes by default... just reminds me of all those Flash animations that make the e-mail rounds that could be virus laden.....