it just needs to APPEAR profitable for some people to...
Invest in it?.com? 401(k)? The stock market from 1999-2002? The retirement accounts of millions of Americans? The Congressional proposal to send our social security money into that black hole to save their well-vested butts?
ICQ, Opera, and many shareware products incorperate ad sponsorship into the product in a manner that most users do not find offensive and which does not completely destroy the usefullness of the computer on which it is installed
I think the issue is then security. How confident are you that these innocuous helper tools are not easily compromised? You know,"Hi. I'm Mark. I'm a coder and, while I don't personally approve, my brother is a spammer. So when I write or see an ad supported network app that's exploitable, I tell him about it."
Another thing that you apparently don't know. But hey, why should you stop being wrong now?
Gah. This insistence at hurling insults and incendiary remarks is stale. Is this what Windows promotes? Repeated bully attacks to turn a comparison of product functionality into a single-sided name-calling match? I will concede that you have more insults than I do.
It's enabled by default.
My default installs of Win98SE at home and WinXP at work do not have copy/paste available from the command prompt. A search through Windows help for "command prompt copy paste" does provide a nice walkthrough. This is little more than a gloating point as manual copy and paste is not the preferred route for an IDS by any stretch of the imagination. You've shown that copy/paste is available. Can we get back to the original question of which system provides a better platform for intrusion detection by the end user? Under *NIX, using netstat, it's fairly trivial. On Windows, using netstat, it's still a matter of personally monitoring the output.
Your example illustrates this quite well.
My example illustrates that it can be done. It is not perfect. I'm actually flattered that you didn't pick apart the absence of a check for the null condition. Even in its imperfection it's a long way ahead. You still haven't connected your netstat output with your netsh input.
I can do this in Windows as well Note that grep was something I added to my Windows system. The point is that you can use Windows' version of netstat in the same manner as Linux's. There's no difference. Therefore your claim about netstat is wrong.
No difference? I noticed that you didn't try to see what would happen with netstat <interval>. You provide an example which requires aftermarket installation of grep to produce one-time output of multiple fields which cannot be expanded in functionality. My example gives real-time output of a set of single fields which can be integrated into a constant intrusion detection and response system using simple tools which come with every distro. Your output is at least two steps away from prime time: filtering and integration with...
SP2's firewall can be manipulated from the command line.
I suspected that it could. If it is possible at the Windows comamnd prompt please update your example with an integration with the output of netstat, preferably with constant real time updates. If you manage to produce something workable I will congratulate you that a multi-billion dollar company with the power to tell world governments to eat dirt can finally offer the functionality that hobbyists offer for anyone with a desire to learn. Perhaps you have money to waste. Not I.
Wait. Wasn't your claim that all this could be done with just netstat?
The claim was in the context of intrusion detection. Had I known that you would lose your mind over this I would've taken the time to write an entire IDS shell script before making my first post. Can you write an IDS script for the Windows command prompt? The basis for a CLI script for IDS on either platform will be netstat. That I had forgotten its existence on Windows is indicative of the lack of Windows command prompt usefulness. Your argument is solid only in that you've ignored context and straggled behind on functionality. It must be all that reliance on VisualBASIC programming that's confounding you at the basic CLI interface.
Windows does not provide a tool as neat and tidy as netstat for the purpose of intrusion detection. The netstat at the Windows command prompt is a butter knife. The netstat at the *NIX shell prompt is a swiss army knife of epic proportions.
The original claim was in the context of intrusion detection. Intrusion detection is much more than display of the raw data. Windows does not have a program as neat and tidy as netstat. The Linux netstat is neat and tidy. It integrates well into shell scripting. The Windows netstat is a paperweight because it does not integrate easily with the command prompt tools around it. This can also be viewed as a deficiency in the Windows command prompt.
How do you do this with Linux's version of netstat?
while 1 do; $(netstat -aNe | grep $TROJAN_PORT > rub ) && cut -d: -f 2 rub | cut -d" " -f 6 > inc && for IP in $(cat inc) do; iptables -t filter -A INPUT -s $IP -j DROP && rm rub inc; done
Windows has no mechanism for automating that task without praying that the 3rd party firewall might have the framework.
Assume for the moment that I don't
The first thing you try is what you already know. You try TAB. Now you know.
The point is that you're unqualified to comment about detecting trojans on Windows
Nobody is qualified to detect trojans on Windows. Nobody could possibly be qualified to do it because the proper tools are not readily available on Windows. You keep insisting that Windows doesn't have grep, cut, awk, sed, python, perl. What _DOES_ Windows have to replace the functionality which the shell gives to *NIX netstat? Windows has nothing. For intrusion detection Windows does not have a tool as nice and tidy as netstat.
You can't even cut and paste from a command prompt
Why is that turned off by default except to give trolls minutiae to gloat over?
It's not what is taught that's important. It's what *YOU* know if *YOU'RE* going to engage in a discussion about Windows' weaknesses
You're right. It's not about what I've been taught. The Windows command prompt is a footnote to the prevailing majority of the world. There has been a lack of standard issue Windows programs to conveniently monitor, track, filter, and manipulate network connection information in real time. For intrusion detection Windows does not have a program which is as nice and tidy as netstat.
Where is this functionality in Windows? Netstat provides all the raw data. Now what can you do with it?
Nor is it as nice as the netstat in Windows. Use the right tool for the job
Where is the tool for actively monitoring and categorizing network connections in Windows? Windows' netstat is fine for raw output. How can you manipulate it in real time to make it useful? Is it possible, using the standard tools which ship with the OS, to integrate its output into the Windows firewall for IP blocking or intrusion detection?
Yes it does. It has the same tool: netstat
It is not the same tool. Netstat in Windows is missing a large amount of modular functionality that netstat possesses in a real shell environment. The crux of your position relies on an identical name and similar output. Windows' netstat simply does not have the functionality in terms of command line switches or output manipulation.
What would be your assesment of my qualifications about UNIX if I claimed that UNIX doesn't support command line completion
Command line completion is not a function which has been turned off by default in any distro I've used. How could you not know about it? It is the same TAB in both environments.
Or that I couldn't recursively delete files
That's an interesting point as del doesn't distinguish between files and directories but rm does. I'd tell you simply to use the "-rf" switches. I wouldn't be nearly as condescending and abusive as what I've tolerated from you in the last 15 posts.
So you're unaware of something so therefore it must not exist?
Have you looked in the classrooms of grade schools, high schools, and any college curriculum which isn't science or engineering? Use of the command prompt in Windows is a footnote to the vast majority of the population. Even with system administrators the command prompt is not the primary interface. Microsoft has been creating the Computer Management tools so that administrators no longer have to wrestle with command prompt commands. Active Directory is a GUI based interface. There is no emphasis on using the command prompt in Windows in the real world.
Through the event viewer it is possible to track connections but it is a good stretch to categorize and view those alerts in real time. You could keep checking the log file that it writes to. You could clutter up your GUI with constant pop-up events. It is not a tool as nice and tidy as netstat in a *NIX environment.
This is not the original claim
This is the original claim. In the context of intrusion detection Windows does not have a program as nice and tidy as netstat. Face it. It doesn't. It has a lesser netstat with no expandable functionality.
It's obvious to all so stop pretending that you're qualified to comment on the basics
Obviously.
let alone advanced topics of Windows
The real time monitoring and filtering of active network connections is not an advanced topic. Every system, from the smallest living microbe to the largest electronic network, places enormous importance on the ability to detect and interpret interaction with the surrounding environment.
I have not seen any introductory course for Windows which focuses on the use of the command prompt. I have rarely seen the command prompt used even in advanced courses. The primary emphasis is on "Start-->Run".
Something that you obviously lack
Obviously.
Just thank me for, once again, helping you expand your knowledge of Windows
Thank you. Are you finished spouting off with your superior knowledge of Windows tricks which add up the same dead end in functionality?
Sure it does. It's called "netstat". You've already been told this
Netstat on the command prompt is more useless than netstat was at a DOS prompt which is infinitely more useless than netstat in a proper shell. That's reality.
Now if you want to write, as you did in your modified argument
The original argument was "a program as nice and tidy as netstat" in the context of intrusion detection. Can you do anything useful with the output of Windows' netstat in real time?
when will you relize that it's not DOS? Ensure that both check boxes under "Edit Options" are checked
You have displayed, at every turn, a superior knowledge of Windows minutiae. www.m-w.com defines a pedant as "one who is unimaginative or who unduly emphasizes minutiae in the presentation or use of knowledge".
This thread started out as a consideration of intrusion detection. Windows does not have a program which is as nice and tidy as netstat.
See, the problem is that Windows does include a program which is as neat and tidy as netstat. It's called "netstat".
I'm starting to see why this isn't going anywhere. You, as a troll, have no concept of the construct "neat and tidy" and have been screaming about the name of a binary file since you started. You read what I wrote as "Windows do not have a program which is...netstat". Your mind blanked when it hit the words "neat and tidy" and you didn't even give a moment's thought to what that might mean to a real user. You're right, netstat exists. As you've been so eager to harp about it's usefulness is so insignificant that I didn't even remember that it is still around.
What else did you think "neat and tidy" referred to? If you'll be so banal as to think it meant literal output then you must notice that netstat at a DOS prompt can't even format columns correctly.
This is a different topic than your original claim
Troll on. Read my original claim.
Ironically, Windows, even 2k or Me, do not have a program which is as neat and tidy as netstat
This was a reponse to a post which was considering the ability of the user to know if they've been hacked. netstat, by itself, does very little to tell you if you've been hacked. It is only the manipulation of the output (grep cut) which makes netstat useful. Would you have your sysadmins manually comparing a screen scroll DOS prompt update with a tiny GUI task manager? Perhaps they could manually cross-reference the IP numbers with a whois query at the web site of the major registrars? Maybe they'd like to copy and paste the IP address from the netstat output into an e-mail they're writing in Outlook. Oh wait--you can't CTRL+C text in a DOS box. On this particular WinXP machine, you can't even select it with the mouse. Windows' netstat definitely is not "neat and tidy". It is similar in output. That's another point of derision for MS: they pass fake replicas as the real thing and charge extra for the deceit.
It's certainly better than these futile, desperate attempts of yours to save face
You have an obsession with insulting your debate opponent and this unprofessional behavior is exacerbated by your flagrant dismissal of any useful context. You are a particularly nasty and abusive one, I'll give you that.
Other than an impressive show of mathematical calculation, this really doesn't change much as long as you don't give away the files containing the hashes, does it?
I'd be more interested in an achievement which found a string that causes a mathematical fault when md5 or sha-0 are called on it. In terms of probabilities isn't a fault just as probable as as collision?
Your intial claim was that Microsoft didn't include netstat
Dumbass. Here's my initial claim:
Ironically, Windows, even 2k or Me, do not have a program which is as neat and tidy as netstat
This statement was made in the context of monitoring network security. What use is a badly formatted netstat at a DOS prompt if the output cannot be manipulated and integrated into the surrounding environment?
Completely within the scope of my initial claim. Netstat is neat and tidy not just because of what it does but because of how it can be used within the system.
if you can't handle driving on the highway (whatever the reason) AND you keep crashing your car into other peoples cars (read: zombie spam machine)
Wrong analogy. This is Ford with a faulty tension spring in the carburetor that has a potential to turn into an engine fire by allowing far too much fuel in. Then they issue a recall (a patch) which adjusts the spring, leaving it mostly broken, and losing a few screws here and there when they put it back together.
Historically Microsoft patches haven't fared very well.
but that does not logically imply that all technology/pc industry designs are flawed
Whoa there. This was never a point. The point was always about the insecurity of the software.
it just means the current popular consumer software is
Microsoft has, at every turn, wisely invested marketing dollars to minimize the perceived threat of having a just a faulty little spring that opened the valve a little too far. It probably won't make any difference in everyday usage. Sucks to be you if you're the guy whose engine blows up. Identity theft and harassment are very very real and it's not primarily by 14 year olds. It's done by people with too much time on their hands. Know anyone who doesn't need to work and can just lay around all day?
but its just as stupid and pointless as complaining that I didn't know
That's a point of contension. There have been plenty of exploits available from perfectly legitimate websites. Well, maybe switch legitimate for legal in a pedantic way. A good portion of the derision for MS was their suppression of public knowledge about the prevalence of these exploits.
If we must continue with the car analogy then Ford is required to tell you if there's anything potentially wrong with the product they're selling to you. There are many rules and regulations governing the safety of an end product. Would you buy a car if the seller told you,"I think the brakes are a little weak." Would you buy a television if you knew the wiring was faulty? Would you buy a bicycle if you knew that the frame was partially cracked? MS has never launched any effort to help the public educate itself as you would if you knew you had to change the brakes on the vehicle, have an electrician fix the TV, or learn to weld the frame together. We do not have personal security consultants like neighborhood garages to do the work for you.
So, in that case, MS has not fulfilled its responsibility. EULAs are an unfortunate legal rub that are a sign of the times.
You're not buying the media; you're buying a license to use the software
A license is a fictitious construct of a rental agreement. The only difference is that the enforcement of a license is paid for by public funds and is a felony while the enforcement of a rental agreement requires the owner to fund their own legal pursuit and compile their own case.
Any intelligent renter (*ahem* licenser) is well aware of the implications of reproduction. Wouldn't it be a little more socially responsible to work within the system rather than making felons out of 12 year olds? Well, unless there was some enormous profit motive, that is...
Frequently you end up with a working box faster than trial and error fixing, and as a general rule you end up with a more stable system
Indeed. The more times you reinstall the more you take the time to focus on what's important. After a few forced reinstalls it's pretty obvious what needs to be secured. That's one learning curve. Then there's the necessity of regaining a full working state. That's another learning curve with additional lessons in what really needs to be saved. If one is truly installing from scratch then there's yet another learning curve in how the operating system works.
Just start with the upgrade disk and let it scan the old CD for a few seconds when it asks for verification.
Tried it, didn't work. WinXP told me that my Win98SE was not upgradeable. I installed Win98SE to the first reboot, entered the key, and then used the WinXP upgrade disk. There was no trouble after that.
In today's world of FBI agents crushing 12-year olds who are trading mp3s one must be careful about these things. You have to weigh in your mind, the chance of rubbing off as an a__hole because you're too pious to give out software that your mother-in-law knows you have but isn't technically legal, or the possibility that, if anything ever goes wrong, she'll turn you over to the authorities.
It's impossible to win. Just do what Microsoft does. Accept the fact of being a criminal and budget a yearly amount in legal fees to deal with it. Insurance companies sell legal liability insurance. I wonder who pays to keep their profit margins up 'cuz they're sure not making any money on Enron, WorldCom, Tyco, MS, or many others. The attorneys and accountants are milking insurance companies for all they're worth right now. What trends have cropped up in the insurance industry over the last 5 years?
I don't give pirated anything to businesses though, that's bad.
Some businesses are just starting out and no one asks too many questions. The moment a business is big enough to be audited by any sharp authority (ISO or the FDA for example) then software should be a little more on the up and up. Especially at that level they'll have accountants who can get the money back through one (taxpayer-funded) scheme or another.
This is where you demonstrate your skills. Or you find the make and model on the modem and a nice little paperclip.
GUESS WHAT happened to match what we already had at this site. oh joy
I understand. Maybe the router is so cheap (like my Motorola VoIP) that you can't change the internal LAN address space. That would suck, but that's when you change the setting on the firewall that you're plugging the router into. The connection always goes through the firewall, doesn't it? So you change the WAN side address of the firewall and change a few iptables rules. Okay, even on my lowly LAN of two machines that's about 15 rules to change the IP on. Sed can automate that.
Not only that but netstat is not a DOS program. It is a 32 bit Windows program. Just because it looks like DOS doesn't make it DOS.
Oh, you're right. To me it looked like a *BSD program. Maybe Redmond didn't pillage California as badly as I had thought. I'll quit sympathizing with *BSD now... even though they seem more than willing to become slaves to the proprietary shop in their quest to crush Linux and be the only free OS out there. Don't they realize that, after Redmond domination has destroyed GNU, BSD simply won't be their anymore? There's a sick delusion to playing second-in-line to the gallows. "At least we won't be the first to go!"
See, here's the problem: They're not being phased out. If you knew anything about Windows you'd know that Windows 2003 Server actually increased the command line tools in an effort to make scripting easier.
They're still not implementing it. All of the certification courses are pounding home "Start-->Run". There isn't a single mention of "now, if your network is misbehaving, open a DOS prompt and..."
What did you have in mind? You can do a lot if you know what tools are available
Oh, I dunno. Perhaps I run an FTP and want to do something like:
And then perhaps I'd want to send that out to a perl script, or a python script, or a compiled C program. Oh wait. Windows doesn't come with any of that by default, does it? Maybe I'd want to send that output directly to whois if I changed the port to something that I don't run, like 27374? Maybe you'd like to grep that output and put that in a spreadsheet or database or publish it to an.html file for direct availability via an apache server? How about take that information and compile it for direct feed into an e-mail client like mutt? Or imagine what you could do with EMACS and Lisp? Holy cow! Before long you could have real time implementation of attacks and responses. Script kiddies could be gone within months!
Have fun doing that in VisualBASIC. Have fun trying to learn how to do it with the Windows API for less than a few thousand.
Everything you need to learn how to do it on *NIX is freely supplied by the vendor and just takes a few minutes.
I'm not surprised. You've done an admirable job of avoiding learning even the basics of Windows
Please. You're trolling behind the veil of AC.
Let's have a look at the usefulness here. The Windows environment is natively GUI. DOS based tools are all but phased out. For many years there has been much marketing which tries to divest Windows of DOS. For anyone, especially an AC, to rely on the continued existence of a legacy DOS app to provide competiveness with *NIX is a farce. Face it--you're lucky it's even still there! If MS really thought that netstat was important then why haven't they put a nice GUI wrapper around it? Even NOTEPAD has been present since Win95.
And what of integration? Can I take the netstat output and actually do anything with it? Netstat is nothing without the system around it and DOS is, for the greatest part, a depracated relic with little real world functionality left in its deteriorated shell. Isn't that cute? I can have netstat show up and then manually and visually cross-reference it with the task manager and then, if I'm lucky, I might be able to narrow it down to a single app--or not. Maybe I can only get a vague description of a superserver (svchost.exe) and be left to hope that malware and trojan writers don't get any brighter than the people clinging to Windows.
I've been using Windows 2000 Professional since it was released. Not a single problem. No antivirus. No anti-spyware. Just simple security precautions
I'm not going to argue. The latest bout of MS releases do an admirable job of finally putting forth a reasonably secure operating system with a reasonably useful interface. I should hope so. The systems are $200/pop, or $100 for an upgrade, or nearly free if you're somehow still in need of a complete hardware setup. They have a near world-wide monopoly, more cash holdings than any other software company and probably more than any leading company in any other Wal-Mart, Target, Best Buy, etc. product, can successfully tell world governments to go bounce off the pavement, and have no qualms about incorporating legal losses and fines into their business model. It would be nothing short of a supreme embarassment if they hadn't finally managed to come up with a product which had enough safety-nets and band-aids so as to appear stable and relatively secure. The only thing which keeps them ahead of systems which are completely free is their ability to offer hardware vendors and distributors monetary incentives to get locked into exclusive partnerships. Nothing beats the ability to buy friends.
With similar resources, Linux developers could probably have figured out the secrets of macroscale room temperature fusion, time travel, and probably have a way for Linux to help you lose weight, add muscle, seduce the opposite gender, and maybe even score a promotion at work.
wouldn't a hardware router...protect a win98 system from getting owned since to get to the pc port forwarding must be turned on
For the greatest part, yes. It won't prevent people from getting owned by IE exploits or trojans in the mail which initiate the connection and open the router through port forwarding. There have also been reported exploits in some hardware routers, usually resulting in remote administration, but these are harder to come by.
Are you an actual "regular" user or one with admin rights? (Which tends to be the default.)
Good question. I checked the file svchost.exe and noticed that it could be compromised by Admins and anyone in the System group. However, I can't seem to find the System group in the Groups section of the Computer Management application. I imagine that the "System" group is assigned to any process which has managed to be spawned by PID (4) which is called "System". I don't know much about the framework of the Windows API but I'm not convinced that achieving System association would be too difficult.
You are correct about my user, however. I hope it's not the default but you're probably correct: this user is a member of both the Power User and Administrator groups. Rah-rah for default configurations.
I don't know a single Linux distro which puts the first normal user as a member of root's group. Even if they were,/bin,/sbin,/usr/bin, and/usr/sbin are typically 0755.
Yes, found it, now, looking down the rest of this debate tree, we just need to figure out what these catchall processes "System (4)" and "svchost.exe" are, and why it's possible for a regular user to rename/move svchost.exe. If I were a malware or trojan writer that would now become my primary target.
I can't move or replace ssh/ftpd/smbd or anything else on my *NIX systems.
well.. you can see what svchost.exe is running by getting tcpview or procview tools from www.sysinternals.com
We're really getting back to the original observation: Is Windows purposely broken so as to stimulate the economy by requiring the system user to spend additional money for basic functionality? Theoretically you can write your own applications to monitor everything in precisely the way you want. That could be Windows' final rebuttal,"You're just a Linux fanboy! If you don't like our netstat/process list/<insert app name here> then write your own or spend another $100 for it!"
When the debate has come full circle like this it's obvious to see that all Linux advocates are terrorists because we're trying to sabotage the economy that Microsoft is working so hard to stimulate.
Slashdot Mirror
it just needs to APPEAR profitable for some people to...
.com? 401(k)? The stock market from 1999-2002? The retirement accounts of millions of Americans? The Congressional proposal to send our social security money into that black hole to save their well-vested butts?
Invest in it?
ICQ, Opera, and many shareware products incorperate ad sponsorship into the product in a manner that most users do not find offensive and which does not completely destroy the usefullness of the computer on which it is installed
I think the issue is then security. How confident are you that these innocuous helper tools are not easily compromised? You know,"Hi. I'm Mark. I'm a coder and, while I don't personally approve, my brother is a spammer. So when I write or see an ad supported network app that's exploitable, I tell him about it."
Another thing that you apparently don't know. But hey, why should you stop being wrong now?
Gah. This insistence at hurling insults and incendiary remarks is stale. Is this what Windows promotes? Repeated bully attacks to turn a comparison of product functionality into a single-sided name-calling match? I will concede that you have more insults than I do.
It's enabled by default.
My default installs of Win98SE at home and WinXP at work do not have copy/paste available from the command prompt. A search through Windows help for "command prompt copy paste" does provide a nice walkthrough. This is little more than a gloating point as manual copy and paste is not the preferred route for an IDS by any stretch of the imagination. You've shown that copy/paste is available. Can we get back to the original question of which system provides a better platform for intrusion detection by the end user? Under *NIX, using netstat, it's fairly trivial. On Windows, using netstat, it's still a matter of personally monitoring the output.
Your example illustrates this quite well.
My example illustrates that it can be done. It is not perfect. I'm actually flattered that you didn't pick apart the absence of a check for the null condition. Even in its imperfection it's a long way ahead. You still haven't connected your netstat output with your netsh input.
I can do this in Windows as well
Note that grep was something I added to my Windows system. The point is that you can use Windows' version of netstat in the same manner as Linux's. There's no difference. Therefore your claim about netstat is wrong.
No difference? I noticed that you didn't try to see what would happen with netstat <interval>. You provide an example which requires aftermarket installation of grep to produce one-time output of multiple fields which cannot be expanded in functionality. My example gives real-time output of a set of single fields which can be integrated into a constant intrusion detection and response system using simple tools which come with every distro. Your output is at least two steps away from prime time: filtering and integration with...
SP2's firewall can be manipulated from the command line.
I suspected that it could. If it is possible at the Windows comamnd prompt please update your example with an integration with the output of netstat, preferably with constant real time updates. If you manage to produce something workable I will congratulate you that a multi-billion dollar company with the power to tell world governments to eat dirt can finally offer the functionality that hobbyists offer for anyone with a desire to learn. Perhaps you have money to waste. Not I.
Wait. Wasn't your claim that all this could be done with just netstat?
The claim was in the context of intrusion detection. Had I known that you would lose your mind over this I would've taken the time to write an entire IDS shell script before making my first post. Can you write an IDS script for the Windows command prompt? The basis for a CLI script for IDS on either platform will be netstat. That I had forgotten its existence on Windows is indicative of the lack of Windows command prompt usefulness. Your argument is solid only in that you've ignored context and straggled behind on functionality. It must be all that reliance on VisualBASIC programming that's confounding you at the basic CLI interface.
Windows does not provide a tool as neat and tidy as netstat for the purpose of intrusion detection. The netstat at the Windows command prompt is a butter knife. The netstat at the *NIX shell prompt is a swiss army knife of epic proportions.
This isn't the original claim that you made
The original claim was in the context of intrusion detection. Intrusion detection is much more than display of the raw data. Windows does not have a program as neat and tidy as netstat. The Linux netstat is neat and tidy. It integrates well into shell scripting. The Windows netstat is a paperweight because it does not integrate easily with the command prompt tools around it. This can also be viewed as a deficiency in the Windows command prompt.
How do you do this with Linux's version of netstat?
while 1 do; $(netstat -aNe | grep $TROJAN_PORT > rub ) && cut -d: -f 2 rub | cut -d" " -f 6 > inc && for IP in $(cat inc) do; iptables -t filter -A INPUT -s $IP -j DROP && rm rub inc; done
Windows has no mechanism for automating that task without praying that the 3rd party firewall might have the framework.
Assume for the moment that I don't
The first thing you try is what you already know. You try TAB. Now you know.
The point is that you're unqualified to comment about detecting trojans on Windows
Nobody is qualified to detect trojans on Windows. Nobody could possibly be qualified to do it because the proper tools are not readily available on Windows. You keep insisting that Windows doesn't have grep, cut, awk, sed, python, perl. What _DOES_ Windows have to replace the functionality which the shell gives to *NIX netstat? Windows has nothing. For intrusion detection Windows does not have a tool as nice and tidy as netstat.
You can't even cut and paste from a command prompt
Why is that turned off by default except to give trolls minutiae to gloat over?
It's not what is taught that's important. It's what *YOU* know if *YOU'RE* going to engage in a discussion about Windows' weaknesses
You're right. It's not about what I've been taught. The Windows command prompt is a footnote to the prevailing majority of the world. There has been a lack of standard issue Windows programs to conveniently monitor, track, filter, and manipulate network connection information in real time. For intrusion detection Windows does not have a program which is as nice and tidy as netstat.
Where is this functionality in Windows? Netstat provides all the raw data. Now what can you do with it?
Nor is it as nice as the netstat in Windows. Use the right tool for the job
Where is the tool for actively monitoring and categorizing network connections in Windows? Windows' netstat is fine for raw output. How can you manipulate it in real time to make it useful? Is it possible, using the standard tools which ship with the OS, to integrate its output into the Windows firewall for IP blocking or intrusion detection?
Yes it does. It has the same tool: netstat
It is not the same tool. Netstat in Windows is missing a large amount of modular functionality that netstat possesses in a real shell environment. The crux of your position relies on an identical name and similar output. Windows' netstat simply does not have the functionality in terms of command line switches or output manipulation.
What would be your assesment of my qualifications about UNIX if I claimed that UNIX doesn't support command line completion
Command line completion is not a function which has been turned off by default in any distro I've used. How could you not know about it? It is the same TAB in both environments.
Or that I couldn't recursively delete files
That's an interesting point as del doesn't distinguish between files and directories but rm does. I'd tell you simply to use the "-rf" switches. I wouldn't be nearly as condescending and abusive as what I've tolerated from you in the last 15 posts.
So you're unaware of something so therefore it must not exist?
Have you looked in the classrooms of grade schools, high schools, and any college curriculum which isn't science or engineering? Use of the command prompt in Windows is a footnote to the vast majority of the population. Even with system administrators the command prompt is not the primary interface. Microsoft has been creating the Computer Management tools so that administrators no longer have to wrestle with command prompt commands. Active Directory is a GUI based interface. There is no emphasis on using the command prompt in Windows in the real world.
Through the event viewer it is possible to track connections but it is a good stretch to categorize and view those alerts in real time. You could keep checking the log file that it writes to. You could clutter up your GUI with constant pop-up events. It is not a tool as nice and tidy as netstat in a *NIX environment.
This is not the original claim
This is the original claim. In the context of intrusion detection Windows does not have a program as nice and tidy as netstat. Face it. It doesn't. It has a lesser netstat with no expandable functionality.
It's obvious to all so stop pretending that you're qualified to comment on the basics
Obviously.
let alone advanced topics of Windows
The real time monitoring and filtering of active network connections is not an advanced topic. Every system, from the smallest living microbe to the largest electronic network, places enormous importance on the ability to detect and interpret interaction with the surrounding environment.
I have displayed a knowledge of Windows BASICS
I have not seen any introductory course for Windows which focuses on the use of the command prompt. I have rarely seen the command prompt used even in advanced courses. The primary emphasis is on "Start-->Run".
Something that you obviously lack
Obviously.
Just thank me for, once again, helping you expand your knowledge of Windows
Thank you. Are you finished spouting off with your superior knowledge of Windows tricks which add up the same dead end in functionality?
Sure it does. It's called "netstat". You've already been told this
Netstat on the command prompt is more useless than netstat was at a DOS prompt which is infinitely more useless than netstat in a proper shell. That's reality.
Now if you want to write, as you did in your modified argument
The original argument was "a program as nice and tidy as netstat" in the context of intrusion detection. Can you do anything useful with the output of Windows' netstat in real time?
when will you relize that it's not DOS?
Ensure that both check boxes under "Edit Options" are checked
You have displayed, at every turn, a superior knowledge of Windows minutiae. www.m-w.com defines a pedant as "one who is unimaginative or who unduly emphasizes minutiae in the presentation or use of knowledge".
This thread started out as a consideration of intrusion detection. Windows does not have a program which is as nice and tidy as netstat.
See, the problem is that Windows does include a program which is as neat and tidy as netstat. It's called "netstat".
I'm starting to see why this isn't going anywhere. You, as a troll, have no concept of the construct "neat and tidy" and have been screaming about the name of a binary file since you started. You read what I wrote as "Windows do not have a program which is...netstat". Your mind blanked when it hit the words "neat and tidy" and you didn't even give a moment's thought to what that might mean to a real user. You're right, netstat exists. As you've been so eager to harp about it's usefulness is so insignificant that I didn't even remember that it is still around.
What else did you think "neat and tidy" referred to? If you'll be so banal as to think it meant literal output then you must notice that netstat at a DOS prompt can't even format columns correctly.
This is a different topic than your original claim
Troll on. Read my original claim.
Ironically, Windows, even 2k or Me, do not have a program which is as neat and tidy as netstat
This was a reponse to a post which was considering the ability of the user to know if they've been hacked. netstat, by itself, does very little to tell you if you've been hacked. It is only the manipulation of the output (grep cut) which makes netstat useful. Would you have your sysadmins manually comparing a screen scroll DOS prompt update with a tiny GUI task manager? Perhaps they could manually cross-reference the IP numbers with a whois query at the web site of the major registrars? Maybe they'd like to copy and paste the IP address from the netstat output into an e-mail they're writing in Outlook. Oh wait--you can't CTRL+C text in a DOS box. On this particular WinXP machine, you can't even select it with the mouse. Windows' netstat definitely is not "neat and tidy". It is similar in output. That's another point of derision for MS: they pass fake replicas as the real thing and charge extra for the deceit.
It's certainly better than these futile, desperate attempts of yours to save face
You have an obsession with insulting your debate opponent and this unprofessional behavior is exacerbated by your flagrant dismissal of any useful context. You are a particularly nasty and abusive one, I'll give you that.
Other than an impressive show of mathematical calculation, this really doesn't change much as long as you don't give away the files containing the hashes, does it?
I'd be more interested in an achievement which found a string that causes a mathematical fault when md5 or sha-0 are called on it. In terms of probabilities isn't a fault just as probable as as collision?
Your intial claim was that Microsoft didn't include netstat
Dumbass. Here's my initial claim:
Ironically, Windows, even 2k or Me, do not have a program which is as neat and tidy as netstat
This statement was made in the context of monitoring network security. What use is a badly formatted netstat at a DOS prompt if the output cannot be manipulated and integrated into the surrounding environment?
Which makes this:
08:40 PM max@elemental:~$ $(netstat -aNe | grep ftpd > rub ) && cut -d: -f 2 rub | cut -d" " -f 6
Completely within the scope of my initial claim. Netstat is neat and tidy not just because of what it does but because of how it can be used within the system.
if you can't handle driving on the highway (whatever the reason) AND you keep crashing your car into other peoples cars (read: zombie spam machine)
Wrong analogy. This is Ford with a faulty tension spring in the carburetor that has a potential to turn into an engine fire by allowing far too much fuel in. Then they issue a recall (a patch) which adjusts the spring, leaving it mostly broken, and losing a few screws here and there when they put it back together.
Historically Microsoft patches haven't fared very well.
but that does not logically imply that all technology/pc industry designs are flawed
Whoa there. This was never a point. The point was always about the insecurity of the software.
it just means the current popular consumer software is
Microsoft has, at every turn, wisely invested marketing dollars to minimize the perceived threat of having a just a faulty little spring that opened the valve a little too far. It probably won't make any difference in everyday usage. Sucks to be you if you're the guy whose engine blows up. Identity theft and harassment are very very real and it's not primarily by 14 year olds. It's done by people with too much time on their hands. Know anyone who doesn't need to work and can just lay around all day?
but its just as stupid and pointless as complaining that I didn't know
That's a point of contension. There have been plenty of exploits available from perfectly legitimate websites. Well, maybe switch legitimate for legal in a pedantic way. A good portion of the derision for MS was their suppression of public knowledge about the prevalence of these exploits.
If we must continue with the car analogy then Ford is required to tell you if there's anything potentially wrong with the product they're selling to you. There are many rules and regulations governing the safety of an end product. Would you buy a car if the seller told you,"I think the brakes are a little weak." Would you buy a television if you knew the wiring was faulty? Would you buy a bicycle if you knew that the frame was partially cracked? MS has never launched any effort to help the public educate itself as you would if you knew you had to change the brakes on the vehicle, have an electrician fix the TV, or learn to weld the frame together. We do not have personal security consultants like neighborhood garages to do the work for you.
So, in that case, MS has not fulfilled its responsibility. EULAs are an unfortunate legal rub that are a sign of the times.
You're not buying the media; you're buying a license to use the software
A license is a fictitious construct of a rental agreement. The only difference is that the enforcement of a license is paid for by public funds and is a felony while the enforcement of a rental agreement requires the owner to fund their own legal pursuit and compile their own case.
Any intelligent renter (*ahem* licenser) is well aware of the implications of reproduction. Wouldn't it be a little more socially responsible to work within the system rather than making felons out of 12 year olds? Well, unless there was some enormous profit motive, that is...
Frequently you end up with a working box faster than trial and error fixing, and as a general rule you end up with a more stable system
Indeed. The more times you reinstall the more you take the time to focus on what's important. After a few forced reinstalls it's pretty obvious what needs to be secured. That's one learning curve. Then there's the necessity of regaining a full working state. That's another learning curve with additional lessons in what really needs to be saved. If one is truly installing from scratch then there's yet another learning curve in how the operating system works.
Just start with the upgrade disk and let it scan the old CD for a few seconds when it asks for verification.
Tried it, didn't work. WinXP told me that my Win98SE was not upgradeable. I installed Win98SE to the first reboot, entered the key, and then used the WinXP upgrade disk. There was no trouble after that.
I do however offer the legal route first
In today's world of FBI agents crushing 12-year olds who are trading mp3s one must be careful about these things. You have to weigh in your mind, the chance of rubbing off as an a__hole because you're too pious to give out software that your mother-in-law knows you have but isn't technically legal, or the possibility that, if anything ever goes wrong, she'll turn you over to the authorities.
It's impossible to win. Just do what Microsoft does. Accept the fact of being a criminal and budget a yearly amount in legal fees to deal with it. Insurance companies sell legal liability insurance. I wonder who pays to keep their profit margins up 'cuz they're sure not making any money on Enron, WorldCom, Tyco, MS, or many others. The attorneys and accountants are milking insurance companies for all they're worth right now. What trends have cropped up in the insurance industry over the last 5 years?
I don't give pirated anything to businesses though, that's bad.
Some businesses are just starting out and no one asks too many questions. The moment a business is big enough to be audited by any sharp authority (ISO or the FDA for example) then software should be a little more on the up and up. Especially at that level they'll have accountants who can get the money back through one (taxpayer-funded) scheme or another.
now we're double nating
This is where you demonstrate your skills. Or you find the make and model on the modem and a nice little paperclip.
GUESS WHAT happened to match what we already had at this site. oh joy
I understand. Maybe the router is so cheap (like my Motorola VoIP) that you can't change the internal LAN address space. That would suck, but that's when you change the setting on the firewall that you're plugging the router into. The connection always goes through the firewall, doesn't it? So you change the WAN side address of the firewall and change a few iptables rules. Okay, even on my lowly LAN of two machines that's about 15 rules to change the IP on. Sed can automate that.
Not only that but netstat is not a DOS program. It is a 32 bit Windows program. Just because it looks like DOS doesn't make it DOS.
... even though they seem more than willing to become slaves to the proprietary shop in their quest to crush Linux and be the only free OS out there. Don't they realize that, after Redmond domination has destroyed GNU, BSD simply won't be their anymore? There's a sick delusion to playing second-in-line to the gallows. "At least we won't be the first to go!"
.html file for direct availability via an apache server? How about take that information and compile it for direct feed into an e-mail client like mutt? Or imagine what you could do with EMACS and Lisp? Holy cow! Before long you could have real time implementation of attacks and responses. Script kiddies could be gone within months!
Oh, you're right. To me it looked like a *BSD program. Maybe Redmond didn't pillage California as badly as I had thought. I'll quit sympathizing with *BSD now
See, here's the problem: They're not being phased out. If you knew anything about Windows you'd know that Windows 2003 Server actually increased the command line tools in an effort to make scripting easier.
They're still not implementing it. All of the certification courses are pounding home "Start-->Run". There isn't a single mention of "now, if your network is misbehaving, open a DOS prompt and..."
What did you have in mind? You can do a lot if you know what tools are available
Oh, I dunno. Perhaps I run an FTP and want to do something like:
08:40 PM max@elemental:~$ $(netstat -aNe | grep ftpd > rub ) && cut -d: -f 2 rub | cut -d" " -f 6
And then perhaps I'd want to send that out to a perl script, or a python script, or a compiled C program. Oh wait. Windows doesn't come with any of that by default, does it? Maybe I'd want to send that output directly to whois if I changed the port to something that I don't run, like 27374? Maybe you'd like to grep that output and put that in a spreadsheet or database or publish it to an
Have fun doing that in VisualBASIC. Have fun trying to learn how to do it with the Windows API for less than a few thousand.
Everything you need to learn how to do it on *NIX is freely supplied by the vendor and just takes a few minutes.
I'm not surprised. You've done an admirable job of avoiding learning even the basics of Windows
Please. You're trolling behind the veil of AC.
Let's have a look at the usefulness here. The Windows environment is natively GUI. DOS based tools are all but phased out. For many years there has been much marketing which tries to divest Windows of DOS. For anyone, especially an AC, to rely on the continued existence of a legacy DOS app to provide competiveness with *NIX is a farce. Face it--you're lucky it's even still there! If MS really thought that netstat was important then why haven't they put a nice GUI wrapper around it? Even NOTEPAD has been present since Win95.
And what of integration? Can I take the netstat output and actually do anything with it? Netstat is nothing without the system around it and DOS is, for the greatest part, a depracated relic with little real world functionality left in its deteriorated shell. Isn't that cute? I can have netstat show up and then manually and visually cross-reference it with the task manager and then, if I'm lucky, I might be able to narrow it down to a single app--or not. Maybe I can only get a vague description of a superserver (svchost.exe) and be left to hope that malware and trojan writers don't get any brighter than the people clinging to Windows.
I've been using Windows 2000 Professional since it was released. Not a single problem. No antivirus. No anti-spyware. Just simple security precautions
I'm not going to argue. The latest bout of MS releases do an admirable job of finally putting forth a reasonably secure operating system with a reasonably useful interface. I should hope so. The systems are $200/pop, or $100 for an upgrade, or nearly free if you're somehow still in need of a complete hardware setup. They have a near world-wide monopoly, more cash holdings than any other software company and probably more than any leading company in any other Wal-Mart, Target, Best Buy, etc. product, can successfully tell world governments to go bounce off the pavement, and have no qualms about incorporating legal losses and fines into their business model. It would be nothing short of a supreme embarassment if they hadn't finally managed to come up with a product which had enough safety-nets and band-aids so as to appear stable and relatively secure. The only thing which keeps them ahead of systems which are completely free is their ability to offer hardware vendors and distributors monetary incentives to get locked into exclusive partnerships. Nothing beats the ability to buy friends.
With similar resources, Linux developers could probably have figured out the secrets of macroscale room temperature fusion, time travel, and probably have a way for Linux to help you lose weight, add muscle, seduce the opposite gender, and maybe even score a promotion at work.
Now _THAT'S_ fanboy writing. Bring it on, AC.
So what tune are you going to sing now in your eternal quest
I'm going to say that I get less hassle for free by avoiding MS.
wouldn't a hardware router...protect a win98 system from getting owned since to get to the pc port forwarding must be turned on
For the greatest part, yes. It won't prevent people from getting owned by IE exploits or trojans in the mail which initiate the connection and open the router through port forwarding. There have also been reported exploits in some hardware routers, usually resulting in remote administration, but these are harder to come by.
Are you an actual "regular" user or one with admin rights? (Which tends to be the default.)
/bin, /sbin, /usr/bin, and /usr/sbin are typically 0755.
Good question. I checked the file svchost.exe and noticed that it could be compromised by Admins and anyone in the System group. However, I can't seem to find the System group in the Groups section of the Computer Management application. I imagine that the "System" group is assigned to any process which has managed to be spawned by PID (4) which is called "System". I don't know much about the framework of the Windows API but I'm not convinced that achieving System association would be too difficult.
You are correct about my user, however. I hope it's not the default but you're probably correct: this user is a member of both the Power User and Administrator groups. Rah-rah for default configurations.
I don't know a single Linux distro which puts the first normal user as a member of root's group. Even if they were,
Yes, found it, now, looking down the rest of this debate tree, we just need to figure out what these catchall processes "System (4)" and "svchost.exe" are, and why it's possible for a regular user to rename/move svchost.exe. If I were a malware or trojan writer that would now become my primary target.
I can't move or replace ssh/ftpd/smbd or anything else on my *NIX systems.
well.. you can see what svchost.exe is running by getting tcpview or procview tools from www.sysinternals.com
We're really getting back to the original observation: Is Windows purposely broken so as to stimulate the economy by requiring the system user to spend additional money for basic functionality? Theoretically you can write your own applications to monitor everything in precisely the way you want. That could be Windows' final rebuttal,"You're just a Linux fanboy! If you don't like our netstat/process list/<insert app name here> then write your own or spend another $100 for it!"
When the debate has come full circle like this it's obvious to see that all Linux advocates are terrorists because we're trying to sabotage the economy that Microsoft is working so hard to stimulate.