For clueless/. readers who don't click on the links, and who were wondering what the link between Godwin and Nazis / Hitler is; from the Wikipedia link on Godwin's Law in the article:
Godwin's Law (also known as Godwin's Rule of Nazi Analogies[1]) is an adage that Mike Godwin formulated in 1990. The law states:
"As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one."
Godwin's Law does not question whether any particular reference or comparison to Hitler or the Nazis might be appropriate, but only asserts that one arising is increasingly probable. It is precisely because such a comparison or reference may sometimes be appropriate, Godwin has argued, that overuse of Nazi and Hitler comparisons should be avoided, because it robs the valid comparisons of their impact. David Weigel argued that Godwin's law is often used to ridicule even valid comparisons.
Soldier: General, Italian forces have entered Egypt.
General: As I expected. This is a foolish move by Mussolini, but like Hitler he will no doubt force his commanders to --
Soldier: Hey. Godwin's law.
General: Dammit. You know, this may become a problem.
I use rsnapshot to do version control of my entire system. From the description:
rsnapshot is a filesystem snapshot utility for making backups of local and remote systems.
Using rsync and hard links, it is possible to keep multiple, full backups instantly available. The disk space required is just a little more than the space of one full backup, plus incrementals.
Personally, I configure rsnapshot to generate snapshots every 4 hours, and then daily, weekly, and monthly.
In your case, since you only want versioning for your configuration files, you can point rsnapshot at just the configuration directories (probably just/etc).
"Libre software" was first used publicly in 2000, by the European Commission... The word "libre", borrowed from the Spanish and French languages, does not have the freedom/cost ambiguity problem that "free" does.
"FLOSS" was used in 2001 as a project acronym by Rishab Aiyer Ghosh as an acronym for Free/Libre/Open-Source Software. Later that year, the European Commission (EC) used the phrase when they funded a study on the topic.
Note that Rishab Aiyer Ghosh is the same author of this academic paper.
I have no qualms about extracted good, useful conclusions from well-researched academic papers so others don't have to download a 1.8MB file. (Thanks for pointing out the usefulness of the conclusion, though).
From page 283 (emphasis mine):
Conclusion
Our analysis has been performed on six organizations in different European countries.
The majority of them are public bodies. The organizations have followed different types of
migration on the base of their context.
We have investigated the costs of migration, and the cost of ownership of the old and
the new solution differentiating them between the costs of purchasing and the costs of
ownership of the software solutions. Special attention has been put on the intangible nature of
the costs. Costs have been classified in categories defined trough existing studies and selected
by a top down approach called Goal Question Metric. This instrument has been also used to
define the questionnaires used to collect the data.
Our findings show that, in almost all the cases, a transition toward open source reports
of savings on the long term - costs of ownership of the software products.
Costs to migrate to an open solution are relevant and an organization needs to
consider an extra effort for this. However these costs are temporary and manly are budgeted
in less than one year. The major factor of cost of the new solution - even in the case that the
open solution is mixed with closed software - is costs for peer or ad hoc training. These are
the best example of intangible costs that often are not foreseen in a transition. On the other
hand not providing a specific training may cause and adverse attitude toward the new
technology. Fortunately those costs are limited in time and are not strictly linked to the nature
of the new software adopted.
We also investigated the productivity of the employees in using Microsoft office and
OpenOffice.org. Office suites are widely used and are a good test bed and representative for a
comparison on issues like effort and time spent in the daily routine of work. Delays in the
task deliveries may have a bigger impact than costs on the organization's management. Our
findings report no particular delays or lost of time in the daily work due to the use of
OpenOffice.org.
FLOSS applications are first, second or third-rung products in terms of market share in
several markets
FLOSS market penetration is also high
Almost two-thirds of FLOSS software is still written by individuals
Europe is the leading region in terms of globally collaborating FLOSS software developers
(more details on specific role in Europe in paper)
Direct economic impact
The existing base of quality FLOSS applications with reasonable quality control and distribution would cost firms almost Euro 12 billion to reproduce internally... code base has been doubling every 18-24 months
This existing base of FLOSS software represents a lower bound of about 131 000 real person-years of effort that has been devoted exclusively by programmers... it represents a significant gap in national accounts of productivity
Firms have invested an estimated Euro 1.2 billion in developing FLOSS software that is
made freely available... represent in total at least 565 000 jobs and Euro 263 billion in annual revenue
FLOSS-related services could reach a 32% share of all IT services by 2010, and the FLOSS-related share of the economy could reach 4% of European GDP by 2010
(more statistics in the paper)
Indirect economic impact
Strong network effects in ICT... risk leading to innovation resources being excessively allocated to defensive innovation. There is a case for a rebalancing of innovation incentives... (to target) publicly available technology for new functionality.
FLOSS potentially saves industry over 36% in software R&D investment
...a large and increasing share of user-generated content is not accounted for and needs to be addressed by policy makers
Increased FLOSS use may provide a way for Europe to compensate for a low GDP share of ICT investment relative to the US
Trends, scenarios and policy strategies
Doubling the rate of FLOSS take-up in Europe would result in a software share of investment at 1.5% of GDP, reducing but not closing this investment gap with the US
Europe's strengths regarding FLOSS are its strong community of active developers, small firms and secondary software industry; weaknesses include Europe's generally low level of ICT investment and low rate of FLOSS adoption by large industry compared to the US
FLOSS provides opportunities in Europe for new businesses, a greater role in the wider information society and a business model that suits European SMEs
Europe faces three scenarios: CLOSED, where existing business models are entrenched... GENERIC, where current mixed policies lead to a gradual growth of FLOSS... VOLUNTARY, where policies and the market develop to recognise and utilise the potential of FLOSS
(goes on to suggest policy initiatives to support FLOSS)
Both the article summary, original paper (page 9) and Wikipedia article you linked to clearly state that FLOSS = "Free/Libre/Open-Source Software (FLOSS)".
I use rsnapshot. It's written in Perl, and uses rsync, so it should work on Mac OS X as well as it does on my Linux box. It's pretty configurable, and rotates backups hourly, daily, weekly, monthly, etc. It uses filesystem hardlinks to do incremental backups.
Since everybody says the site is/.ed, I won't try to connect, but I'll just give my 0.02 here.
My wife and I started letting our son play some games designed for babies when he was about 2 years old. At the time, he was just learning to use the mouse. One of the games was perfect in not requiring him to click on the (rather large) graphical sprites in order to interact with the game. As long as the mouse hovered for a sufficiently long time over an object, the game treated that as equivalent to a click.
The environmental activist group, Greenpeace, released a report on Monday titled Toxic Chemicals In Your Laptop that attempts to list the percentages of toxic chemicals found in several different laptop computer models, including Apple's MacBook Pro. Greenpeace tested the computers for compliance with The European Union's RoHS directive - a set of voluntary guidelines that restrict the use of six hazardous materials in electronic devices.
The study tested Apple's MacBook Pro, the Acer Aspire 5672WLMi, Dell's Latitude D810, the HP Pavillon dv-4357EA, and Sony's Vaio VGN-FJ 180. The tests concluded that the MacBook Pro was fully compliant with the RoHS guidelines, but the HP laptop was not. In fact, the MacBook Pro was fully compliant with the RoHS guidelines months before they were enacted.
The tests also checked for two substances not included in the RoHS guidelines: PVC and TBBPA (a flame retardant). 262 parts per million of TBBPA were found in an internal fan assembly in Apple's laptop, the highest percentage of the laptops in the study. PVC was also found in the plastic coating on a fan wire.
Considering how the MacBook Pro ranked in the Greenpeace study - with a decidedly negative spin - it's no surprise that the group listed Apple as one of the least environmentally friendly companies in its report titled Guide To Greener Electronics. In that report, which was weighted more heavily on the use of toxic substances in production instead of recycling, the group ranked Apple near the bottom of its list.
Iza Kruszewska, Greenpeace International toxics campaigner, made a point to single out Apple by stating "It is disappointing to see Apple ranking so low in the overall guide. They are meant to be world leaders in design and marketing, they should also be world leaders in environmental innovation."
The two reports seem to be at odds since the Guide To Greener Electronics report slams Apple for its hazardous materials use, but the Toxic Chemicals In Your Laptop report offers a different story. The HP Pavillion, which Greenpeace ranked higher in the September report, contains lead - a material Apple does not use in the MacBook Pro. Dell also came in with the highest overall concentration of bromine in its laptop.
Apple explains its environmental stance, along with information about its voluntary take-back and recycling programs, on its Web site.
The submitter didn't summarise anything, he cut out a chunk which didn't make much sense on its own. It didn't help that the article was fairly long-winded. This is what I understand the author is trying to say:
Administrators use SSH to run scripts (from server A) to patch other servers (B, etc). These scripts are automated and make use of credentials stored in server A to gain access to the other servers (B, etc.).
If a hacker gains access to server A, he can then use the credentials to access the other servers.
As others have commented, this is kind of a "duh" moment. What's the next article?
For those subscribers using Slashdot's new discussion system, this link will work better.
From the posting, though, I don't understand why you think your (Javascript-based) stats would be inaccurate, though, since only about 1.34% of users disabled or did not support Javascript.
That said -- I personally use Analog, and although it does give some fairly useful statistics such as search engine terms, most popular directories, referers, etc., I don't find it gives me a very high level of insight into surfing habits. A log analysis tool such as that may be a good starting point for you, though, if you don't currently do analysis of that sort.
...and I know you're looking for easy-to-click distributions, but on the off-chance you (or somebody else reading this article) is looking for information on simply running SpamAssassin on Windows:
While most web hosts are still in the PHP 4 era, the PHP developers are already planning and working on PHP 6. Lets have a look at whats been keeping them busy.
Unicode support
When youre creating a website, you hardly have to think about the character encoding. You only have to decide how you tell the user agent what encoding youre using, but with a little help of Apaches.htaccess file, you only have to make that decision once. However, if youre building an application, the character encoding might become a problem. Thats where PHPs new Unicode support comes in handy. With its support, PHP can automatically encode and decode the in and output of the script making sure both the database and the user agent receive the encoding they need without the need of any extra functions for the encoding conversion.
The big cleanup
PHP is already being used for a long time, creating a big user base, but also a lot of bad habits. Bad habits often result in slow scripts or even security holes. But these bad habits are not always the cause of the developer. Of course, he (lets just assume were dealing with a stereotype developer here for simplicity's sake) is the one whos using it in his application, but sometimes the developer is not even aware hes using it.
Im, of course, talking about the register_globals, magic_quotes and safe_mode functions. These three functions are hell for every PHP programmer so Im sure everyone will be happy to hear that these functions will disappear in PHP 6.
In other related cleanup news, register_long_arrays and the long versions of the super globals like $HTTP_COOKIE_VARS are also gone in PHP 6. Same goes for zend.ze1_compatibility_mode which dealt with the backwards compatibility of PHP 5 classes.
Alternative PHP Cache
Caching is a very good way to improve the performance of an application. Thats why there was a large demand for a good opcode cache in the default distribution of PHP. And when theres a demand, theres probably also a person or a group to meet that demand. The result is APC: Alternative PHP Cache. Of course, APC was already available a long time ago (01-07-2003), but the PHP developers have decided to include this extension in the core as the default caching framework.
OO Functionality
The improved OO model was probably the biggest improvement to PHP in version 5.0. PHP 6 tries to improve this even further by adding namespaces. If youre familiar with XMLs namespaces or maybe C++, you will probably have an idea of how namespaces work. If not: Namespaces can group variables, functions or objects under a certain name. This allows the developer to use the same name for a variable, function or object multiple times. In case youd like to learn more about the possibilities of namespaces, I find this C++ tutorial about namespaces quite useful.
Changes to the extensions
PHP is basically a collection of extensions which are all put together to form what we have now. However, these extensions change and so does the collection. Take, for instance, the XML Writer extension. A great extension to write XML files. Its brother, XML Reader, was already added and enabled in the core distribution in PHP 5.1, and now XML Writer will follow its example in PHP 6, forming a great duo to easily work with XML files.
Another change in the core distribution is the removal of the ereg regular expressions library which is going to be made an extension. ereg is currently used
Traditional malicious software is limited because it
has no clear advantage over intrusion detection systems
running within a target system's OS. In this paper, we
demonstrated how attackers can gain a clear advantage
over intrusion detection systems running in a target
OS. We explored the design and implementation of
VMBRs, which use VMMs to provide attackers with
qualitatively more control over compromised systems.
We showed how attackers can leverage this advantage
to implement malicious services that are completely
hidden from the target system and to enable easy development
of general-purpose malicious services. We
evaluated this new malware threat by implementing
two proof-of-concept VMBRs. We used our proof-ofconcept
VMBRs to subvert Windows XP and Linux
target systems and implemented four example malicious
services.
In addition to evaluating the VMBR threat, we also
explored techniques for detecting a VMBR. The best
way to detect a VMBR is to control a layer beneath the
VMBR, such as through bootable CD-ROMs, secure
VMMs, or secure hardware. It might also be possible
to detect a VMBR from software running above the
VMM, but the high level of control VMBRs have over
software running above turns this style of detection into
an arms race where the VMBR has the fundamental
advantage.
However, VMBRs have a number of disadvantages
compared to traditional forms of malware. When compared
to traditional forms of malware, VMBRs tend to
have more state, be more difficult to install, require a
reboot before they can run, and have more of an impact
on the overall system. Although VMBRs do offer
greater control over the compromised system, the cost
of this higher level of control may not be justified for
all malicious applications.
Despite these shortcomings, we believe that VMBRs
are a viable and likely threat. Virtual-machine monitors
are available from both the open-source community
and commercial vendors. We built VMBRs based
on two available virtual-machine monitors, including
one for which source code was unavailable. On today's
x86 systems, VMBRs are capable of running a
target OS with few visual differences or performance
effects that would alert the user to the presence of a
VMBR. In fact, one of the authors accidentally used
a machine which had been infected by our proof-ofconcept
VMBR without realizing that he was using a
compromised system!
Attackers and defenders of computer systems both
strive to gain complete control over the system. To
maximize their control, both attackers and defenders
have migrated to low-level, operating system code. In
this paper, we assume the perspective of the attacker,
who is trying to run malicious software and avoid detection.
By assuming this perspective, we hope to help
defenders understand and defend against the threat
posed by a new class of rootkits.
We evaluate a new type of malicious software that
gains qualitatively more control over a system. This
new type of malware, which we call a virtual-machine
based rootkit (VMBR), installs a virtual-machine monitor
underneath an existing operating system and hoists
the original operating system into a virtual machine.
Virtual-machine based rootkits are hard to detect and
remove because their state cannot be accessed by software
running in the target system. Further, VMBRs
support general-purpose malicious services by allowing
such services to run in a separate operating system
that is protected from the target system. We evaluate
this new threat by implementing two proof-of-concept
VMBRs. We use our proof-of-concept VMBRs to subvert
Windows XP and Linux target systems, and we
implement four example malicious services using the
VMBR platform. Last, we use what we learn from
our proof-of-concept VMBRs to explore ways to defend
against this new threat. We discuss possible ways to
detect and prevent VMBRs, and we implement a defense
strategy suitable for protecting systems against
this threat.
Slashdot Mirror
http://www.netgear.com/Products/Storage/ReadyNAS3200/RN12P0610.aspx It's a 2U, 12 SATA-disk server. You could load it with 1TB drives for 12TB. The software's pretty good (based on Linux) and constantly being updated.
There's always Truecrypt.
For clueless /. readers who don't click on the links, and who were wondering what the link between Godwin and Nazis / Hitler is; from the Wikipedia link on Godwin's Law in the article:
XKCD Comic:
Soldier: General, Italian forces have entered Egypt.
General: As I expected. This is a foolish move by Mussolini, but like Hitler he will no doubt force his commanders to --
Soldier: Hey. Godwin's law.
General: Dammit. You know, this may become a problem.
I use rsnapshot to do version control of my entire system. From the description:
rsnapshot is a filesystem snapshot utility for making backups of local and remote systems.
Using rsync and hard links, it is possible to keep multiple, full backups instantly available. The disk space required is just a little more than the space of one full backup, plus incrementals.
Personally, I configure rsnapshot to generate snapshots every 4 hours, and then daily, weekly, and monthly.
In your case, since you only want versioning for your configuration files, you can point rsnapshot at just the configuration directories (probably just /etc).
"Libre software" was first used publicly in 2000, by the European Commission... The word "libre", borrowed from the Spanish and French languages, does not have the freedom/cost ambiguity problem that "free" does.
"FLOSS" was used in 2001 as a project acronym by Rishab Aiyer Ghosh as an acronym for Free/Libre/Open-Source Software. Later that year, the European Commission (EC) used the phrase when they funded a study on the topic.
Note that Rishab Aiyer Ghosh is the same author of this academic paper.
I have no qualms about extracted good, useful conclusions from well-researched academic papers so others don't have to download a 1.8MB file. (Thanks for pointing out the usefulness of the conclusion, though).
From page 283 (emphasis mine):
Conclusion
Our analysis has been performed on six organizations in different European countries. The majority of them are public bodies. The organizations have followed different types of migration on the base of their context.
We have investigated the costs of migration, and the cost of ownership of the old and the new solution differentiating them between the costs of purchasing and the costs of ownership of the software solutions. Special attention has been put on the intangible nature of the costs. Costs have been classified in categories defined trough existing studies and selected by a top down approach called Goal Question Metric. This instrument has been also used to define the questionnaires used to collect the data.
Our findings show that, in almost all the cases, a transition toward open source reports of savings on the long term - costs of ownership of the software products.
Costs to migrate to an open solution are relevant and an organization needs to consider an extra effort for this. However these costs are temporary and manly are budgeted in less than one year. The major factor of cost of the new solution - even in the case that the open solution is mixed with closed software - is costs for peer or ad hoc training. These are the best example of intangible costs that often are not foreseen in a transition. On the other hand not providing a specific training may cause and adverse attitude toward the new technology. Fortunately those costs are limited in time and are not strictly linked to the nature of the new software adopted.
We also investigated the productivity of the employees in using Microsoft office and OpenOffice.org. Office suites are widely used and are a good test bed and representative for a comparison on issues like effort and time spent in the daily routine of work. Delays in the task deliveries may have a bigger impact than costs on the organization's management. Our findings report no particular delays or lost of time in the daily work due to the use of OpenOffice.org.
(of pages 9-12 of the PDF article)
FLOSS role in the economy- FLOSS applications are first, second or third-rung products in terms of market share in
several markets
- FLOSS market penetration is also high
- Almost two-thirds of FLOSS software is still written by individuals
- Europe is the leading region in terms of globally collaborating FLOSS software developers
- (more details on specific role in Europe in paper)
Direct economic impact- The existing base of quality FLOSS applications with reasonable quality control and distribution would cost firms almost Euro 12 billion to reproduce internally... code base has been doubling every 18-24 months
- This existing base of FLOSS software represents a lower bound of about 131 000 real person-years of effort that has been devoted exclusively by programmers... it represents a significant gap in national accounts of productivity
- Firms have invested an estimated Euro 1.2 billion in developing FLOSS software that is
- made freely available... represent in total at least 565 000 jobs and Euro 263 billion in annual revenue
- FLOSS-related services could reach a 32% share of all IT services by 2010, and the FLOSS-related share of the economy could reach 4% of European GDP by 2010
- (more statistics in the paper)
Indirect economic impact- Strong network effects in ICT... risk leading to innovation resources being excessively allocated to defensive innovation. There is a case for a rebalancing of innovation incentives... (to target) publicly available technology for new functionality.
- FLOSS potentially saves industry over 36% in software R&D investment
- ...a large and increasing share of user-generated content is not accounted for and needs to be addressed by policy makers
- Increased FLOSS use may provide a way for Europe to compensate for a low GDP share of ICT investment relative to the US
Trends, scenarios and policy strategiesRubbish.
Both the article summary, original paper (page 9) and Wikipedia article you linked to clearly state that FLOSS = "Free/Libre/Open-Source Software (FLOSS)".
Or were you too busy trying to get First Post?
I use rsnapshot. It's written in Perl, and uses rsync, so it should work on Mac OS X as well as it does on my Linux box. It's pretty configurable, and rotates backups hourly, daily, weekly, monthly, etc. It uses filesystem hardlinks to do incremental backups.
It looks like the going rate is anywhere from $3000-$5000...
Since everybody says the site is /.ed, I won't try to connect, but I'll just give my 0.02 here.
My wife and I started letting our son play some games designed for babies when he was about 2 years old. At the time, he was just learning to use the mouse. One of the games was perfect in not requiring him to click on the (rather large) graphical sprites in order to interact with the game. As long as the mouse hovered for a sufficiently long time over an object, the game treated that as equivalent to a click.
Found an original Greenpeace article that probably triggered this; Apple scored very lowly in their "green electronics" ranking...
Since the article site is so clearly slashdotted, here's a related article from MacObserver.com entitled Greenpeace Hazardous Material Report Slams Apple.
I looked at 3D rendering quite a while back (about 15 years ago). Believe me -- you probably don't really want to built this up from scratch.
It sounds like you just need some sample code that doesn't rely on OpenGL or DirectX. To that end, the following (open-source) projects may be useful:
The submitter didn't summarise anything, he cut out a chunk which didn't make much sense on its own. It didn't help that the article was fairly long-winded. This is what I understand the author is trying to say:
As others have commented, this is kind of a "duh" moment. What's the next article?For those subscribers using Slashdot's new discussion system, this link will work better.
From the posting, though, I don't understand why you think your (Javascript-based) stats would be inaccurate, though, since only about 1.34% of users disabled or did not support Javascript.
That said -- I personally use Analog, and although it does give some fairly useful statistics such as search engine terms, most popular directories, referers, etc., I don't find it gives me a very high level of insight into surfing habits. A log analysis tool such as that may be a good starting point for you, though, if you don't currently do analysis of that sort.
Since we're on the topic of commercial distributions of SpamAssassin:
http://wiki.apache.org/spamassassin/CommercialWind ows
...and I know you're looking for easy-to-click distributions, but on the off-chance you (or somebody else reading this article) is looking for information on simply running SpamAssassin on Windows:
http://wiki.apache.org/spamassassin/UsingOnWindows
Since jero.net already seems to be /.ed...
Taking a look at PHP 6
While most web hosts are still in the PHP 4 era, the PHP developers are already planning and working on PHP 6. Lets have a look at whats been keeping them busy.
Unicode support
When youre creating a website, you hardly have to think about the character encoding. You only have to decide how you tell the user agent what encoding youre using, but with a little help of Apaches .htaccess file, you only have to make that decision once. However, if youre building an application, the character encoding might become a problem. Thats where PHPs new Unicode support comes in handy. With its support, PHP can automatically encode and decode the in and output of the script making sure both the database and the user agent receive the encoding they need without the need of any extra functions for the encoding conversion.
The big cleanup
PHP is already being used for a long time, creating a big user base, but also a lot of bad habits. Bad habits often result in slow scripts or even security holes. But these bad habits are not always the cause of the developer. Of course, he (lets just assume were dealing with a stereotype developer here for simplicity's sake) is the one whos using it in his application, but sometimes the developer is not even aware hes using it.
Im, of course, talking about the register_globals , magic_quotes and safe_mode functions. These three functions are hell for every PHP programmer so Im sure everyone will be happy to hear that these functions will disappear in PHP 6.
In other related cleanup news, register_long_arrays and the long versions of the super globals like $HTTP_COOKIE_VARS are also gone in PHP 6. Same goes for zend.ze1_compatibility_mode which dealt with the backwards compatibility of PHP 5 classes.
Alternative PHP Cache
Caching is a very good way to improve the performance of an application. Thats why there was a large demand for a good opcode cache in the default distribution of PHP. And when theres a demand, theres probably also a person or a group to meet that demand. The result is APC: Alternative PHP Cache. Of course, APC was already available a long time ago (01-07-2003), but the PHP developers have decided to include this extension in the core as the default caching framework.
OO Functionality
The improved OO model was probably the biggest improvement to PHP in version 5.0. PHP 6 tries to improve this even further by adding namespaces. If youre familiar with XMLs namespaces or maybe C++, you will probably have an idea of how namespaces work. If not: Namespaces can group variables, functions or objects under a certain name. This allows the developer to use the same name for a variable, function or object multiple times. In case youd like to learn more about the possibilities of namespaces, I find this C++ tutorial about namespaces quite useful.
Changes to the extensions
PHP is basically a collection of extensions which are all put together to form what we have now. However, these extensions change and so does the collection. Take, for instance, the XML Writer extension. A great extension to write XML files. Its brother, XML Reader, was already added and enabled in the core distribution in PHP 5.1, and now XML Writer will follow its example in PHP 6, forming a great duo to easily work with XML files.
Another change in the core distribution is the removal of the ereg regular expressions library which is going to be made an extension. ereg is currently used
Traditional malicious software is limited because it has no clear advantage over intrusion detection systems running within a target system's OS. In this paper, we demonstrated how attackers can gain a clear advantage over intrusion detection systems running in a target OS. We explored the design and implementation of VMBRs, which use VMMs to provide attackers with qualitatively more control over compromised systems. We showed how attackers can leverage this advantage to implement malicious services that are completely hidden from the target system and to enable easy development of general-purpose malicious services. We evaluated this new malware threat by implementing two proof-of-concept VMBRs. We used our proof-ofconcept VMBRs to subvert Windows XP and Linux target systems and implemented four example malicious services.
In addition to evaluating the VMBR threat, we also explored techniques for detecting a VMBR. The best way to detect a VMBR is to control a layer beneath the VMBR, such as through bootable CD-ROMs, secure VMMs, or secure hardware. It might also be possible to detect a VMBR from software running above the VMM, but the high level of control VMBRs have over software running above turns this style of detection into an arms race where the VMBR has the fundamental advantage.
However, VMBRs have a number of disadvantages compared to traditional forms of malware. When compared to traditional forms of malware, VMBRs tend to have more state, be more difficult to install, require a reboot before they can run, and have more of an impact on the overall system. Although VMBRs do offer greater control over the compromised system, the cost of this higher level of control may not be justified for all malicious applications.
Despite these shortcomings, we believe that VMBRs are a viable and likely threat. Virtual-machine monitors are available from both the open-source community and commercial vendors. We built VMBRs based on two available virtual-machine monitors, including one for which source code was unavailable. On today's x86 systems, VMBRs are capable of running a target OS with few visual differences or performance effects that would alert the user to the presence of a VMBR. In fact, one of the authors accidentally used a machine which had been infected by our proof-ofconcept VMBR without realizing that he was using a compromised system!
Original Paper
Abstract
Attackers and defenders of computer systems both strive to gain complete control over the system. To maximize their control, both attackers and defenders have migrated to low-level, operating system code. In this paper, we assume the perspective of the attacker, who is trying to run malicious software and avoid detection. By assuming this perspective, we hope to help defenders understand and defend against the threat posed by a new class of rootkits.
We evaluate a new type of malicious software that gains qualitatively more control over a system. This new type of malware, which we call a virtual-machine based rootkit (VMBR), installs a virtual-machine monitor underneath an existing operating system and hoists the original operating system into a virtual machine. Virtual-machine based rootkits are hard to detect and remove because their state cannot be accessed by software running in the target system. Further, VMBRs support general-purpose malicious services by allowing such services to run in a separate operating system that is protected from the target system. We evaluate this new threat by implementing two proof-of-concept VMBRs. We use our proof-of-concept VMBRs to subvert Windows XP and Linux target systems, and we implement four example malicious services using the VMBR platform. Last, we use what we learn from our proof-of-concept VMBRs to explore ways to defend against this new threat. We discuss possible ways to detect and prevent VMBRs, and we implement a defense strategy suitable for protecting systems against this threat.
... found using Google, at: http://www.cs.cornell.edu/people/ranveer/multinet/ software.htm
And the author's page, which follows quite naturally:
http://www.cs.cornell.edu/people/ranveer/ ...which, if you look at it, will explain the origins of this "Microsoft" project :) His papers on "MultiNet" date back to June 2003.
1 dime = US $0.10 = US 10 cents