> The only safe way to safely run this server is to place it behind a SPI firewall. Packet filters will have a hard time detecting and blocking this kind of attack, you will need a full blown SPI to defend and block against these attacks.
Hmmmmmmm... source address == destination address == address of the protected server. Filtering that on the ip level does not seem so difficult, it is not a condition that occurs in any normal situation on an outside interface, could you explain why that is not possible and a full SPI firewall would be needed?
That pipe you describe does sound alot like Windows, thats for sure, but honestly, you don't seem to have a clue what this specific bug is and how utterly simple it is to check for and prevent. That Windows is a terrible nightmare to maintain is really no excuse for this.
They already have phone repeaters in those trains, they already have voice and data communications for running those trains, all goes through the rails and overhead power lines. I would be very surprised if they could not use the same for this internet access idea.
Hehe, that is another way to say it.. maybe even more accurate indeed.
Ah well, I was working for IBM in the early 90s, and had to deal with the rubbish published by Gartner quite a bit. Seeing this statement comming from them 15 years later is just plain hilarious:)
> Avivah Litan, an analyst at Gartner Inc., in Stamford, Conn., said the move to Windows-based systems is "not great news for the security of the system. I'm sure there's a lot of holes that will be created because of this.
Heh.. so after some 15 years someone at Gartner finaly figured OS/2 was good for something?
By default, the 'weight' of the bayesian test is not very high (1.6 or thereabout). After having used SA for a while and having fed enough mails to its learning feature, it may be wise to increase the weight of the bayesian filter (see spamd.conf)
> SpamAssassin has to be generalized for everyone else. Also, SpamAssassin didn't do an IP Address lookup on all links the emails, which is what I wanted and has continued to be the most effective blocking tool I have.
Spamassassin is rather tunable and extendable. Generalized? yes, as in providing a generalized framework for this. It is the actual tests that determine the score, it is you who determines how tose scores work out and what is considered spam.
THere are obviously some checks that you may want to do that SA wont have, but imho it is way more effective to add a plugin to spamassassin then writing one that sits in front of it.
Do not ever buy from companies that are not very explicitly clear about what they will use your email addy for. Often they have this checkbox saying 'inform me of future products' or similar that you have to uuncheck, do so if provided, if not, and f they are not absolutely clear that they will not mail commercial junk, do not do business with them.
Gmail seems to have relatively decent spam protection indeed, but it is not as good by far as my private sendmail/procmail/sa/clamav setup. First of all, gmail has too many false positives and second its spam learning doesn't seem to work very well and last but not least, it lets an amazing amount of phishing mails through.
It may have helped for sa that I have an account with thousands of spam messages, and no normal mail whatsoever, so initial 'teaching' of the Bayesian filter it has was soemwhat easy:)
I mostly use openwebmail as client, which has nice integration with sa and a nice set of learn spam/ham buttons.
It doesn't catch all spam, but no false positives so far, and about 1 in every 500-800 spam messages gets through.
The biggest advantage I see for the setup that I have is that you can tune it ourself, but if you don't know how, then that is not such a relevant argument. ALso, many people depend on their ISP for this, and in that case gmail may well do a better job at it.
> That's EXACTLY what you want. The people that WANT the BBC will pay for it.
It is not what you want. Not having to take income into consideration for choice of programming is a very important thing for public television, and you remove that with a subscripton system.
> How many serial killers killed again after their execution?
Ok, this number is zero.....
> How many jailed individuals escaped or were released and killed again?
This number is greater than zero....
> So how is execution NOT a deterrent?
Did it prevent someone from becomming a serial killer? nope. If it did it would be a deterrent.
What it does is prevent a serial killer ftom continuing beign a serial killer.
Someone who is and stays in jail won't be able to repeat being a serial kilelr either.
People escape from jail at times. The wrong peopel get executed at times, both result in innocent death (tho one could reasobaly argue that more people get killed by escaped inmates then executed while being innocent, but get some numbers on that first maybe)
> Are you honestly comparing the QA done for the first two releases of windows to what QA would be in the world today.
I am saying that it isn't proper QA to todays standards indeed, answering the claim that it had sortof proper QA from the start.
> Windows 1 and 2 QA was on par with the QA of that time period.
Having worked for a company that at the time was involved in the development of Windows (upto and including version 3), I can honestly say it was not on par with QA at that time period. It was an experiment, no more and no less. MS had to have a GUI thing seeing the succes of Apple. Only after 2.1 did they start to consider what their users might want from it, and the difference that made is history.
> Consistent with what? With all the other mainstream GUI's out there. Give me a break. How can a 1.0 release of software be consistent. Perhaps a 2.0 release can but with the advances that were happening in computing at such a rapid pace during that time, why be consistent when doing so would mean you are left behind?
Consistent with itself for a start. The 'make action X perform the same thing everywhere' kinda idea.
They ripped off the Workplace shell for WIndows95 btw, so no 1.0 release here. From that point it took them to XP to make it at least moistly consistent with itself.
I'm ignoring the 1.x, 2.x and 3.x era there, bt I should have said that at least they tried to think up something there themselves, and managed somewhat with 3.0 and esp. 3.1 after 2 initial attempts that looked and worked like shit. It had to be thrown away mostly (but not completely) for 95.
So, to conclude, the first incarnation did not have QA, also not to the standards of that time, and definitely not something you could call somewhat proper QA nowadays.
THe 3rd incarnation had for the time proper QA, and we'd probably recognize it as proper QA still nowadays. The result of which was somewhat dramatic btw.
The 4th incarnation (WIndows 95, ignoring NT 3 and 4 here for a bit) used an UOI that was a ripoff of an IBM project that MS used to have a share in, a ripoff that didn't manage to be at least consistent with itself for quite some time.
I'm ignoring NT 3.x and 4.x here because this was about the UI, and both basicly retain the WIndows 3.x UI.
Also, one can argue that the Windows 9x UI is vastly superior to the one of 3.x and I agree when looking at how it looks and what functionality it offers. That said, the Windows 95 interface has serious quality issues, which is somewhat surprising because there was a very good example out there that MS had access to, and that did get proper QA from the start.
They copied the look and feel, but not the underlying ideas and design (one of the reasons why shortcuts work as bad as they do once you move or delete the target) and as said, didn't do proper QA there.
Re:Capability Maturity Model
on
QA != Testing
·
· Score: 1
> but my dad has a good web site that deals with quality issues (IE only, unfortunately).
> The Debian community QA system is not really QA but rather product polish. No large changes are made prior to release. How often does the Debian community completely revamp a release because something could be done more intuitively, or easier, or perhaps possibly because it would just plain provide a better user experience.
You DON'T.
Its that simple, it is better to have a product that is maybe not ideal for every case now then nothing now but a perfect product in 2 years, especially when having the imperfect product now doesn't preclude fixing what you found to be wrong and enhancing what you found can be enhanced.
Release often, release early. That may be against the specific idea of QA and releases that you have in your mind, but it seems to work really well from a real world point of view (unlike from a theoretical textbook point of view maybe)
> Debian has an operating philosophy and that is fine, they are free to do whatever they want but don't pretend that polishing a product is QA......
> As for the Jab at windows, I will say that while there are a lot of service paks for windows to fix horrible design flaws in the security subsystems, the QA for windows was done semi-properly the first time.
Have you ever seen Windows 1.0 That my friend was the first time they could have done QA, and I am very sure they did no QA there whatsoever. Lets try again, WIndows 2.0? uh....
Actually, the first real attempt at QA was for Windows 3.0, that is the 3rd major release of that product. How do you mean they got QA the first time around? (not even talkign about proper QA, just an attempt at it)
> QA is not a bug hunt, it is a complete picture of how the user and in this case, OS, will interact. I think they did a great job with the UI personally but failed in the security part of QA.
They ripped off the Workplace shell, didn't manage enough QA to manage an anywhere consistent user experience for another 2 or so releases, and are still not close to the quality and user experience of what they started out ripping off. You call that a great job? please..
> Yes, basically the whole law is unworkable. If the EU kills off its quite healthy software development industry and hands it over to US companies (why else is Microsoft lobbying so hard?) then what has it gained? Thousands of out of work people that were previously high-paid, hence good tax earners.
I agree that the proposed law is unworkable, but it doesn't look that way to politicians, rather, they see something like Microsoft and wonder how it can be that such a succesfull company exists in the USA and not in Europe, and then that same company also tells them they really want software patents in Europe also..
> rhnsd is a background daemon process that periodically polls the Red Hat Network to see if there are any queued actions available."
So tell me, do you know how it conencts to the Red Hat Network? DNS hijackign is not uncommon nowadays.. (oh, and hasn't been for the last decade now that I think of it)
> It goes on to state that by default it only polls once every 4 hours. So this is in no way a security threat,
It is unless it has been made such that it will only connect to the correct servers and verifies that properly.
Any software that does things in the background without user intervention is a potential security risk, more so when it communicates with the outside world, and even more so when it listens to conenctions from the outside world, but even without those 2 it is still a potential security risk.
> but yet is of great benefit to keeping you secure and up to date with patches. All it does is see if there are updates, if there are it lets you know. Please correct me if I'm mistaken
It is very usefull indeed, but sucha service is in itself a security risk.
I don't think so (living in the Netherlands myself, so that is continental Europe)
> At least here in the UK, and in some places elsewhere in Europe, there was a time when the Amiga was the most popular home computer.
No, it was for a little while the best selling machine meant as home computer, but even in 1991 when Commodore went bankrupt, the C64 was overall more popular still, and PCs had taken the 'new' market together with Apple.
> If you decided to stick a virus on some cracked game, and you decided to choose the games platform with a large market share, the Amiga would be the obvious choice.
For gaming it had a decent marketshare for sure, bigger then that of the PC in the late 80s.
What it had specifically is a substantial group of users that just popped in a disk and played a game without a clue about what went on underneath, quite similar to people using Windows machines right now.
I think that the whole problem is more related to how a machine can be used then how popular the machine is. Sure, it needs to be popular enough so that there are some around for spreading a virus, but beyond that it is more about how easy a virus can spread then how popular the platform is.
The same applies to hacking machines. THe total amount of efford is what matters, and there are 2 major factors in that:
1. how easy is it to find a target 2. how easy is it to hack the found target.
The first is easier for Windows then other platforms, but only marginally. Automated scanning makes it extremely easy to locate Linux/MacOS/*BSD/whatever boxes out there.
This means that the major factor is 2. and 1. is only of minor importance. The Amiga argument was just there to point this out (since 1. was easy there as well, people would share with other Amiga users, so finding the next target was not something a virus writer had to worry about at all)
> That's the sweetnes of the notorious USE flags in Gentoo. If you want Alsa support on your programs, add it to the USE flags; if it's not there, packages compiled that don't require Alsa functionality (i.e, have it as an option), won't have it - it might be, just like you describe it, with a proper switch at compile time. It's simple, sleek design, and it works wonderfuly. The guys who designed Portage deserve a lot of recognition, it's one of it's many treats.
The people who created portage built on top of a much longer existing system. They perfected it to what portage is, but did very little actual design. If you want portage in a more generic and original form, try NetBSD's pkgsrc for example (and yes, it works on many Linux distros, and no, it is not the first such a system either, but much closer to the roots).
They (and Gentoo users in general) should be giving a bit more credit to those whom originated such ideas instead of proclaiming the many treats of Gentoo without any mentioning of where they came from.
Also, while I wouldn't use Gentoo on a server, I'd use any of the systems that the portage idea comes from for a server, Free/Net/OpenBSD have an extemely good reputation there.
For a desktop.. if you can justify one way or another tinkering with software then Gentoo is cool, if you need a tool to get work done then it is usually not so cool unless the job is extremely specialized and can't be done with 'out of the box' tools.
> HELLO, Windows has something like 95+% marketshare. You don't think that factors just a teeny-weeny, tiny bit?
Lets see now..
Was Amiga OS ever popular to the point of having more then a 5% market share?
WHen it was popular, did it have internet conenctivity?
I think few will disagree that the answer to both questions is no.
Despite this, there are thousands of viruses for Amiga OS, which also managed to propagate, and running a virus scanner was a really good idea when using Amiga OS.
THis is not exactly the same as internet based attacks on WIndows/Linux/MacOS machines of course, but it strongly suggests that the 'market share' argument is at the very least not entirely true.
nmap is a good one to try, nessus may be better even (tho it is a bit more complex to setup properly) since it can do some more thorough probing of enabled services and also make you aware of basic misconfigurations in those.
Slashdot Mirror
> The only safe way to safely run this server is to place it behind a SPI firewall. Packet filters will have a hard time detecting and blocking this kind of attack, you will need a full blown SPI to defend and block against these attacks.
Hmmmmmmm... source address == destination address == address of the protected server. Filtering that on the ip level does not seem so difficult, it is not a condition that occurs in any normal situation on an outside interface, could you explain why that is not possible and a full SPI firewall would be needed?
Hmmm.. maybe tell Bush about that.. or better don't.. he might start a war on the bad internets..
That pipe you describe does sound alot like Windows, thats for sure, but honestly, you don't seem to have a clue what this specific bug is and how utterly simple it is to check for and prevent. That Windows is a terrible nightmare to maintain is really no excuse for this.
> how bout defense weapons? or super strong magnetic fields (that somehow only repel incoming objects)?
Sounds good to me.. know any that have been invented and work already?
They already have phone repeaters in those trains, they already have voice and data communications for running those trains, all goes through the rails and overhead power lines. I would be very surprised if they could not use the same for this internet access idea.
Hehe, that is another way to say it.. maybe even more accurate indeed.
:)
Ah well, I was working for IBM in the early 90s, and had to deal with the rubbish published by Gartner quite a bit. Seeing this statement comming from them 15 years later is just plain hilarious
> Avivah Litan, an analyst at Gartner Inc., in Stamford, Conn., said the move to Windows-based systems is "not great news for the security of the system. I'm sure there's a lot of holes that will be created because of this.
Heh.. so after some 15 years someone at Gartner finaly figured OS/2 was good for something?
By default, the 'weight' of the bayesian test is not very high (1.6 or thereabout). After having used SA for a while and having fed enough mails to its learning feature, it may be wise to increase the weight of the bayesian filter (see spamd.conf)
> SpamAssassin has to be generalized for everyone else. Also, SpamAssassin didn't do an IP Address lookup on all links the emails, which is what I wanted and has continued to be the most effective blocking tool I have.
Spamassassin is rather tunable and extendable. Generalized? yes, as in providing a generalized framework for this. It is the actual tests that determine the score, it is you who determines how tose scores work out and what is considered spam.
THere are obviously some checks that you may want to do that SA wont have, but imho it is way more effective to add a plugin to spamassassin then writing one that sits in front of it.
The solution for this seems rather simple...
Do not ever buy from companies that are not very explicitly clear about what they will use your email addy for. Often they have this checkbox saying 'inform me of future products' or similar that you have to uuncheck, do so if provided, if not, and f they are not absolutely clear that they will not mail commercial junk, do not do business with them.
Gmail seems to have relatively decent spam protection indeed, but it is not as good by far as my private sendmail/procmail/sa/clamav setup. First of all, gmail has too many false positives and second its spam learning doesn't seem to work very well and last but not least, it lets an amazing amount of phishing mails through.
:)
It may have helped for sa that I have an account with thousands of spam messages, and no normal mail whatsoever, so initial 'teaching' of the Bayesian filter it has was soemwhat easy
I mostly use openwebmail as client, which has nice integration with sa and a nice set of learn spam/ham buttons.
It doesn't catch all spam, but no false positives so far, and about 1 in every 500-800 spam messages gets through.
The biggest advantage I see for the setup that I have is that you can tune it ourself, but if you don't know how, then that is not such a relevant argument. ALso, many people depend on their ISP for this, and in that case gmail may well do a better job at it.
> That's EXACTLY what you want. The people that WANT the BBC will pay for it.
It is not what you want. Not having to take income into consideration for choice of programming is a very important thing for public television, and you remove that with a subscripton system.
> How many serial killers killed again after their execution?
....
....
Ok, this number is zero.
> How many jailed individuals escaped or were released and killed again?
This number is greater than zero
> So how is execution NOT a deterrent?
Did it prevent someone from becomming a serial killer? nope. If it did it would be a deterrent.
What it does is prevent a serial killer ftom continuing beign a serial killer.
Someone who is and stays in jail won't be able to repeat being a serial kilelr either.
People escape from jail at times. The wrong peopel get executed at times, both result in innocent death (tho one could reasobaly argue that more people get killed by escaped inmates then executed while being innocent, but get some numbers on that first maybe)
> Are you honestly comparing the QA done for the first two releases of windows to what QA would be in the world today.
I am saying that it isn't proper QA to todays standards indeed, answering the claim that it had sortof proper QA from the start.
> Windows 1 and 2 QA was on par with the QA of that time period.
Having worked for a company that at the time was involved in the development of Windows (upto and including version 3), I can honestly say it was not on par with QA at that time period. It was an experiment, no more and no less. MS had to have a GUI thing seeing the succes of Apple. Only after 2.1 did they start to consider what their users might want from it, and the difference that made is history.
> Consistent with what? With all the other mainstream GUI's out there. Give me a break. How can a 1.0 release of software be consistent. Perhaps a 2.0 release can but with the advances that were happening in computing at such a rapid pace during that time, why be consistent when doing so would mean you are left behind?
Consistent with itself for a start. The 'make action X perform the same thing everywhere' kinda idea.
They ripped off the Workplace shell for WIndows95 btw, so no 1.0 release here. From that point it took them to XP to make it at least moistly consistent with itself.
I'm ignoring the 1.x, 2.x and 3.x era there, bt I should have said that at least they tried to think up something there themselves, and managed somewhat with 3.0 and esp. 3.1 after 2 initial attempts that looked and worked like shit. It had to be thrown away mostly (but not completely) for 95.
So, to conclude, the first incarnation did not have QA, also not to the standards of that time, and definitely not something you could call somewhat proper QA nowadays.
THe 3rd incarnation had for the time proper QA, and we'd probably recognize it as proper QA still nowadays. The result of which was somewhat dramatic btw.
The 4th incarnation (WIndows 95, ignoring NT 3 and 4 here for a bit) used an UOI that was a ripoff of an IBM project that MS used to have a share in, a ripoff that didn't manage to be at least consistent with itself for quite some time.
I'm ignoring NT 3.x and 4.x here because this was about the UI, and both basicly retain the WIndows 3.x UI.
Also, one can argue that the Windows 9x UI is vastly superior to the one of 3.x and I agree when looking at how it looks and what functionality it offers. That said, the Windows 95 interface has serious quality issues, which is somewhat surprising because there was a very good example out there that MS had access to, and that did get proper QA from the start.
They copied the look and feel, but not the underlying ideas and design (one of the reasons why shortcuts work as bad as they do once you move or delete the target) and as said, didn't do proper QA there.
> but my dad has a good web site that deals with quality issues (IE only, unfortunately).
website, IE only, quality? hmmmmmmmmmmmmmmmmmm....
Ah well, I guess the requirements were not specified correctly there..
> The Debian community QA system is not really QA but rather product polish. No large changes are made prior to release. How often does the Debian community completely revamp a release because something could be done more intuitively, or easier, or perhaps possibly because it would just plain provide a better user experience.
.....
You DON'T.
Its that simple, it is better to have a product that is maybe not ideal for every case now then nothing now but a perfect product in 2 years, especially when having the imperfect product now doesn't preclude fixing what you found to be wrong and enhancing what you found can be enhanced.
Release often, release early. That may be against the specific idea of QA and releases that you have in your mind, but it seems to work really well from a real world point of view (unlike from a theoretical textbook point of view maybe)
> Debian has an operating philosophy and that is fine, they are free to do whatever they want but don't pretend that polishing a product is QA.
> As for the Jab at windows, I will say that while there are a lot of service paks for windows to fix horrible design flaws in the security subsystems, the QA for windows was done semi-properly the first time.
Have you ever seen Windows 1.0 That my friend was the first time they could have done QA, and I am very sure they did no QA there whatsoever. Lets try again, WIndows 2.0? uh....
Actually, the first real attempt at QA was for Windows 3.0, that is the 3rd major release of that product. How do you mean they got QA the first time around? (not even talkign about proper QA, just an attempt at it)
> QA is not a bug hunt, it is a complete picture of how the user and in this case, OS, will interact. I think they did a great job with the UI personally but failed in the security part of QA.
They ripped off the Workplace shell, didn't manage enough QA to manage an anywhere consistent user experience for another 2 or so releases, and are still not close to the quality and user experience of what they started out ripping off. You call that a great job? please..
> Yes, basically the whole law is unworkable. If the EU kills off its quite healthy software development industry and hands it over to US companies (why else is Microsoft lobbying so hard?) then what has it gained? Thousands of out of work people that were previously high-paid, hence good tax earners.
I agree that the proposed law is unworkable, but it doesn't look that way to politicians, rather, they see something like Microsoft and wonder how it can be that such a succesfull company exists in the USA and not in Europe, and then that same company also tells them they really want software patents in Europe also..
WHile I agree with a lot of what you say, there is something software based firewalls do that a hardware based firewall can't do.
A software based firewall running on your computer can indentify which program is actually trying to perform an action.
It may be ok. for your mail program to try connecting to port 25 elsewhere, but when another program tries that it is usually nto ok. at all.
That is a kind of situation that a software firewall can easily deal with while a hardware firewall can't.
> rhnsd is a background daemon process that periodically polls the Red Hat Network to see if there are any queued actions available."
So tell me, do you know how it conencts to the Red Hat Network? DNS hijackign is not uncommon nowadays.. (oh, and hasn't been for the last decade now that I think of it)
> It goes on to state that by default it only polls once every 4 hours. So this is in no way a security threat,
It is unless it has been made such that it will only connect to the correct servers and verifies that properly.
Any software that does things in the background without user intervention is a potential security risk, more so when it communicates with the outside world, and even more so when it listens to conenctions from the outside world, but even without those 2 it is still a potential security risk.
> but yet is of great benefit to keeping you secure and up to date with patches. All it does is see if there are updates, if there are it lets you know. Please correct me if I'm mistaken
It is very usefull indeed, but sucha service is in itself a security risk.
> You're confusing your markets.
I don't think so (living in the Netherlands myself, so that is continental Europe)
> At least here in the UK, and in some places elsewhere in Europe, there was a time when the Amiga was the most popular home computer.
No, it was for a little while the best selling machine meant as home computer, but even in 1991 when Commodore went bankrupt, the C64 was overall more popular still, and PCs had taken the 'new' market together with Apple.
> If you decided to stick a virus on some cracked game, and you decided to choose the games platform with a large market share, the Amiga would be the obvious choice.
For gaming it had a decent marketshare for sure, bigger then that of the PC in the late 80s.
What it had specifically is a substantial group of users that just popped in a disk and played a game without a clue about what went on underneath, quite similar to people using Windows machines right now.
I think that the whole problem is more related to how a machine can be used then how popular the machine is. Sure, it needs to be popular enough so that there are some around for spreading a virus, but beyond that it is more about how easy a virus can spread then how popular the platform is.
The same applies to hacking machines. THe total amount of efford is what matters, and there are 2 major factors in that:
1. how easy is it to find a target
2. how easy is it to hack the found target.
The first is easier for Windows then other platforms, but only marginally. Automated scanning makes it extremely easy to locate Linux/MacOS/*BSD/whatever boxes out there.
This means that the major factor is 2. and 1. is only of minor importance. The Amiga argument was just there to point this out (since 1. was easy there as well, people would share with other Amiga users, so finding the next target was not something a virus writer had to worry about at all)
> That's the sweetnes of the notorious USE flags in Gentoo. If you want Alsa support on your programs, add it to the USE flags; if it's not there, packages compiled that don't require Alsa functionality (i.e, have it as an option), won't have it - it might be, just like you describe it, with a proper switch at compile time. It's simple, sleek design, and it works wonderfuly. The guys who designed Portage deserve a lot of recognition, it's one of it's many treats.
The people who created portage built on top of a much longer existing system. They perfected it to what portage is, but did very little actual design. If you want portage in a more generic and original form, try NetBSD's pkgsrc for example (and yes, it works on many Linux distros, and no, it is not the first such a system either, but much closer to the roots).
They (and Gentoo users in general) should be giving a bit more credit to those whom originated such ideas instead of proclaiming the many treats of Gentoo without any mentioning of where they came from.
Also, while I wouldn't use Gentoo on a server, I'd use any of the systems that the portage idea comes from for a server, Free/Net/OpenBSD have an extemely good reputation there.
For a desktop.. if you can justify one way or another tinkering with software then Gentoo is cool, if you need a tool to get work done then it is usually not so cool unless the job is extremely specialized and can't be done with 'out of the box' tools.
> Most Linux systems get updated very regularly, so there might be 1000 packages that need to be updated, and the software download is maybe 800 MB.
800 MB is about half of the monthly transfer limit of many a home user overhere...
> HELLO, Windows has something like 95+% marketshare. You don't think that factors just a teeny-weeny, tiny bit?
Lets see now..
Was Amiga OS ever popular to the point of having more then a 5% market share?
WHen it was popular, did it have internet conenctivity?
I think few will disagree that the answer to both questions is no.
Despite this, there are thousands of viruses for Amiga OS, which also managed to propagate, and running a virus scanner was a really good idea when using Amiga OS.
THis is not exactly the same as internet based attacks on WIndows/Linux/MacOS machines of course, but it strongly suggests that the 'market share' argument is at the very least not entirely true.
> On a big pile of money with many beautiful ladies
I am sure the ladies help with spending more time in bed, but I am not so sure about the sleeping part.
nmap is a good one to try, nessus may be better even (tho it is a bit more complex to setup properly) since it can do some more thorough probing of enabled services and also make you aware of basic misconfigurations in those.