Re: [Full-disclosure] windows future

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Like them or not, M$ has done quite a bit with its SDL[1], and
though quite late in the game, the memory protection mechanism's in
Vista and Windows 7. As far as anti-virus software goes, it's
mostly useless[2][there was a recent article on signature lead
time, I can't find it for some reason] already.

[1]http://www.pcworld.com/businesscenter/blogs/bizfeed/167111/opinio
n_pigs_fly_microsoft_leads_in_security.html?tk=rss_news
[2]http://pcworld.about.com/od/virusesphishingspam/Botnets-Defeat-
Most-Anti-Virus.htm

On Sat, 29 Aug 2009 20:09:55 -0400 lsi <stuart@xxxxxxxxxxxxxx>
wrote:
I'm saying that the world's malware authors, in their race to stay

ahead of AV, are engaging in an uncoordinated, slow-motion DDOS of

the world's AV systems. They are flooding the blacklists, and
this
flooding is accelerating. If it continues, the world's AV systems

will be useless, as will be the machines they are protecting.

Note, I have NOT gone off and compiled some stats, I've just noted
an
existing trend, and extrapolated it. Here's an article from 2005,

again, the numbers suggest an exponential curve.
http://www.theregister.co.uk/2005/01/05/mcafee_avert_report/

The biological metaphor does suggest that Microsoft would take
some
kind of evasive action, and I think their only option is to
license
unix, just as Apple did (although Apple did it for different
reasons). Doing this will solve many problems, they can keep
their
proprietary interface and their reputation, and possibly even
their
licensing and marketing models, while under the hood, unix saves
the
day. They will need to eat some very humble pie, a few diehards
might jump from Redmond's towers, and the clash of cultures will
toast some excellent marshmellows... but they will save their
business. Do they have a choice? Malware numbers are suggesting
they don't.

Licensing the solution suits Microsoft's business model (much
easier
for them to buy in a fix than build one, they tried that already),

they did in fact do it many times previously, starting with a
certain
product called MS-DOS, and it means they can keep their customer
base, they just sell them an upgrade which is in fact a completely

new system - again, just as Apple did with OSX.

Actually, I think the simplest thing for them to do would be to
buy
Apple, then they can rebadge OSX, instead of reinventing it.

Stu

On 28 Aug 2009 at 10:24, Rohit Patnaik wrote:

Date sent: Fri, 28 Aug 2009 10:24:25 -0500
From: Rohit Patnaik <quanticle@xxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] windows future

I'm not sure I agree with the basic premise of this scenario.
You're
suggesting that getting exposed to malware is some kind of
inevitability, and that eventually there will be enough
different kinds
of malware that filtering them all will be impossible. I don't
think
that's valid. Good browsing habits, running a firewall, and
keeping your
machine updated will prevent almost all malware from even
getting access
to your machine. Then all we have to worry about are the few
bits of
code that are capable of getting through our defenses.

To reiterate the biological analogy, we don't rely on
antibiotics to
stop infection. We rely on good hygiene. In the same way, just
as
increased biological infection rates led to a push for greater
public
hygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see a
push for
greater computer hygiene as malware infection rates rise.
Windows
already includes a firewall to prevent automated worm
infections, and
Microsoft is working to harden network facing applications, as
evidenced
by their recent decision to have IE run with limited privileges.
As
malware becomes more virulent, the "immunity" of Windows will
likewise
grow, putting a damper on any sort of exponential growth curve.

--Rohit Patnaik

lsi wrote:
Thanks for the comments, indeed, the exponential issue arises
due to
use the of blacklisting by current AV technologies, and a
switch to
whitelisting could theoretically mitigate that, however, I'm
not sure
that would work in practice, there are so many little bits of
code
that execute, right down to tiny javascripts that check you've
filled
in an online form correctly, and the user might be bombarded
with
prompts. Falling back on tweaks to user privileges and UAC
prompts
is hardly fixing the problem. The core problem is the
platform is
inherently insecure, due to its development, licensing and
marketing
models, and nothing is going to fix that. Even if fixing it
became
somehow possible, the same effort could be spent improving a
competing system, rather than fixing a broken one.

Just to complete the extrapolation, the below.

Assuming that mutation rates continue to increase
exponentially,
infection rates will reach a maximum when the average computer

reaches 100% utilisation due to malware filtering. Infection
rates
will then decline as vulnerable hosts "die off" due to their
inability to filter. These hosts will either be replaced with
new,
more powerful Windows machines (before these themselves
surcumb to
the exponential curve), OR, they will be re-deployed, running
a
different, non-Windows platform.

Eventually, the majority of computer owners will get the idea
that
they don't need to buy ever-more powerful gear, just to do the
same
job they did yesterday (there may come a time when the fastest

machine available is unable to cope, there is every
possibility that
mutation rates will exceed Moore's Law). The number of
vulnerable
hosts will then fall sharply, as the platform is abandoned en-
masse.

At this time, crackers who have been depending upon a certain
amount
of cracks per week for income, will find themselves short.
They will
then, if they have not already, refocus their activities on
more
profitable revenue streams.

If every computer is running a diverse ecosystem, crackers
will have
no choice but to resort to small-scale, targetted attacks, and
the
days of mass-market malware will be over, just as the days of
the
mass-market platform it depends on, will also be over.

And then, crackers will need to be very good crackers, to
generate
enough income from their small-scale attacks. If they aren't
very
good, they might find it easier and more profitable to get a 9-
to-5
job. The number of malware authors will then fall sharply.

The world will awaken from the 20+ year nightmare that was
Windows,
made possible only by manipulative market practices, driven by
greed,
and discover the only reason it was wracked with malware, was
because
it had all its eggs in one basket.

Certainly, vulnerabilities will persist, and skilled cracking
groups
may well find new niches from which to operate. But
diversifying the
ecosystem raises the barrier to entry, to a level most garden-
variety
crackers will find unprofitable, and that will be all that is
required, to encourage most of them to do something else with
their
lives, and significantly reduce the incidence of cybercrime.

(now I phrase it like that, it might be said, that by buying
Microsoft, you are indirectly channelling money to organised
crime
gangs, who most likely engage in other kinds of criminal
activity, in
addition to cracking, such as identity theft, money
laundering, and
smuggling. That is, when you buy Microsoft, you are propping
up the
monoculture, and that monoculture feeds criminals, by way of
its
inherent flaws. Therefore, if you would like to reduce
criminal
activity, don't buy Microsoft.)

-EOF

On 27 Aug 2009 at 13:45, lsi wrote:

From: "lsi" <stuart@xxxxxxxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxxx
Date sent: Thu, 27 Aug 2009 13:45:01 +0100
Priority: normal


Subject: [Full-disclosure] windows future
Send reply to: stuart@xxxxxxxxxxxxxx
<full-disclosure.lists.grok.org.uk>


<mailto:full-disclosure-
request@xxxxxxxxxxxxxxxxx?subject=unsubscribe>
<mailto:full-disclosure-
request@xxxxxxxxxxxxxxxxx?subject=subscribe>



[Some more extrapolations, this time taken from the fact that
malware
mutation rates are increasing exponentially. - Stu]

(actually, this wasn't written for an FD audience, please
excuse the
bit where it urges you to consider your migration strategy, I
know
you're all ultra-l33t and don't have a single M$ box on your
LAN)

http://www.theregister.co.uk/2009/08/13/malware_arms_race/

If this trend continues, there will come a time when the
amount of
malware is so large, that anti-malware filters will need more
power
than the systems they are protecting are able to provide.

At this time, those systems will become essentially
worthless, and
unusable.

You can choose to leave now, or later. But you cannot choose
to
stay...

(I mean, that the Windows platform seems destined to fill,
completely, with malware, such that your computer will spend
ALL its
time on security matters, and will have no CPU, RAM etc left
for
actual work. At the end of the day, the ability of malware
to infect
Windows machines is due to the fact that Windows is a
monoculture, a
monolith, built by a single company, with many
interconnections and
hidden alleyways. It's hard to imagine a platform LESS
vulnerable -
compare with open-source efforts, which are diverse,
homogenous and
connect via open protocols. Malware finds life hard in the
sterile,
purified world of RFCs, where one of many different programs
may
process your malicious payload, all of which have been peer-
reviewed.
In Windows, malware knows that a specific Microsoft EXE will
process
its data, knows that the code has not been thoroughly
checked, and
can make use of undocumented mechanisms.

So basically Microsoft, by hoarding their source, by tightly
integrating functionality, and by seeking to monopolise the
various
markets created by the platform (browser, media player,
office
software), have doomed Windows, and everything that runs on
it. The
lack of diversity in the Windows ecosystem means that it is
highly
vulnerable to attack by predators. The fact that malware
mutation
rates are accelerating is a clear indicator that the foxes
are
circling. This is the beginning of a death spiral; the
malware
numbers we've seen in the past 20 years were the low end of
an
exponential curve, and we're now getting to the steep part.

The problem is that any given computer is only capable of so
much
processing. It has an upper limit to the amount of malware
it can
filter, those limits being related to CPU speed, RAM,
diskspace,
network bandwidth. This upper limit looks like a horizontal
line, on
the chart that shows the exponential curve mentioned above.

So my point, is that eventually, the exponential curve is
going to
cross that horizontal line, for any given computer, and when
that
happens, that computer will no longer be able to filter
malware. It
will only be able to filter a subset, and thus be vulnerable
to the
rest. Consequently it will not be usable, for instance, on
the web,
and will essentially become a doorstop...

The only escape from this inevitability is to ditch the
platform that
is permitting the malware - that is, the only escape is to
ditch
Windows. It is being eaten alive, by predators that only have
a
foothold because there are weaknesses in the platform.

Given that it can take years to migrate to a new operating
system, I
do recommend, if you have not already done so, that you
commence
planning to ditch Windows. I might be wrong about the
exponential
curve, but if I'm not, then there may not be a lot of time in
between
when malware levels seem managable, and the time when they
are not.
If your business depends on Windows machines and they all
become
unusable, you will have no business. What you definitely
must NOT
do, is assume that Windows is going to be around for a long
time. It
is a dead man walking.

- Of course, there might be a few years yet. You can spend
those
years running up your IT bill, with lots of new computers
that are
required to filter all that malware while still performing at
a
useful speed. Or, you can ditch Windows, and keep your
existing
hardware - it runs perfectly well, when it's not weighed down

defending the indefensible.

[If Microsoft dooming Windows isn't ironic enough, consider
that
every time malware authors pump out another set of mutations,
they
are nailing one more nail in the coffin of the platform that
they
depend on to make their living! Ahh, there is justice in the
world
after all.]

[And the end game? Well, M$ could open-source Windows, but
frankly,
why would anyone bother trying to fix it? As the old saying
goes,
don't flog a dead horse...]

---
Stuart Udall
stuart at@xxxxxxxxxxxxxx net - http://www.cyberdelix.net/

---
* Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/




---
Stuart Udall
stuart at@xxxxxxxxxxxxxx net - http://www.cyberdelix.net/

---
* Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



---
Stuart Udall
stuart at@xxxxxxxxxxxxxx net - http://www.cyberdelix.net/

---
* Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAkqaNgcACgkQi04xwClgpZizFAP9EtndE4QUApbFpOoasdJW0Ymc1BF3
uMLNlwe5Fud8hDNAaArsdHgN8wj3hXtWeJkg3O/cuG9IImaYrRb9R9rE5R+sYs/wQNjI
yueqWcidj4v0UY1F/GmhKj9U5JiPZw2yHrCo1Y+ePddNhxefZgHlop3NUOpfUWmL1fgO
q3vE3OE=
=GPMR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages