Re: M$ attack on Common Sense

From: User (User_at_hotmail.com)
Date: 09/13/03


Date: Sat, 13 Sep 2003 00:36:02 GMT


"aaron matthew croyle" <croyle@kappa.cis.ohio-state.edu> wrote in message
news:Pine.GSO.4.40.0309120909420.27527-100000@kappa.cis.ohio-state.edu...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> OK, I don't usually respond to drivel like this, but I'm board today.
>
> > "Dave" <macquigg@ece.arizona.edu> wrote in message
> > news:a3b19517.0309110654.5db832f9@posting.google.com...
>
> So, which OS would you like to be running. I didn't look at the
> definitions, but I'd be willing to bet that most of the 266 Unix/Linux
> (Note that not all Unix virii can effect Linux and vice versa, so there
> are actually less then 266 that could possible effect Linux) exploited
older
> versions and would not effect more recent installations.
>
> More to the point the reason for having F-Prot is to scan for windows
> virii, if you don't run Windows, you don't need to be doing that, now do
> you?
>
> A google search for `virus OpenScan' Produced 0 results, and one for
> `"Open Scan" virus' Produced nothing relevant, so I'm going to wager you
> were mistaken about that one. OpenScan seems to be scanner drivers.

Opps - so long since I bothered withthis stuff.

Try

http://www.openantivirus.org/

There do appear to be modules for mail scans and proxy scans (squid anyways)
to protect others on the network as you say below. But there are also parts
for file system scans. Overall it looks pretty good. Obviously you think
your linux boxes are too secure to bother with it. The writers of the
software do not appear to have the same faith.

> I know.... you said etc, so there must be others! To make a long story
> short they mostly scan for windows virii, so that your linux mail server
> can prevent your retarded windows users for even having a chance to infect
> themselves.

AHhh. Here we go again blaming those who actually use the machines. We
have been through this before. Users will have the same technical skill no
matter whether their machine is a windows or linux one (unless linux comes
with a free mind programmer of course). Please do not compare users.
Compare machines AND take into consideration what they are for. Users are
necessary for the machine to be made and for sysadmins to keep their job.

Before you have heart surgery try asking the surgeon if (s)he is a "retarded
windows user".

> As for use as a desktop I'm sitting at my linux desktop right now (at
> work) and I have one at home as well. I know you'll look at my Headers and
> see that this came from Solaris, but don't get upset. You see in the Unix
> world you can connect to other machines (ssh) and run programs there. Such
> as pine, which I use to check E-mail and read news groups.

Flame bait here...

Duh! <Sarcasm>Unfortunately windows machines don't have anything other than
email and web browsing and cannot run servers</Sarcasm>

> > Actually there are a lot more viruses written for Linux than the Radio
Shack
> > TRS-80 machine. Why don't you move to the TRS-80? I have not heard of
a
> > single infection in the last half a decade.
>
> More Flame bait.

Actually its a comment on your simple statistics and how valid they really
are.

TO QUOTE YOU

">From the F-Prot web site, these are the numbers of virii it scans for:
  266 Unix/Linux
    0 TRS-80 Machines

So, which OS would you like to be running."

Its an example of why your "statistics" is not valid.

> Half of that statement is true. I will admit that there are retarded Linux
> users, just as there are retarded windows users; windows just has more of

Here we go blaming users. The computer, and hence th eoperating system, has
only one purpose - to serve the users. If you rate your system higher than
your users your are not a good sysadmin.

> them, but the Linux ones tend to be more vocal. If its so easy to
> compromise, why have I had zero problems in the last five years. I used to
> work in network security, and I can tell you that only about 5% of the
> incidents we got involved Unix or Linux boxes. And most of the ones that
> did were hacked (cracked rather, research the difference if you don't
> know it) into, not infected by the worm de jour.

Yes but do people use the linux machines as much. Are they at each users
desktop? Do users get to configure them for their own needs? Or do you
have to call ISD and wait for 3 weeks after filling out four forms each time
you want to do something?

Don't forget your users are the most important thing on your network. Not
yuor linux/unix or windows machines.

> > Have you seen Windows NT or XP Professional? NTFS supports unix like
file
> > ownership and permissions.
>
> The hell it does, My Administrator account cannot read the files from my
> user account. Ownership and permission doesn't really matter on a machine
> that is designed to be used my a single user, and that single user usually
> runs with full privileges. (Yes, I did admit to using windows, I have and
> Xpee box as well, so I can play games; it only leaves me feeling slightly
> dirty).

What OS and what version are you using? Some are deliberately set as open
because that is what users want. However the file system and other versions
support the options.

> I would also wager that most Windows users have no idea what to do with
> ownership and permission settings.

And you expect them to be able to use linux? Is it the users you are
blaming for the differences between attacks on linux / windows or is the the
OS?

> I'll admit this is true, real harm from virii does not come from damaging
> files. But then again, if you are dumb enough to leave all your banking
> information and passwords sitting around in those files, you get what you
> deserve.

Actually I meant typing them into your web browser. Downloadable java
bytecode (applets) is just as dangerous on netscape as internet explorer.
Because IE is used more more code is written for it. Computer security is
not just about filesystem permissions. Its about protecting your users and
what belongs to them. [mmm..... about half the newsgoups have "security" in
them]

> I'm not sure I follow you here. What exactly do you mean by install? In
> general on Unix/Linux you just run programs. "Installation" just means
> putting them in a particular place so they are easy to find (not junking
> up some magic centralized registry). Even so the user could not "install"

Install means changing the system so the program will run. (Usually on boot
for malicous code). On linux config files have to me modified so things
will run on boot and the files have to be placed in the right spot.

> the program system wide (a root thing to do), and even though they could
> set the permissions so that every one could run the program, they would
> still have to run it to be infected/compromised. Any one who just runs
> things haphazardly gets what they deserve.
>
> > The really bad thing with linux is that its far easier for virii to
remain
> > hidden. Not many home or small business users use antivrus software on
> > their linux machines [mainly because the linux zealots promote linux as
> > being hard/impossible to crack and are lead into a false sense of
security].
> > Furthermore there are rootkits easily available from the net that defeat
> > most of the linux admin tools. So once its actually installed its far
> > easier for a virus to remain hidden on a linux box.
>
> Anti-virus dispelled above. There are rootkit checkers available. When
> your system is acting odd, unlike windows this is not expected on
> Unix/Linux, You shut it down, then reboot off known good media, RedHat

You do this for windows OR linux if you have a rootkit installed. (Yep -
watch out for your NT rootkits)

> The way these root kits work is by overwriting common system utilities so
> that these utilities will not show the existence of the root kit. The
> problem with this is they usually change the metadata of those system
> files, so when certain files that _never_ change are now 30x bigger and
> have a change date of yesterday (instead of the install date of the
> system) you see large red flags waving.

Thanks for the explanation.

My tripwire logs change each time the machine does anything (like system
updates etc). Unless you know every file in every package on yuor system
(as most of your users would not) you don't know what is happening. This
may be OK for someone who's only life is a computer but hardly a thing to do
for a busy person who has real work to do or is a casual home user with a
family to run.

BTW there are tripwire like programs available for windows as well. Most
home users find them difficult to understand as they would if they had a
unix box in front of them.

> > a large number of start points for malicous code
> What does this mean?!?!?

Just what is says. There is a large number of script places where some
malicous person can start a process and you would never know were it
started.

BTW: My original point is that windows machines may appear to be more
susceptable to attack because of how they are used - not the OS itself.
This includes the type of users (as in not so technically skilled - have a
real life - people) and the number of users of that type. Much of your
argument has appeared to agree with this but used derogatory statements
about those users instead of making a considered view on whether the OS
[either linux or windows] can compensate for their behavour.

One thing that RedHat has done to assist home users over the past few years
is have the firewall setup during install (unfortunately it still used
ipchains on the version I have) and have services not normally used on the
desktop switched off. These are quite basic albiet important changes to
earlier versions if you want linux to break into the desktop market.