Re: Viruses and hackers make Windows more secure - Gates

From: Iceman (1c3m4n_at_chi-mafia.org)
Date: 01/31/04 

Date: Sat, 31 Jan 2004 09:24:36 GMT

On Fri, 30 Jan 2004 09:44:23 +0000, Ben Measures wrote:

> Iceman wrote:
>> On Fri, 30 Jan 2004 04:43:54 +0000, Ben Measures wrote:
>>
>>
>>>Iceman wrote:
>>>
>>>>Also the security issues while always there in one respect or another was
>>>>not one of the primary functions of windows in the beginning as it was not
>>>>designed to go on the WAN until later, and it became far more important and
>>>>the Net took off.
>>>
>>>Security in Unix systems has always been a primary function, even when
>>>networks were uncommon.
>>>
>>
>>
>> You might remember how Linux came about, and networking was involved.
>
> I specifically said Unix. Unix was about when networks were expensive
> and uncommon (late 1960s).
>
>> Linux's downfall is that when it gets hit
>
> Uncommon...
>
>> it can and usually will bring
>> down the whole system. Good point and/or bad point.
>
> I'd like you to cite some references. It is not in a virus'/worm's best
> interests to kill its host computer.
>

Its pretty well known, and you may specifically want to bring down a server
or crash multiple systems.

>>>When networks became fairly common, Microsoft got into networks. They
>>>still didn't think too much about security - they had obfuscation.
>>>
>>
>> No, they built or started using NetBeiu (sp) based on an old standard.
>
> Are you saying they built or started networking?
>

What? Reread the sentence.

>> It
>> was somewhat good albeit incompatible with other networks. Was not good for
>> large networks.
>
> I don't see the part about security there. That was my main point. I'll
> write it again in case you didn't catch what I wrote.
>

It was a comment about NetBeui, what part of that don't you get.

> "They still didn't think too much about security - they had obfuscation."
>

Ridiculous statement. Totally biased and ignorant. There was no reason for
obfuscation, nor intent.
 
>>>Microsoft started to think about security only when customers complained
>>>that viruses and hackers were getting access to their computers and
>>>data. This was way after the internet took off.
>>
>> True, when it became the focus of attention, mainly due to animosity it
>> became a big target. NT thwarted a lot of that for years. As a side point I
>> always had a good laugh at "windows" users getting hit my virus', trojans
>> and the like since I ran strictly NT and was not affected.
>
> NT has been the target of many serious viruses. It continues to be. Of
> the top 10 viruses of the year 2003, all ten could infect Windows NT
> systems.
>
> 1. W32/Sobig-F
> 2. W32/Blaster-A
> 3. W32/Nachi-A
> 4. W32/Gibe-F
> 5. W32/Dumaru-A
> 6. W32/Sober-A
> 7. W32/Mimail-A
> 8. W32/Bugbear-B
> 9. W32/Sobig-E
> 10.W32/Klez-H
>
> http://www.sophos.com/pressoffice/pressrel/au/20031204yeartopten.html
>

Your point? If you read what I wrote then you wouldn't have to have written
this crap. Sure it was a focus, for years it could not be breached, little
knowledge. If you had any freaking idea of what went on they you would know
that one of the first that worked was done by hacking Unix servers so they
could have they had a large platform from which to work in order to get
into NT. Get it? Unix was broken into to get to NT. None of the viruses you
mentioned ever hit my systems. Plus without a little investigation I will
not take your word that all of those messed with NT. I do recognize many of
them from infected 9x computers that I have cleaned up for others, as well
as cleaning them out of email messages on servers.

>>>They have a lot of catching up to do. Especially with their legacy of
>>>"old software" compatibility.
>>
>> This is happening, but the legacy crap stays on, mainly to support the
>> "cheap" populace and good for nothing lazy programmers who have yet to get
>> with the picture.
>
> This "legacy crap" helps to make Windows so vunerable. That can't count
> as a plus.
>

D'oh!

>>>>Those who claim Linux is inheritently more secure is crazy. It
>>>>also requires constant supervision and upgrades, things that most lazy ass
>>>>windows users ignore, and putting them into a Linux package with the same
>>>>attitudes will only drive up incidence's in Linux.
>>>
>>>Now those are two separate things.
>>>
>>>It is simply not possible to protect a system that is being administered
>>>by somebody who is a "lazy ass user" without forcing them off all networks.
>>>
>>
>>
>> True
>>
>>
>>>If you put two irresponsible drivers in two cars, one with ABS, one
>>>without, then they are both likely to have a crash, regardless of
>>>braking system. You can't then say that ABS is less effective at
>>>preventing crashes.
>>>
>>
>>
>> But that is what rabid Linux supporters would have you believe.
>
> Not at all. "Rabid" Linux supporters laugh at what irresponsible admins
> believe is security.
>

The bulk of peeps on the Usenet are not admin's. They are a bunch of low
lifes who go about touting *** they do no understand. In one breath they
speak of the "unstoppable" power of their OS, in a few messages later they
cry because their systems lock up, crash or whatever and cannot figure out
why. The ridiculous nature of their behaviors is laughable. The rabid anti
MS attitudes blinds them to anything honest. Other ignorant peeps follow
them into thinking how secure their Linux system is, "inherently so" yet I
can walk right in using well known slpoits if I chose to do so.

Therefore I laugh and mock them for they are every bit as culpable as the
Windows lAAmers. PKB? One cannot be complacent with *any* OS.

>>>Likewise you can't say anything about comparisons of the security of
>>>various operating systems unless the administrators are competent and
>>>care about security. If the comparison is done properly, Linux is the
>>>clear winner, even when based on patch release times alone.
>>>
>>
>>
>> From personal experience I have never had a NT server breached, no virus,
>> not trojan, nada, other then poorly written software or *** video drivers.
>
> Then you've either been lucky, or don't connect to the internet. (Though
> luck goes down as diligence goes up.)
>

LOL, I'm on the net 24/7, have been for years, and here you go with the
same lames ass statements as many others. "I *have* to be lucky" or "I'm
not on the net". That is the problem, in your mind something is not
possible. Pardon me while I have a snicker about your FUD.

>>>I'm sorry to go on so long but I felt your comment "Those who claim
>>>Linux is inheritently more secure is crazy" was extremely unfair.
>>
>>
>> They are crazy. It is unfounded. Both can be made secure. Both can be
>> equally open.
>
> When a security vunerability is released in the Linux world, patches are
> available to download within minutes.
>

Yeah right, minutes? LOL! I s'pose 50,224 minutes could constitute minutes.
LMAO. It's crap statements like that which blow your credibility and other
users of your ilk.

> _If_ a security vunerability is released in the Windows world, patches
> are only available after several weeks, if you're lucky.
>

More of the same FUD

> With Linux there are millions of people pouring over the source code
> every day. Vunerabilities are announced, even if they are theoretic and
> impractical.
>

Millions? snicker. Get real and practical, eh?

> With Windows vunerabilities are usually only discovered after finding
> some software already abusing the exploit. The vunerabilities are rarely
> announced, and even when they are, they are delayed by several months in
> order to tell Microsoft's bigger customers first. Windows is definitely
> not open (unless you're a government agency).
>

When have you ever seen millions of computers get infected, and the fixes
released weeks after? Are you knowledgeable about what happened to Debian
servers? Just recently? They are still pouring over their source code dble
checking everything.
 
> In short, with Linux you get vunerability announcements fast and
> freqently, with patches being available almost immediately. With Windows
> you sometimes get delayed vunerability announcements (usually after an
> exploit in the wild), with patches being available weeks after. Its
> difficult to secure a system that way.
>

While I would never say categorically this could never happen, if you
followed normal conventional practices you would have reduced or eliminated
your exposure to many exploits even if patches were never released. You
greatly exaggerate the situations.

>> For years I can remember the tricks one Linux user would play on another as
>> security was being learned by all, same with Windows.
>
> Like this one perhaps?
> "Hey dude,
> login as root, and type
> rm -r /
> heheheheheh."
>
> Its much more difficult to trick a Linux user into seriously damaging
> their system or into giving away information not belonging to that user.
>

WTF you talking about. You act like Linux users are inherently vastly more
intelligent? *snicker* just read the freakin ng's. You'll see just as many
lame ass sorry users there as you do in any windows ng. You'll see s many
crashes, lockups, can't get things to work, whatever. And yes, SE'ing a
Linux user or admin is no different than any other user. Well, let me back
up a bit. When one finds a user who has an attitude such as the one you
project about how superior the OS is, and how hardened it is, then they are
actually easier to SE.

>> I think you will agree that nothing is inherently secure.
>
> Absolutely. The search for bugs/vunerabilities/exploits must go on, and
> it must not be impeded.
>
>> You did reference above the Admin's responsibility but given the advent of
>> Linux workstations and idiot Windows users moving over to that OS with no
>> training, little knowledge, etc. That they will soon find their systems
>> breached for the very same reasons that they are breached in Windows. Poor
>> user administration.
>
> I see two flaws in that argument:
>
> 1. The whole vunerability/patch thing again. I can keep my computer
> updated with patches that come out _before_ exploit-exploring code goes
> wild. I now don't give a damn what happens to the systems that fall.
> Every man for himself.
>
> 2. Things aren't handed to you on a platter with Linux. You have to go
> out there and learn. You read documentation and eventually it becomes
> habit. This is more likely to happen with Linux than with Windows, which
> has preconfigured setups that are suitable "for most users". I don't
> imagine there will ever be a time documentation reading gets ejected
> from "compulsory things to do before starting Linux". When it does then
> we get back to "every man for himself".
>

LOL, that is no different then what happens in NT products. True, they
shipped them loose, and it was up to the admin to tighten them up before
putting it online. But again, I have not had a system breached. Just
"lucky" I guess. LOL.

>> I would much rather that current Linux guru's would stress
>> maintenance/administration rather then stating that Linux is "secure". It
>> is misleading to the novice and or the lazy ones. For them to run such an
>> OS is to leave them blindly confident in an unsecured OS and thus exposed.
>
> I agree with you here that maintenance/administration is *the* most
> important thing in keeping a system secure. Nothing does a job better
> than diligence.
>
> However, Linux "Gurus" frankly don't care too much about telling lazy
> people that maintenance is important - theres plenty of material on the
> web stating this. When the Linux Gurus talk about Linux being more
> secure, they're generally talking to other Gurus. If newbies mistake
> this for themselves, then they only have themselves to blame.
>

I can tell you with certainty that most of the peeps in linux ng's are not
admins, nor intelligent. They talk the talk without knowledge and spread a
lot of false security idea's around. Guru's are usually helpful and will
pass on advice, the only place I know of where so-called Guru's are
assholes like you posted about is in the slack ng.

> As for the security that Linux can offer novices, well it does so by
> forcing/teaching users to understand their systems and get right into
> the configuration of security first before they can even claim to say
> their system is secure.
>

Well Duh, cannot the same be said for windows?

> In Windows novices can just set "high security", bumping this down if
> they come across any problems. Its the lack of understanding that breeds
> laziness, and casual to non maintenance.
>

Same thing with Linux or any OS for that matter. With SP2 for XP, if they
stay the course, XP when updated will be locked down, "breaking" many
things peeps do, "forcing" them to learn, though many will strictly learn
how to re-enable the soft spots without regards to what they are doing.
Same as what goes on currently with many Linux users.

> You can only truly maintain what you strive to understand.

Regardless of the OS.

Quantcast