Re: Looking for some website which installs spyware on Linux

From: Eugene (nospam_at_columbus.rr.com)
Date: 12/09/03 

Date: Tue, 09 Dec 2003 01:20:44 GMT

jmh wrote:

>
>
> NeoSadist wrote:
>> SPAM SPAM wrote:
>
>>>Well, in pre-XP days when most people did run 3.1, 95 or 98 there was no
>>>security at all, now since XP is getting more widespread there should be
>>>a security concept. But why do people still get infected?
>>
>>
>> Because Microsoft has not fixed the ROOT of the problem. It's too easy
>> for
>> a normal user to install things. See, here's why. In any operating
>> system (or at least any well-designed operating system) all programs that
>> a user
>> runs use that person's permissions. If you're not admin/root, things
>> shouldn't be allowed to have those permissions. It's a security issue:
>> unix/linux is built for security, windows is not (as of yet). I will say
>> that windows 2000 is the best windows version put out as of yet, until we
>> see windows 2003/longhorn. Anyways, with windows it's still possible for
>> the normal user to install things, which is most of which activex allows:
>> it allows the installation of programs.
>
> Normal users can install some things but not just anything
> but I think that's true of any of the *nix flavors as well.
> If you can write to some part of the disk and execute a
> progam then a user can install to those directories and
> run the program.
>
> I think the reason why it seems like "normal users" can
> install on the MS systems is because more places give
> the user local admin rights on the machine--so they
> have near root level priveleges. I think the points
> about separating logins for doing different types of
> activity--admin and normal use--and the views about
> that are the main thing. That and the general population
> using MS doesn't want to know how to deal with setting
> something like that up, just douple click and have done.

When my wife's XP box was infected with the search engine from lop.com I
found a couple places claiming it can affect Mozilla, didn't specify if it
was Moz for windows or linux though.

The problem with m$ is not just places making people admins of their boxes.
There is a lot of software than will only run as a user with admin rights,
one I had to support was a CRM package called SalesLogix. We spent a lot
of time auditing registry and file writes and setting permissions but never
did get it to run quite right as when a non admin user was on the desktop.

The other problem is the lax default permissions on folders, ost things
default to everyone. Even then trying to lock down file permissions causes
breakage. The microsoft DNS service won't work without having several top
level folders set at everyone full, I tried to follow standard security
docs and lock down some folders and had a domain controller fail and found
a KB doc specifying that the permissions of the top level folders must be
everyone full.

The third main problem is with everything being installed by default. I
started a long time ago building Windows servers with winnt.sif files so I
could have more control such as not installing IIS and its sub components.
Even then there is so much crap I couldn't remove. which comes to the next
problem.

Servers do not need web browsers! You don't run windows update on the
server, you don't download or surf the web on a server. You do your
downloading on a workstation, test then install on the server. The problem
is they wanted to make sure it was fully integrated into the OS so they
integrated it into both the server and workstation. Other parts are the
same, if I'm not going to make use of component services then I shouldn't
have to install that part. They really need to modularize everything.

Relevant Pages

  • Re: after installing KB011829 OWA is not working anymore
    ... Windows Vista or IE 7.0 no longer includes support for the ActiveX control ... The resolution for this issue is to install hotfix KB 911829. ... and to the back-end server. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.exchange.connectivity)
  • RE: RRAS Wizard failure
    ... SBS, now, you can jump over the Windows server 2003 sp1 installation." ... we do not recommend customer to install windows server 2003 sp2 ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: Service pack version
    ... I understand that the SBS 2003 BPA suggests ... Now, you had installed Windows Server 2003 sp2 on your SBS, and the SBS ... It is recommended to install the Windows Server 2003 sp2 after install the ...
    (microsoft.public.windows.server.sbs)
  • Re: Fax on Terminal Server from SBS2K3
    ... please make sure the Fax service is installed on the TS server. ... you can try the steps below to install Shared Fax Client: ... 248340 Installing and Using Programs in Windows 2000 Terminal Services ...
    (microsoft.public.windows.server.sbs)
  • RE: Remote Access Wizard Error
    ... please let me know the detail version of your SBS. ... please go through the following document to install SBS 2003 sp1: ... Downloading and Installing Windows Small Business Server 2003 Service Pack 1 ...
    (microsoft.public.windows.server.sbs)
Quantcast