Re: Microsoft Says Recovery from Malware Becoming Impossible
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Sun, 23 Apr 2006 08:15:23 -0700
"Imhotep" <imhotep@xxxxxxxxxx> wrote in message
news:keydnc9nII1SPdfZRVn-jA@xxxxxxxxxxxxxxx
Roger Abell [MVP] wrote:
"Imhotep" <imhotep@xxxxxxxxxx> wrote in message
news:vJ-dnQpNaahB59TZnZ2dnUVZ_tGdnZ2d@xxxxxxxxxxxxxxx
Michael D. Ober wrote:
The only OS that this warning doesn't appear to apply to is OpenVMS.
Linux (and by extension, Mac OS-X) and Unix are also subject to this
same problem.
Mike.
"Imhotep" <imhotep@xxxxxxxxxx> wrote in message
news:R5idnZNlU5BZ-NXZnZ2dneKdnZydnZ2d@xxxxxxxxxxxxxxx
"LAKE BUENA VISTA, Fla.-In a rare discussion about the severity of thethe
Windows malware scourge, a Microsoft security official said businesses
should consider investing in an automated process to wipe hard drives
and
reinstall operating systems as a practical way to recover from malware
infestation."
"When you are dealing with rootkits and some advanced spyware
programs,
only solution is to rebuild from scratch. In some cases, there reallyno
is
way to recover without nuking the systems from orbit," Mike Danseglio,
program manager in the Security Solutions group at Microsoft, said in
a
presentation at the InfoSec World conference here."
http://www.eweek.com/article2/0,1895,1945808,00.asp
Imhotep
What kind of 'stuff' are you smoking???? Do you have any idea how stupid
you
sound?
I have been using Linux for 10 years, never caught anything. If I had a
dollar everytime I caught something on Windows I could retire very
wealthy.
The truth is that malware is 99.9 % a Windows problem. So stop lying
about it!
Imhotep
I would suggest that that is in fact an assessment of skill.
I have (iniitally, had to) run Windows versions for a dozen years now,
starting with NT 3.50, and have not caught anything.
I will admit that in the dozen or so years before that when I ran
*nix brands exclusively it was much easier to not "catch" anything,
but that was partly the threat level and partly the simplicity of the
user authorization model.
Roger
User authorization model weak? Not at all. I run a linux "domain" where
the
back end authentication and authorization system is LDAP. It is very
strong
and allows very granular configurations. For all you non technies reading
this AD IS LDAP! Roger, I think you are little out-of-the-times with
regards to the linux World, but that is ok.
With regards to crapware the FACT remains it is a Windows problem!!! I too
have been using Windows going back to DOS 2.(something) and Unix since
college and have never, let me repeat that, never had a problem with it.
The reason you have the crapware situation is:
1) Microsoft illegally dominates the PC World, why should THEY spend money
improving the software when people are stupid enough to ask for more
everytime they are spanked using it?
2) They make money by forcing you to upgrade because the latest version of
MS has "highly improved security enhancements". (hahaha)
3) Within Microsoft the Marketing has more authority then the Engineering
department.
4) Microsoft believes in the time proved lie of "security by obscurity".
MS
often takes a known standard and alters it so it does not work well with
anything but MS products. This has been shown to be a fatal flaw. When
strategic marketing over rides time proven technology standards you are in
for a lot of bugs, security holes and problems. But, hey, it does help
their marketing strategy!
5) Recently, in an article I posted, you saw Microsoft basically say,
crapware is out of control and you (the customer) need to *BUY* software
that rebuilds your PC frequently. Think about that statement for a minute.
That would be like if you bought a defective car and the manufacture said
"You need to just go out an replace the engine very 5k miles". You can bet
that if a manufacturer said that to me, I would never buy a car from that
manufacturer again. But, again, people are stupid. The more MS spanks them
the more they want....it is funny in a way.
If you are up to the challenge, let do this. Why don't you get a list of
all
the spyware, adware and general crapware that can infect Linux and I will
get a corresponding list for Windows. Then we can draw our own conclusions
about the percentages? Up for the challenge?
Imhotep
I am not sure how you got me into this reply Imhotep . . .
I said nothing about size of per-OS crapware lists.
You are probably correct on my time having come to check out
whether a rich authorization model can now be accomplished in
the *nix environments with their addon Ldap variants.
Most of what you have said shows an all too common flaw.
Use of "Microsoft = it" and "Microsoft = they" as in Microsoft
does this because, or as in Microsoft wants such ....
It is as if you are actually speaking about some entity that acts
with one mind.
There are two points with which I can mostly agree in what was
said. That the antivirus, antispam, antimalware industries exist is
in a sense an indictment of _past_ decisions about Windows,
which same I have stated to "Microsoft"; and also your item 3
which was definitely too true in the past (for me the jury is still
out on current situation). I find it a fundemental flaw to judge
one's child today based on what they were and did 5 years ago.
In the same vein, continuing to berate the MS of today based
on the actions of the MS that was just discovering that there
was a network is not useful except for making maleficent verbage.
Just as failing to recognize that people change, this fails to
recognixe that the people and the processes and objectives
have changed.
Moving on, "MS" (today) does not believe in security by obscurity,
although "they" can see what value exists in layered security and
(non-security) layers that slow up / make difficult.
You say MS takes standards and alters them so they do not interop,
but I do not see this. Instead I see a long history, stretching back to
the point where MS began its long dev effort on NT5, where MS is
working on the IETF working groups, submitting RFC and having
representation on the task forces (like most other major vendors).
I assume you are thinking of the Kerberos implementation, or of the
choice of using _ in DNS names; as certainly you cannot be thinging
of the MS efforts to get a standard model in the browser and to get
a standard was to do client-side scripting just as you cannot be
thinging of the RTF and now XML based ways for data sharing
that are built into the ways the Office products can persist/read.
In point of fact, MS only used was was already in the RFC for
Kerberos and DNS, but they got a lot of negetive because they
did not do things as others had - even though fully RFC compliant.
What I also see is a lot of denial about this. I remember an eZine
blast once, when use of XML and SLT etc. started to go mainstream,
about how MS was being copy-cat, again jumping on board late to
the party, etc.. Somehow that author managed to overlook MS deep
involvement in bringing XML use into the mainstream, and its deep
investment and support of XML reaching back to 1997. Similarly
with current efforts to continue WS* and interoperable identity
solutions - there will be people able to overlook the intellectual
property contributions made by MS, perhap not even seeing that
they are misinterpreting the facts of history.
I really think that the history is against you on that claim about
not being an player in the standards orgs and in use of standards.
And, speaking of moving on, XP will have been the common
desktop and have an age of 6 years when its successor releases.
If engine technology were advancing as fast as software, I would
probably want to replace the engine in my car by then (heck, I have
been wishing they had introduced serious hybrids a couple years
earlier when I was at buy-time). In the case of XP's replacement
with Vista, as with the replacement of Win9x, or NT 4, etc. there
is nothing forcing upgrading, and the rather liberal support length
in the product life-cycle is why we have so many of the old, and
never supportable DOS variant OSs still in use today. You have
it wrong if you think the OS side of the MS business is a cash
cow. If it were not for the density of systems in the consumer
base and for the use in-house for MS internet business efforts,
the OS development and life-cycle support would probably not
happen, certainly not with the present investment levels.
.
- Follow-Ups:
- References:
- Re: Microsoft Says Recovery from Malware Becoming Impossible
- From: Michael D. Ober
- Re: Microsoft Says Recovery from Malware Becoming Impossible
- From: Imhotep
- Re: Microsoft Says Recovery from Malware Becoming Impossible
- From: Roger Abell [MVP]
- Re: Microsoft Says Recovery from Malware Becoming Impossible
- From: Imhotep
- Re: Microsoft Says Recovery from Malware Becoming Impossible
- Prev by Date: Re: Trojan.Alemod
- Next by Date: Re: Alternate to Backing up files
- Previous by thread: Re: Microsoft Says Recovery from Malware Becoming Impossible
- Next by thread: Re: Microsoft Says Recovery from Malware Becoming Impossible
- Index(es):
Relevant Pages
|
