Re: Microsoft Says Recovery from Malware Becoming Impossible

Hi Stefan,
Despite the reply being made to my post, I recognize that
the majority of your comments are not with regard to my
statements. I comment within in two places


"Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
news:u6WgysHaGHA.4424@xxxxxxxxxxxxxxxxxxxxxxx
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote:

Not all the replies go to you...

"Imhotep" <imhotep@xxxxxxxxxx> wrote in message
news:ceudnewFafcRBdDZnZ2dnUVZ_umdnZ2d@xxxxxxxxxxxxxxx
Alun Jones wrote:

Imhotep wrote:
Michael D. Ober wrote:

The only OS that this warning doesn't appear to apply to is OpenVMS.

There are MANY more OS', typically running on 'real' mainframes, where no
rootkits are known for.

Linux (and by extension, Mac OS-X) and Unix are also subject to this
same problem.

What kind of 'stuff' are you smoking???? Do you have any idea how
stupid you sound?

I have been using Linux for 10 years, never caught anything. If I had
a dollar everytime I caught something on Windows I could retire very
wealthy. The truth is that malware is 99.9 % a Windows problem. So
stop lying about it!

That's SO ridiculous:

- what "Linux"? Any known distribution? Which MTA, web server, ...

Almost all of them have had nice big security holes, and they offered
the whole plethora of services on all their interfaces like Windows.

- why did you catch "something" on Windows?

I'm using Windows since v3.0 and never caught something. I'm also using
other OS' since 30 years and never caught anything there.
Your argument only tells something about your habits using Windows; a
properly setup/configured system is as secure as any other OS! A careless
setup OS is nothing a user should work with.


That was precisely my comment/observation earlier, that the statement of
the apparently extreme problems Imhotep says has been his (?) experience
with Windows is more a statement of skill with Windows and character of
usage practices than it is anything else. As I observed in my prior reply,
I have also never had a Windows "infected/invaded" either, neither my own
machines, my admin workstations, or my servers.
(PS. I never used Win9x variations).

Where's the "lie"? Where's the "stupid"?

The lie is:
"The only OS that this warning doesn't appear to apply to is OpenVMS.
Linux
(and by extension, Mac OS-X) and Unix are also subject to this same
problem."

You are misleading people by saying malware (spyware, adware, etc)
affects
all OSes. When in fact it is a WINDOWS PROBLEM!!! Swallow the sour pill
and
admit the truth...

This warning - that malware can leave such insidious and subtle traces
on
a system that you can't guarantee to have found and removed them all -
_is_
applicable to all systems. Possibly excluded are systems that
exclusively
use write-once storage (CD-Rs, for example), and thus have an audit
trail
from the moment they were first turned on to right now.

TRUE or FALSE, malware (spyware and adware) is 99% a WINDOWS problem:
TRUE
OR FALSE.....

Let's remember that the very term "rootkit" came from the Unix world.

A rootkit does have the possibility of infecting any system. This is
true.
A
rootkit is typically installed because a user has downloaded something
and
has root/administrator privileges (UNIX users do not have these higher
privileges but in Windows, especially "home" additions do. Thus, again,
making them more vulnerable).

Wrong in two points:

- malware also creeps in via attacks against daemons running with
root/SYSTEM
privileges. Remember the Morris worm?

- you can create "normal users" on XP Home too.

However, we are not talking about rootkits.

Sorry, but we ARE talking about rootkits.
Common malware is cleanable.

Please define "common" and "cleanable".

By "common" I meant "other than rootkit".
I recognize that some (CWsearch, etc.) can be quite difficult,
and that as you indicate below not within the skill or tolerance
of Joe Average. However, with skill and the wealth of tools
available on the web from various sources, if the "common"
malware (i.e. not using stealth methods at kernel rootkit level)
are detectable and hence cleanable (by which I meant removable).

Notice that you have clipped my comment so that it is now out
of context. I was responding to Imhotep's statement that we
were not speaking of rootkits, but just of "crapware", or something
to that effect. My comment was intending to say that if no rootkits
were involved then the systems are cleanable.

While (some) trojans may be detected: what about the greeks who entered
under the hood?

Is Joe Average able to perform the detection and cleaning?
In resonable time with provable success?

You surely know
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

| The only way to clean a compromised system is to flatten and rebuild.
| That's right.

And that is right because many sploit frameworks are now spinning out
hacks that include rootkitting the compromised system.


Stefan



.

Relevant Pages

  • Re: Is Windows inherently more vulnerable to malware attacks than OS X?
    ... in privileges. ... code on Windows; ... My right to track down malware on ... users need to be able to access their own files, install ...
    (comp.sys.mac.advocacy)
  • Re: Microsoft Says Recovery from Malware Becoming Impossible
    ... The truth is that malware is 99.9 % a Windows problem. ... malware (spyware and adware) is 99% a WINDOWS problem: ... but we ARE talking about rootkits. ...
    (microsoft.public.security)
  • Re: How good is Comodo Internet Security?
    ... defaults (like, don't work with admin/root privileges, shut down ... services you don't want to provide, etc.), even Windows is reasonably ... Firewalls can reliably filter inbound traffic. ... Once malware is executed on your system with admin ...
    (comp.security.firewalls)
  • Re: mp3plugin.dll
    ... You're going to have to remove the malware. ... unpack the virus signatures, ... In really basic terms, rootkits load before Windows, and programs that ... load in Windows only see what happens _after_ Windows has loaded. ...
    (alt.sys.pc-clone.dell)
  • Re: Microsoft Says Recovery from Malware Becoming Impossible
    ... The truth is that malware is 99.9 % a Windows problem. ... "The only OS that this warning doesn't appear to apply to is OpenVMS. ... but we ARE talking about rootkits. ...
    (microsoft.public.security)