Full Disclosure mailing list archives
Re: Linux big bang theory....
From: Kradorex Xeron <admin () digibase ca>
Date: Fri, 11 May 2007 18:05:37 -0400
On Thursday 10 May 2007 19:43, KJKHyperion wrote:
J. Oquendo wrote:KJKHyperion wrote:why, Windows machines of course, I'm an attacker, not a fool! If you were a terrorist, what would you rather do? Crash the Twin Towers Crash the dollar There is no such thing as an "attacker". All actions, even such an individual's, are driven by economical considerations.With this said, if I were an attacker with economics in mind why would I want to target a machine which has X amount of vendors sifting through the much of malware and viruses when I could spawn off an semi undetectable program and KEEP IT THERE without having to wait for the next best thing.So many misconceptions, so little time. First of all, I meant economical in not just a monetary sense, but the wider sense of balancing conflict in everyone's interest. And well, I got the impression you were thinking of outlandish lose-lose (hence anti-economical) scenarios where some loose cannon shuts down the whole internet, but on second thought I might have been wrong on that account. The idea was that, as effective an enemy-killer crashing the dollar would be, it would prove counterproductive, damaging irreparably the very currency that puts bread on your table and AK-47 on your shoulder. So a purely economical evaluation will bring you to choose, instead, the option causing the lesser evil (i.e. the virtual death of the airline terrorism market). Second, don't kid yourself, the market of security suites for Windows is, at best, an open-air fish marketplace (a terrible stink, a lot of yelling and products with an inherently short freshness timespan the first similarities that come to mind, but I'm sure the mental picture will evoke you many others). I have written Windows attack software for a living, and there's one thing I can write down and undersign in my own blood: Windows cannot be secured. Which is very bad news for the whole industry, Windows being the system with the highest security/feature richness ratio, or in other words the culmination of the state of the art of software engineering as we know it. We lack the semantic tools to even express *what* Windows does, much less how, much less to tell right from wrong [The feeble-minded, confronted with this, retreat in the virtualization hugbox, forgetting the historic lesson that the Titanic sank because the flooding bypassed the (insufficiently fine-grained, at that) waterproof compartments by reaching *over* them -- and let's leave it at that, before runaway metaphorization makes me say something about how Leonardo Di Caprio fits that I will regret] There is nothing, absolutely nothing you can do to isolate applications, or tell malicious from normal behavior. Hell, you can hardly tell apart applications from each other. An application is often just an EXE, but sometimes it's an EXE and a bunch of DLLs, and sometimes one of the DLLs is loaded in all active processes, and sometimes the EXEs are two or more, and sometimes a driver is thrown in the mix, and yet sometimes all you have is a single DLL, a DLL that, sometimes, must *necessarily* be loaded at random times in an arbitrary process (see: IMEs). Not that it matters at all, since the biggest names in security suites fail even the most basic, trivial tests (god is my witness in how often I overengineered some protection routine, only to discover that expensive security suites that shall go unnamed didn't notice the whole trojan in the first place), but it's kind of comforting to know that the problem is unsolvable in principle, now isn't it? So stop shelling out money to the snake oil salesmen or even giving them any credit. When humanity's flagship software product is in such a sorry state, you know there is nothing a random moron like you can do. Let the scientists discover the obvious, let the engineers put it in practice, and until then, for the love of god and all that is holy, _just_ _don't_ _swallow_. [Microsoft being Microsoft, the most important software engineering proof-of-concept, ever, they have developed will probably become a product in ten years from now, if ever, be a huge flop at it and be forgotten soon. It's called Singularity, it's an operating system 99.999% based on .NET, it will make your CPU simpler and faster and your software safer, it's sort of like what Inferno would be if it was actually meant to be used by human beings, *and* if your irrational racist hate of .NET or other kind of short-sightedness makes it seem any less than the... singularity that will take the world by storm and change it forever I see it as, *then* to me you are dead from the inside; <http://research.microsoft.com/os/singularity/> for more information]And if you think for a second that "Boohoo Linux users are more inclined> to be security conscious" then you are the fool here. Haha, yes they are, according to their self-assessment. As for delusions of security consciousness, though, my favorite have to be the MacOSX users. They are just completely detached from reality. I have seen people I considered computer security gods sit in front of a Mac and turn into trusting, carefree idiots on the spot. They download warez from Limewire, crack it, share it with their Mac-using buddies, they will double-click on random auto-run DMGs without batting an eye, and they will know absolutely nothing about the system and still be proud of every shining new shareware widget like they made it themselves. [random hint: MacOSX is not based on UNIX, it's based on Mach which has a lot more in common with Windows than any UNIX, ever; the upper layers come from NextStep, again not an UNIX by any stretch of imagination; the UNIX subsystem has only ever caused security issues and will keep causing them, because it's a poorly integrated add-on with almost purely advisory vetoing powers] They use, again very proudly, an alternate "desktop" they download Javascript "widgets" to, and a screen saver that shows the latest headlines from their "feeds" of choice [alternate keywords: "active etc.", "items", "channels"]. They are, in other words, living in 1998, plus special effects. I could poison Limewire with backdoored Office 2004 DMGs and own a planetful of these clueless, poor, trusting bastards. They'd be wearing their best shit-eating grin the whole time (built-in webcam if you need proof!), and you can hardly beat _that_, sheer numbers be damned.Of the couple of thousand of brute force bots I see, none are on Windows.Of course, where would we run our millions of phishing bots otherwise?Whatever though, to each their own mechanisms of thought. If you truly believe its all fine and dandy and things won't get progressively worse by giving Linux to inexperienced users, you are in for a rude awakening.You _can_ sleep?If you haven't stopped to read the facts that malware, *ware creators> are getting more savvy, then you seem to be stuck somewhere in a > world of fantasy. You seem to assume nobody that programs on Windows could possibly get "savvy". I assume you are choosing to ignore that Windows hackers have completely hijacked the UNIX-born concept of "rootkit", bringing it to heights that probably give nosebleeds to most UNIX-heads. Despite this, and despite scaremongers the likes of Joanna Rutkowski, there has been no technological escalation in attacks because it's unnecessary -hence- antieconomical (could also be because kernel-mode rootkits suck? I'm a firm believer of user-mode rootkits. Vanaglorious boasters will lead you to believe you can do more in kernel mode, but experience soon shows you that you can actually do *less*, at a higher cost) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Amen. And to add to this most security software is becoming more and more chunky, more flashy and less efficient and less effective, Personally it seems like they spend more time on the UI/marketing then they do the engine, and companies like Symantec purposefully expect users to be strangled into buying new versions every year or so with "Licence renewal". If these companies were dedicated to security like they say they are, they'd stop the marketing bs and develop the software properly (no mandated licence renewal). Furtheremore, most users depend too heavily on this so-called "security software" and think they are imune to everything with it. Security software companies should be made to stop this false advertizing that it "Will protect you from malware" and stop this additude that 'you can click on anything and the software will protect you' Because the advertizing is effectively causing this additude among users, thus causing MORE infections than if users were under the caution of malware infection. Then you get the bunch who say "I know what I'm doing, I know how to protect my computer" then they go off and end up getting infected and have a hard time and end up having to wipe their machines when their antivirus/antispyware is unable to remove something. You can scan with antivirus/antispyware to death and you may or may not be clean. Not even the combined engines of all antimalware can you be sure that your computer is clean. Call me paranoid but how can anyone be sure that the said systems are 100% clean? it's a risk you have to take every time you load new data onto your system. The marketing is making users blind, it's giving them a false sense of security, especially in the Mac community. And frankly, I am SICK of it. -Krad Xeron _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Linux big bang theory...., (continued)
- Re: Linux big bang theory.... KJKHyperion (May 10)
- Re: Linux big bang theory.... J. Oquendo (May 10)
- Re: Linux big bang theory.... Valdis . Kletnieks (May 10)
- Message not available
- Re: Linux big bang theory.... KJKHyperion (May 10)
- Re: Linux big bang theory.... J. Oquendo (May 10)
- Message not available
- Re: Linux big bang theory.... KJKHyperion (May 10)
- Re: Linux big bang theory.... J. Oquendo (May 10)
- Re: Linux big bang theory.... Derek Buelna (May 10)
- Re: Linux big bang theory.... Valdis . Kletnieks (May 10)
- Re: Linux big bang theory.... kefka (May 10)
- Re: Linux big bang theory.... KJKHyperion (May 10)
- Message not available
- Re: Linux big bang theory.... KJKHyperion (May 10)
- Re: Linux big bang theory.... Kradorex Xeron (May 11)
- Re: Linux big bang theory.... Pavel Kankovsky (May 12)
- Re: Linux big bang theory.... Valdis . Kletnieks (May 13)
- Re: Linux big bang theory.... Andrew Farmer (May 13)
- Re: Linux big bang theory.... Andrew Farmer (May 13)
- Re: Linux big bang theory.... Mike Owen (May 15)
- Re: Linux big bang theory.... Tremaine Lea (May 13)
- Re: Linux big bang theory.... Andrew Farmer (May 13)
- Re: Linux big bang theory.... Vincent Archer (May 21)