Full Disclosure mailing list archives
Re: windows future
From: "Elazar Broad" <elazar () hushmail com>
Date: Sun, 30 Aug 2009 04:19:19 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Like them or not, M$ has done quite a bit with its SDL[1], and though quite late in the game, the memory protection mechanism's in Vista and Windows 7. As far as anti-virus software goes, it's mostly useless[2][there was a recent article on signature lead time, I can't find it for some reason] already. [1]http://www.pcworld.com/businesscenter/blogs/bizfeed/167111/opinio n_pigs_fly_microsoft_leads_in_security.html?tk=rss_news [2]http://pcworld.about.com/od/virusesphishingspam/Botnets-Defeat- Most-Anti-Virus.htm On Sat, 29 Aug 2009 20:09:55 -0400 lsi <stuart () cyberdelix net> wrote:
I'm saying that the world's malware authors, in their race to stay ahead of AV, are engaging in an uncoordinated, slow-motion DDOS of the world's AV systems. They are flooding the blacklists, and this flooding is accelerating. If it continues, the world's AV systems will be useless, as will be the machines they are protecting. Note, I have NOT gone off and compiled some stats, I've just noted an existing trend, and extrapolated it. Here's an article from 2005, again, the numbers suggest an exponential curve. http://www.theregister.co.uk/2005/01/05/mcafee_avert_report/ The biological metaphor does suggest that Microsoft would take some kind of evasive action, and I think their only option is to license unix, just as Apple did (although Apple did it for different reasons). Doing this will solve many problems, they can keep their proprietary interface and their reputation, and possibly even their licensing and marketing models, while under the hood, unix saves the day. They will need to eat some very humble pie, a few diehards might jump from Redmond's towers, and the clash of cultures will toast some excellent marshmellows... but they will save their business. Do they have a choice? Malware numbers are suggesting they don't. Licensing the solution suits Microsoft's business model (much easier for them to buy in a fix than build one, they tried that already), they did in fact do it many times previously, starting with a certain product called MS-DOS, and it means they can keep their customer base, they just sell them an upgrade which is in fact a completely new system - again, just as Apple did with OSX. Actually, I think the simplest thing for them to do would be to buy Apple, then they can rebadge OSX, instead of reinventing it. Stu On 28 Aug 2009 at 10:24, Rohit Patnaik wrote: Date sent: Fri, 28 Aug 2009 10:24:25 -0500 From: Rohit Patnaik <quanticle () gmail com> To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] windows futureI'm not sure I agree with the basic premise of this scenario.You'resuggesting that getting exposed to malware is some kind of inevitability, and that eventually there will be enoughdifferent kindsof malware that filtering them all will be impossible. I don'tthinkthat's valid. Good browsing habits, running a firewall, andkeeping yourmachine updated will prevent almost all malware from evengetting accessto your machine. Then all we have to worry about are the fewbits ofcode that are capable of getting through our defenses. To reiterate the biological analogy, we don't rely onantibiotics tostop infection. We rely on good hygiene. In the same way, justasincreased biological infection rates led to a push for greaterpublichygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see apush forgreater computer hygiene as malware infection rates rise.Windowsalready includes a firewall to prevent automated worminfections, andMicrosoft is working to harden network facing applications, asevidencedby their recent decision to have IE run with limited privileges.Asmalware becomes more virulent, the "immunity" of Windows willlikewisegrow, putting a damper on any sort of exponential growth curve. --Rohit Patnaik lsi wrote:Thanks for the comments, indeed, the exponential issue arisesdue touse the of blacklisting by current AV technologies, and aswitch towhitelisting could theoretically mitigate that, however, I'mnot surethat would work in practice, there are so many little bits ofcodethat execute, right down to tiny javascripts that check you'vefilledin an online form correctly, and the user might be bombardedwithprompts. Falling back on tweaks to user privileges and UACpromptsis hardly fixing the problem. The core problem is theplatform isinherently insecure, due to its development, licensing andmarketingmodels, and nothing is going to fix that. Even if fixing itbecamesomehow possible, the same effort could be spent improving a competing system, rather than fixing a broken one. Just to complete the extrapolation, the below. Assuming that mutation rates continue to increaseexponentially,infection rates will reach a maximum when the average computerreaches 100% utilisation due to malware filtering. Infectionrateswill then decline as vulnerable hosts "die off" due to their inability to filter. These hosts will either be replaced withnew,more powerful Windows machines (before these themselvessurcumb tothe exponential curve), OR, they will be re-deployed, runningadifferent, non-Windows platform. Eventually, the majority of computer owners will get the ideathatthey don't need to buy ever-more powerful gear, just to do thesamejob they did yesterday (there may come a time when the fastestmachine available is unable to cope, there is everypossibility thatmutation rates will exceed Moore's Law). The number ofvulnerablehosts will then fall sharply, as the platform is abandoned en-masse.At this time, crackers who have been depending upon a certainamountof cracks per week for income, will find themselves short.They willthen, if they have not already, refocus their activities onmoreprofitable revenue streams. If every computer is running a diverse ecosystem, crackerswill haveno choice but to resort to small-scale, targetted attacks, andthedays of mass-market malware will be over, just as the days ofthemass-market platform it depends on, will also be over. And then, crackers will need to be very good crackers, togenerateenough income from their small-scale attacks. If they aren'tverygood, they might find it easier and more profitable to get a 9-to-5job. The number of malware authors will then fall sharply. The world will awaken from the 20+ year nightmare that wasWindows,made possible only by manipulative market practices, driven bygreed,and discover the only reason it was wracked with malware, wasbecauseit had all its eggs in one basket. Certainly, vulnerabilities will persist, and skilled crackinggroupsmay well find new niches from which to operate. Butdiversifying theecosystem raises the barrier to entry, to a level most garden-varietycrackers will find unprofitable, and that will be all that is required, to encourage most of them to do something else withtheirlives, and significantly reduce the incidence of cybercrime. (now I phrase it like that, it might be said, that by buying Microsoft, you are indirectly channelling money to organisedcrimegangs, who most likely engage in other kinds of criminalactivity, inaddition to cracking, such as identity theft, moneylaundering, andsmuggling. That is, when you buy Microsoft, you are proppingup themonoculture, and that monoculture feeds criminals, by way ofitsinherent flaws. Therefore, if you would like to reducecriminalactivity, don't buy Microsoft.) -EOF On 27 Aug 2009 at 13:45, lsi wrote: From: "lsi" <stuart () cyberdelix net> To: full-disclosure () lists grok org uk Date sent: Thu, 27 Aug 2009 13:45:01 +0100 Priority: normalSubject: [Full-disclosure] windows future Send reply to: stuart () cyberdelix net <full-disclosure.lists.grok.org.uk><mailto:full-disclosure- request () lists grok org uk?subject=unsubscribe> <mailto:full-disclosure-request () lists grok org uk?subject=subscribe>[Some more extrapolations, this time taken from the fact thatmalwaremutation rates are increasing exponentially. - Stu] (actually, this wasn't written for an FD audience, pleaseexcuse thebit where it urges you to consider your migration strategy, Iknowyou're all ultra-l33t and don't have a single M$ box on yourLAN)http://www.theregister.co.uk/2009/08/13/malware_arms_race/ If this trend continues, there will come a time when theamount ofmalware is so large, that anti-malware filters will need morepowerthan the systems they are protecting are able to provide. At this time, those systems will become essentiallyworthless, andunusable. You can choose to leave now, or later. But you cannot choosetostay... (I mean, that the Windows platform seems destined to fill, completely, with malware, such that your computer will spendALL itstime on security matters, and will have no CPU, RAM etc leftforactual work. At the end of the day, the ability of malwareto infectWindows machines is due to the fact that Windows is amonoculture, amonolith, built by a single company, with manyinterconnections andhidden alleyways. It's hard to imagine a platform LESSvulnerable -compare with open-source efforts, which are diverse,homogenous andconnect via open protocols. Malware finds life hard in thesterile,purified world of RFCs, where one of many different programsmayprocess your malicious payload, all of which have been peer-reviewed.In Windows, malware knows that a specific Microsoft EXE willprocessits data, knows that the code has not been thoroughlychecked, andcan make use of undocumented mechanisms. So basically Microsoft, by hoarding their source, by tightly integrating functionality, and by seeking to monopolise thevariousmarkets created by the platform (browser, media player,officesoftware), have doomed Windows, and everything that runs onit. Thelack of diversity in the Windows ecosystem means that it ishighlyvulnerable to attack by predators. The fact that malwaremutationrates are accelerating is a clear indicator that the foxesarecircling. This is the beginning of a death spiral; themalwarenumbers we've seen in the past 20 years were the low end ofanexponential curve, and we're now getting to the steep part. The problem is that any given computer is only capable of somuchprocessing. It has an upper limit to the amount of malwareit canfilter, those limits being related to CPU speed, RAM,diskspace,network bandwidth. This upper limit looks like a horizontalline, onthe chart that shows the exponential curve mentioned above. So my point, is that eventually, the exponential curve isgoing tocross that horizontal line, for any given computer, and whenthathappens, that computer will no longer be able to filtermalware. Itwill only be able to filter a subset, and thus be vulnerableto therest. Consequently it will not be usable, for instance, onthe web,and will essentially become a doorstop... The only escape from this inevitability is to ditch theplatform thatis permitting the malware - that is, the only escape is toditchWindows. It is being eaten alive, by predators that only haveafoothold because there are weaknesses in the platform. Given that it can take years to migrate to a new operatingsystem, Ido recommend, if you have not already done so, that youcommenceplanning to ditch Windows. I might be wrong about theexponentialcurve, but if I'm not, then there may not be a lot of time inbetweenwhen malware levels seem managable, and the time when theyare not.If your business depends on Windows machines and they allbecomeunusable, you will have no business. What you definitelymust NOTdo, is assume that Windows is going to be around for a longtime. Itis a dead man walking. - Of course, there might be a few years yet. You can spendthoseyears running up your IT bill, with lots of new computersthat arerequired to filter all that malware while still performing atauseful speed. Or, you can ditch Windows, and keep yourexistinghardware - it runs perfectly well, when it's not weighed downdefending the indefensible. [If Microsoft dooming Windows isn't ironic enough, considerthatevery time malware authors pump out another set of mutations,theyare nailing one more nail in the coffin of the platform thattheydepend on to make their living! Ahh, there is justice in theworldafter all.] [And the end game? Well, M$ could open-source Windows, butfrankly,why would anyone bother trying to fix it? As the old sayinggoes,don't flog a dead horse...] --- Stuart Udall stuart at () cyberdelix dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/--- Stuart Udall stuart at () cyberdelix dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/--- Stuart Udall stuart at () cyberdelix dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkqaNgcACgkQi04xwClgpZizFAP9EtndE4QUApbFpOoasdJW0Ymc1BF3 uMLNlwe5Fud8hDNAaArsdHgN8wj3hXtWeJkg3O/cuG9IImaYrRb9R9rE5R+sYs/wQNjI yueqWcidj4v0UY1F/GmhKj9U5JiPZw2yHrCo1Y+ePddNhxefZgHlop3NUOpfUWmL1fgO q3vE3OE= =GPMR -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: windows future, (continued)
- Re: windows future lsi (Aug 29)
- Re: windows future Peter Ferrie (Aug 29)
- Re: windows future Valdis . Kletnieks (Aug 31)
- Re: windows future Paul Schmehl (Aug 28)
- Re: windows future Rohit Patnaik (Aug 28)
- Re: windows future Paul Schmehl (Aug 28)
- Re: windows future Rob Thompson (Aug 28)
- Re: windows future lsi (Aug 29)