Get your Mac, it's raining Trojans

[Gordon]

NoStop your soooo full of it. What is Linux on the desktop up to now 3%
wow not that is a big target (NOT).

And at least 60% of the worlds servers run.....guess what?.......LINUX! So
why don't THEY get attacked? I'll tell you why - because the design of
Linux in general precludes the sort of attacks that are so easy on
Windows......

Look at the security sites CERT etc and Linux and Max both have many
patches to fix security problems.

Again that's a spurious argument - in fact Linux patches tend to be
available within HOURS of the vulnerability being discovered, unlike
Windows when MS may or may not, issue a patch within the next 30 days......
Which scenario would YOU like?

 

[Don Taylor]

There's always someone recommending a Mac .. or Linux .. or FreeBSD etc.
etc. Heck, there are people out there recommending DOS.

Automatic Updates + Common Sense = Reasonable Security Level

A hardware firewall that blocks both incoming and outgoing crap +
A running and updated antivirus program +
Common sense and not going anywhere near the sleazy parts of the net =
Reasonable security level

 

[Ground Cover]

Thanks for the wishful thinking, but let's get back to reality.

 

[Randy]

And at least 60% of the worlds servers run.....guess what?.......LINUX! So
why don't THEY get attacked? I'll tell you why - because the design of
Linux in general precludes the sort of attacks that are so easy on
Windows......

Realy a search on Goole for Linux market share shows maybe 20% so dream on.

Again that's a spurious argument - in fact Linux patches tend to be
available within HOURS of the vulnerability being discovered, unlike
Windows when MS may or may not, issue a patch within the next 30
days......
Which scenario would YOU like?

How may years did it take to fix the holes in Apache? Hours? Again dream on.

 

[rockwell]

Thanks for the wishful thinking, but let's get back to reality.

I think this would be a very interesting debate to get into. Please
site specific facts or details as to why you disagree that Mac and Linux
are built with a better security model than Windows.

 

[Gray]

Take a look at
http://blogs.msdn.com/michael_howard/archive/2004/10/15/242966.aspx

 

[NoStop]

Comparable vulnerabilities exist in Mac operating systems and in
Linux. It is just that there are not enough computers using these
other operating systems to make them worth attacking.

Why spend a lot of time and effort creating a malware product that
might infect a few thousand computers when for the same work you can
create one that could infect millions or tens of millions?

In order to become a target you first have to be worth shooting at.

Ron Martell Duncan B.C. Canada

It is simply unbelievable how this myth is repeated and repeated by you
Wintards. You guys don't have clue what you're talking about. Sad, but
true. Not sad, because I give a personal shit about what happens with YOUR
toy operating system. Sad because of all the compromised Windoze boxes on
the Net today expensively chewing up bandwidth as these bots spread spam
around. For ISPs it's approaching a crisis and you Wintards merrily go
along spreading the bullshit MickeyMouse FUD.



--
The ULTIMATE Windoze Fanboy:

http://video.google.com/videoplay?docid=-2370205018226686613

A 3D Linux Desktop (video) ...

View Some Common Linux Desktops ...
http://shots.osdir.com/

 

[NoStop]

Linux servers are attacked and do have holes in them. Apache had holes in
it for years before it was fixed. Go to some security sites and you will
find patches all the time for Linux. Most can bring Linux to its knees. If
you or anyone believe any OS is or will ever be totaly secure then your a
fool. The only safe OS is the one that is shut off.

Any holes that Apache had DID NOT bring the operating system down, you
Wintard. It brought the web server down and that is just an application
running on the o/s. Those volunerabilities were quickly patched and I
haven't heard of any successful attacks on Apache web servers in a long
time and certainly not widespread. You are correct, Windoze should be shut
off or if left running, not allowed to connect to the Net. The *NIX systems
are fine. Shit the Net is built on *NIX.

--
The ULTIMATE Windoze Fanboy:

http://video.google.com/videoplay?docid=-2370205018226686613

A 3D Linux Desktop (video) ...

View Some Common Linux Desktops ...
http://shots.osdir.com/

 

[Ground Cover]

Linux and UNIX and associated apps turn up with dreadful security holes and
vulnerabilities ALL THE TIME. Firefox had so many holes I was emabarassed
for them. Firefox apologists would lie and say it was safe. I knew it wasn't
true. Within a day of puting Firefox on my brother's computer it got a virus
through it - the Java engine that came with it was vulnerable. Geesh, get
clue. Linux is secure only because no one bothers - it's a steaming pile of
c##p hoping no one pays attention.

 

[Don Taylor]

Linux and UNIX and associated apps turn up with dreadful security holes and
vulnerabilities ALL THE TIME. Firefox had so many holes I was emabarassed
for them. Firefox apologists would lie and say it was safe. I knew it wasn't
true. Within a day of puting Firefox on my brother's computer it got a virus
through it - the Java engine that came with it was vulnerable. Geesh, get
clue. Linux is secure only because no one bothers - it's a steaming pile of
c##p hoping no one pays attention.

So what about OpenBSD? I hear that those folks REALLY care about security.

I have no direct experience with it, other than having spent most of the '80s
sitting in front of an Ann Arbor Ambassador terminal writing code under BSD,
way back before Xenix or Xinu or Linux or Linspire or Open anything.

Can anyone show ANY security hole in OpenBSD, no matter how small?

http://www.openbsd.org/security.html
http://geodsoft.com/opinion/server_comp/security/openbsd.htm
http://www.semweb.com/jan02/itsecurityjan.htm

I think I'll try it, they sound like my kind of people.

 

[Michael Stevens]

Well we've already witnessed how well the "braintrust" from
MickeyMouse has done. MickeyMouse has constantly fought the tide of
standards, always striking out on its own with its proprietary
software model purposely breaking standards. Those on the other side
of the equation have already figured out how to keep malware at bay,
and that is based on the security model of *NIX. Only MickeyMouse is
outside and needs to reassess its whole "operating system" model.
But, I don't believe it really cares.


The first step is obviously unplugging all Windoze machines from the
Internet. Just as the article suggests.

You are partially right in your observation, but it is also true with the
other braintrusts holding the keys to the solution.
No OS is safe if the user is negeligent in securing their system.
The combined OS community has a obligation to unite and focus on redirecting
the writers of the malicious code affecting any OS to direct their energy
and expertise to positive resources. Any OS that is the current #1 will also
be the targeted OS for finding exploits to it's weakness.
All the Mac and Linux versions I have installled and especially the Linux
distros have almost daily security updates you need to apply to secure your
data.

--
Michael Stevens MS-MVP XP
(e-mail address removed)
http://www.michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

 

[Don Taylor]

You are partially right in your observation, but it is also true with the
other braintrusts holding the keys to the solution.
No OS is safe if the user is negeligent in securing their system.
The combined OS community has a obligation to unite and focus on redirecting
the writers of the malicious code affecting any OS to direct their energy
and expertise to positive resources.

I'm sure all the penis pill and porn spam and nigerian programmers
are going to be turned away from the dark side, any millenium now...

Any OS that is the current #1 will also
be the targeted OS for finding exploits to it's weakness.
All the Mac and Linux versions I have installled and especially the Linux
distros have almost daily security updates you need to apply to secure your
data.

Install OpenBSD and tell me if you have almost daily security updates.
If I understand one web page correctly they found two flaws this year,
one where the user was using direct access to raw physical memory and one
where they found a flaw inside the guts of the PERL programming language.
BUT these folks seem consider things to be flaws that are so much more
harder to get to and obscure than MS that it seems to be hard to even compare.

So, give us a count of your updates for OpenBSD.

 

[cquirke (MVP Windows shell/user)]

Your argument has proven time and time again to be just so
much FUD from Microsoft.

"Proven"? How so - by strength of assertion?

Mac OSX runs on top of FreeBSD a *NIX operating system.
It's security model is so much more advanced over Windoze that
there is no comparison. It has NOTHING to do with numbers of computers
being used. Macs are targeted less because the chances of doing any real
damage to a Mac is so much less as to be almost insignificant from the
operating system's point of view.

I don't think one can claim to know why these folks do what they do.

You are describing how MacOS and *NIX are intended to work, which is
all very fine and noble, but that rests on an abstraction layer held
up by code. Within that layer are defects, some of which may be
exploitable, and that influences what *actually* may happen.

Software can (and in some cases, has) be designed to do stupid things
that create opportunities for malware. When MS Office first
introduced auto-running macros within "documents", and the first HTML
email apps passed email "message text" to browser engines to interpret
under Internet Zone settings, there were bulges in malware that took
advantage of these opportunities.

Today's malware scene is a bit different.

There are still many attacks made on user judgement, and these are
often aided by bad software design that hides info from the user (or
allows this info to be falsified by the malware).

At the other extreme are clickless attacks that leverage defects in
code that facilitate results which bear no relationship to what the
code was designed to do. The roots of these exploitable code defects
are deep and, in many cases, cross-platform. Simply intending an OS
to work better is in itself not going to avoid this problem.

It's interesting to view the incidence of code defects across software
and platforms from a non-platform/vendor source. You may find some
variance this way and that, but you'll find that any non-trivial
software will have defects of this kind.

What is different is whether these defects are exploited by malware or
not, and whether this happens sooner than later. I would say Windows
is more likely to have such defects discovered (more folks are testing
it to see if they can break in) and exploited, because it represents a
bigger and more homogenious target than *NIX.

------------ ----- --- -- - - - -

Drugs are usually safe. Inject? (Y/n)

 

[Michael Stevens]

You are partially right in your observation, but it is also true with
the other braintrusts holding the keys to the solution.
No OS is safe if the user is negeligent in securing their system.
The combined OS community has a obligation to unite and focus on
redirecting the writers of the malicious code affecting any OS to
direct their energy and expertise to positive resources. Any OS that
is the current #1 will also be the targeted OS for finding exploits
to it's weakness. All the Mac and Linux versions I have installled and
especially the
Linux distros have almost daily security updates you need to apply to
secure your data.

I take your lack of response as a melding of the minds as far as the
observations I and many others have expressed would be the ultimate
solution.
Any OS that gains a users majority status and has the majority of software
written for the platform will be the # 1 target of the degenerates that want
to exploit the verunabilites that are present in any OS or the software
written for the platform.

--
Michael Stevens MS-MVP XP
(e-mail address removed)
http://www.michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

 

[Ground Cover]

That's entirely not true. Way back when there was a lot of pushing the
envelope. Netscape insisted on going beyond the standards with its
Navigator - and Microsoft followed suite. And yes, Microsoft has created
standards for its products distinct from those of standards bodies. Yet,
look at Apple. What's it done? What is AppleTalk?

http://www.protocols.com/pbook/appletalk.htm

And so on ...

Big deal.

Yet, despite all that, Microsoft has published an ENTIRE COMPUTER LANGUAGE
as an approved and OPEN STANDARD for all to use in recent times and has
enabled the porting of .NET to just about every language under the sun,
pardon the pun.

And despite all that, Internet Explorer 7 is just about as standard
compliant as Microsoft can make it given some legacy consdierations. All
major elements of the various standards that it employs are met by IE7.

So back in the wild west days, sure, there was a lot of standards breaking
by Netscape, IBM [isn't it annoying when components are proprietary?] and
other companies, pushing the envelope as it were, in more recent times
Microsoft has been very attune to standards compliance and is doing a
bang-up job in that department.

 

[NoStop]

"Proven"? How so - by strength of assertion?

No, by the numbers ... 200,000 (yes that's two hundred thousand!) malware
threats talled as of last week by anti-virus firm McAfee.

"McAfee's database has doubled from 100,000 items since September 2004,
demonstrating that spyware purveyors and VXers are continuing to keep net
security firms busy.

"It took 18 years for our database to reach 100,000 malicious threats ? and
just under two years to double to 200,000," said Stuart McClure, senior
vice president, global research and threats at McAfee. "Although security
awareness continues to improve, hackers and malicious code authors are
releasing threats faster than ever before, with approximately 200 per cent
more malicious threats per day than two years ago."

Since January, McAfee has added approximately 32,000 new threats to its
database and is on track to exceed 60,000 new threats by the end of 2006.
By comparison, it added 56,880 new threats throughout 2005 and 27,340 in
2004."

Actual malware threats IN THE WILD (not in some lab somewhere) threatening
GNU/Linux ... none.



--
The ULTIMATE Windoze Fanboy:

http://video.google.com/videoplay?docid=-2370205018226686613

A 3D Linux Desktop (video) ...

View Some Common Linux Desktops ...
http://shots.osdir.com/

 

[NoStop]

I take your lack of response as a melding of the minds as far as the
observations I and many others have expressed would be the ultimate
solution.
Any OS that gains a users majority status and has the majority of software
written for the platform will be the # 1 target of the degenerates that
want to exploit the verunabilites that are present in any OS or the
software written for the platform.

Michael,

No, I disagree. Vulnerabilities are exploited because they are there.
Windoze boxes are attacked because it is so easy and possible to attack
this toy operating system because it is so full of vulnerabilities.
GNU/Linux isn't attacked anywhere near as often because it simply doesn't
have the vulnerabilities that leave it open for attack even though so many
Linux boxes are open as servers on the Net. End of discussion and end of
any further responses from me on this subject. There is none quite so blind
as one who refuses to see.

"Anti-virus firm McAfee released protection for its 200,000th ever malware
threat this week."

http://www.theregister.co.uk/2006/07/06/malware_milestone/

Go and count the malware threats IN THE WILD (not is some lab somewhere)
targeting GNU/Linux. Anywhere close to 200,000? Close to 1,000? Close to
100?





--
The ULTIMATE Windoze Fanboy:

http://video.google.com/videoplay?docid=-2370205018226686613

A 3D Linux Desktop (video) ...

View Some Common Linux Desktops ...
http://shots.osdir.com/

 

[rockwell]

That's entirely not true.

I'm confused, you contradict yourself below.

Way back when there was a lot of pushing the
envelope. Netscape insisted on going beyond the standards with its
Navigator - and Microsoft followed suite. And yes, Microsoft has created
standards for its products distinct from those of standards bodies.

You say that it is totally not true MS has their own proprietary model
that doesn't always follow the standards, but then here you go on to say
they do: "And yes, Microsoft has created standards for its products
distinct from those of standards bodies."

Yet, look at Apple. What's it done? What is AppleTalk?

http://www.protocols.com/pbook/appletalk.htm

And so on ...

Big deal.

"But look, these guys do it to!"

Yet, despite all that, Microsoft has published an ENTIRE COMPUTER LANGUAGE
as an approved and OPEN STANDARD for all to use in recent times and has
enabled the porting of .NET to just about every language under the sun,
pardon the pun.

And despite all that, Internet Explorer 7 is just about as standard
compliant as Microsoft can make it given some legacy consdierations. All
major elements of the various standards that it employs are met by IE7.

So back in the wild west days, sure, there was a lot of standards breaking
by Netscape, IBM [isn't it annoying when components are proprietary?] and
other companies, pushing the envelope as it were, in more recent times
Microsoft has been very attune to standards compliance and is doing a
bang-up job in that department.

No they are not, they are fighting it tooth and nail and only giving in
where they are forced to.

Here is one example, MS pushing MSXML instead of following the open XML
standard:

http://www.eweek.com/talkback_details/0,1932,s=25992&a=159770,00.asp?m=11391

In the US antitrust case, Allchin said some of their code in Windows
needs to stay secret/proprietary because it is so poorly designed that
it is a grave security risk to open it to others.

http://www.pcworld.com/news/article/0,aid,98664,00.asp

There really is too many examples to list.

 

[rockwell]

Michael,

No, I disagree. Vulnerabilities are exploited because they are there.
Windoze boxes are attacked because it is so easy and possible to attack
this toy operating system because it is so full of vulnerabilities.
GNU/Linux isn't attacked anywhere near as often because it simply doesn't
have the vulnerabilities that leave it open for attack even though so many
Linux boxes are open as servers on the Net. End of discussion and end of
any further responses from me on this subject. There is none quite so blind
as one who refuses to see.

"Anti-virus firm McAfee released protection for its 200,000th ever malware
threat this week."

http://www.theregister.co.uk/2006/07/06/malware_milestone/

Go and count the malware threats IN THE WILD (not is some lab somewhere)
targeting GNU/Linux. Anywhere close to 200,000? Close to 1,000? Close to
100?

Most open source/linux security vulnerabilities are fixed in hours or a
day of being
found. Those who run windows are luck if the security vulnerabilities are
fixed in day or weeks, or occasionally if they are ever fixed!

 

[NoStop]

That's entirely not true.

I'm confused, you contradict yourself below.

Way back when there was a lot of pushing the
envelope. Netscape insisted on going beyond the standards with its
Navigator - and Microsoft followed suite. And yes, Microsoft has created
standards for its products distinct from those of standards bodies.

You say that it is totally not true MS has their own proprietary model
that doesn't always follow the standards, but then here you go on to say
they do: "And yes, Microsoft has created standards for its products
distinct from those of standards bodies."

Yet, look at Apple. What's it done? What is AppleTalk?

http://www.protocols.com/pbook/appletalk.htm

And so on ...

Big deal.

"But look, these guys do it to!"

Yet, despite all that, Microsoft has published an ENTIRE COMPUTER
LANGUAGE as an approved and OPEN STANDARD for all to use in recent times
and has enabled the porting of .NET to just about every language under
the sun, pardon the pun.

And despite all that, Internet Explorer 7 is just about as standard
compliant as Microsoft can make it given some legacy consdierations. All
major elements of the various standards that it employs are met by IE7.

So back in the wild west days, sure, there was a lot of standards
breaking by Netscape, IBM [isn't it annoying when components are
proprietary?] and other companies, pushing the envelope as it were, in
more recent times Microsoft has been very attune to standards compliance
and is doing a bang-up job in that department.

No they are not, they are fighting it tooth and nail and only giving in
where they are forced to.

Here is one example, MS pushing MSXML instead of following the open XML
standard:

http://www.eweek.com/talkback_details/0,1932,s=25992&a=159770,00.asp?m=11391

In the US antitrust case, Allchin said some of their code in Windows
needs to stay secret/proprietary because it is so poorly designed that
it is a grave security risk to open it to others.

http://www.pcworld.com/news/article/0,aid,98664,00.asp

There really is too many examples to list.

You are absolutely correct. The problem is, so many of these Windoze Fanboys
think that computing is only about running Windoze. They can't think
outside the MickeyMouse box. They think that the standards MickeyMouse sets
should be the standards for the rest of the computing world, even if there
are international bodies that set standards and which MickeyMouse so many
times decides not to follow. By having MickeyMouse standards as opposed to
international standards, MickeyMouse is trying to maintain its dominant
position within the computing world. This isn't working and more and more
governments are insisting that standards be followed and the preferred
standards should follow the open source model of open standards. The
balance is surely tipping away from the closed standards foisted on the
world by MickeyMouse.


--
WGA is the best thing that has happened for Linux in a while.

The ULTIMATE Windoze Fanboy:

http://video.google.com/videoplay?docid=-2370205018226686613

Is this a modern day equivalent of a Nazi youth rally?:

http://www.ntk.net/media/developers.mpg

A 3D Linux Desktop (video) ...

View Some Common Linux Desktops ...
http://shots.osdir.com/