Martin replied:
Rich wrote:
[...]
Note that all the recent mass worms have been MS specific worms/viruses.
I have, my point remains.
Note that certain OSes are more vulnerable by _design_ due to their
marketing compromised design philosophy...
I'm not sure I understand what you are saying. Are you saying that
Marketing tells the OS group to design the OS to be vulnerable?
It is a moot question as to
whether they attract so many worms because of whether they are a flawed
design or whether they are just more successfully marketed and hence
more widely used. Their flawed design philosophy does make infestations
easy...
Flawed design? How do you differentiate between implementation and design?
Linux cheated BTW, it took the design from another OS, lock, stock and
barrel. Windows grew out of DOS, which was a cross-compiled version of
CP/M designed by Gary Kiddal (RIP). Unix also owes it's legacy to
another existing OS. Both have their roots in history.
[...]
That's always been a problem with patches and updates, they tend to
break other things and other patches and updates. It's not a pretty
picture.
Especially when marketing puts on pressure to leverage value from that
updating, including deliberate feature breakage and EULA ransoms.
Can you document this? And what do you mean by ransoms?
As a general rule, I don't update unless I need something I don't have.
And I don't patch unless I something is broken or won't install, except
possibly for security patches.
Good, and exactly correct.
[...]
Possibly so, but there is also a lot of cohesion for getting the
'important' bits together. There are some major worldwide voluntary
efforts that surpass the efforts of Redmond. Then there is the Linux
kernel itself!
The Chinese choice. Not sure if this is a good thing or not.
Sorry, I don't understand. Please expand.
The story's a bit old but I found this...
http://www.ale.org/archive/ale/ale-1999-11/msg00310.html
Linux, the official OS of Red China
http://www.ga-source.com/linux/news/bits/10+10+1999/16:54:2.shtml
The Chinese government is so enthusiastic about the community ethos
behind the open source community that it is making Linux the official
operating system of the Peoples Republic of China, thanks to a deal
struck with US server side computing firm GraphOn.
The deal will allow a variety of server side applications to be run
on cost efficient Linux boxes in Chinese universities, military
installations and even within the government.
According to GraphOn there is a strong identification between communist
China and the open-source free operating system that is taking the
western world by storm. "Enthusiasm for Linux is coming from the very
highest level of the Government in China," says Robin Ford executive
vice president of GraphOn. "There are cultural reasons why they are so
interested in Linux in China, because it is open source."
GraphOn concedes however that the Chinese government is probably
enthused by its server technology because it provides a simple way of
keeping an eye on users' computer activity. "It is all about control
but it's not an ugly or a bad control, it's not a big brother sort of
[ remember this is China, think Tienamen Square ]
thing," says Ford. "It's about cost control and they've looked at the
problems that other markets have had with desktop based application and
want to avoid them." Reported By: James Hills Posted At: 4:54 pm
CST - Wednesday, November 10, 1999
[...]
All very dependant on the distribution. With Linux you have choice
You have choice period. Linux is a choice, your sentence does not parse.
It makes excellent sense. Consider what GNU/Linux _is_ and note that it
is far from one source or just one animal. It might be loosely called a
single 'philosophy' with a family of real world results...
I think this is more of a problem. Which distribution do you choose? If you
don't know the difference, how do you decide?
[...]
If you know your way round unix you can make anything secure (short of
bugs and undiscovered security holes). You can also make windows pretty
secure, just by a router with a NAT firewall and/or install one of the
many PC based firewalls ( I don't care to argue whether it's a firewall
or not). With reasonable and cheap security measures ( Zonealarm is free)
you can eliminate or reduce most external security threats. But same
as with Linux, you need experience and some platform specific knowledge.
Using third party firewalls is just a kludge to patch up the OS holes
for the many exploits available in MS products.
I don't know af a major company which does not have a dedicated firewall
between themselves and their intranet. Your fanaticism is quite fascinating.
When I had cable modem, I had the NAT firewall between my computer and the
net and Zone alarm on the computer. The NAT firewall worked great and the
number of hits dropped to zero, and Zone alarm lets me choose what programs
get out.
Good security can be considered as a layered 'onion' approach.
You don't seem to like some layers. Some insist that a firewall
cannot be a program running on your computer, by definition, that
a real firewall is external hardware that sits between you and the
net.
With MS Windows you pretty much only have the firewall to rely upon!
MS may well work fine on an isolated system...
And it may work well on a system with a cable modem connection to the
internet. The only problems I had were when I accidentally ran the wrong
program (I used to do batch downloads from some newsgroups, got everything,
once I accidentally clicked on a virus).
Note the many known (and published) exploits available for various
(supposedly) inseparable parts of MS Windows (later flavours) that have
not been patched, and, particularly for Internet Explorer, that are very
long ago known about!
http://www.wired.com/news/linux/0,1411,55172,00.html
Linux Worm Hits the Network
By Michelle Delio | Also by this reporter Page 1 of 1
07:52 AM Sep. 16, 2002 PT
A worm that attacks Linux servers is being used to create a
peer-to-peer network of infected computers that can be remotely
controlled by the worm's creator.
The "Linux.Slapper.Worm" targets Linux servers running Apache Web
server software along with an encryption technology known as
"Secure Sockets Layer," the typical method for protecting data
in transit over the Web.
What sets Slapper apart from other worms is its networking capability.
Once a server is infected, it becomes part of a network of compromised
machines, which the worm's author can use to attack other networks.
Infected machines are also wide open to any malicious hacker. It isn't
particularly difficult to locate the network of infected severs, and
once located, it appears that any attacker can remotely control any
or all of the compromised machines.
On Sunday evening, Slapper had been in circulation for less than 40
hours and had infected over 6,000 servers, according to Mikko Hypponen,
manager of antivirus research at F-Secure.
By Monday morning, Slapper had infected 11,249 machines.
"For reference, Code Red -- which is known as the worst Web worm so far
-- managed to infect only a couple of hundred servers within a similar
time frame," Hypponen said. "Code Red then went on to infect over
300,000 Web servers during its peak in July 2001 and is still alive
today."
[...]
I prefer a multi-layered onion model of security with the system well
understood as opposed to a fragile egg model where most of the yolk is
unknown territory and 'proprietary'.
I understand that you don't know how to make a Windows system secure,
I don't understand that this makes Linux secure.
http://www.cnn.com/2001/TECH/internet/03/23/linux.worm.idg/
Bulletin: 'Dangerous' Linux worm in the wild
March 23, 2001
Web posted at: 2:02 p.m. EST (1902 GMT)
By Sharon Machlis
(IDG) -- A dangerous worm is spreading across the Internet and
infecting Linux servers running vulnerable domain name software,
the SANS Institute warned Friday.
Called Lion, the worm steals passwords, installs and hides other
hacking tools on infected systems, and then uses those systems to
seek other servers to attack, SANS said. The Bethesda, Md.-based
research organization for systems administrators and security
managers added that the worm may also have the potential to attack
Unix servers.
Lion takes advantage of a vulnerability in the Internet Software
Consortium's Berkeley Internet Name Domain (BIND) server that
was disclosed in January (see story). BIND allows Domain Name
System (DNS) servers to translate text-based Web addresses, such
as Computerworld.com, into appropriately numbered IP addresses
that can be used by computers to direct traffic on the Net.
The only defense against the worm is to upgrade vulnerable versions
of BIND, SANS said. However, according to officials at the
organization, many systems administrators have yet to perform the
upgrade, despite the warning issued in January.
"Data I have says that 20% of the Internet is vulnerable to this,
and that's a huge, huge percentage of the BIND servers," said Alan
Paller, director of security research at SANS. And while Lion has
currently been found infecting Linux systems, Paller said, he sees
"no reason why it won't skip to other Unix versions."
And open source is a dual edged sword. It's trivial for a hacker to examine
the source code to find vulnerabilities, you don't need to black-box it.
Now imagine what effect on the net of a linux virus that infects China.
...And then there's the suspicions of various 'phoning home' tricks.
Whether really true or not, we cannot easily know or find out or trust
the marketing misinformation.
I don't understand what you are talking about here.
[...]
If you'll buy a Mac. Many ex-customers feel the same way about Apple
you feel about Microsoft. Frys has a $200 Linux based system on sale
right now for $200. It runs thin-linux. I'd buy that or build my own
and install linux if I was of a mind.
The PC model is an open (cheap) platform that consequently can have
bafflement of choice and compatibilities.
How is this different from Linux itself?
With MACs, you pay extra for a more restricted platform where there are
simpler choices and a 'guarantee' of operability.
Say what? I don't believe that Apple makes any guarantee. And guess who
writes the premiere productivity applications for the MAC platform? I'd
expect you to shoot that down right away.
Seems to be very popular with certain segments of the market.
A very select 5% of the market. Nominally those afraid of and confused
by CLIs.
This Linux stuff is a lot more productive for s@h in just avoiding
all the foul-ups with MS. You can get an MS system to work well, but
it always remains very fragile.
I've not had that problem with mine. I think the problem is that many
vendors seem to have moved product testing to the customer site. Computer
stuff is cheaper than ever, and the quality is worse than ever.
Very true. Bill Gates made a very aggressive business out of selling
deliberately buggy software.
Can you document this "deliberately buggy" part?
There's the classic story of his first
BASIC interpreter being sold with known trig function errors...
Interesting history, here's a nice summary.
http://apple2history.org/history/ah16.html
BTW, DOS 3.3 also had bugs, Apple software has not been bug free.
I note that you don't seem to have any problem with Apple selling the
software you are complaining about (which was also used in other computers).
I suspect they make a good business out of selling the next buggy upgrade
so that you'll have to upgrade again (to chase other bugs)...
I expect that you were not around at the time as you find it necessary to
extrapolate your prejudices backwards in time.
If there was ever a release of any software, by anybody that was bug-free,
I've not heard about it. Ever try and install red-hat 7.0?
How many
can find intermittent hardware and fix it? Not many in my estimation.
My experience has been that of depressingly few.
A warm room and memtest86 and the GIMPS primes torture test are very
worthwhile. Also include a good disk thrash test utility and leave on
severe test for 24 hours. Then briefly retest on each reboot at least.
I once had a problem (think it was with my 486) that I eventually deduced
was caused by memory. It turns out that a DOS memory test I had would
locate the failing memory location, but having no map of memory space
to SIMM (30-pin as I recall) I know not which one to replace. So I bought
a new one (4M, $130) and walked it through. Of course, it was the last
possible one. Took several days to debug that one.
Summary:
All the above systems mentioned have their place. However, I feel that
MS have significantly upped the ante with their latest EULAs, and have
been a detriment to Computer Science in general over the last few years
with their marketing driven product and subsequent misplaced efforts...
I quite agree about the EULAs. But I don't see how computer science is
affected.
And there are very good useful alternatives available...
Depends, usually it's the applications that drive the platform, which was
why the killer app for the original mac was desktop publishing. If you
wanted to do desktop publishing, you needed a mac, or a very expensive
dedicated publishing system. Nowadays I don't think any platform has a
killer app, so the choice is a matter of software requirements, hardware
requirements (if you need a supercomputer a PC or MAC just won't do),
or for most of us aesthetics or budget (or both).
Rich
Regards,
Martin
Mandrake 9.1 Linux