Microsoft responded to yesterday’s report that Google was internally ditching the company’s operating system in favour of Linux, Mac OS X Chrome OS by telling anyone that would listen that the Mountain View Chocolate Factory wasn’t exactly immune to occasional security gaffes. Redmond blogger Brandon LeBlanc felt obliged to, in …
What a joke...
Does anybody dare to connect a fully patched windows install to the internet, without it running
1) a firewall
Nope, because it would be owned within 15 minutes.
When I switched to linux last year I was happy not to install any of the above...
That' s irony, M$!
You would be so lucky. It was about 30 seconds last time I tried that nonsense. Considering there are only so many IP ranges you may possibly be on and there are hundreds of thousands of pwned units scanning the "known ranges" on a constant basis, 15 minutes would be an over exaggeration :-/
...but that's just retarded.
I am a Linux man myself, but no system is invulnerable. It is insane not to use the firewall system provided to secure your PC. There are security vulnerabilities discovered regularly for all pieces of software, including FOSS.
I admit that their are few Linux virii in the wild, but they do exist. Also, you could potentially forward on an email containing an infected attachment to one of your mates unknowingly. When a free AV (such as Clam) could scan your email, and use very few resources doing so, I don't see why you would not do it. In adition, Linux virii will likely become more commonplace as it gains more of a following, so as time goes on your chances of infection will increase (and they are not zero right now).
Anti-spyware, I'll grant you, is not as big a deal. But the others... I must point out the huge FAIL in your decision.
Don't get me wrong, I agree with the argument that Linux is "more secure"* than Windows, but only providing you use the security facilities available.
* "more secure" in quotes because it isn't the right phrase to use, but ICBA, it'll do, take it with a pinch of salt
> I admit that their are few Linux virii in the wild, but they do exist
Really? Got a link to information on one?
RST.B to name but one ? Ive disinfected quite a few machine when I worked for a large colo.
Its manly spread by skrit kiddies who dont know they are using infected binaries.
Not in the wild...
but I had a friend 10-15yrs ago who wrote one. It did no damage, was never released into the wild and was just a bit of fun for him, but it existed.
I have also heard stories of them. I could be wrong, but as there is no technical reason they could not exist, I beleive they do.
I know for a fact that at least one exists, if not in the wild, hence my comment is almost correct. The rest of my argument, I believe, would still be valid even if no Linux virii exist.
Yes, I do. Granted it sits behind a NAT, but what's your point? How many Windows PCs are actually directly connected to the internet these days anyway?
Had you not said FULLY PATCHED, I'd give you some credit. Not tomention my "fully patched" version of Windows already has a firewall. Please feel free to let me know what vulnerabilities I'm exposed to.
Linux viruses in the wild
There is more than one linux / posix virus out there, I'd recommend ditching the attitude that *any* operating system is immune to viruses because they all have at least one. The more popular linux distros get, the more viruses will be written for them, too ;)
Windows firewall is easy enough to bypass so i really would not be putting any trust in their level of security. Granted it renders you immune to most "in the wild" worms that are circulating but if you have anything worth protecting on your PC then a slightly more robust firewall is in order.
Re: Linux viruses in the wild and RST.B
Malware is not the same as a virus. The thing about a virus is that it has a way of spreading itself, normally via email.
To the best of my knowledge no Linux email system will allow automatic execution of received code, so viruses can't spread themselves. I don't think there are any Linux email clients which will just blindly execute received code even if someone clicks on it. It doesn't matter how popular the OS gets, if viruses can't spread, there are no viruses. Built in security via good design is a tricky concept for a lot of people to understand...
RST.B is a proof of concept of how to infect an ELF executable. It has no way of spreading itself so is harmless unless someone is daft enough to run it. If I send someone "sudo rm -rf /" and the recipient is daft enough to make it executable then execute it there's not much hope, but it's hardly a security issue to pin on the OS.
I have done so for over 10 years without being penetrated. I don't use software firewalls on computers, or anti-virus or any anti-spyware. Never had any need for them. But then I know how to spot a risk and either avoid it or sandbox it if it cannot be avoided.
Software firewalls and anti-malware tools are for folks who need that extra comfort blanket.
I hate to be pedantic here, but I don't think virii means quite what you think it does.
Virii roughly translates to Man
The plural of Virus, belive it or not is Viruses
Sorry, but it's a bug bear
Re: Linux viruses in the wild and RST.B
seriously I can keep pulling them out ???
There have been in the past and there is nothing to stop them in the future. Bruteforce viruses exist for ssh etc. As a security expert said if you unplug your machine from every wire encase it in concrete and dump it in the middle of the Atlantic then it might just might be secure.
Re : Linux viruses in the wild and RST.B →
Best of luck with the brute force ssh attempts !
If it requires the user to run a binary its a Trojan, not a virus.
The weakness of Windows over the years is it could be compromised from outside with no user action.
Linux and FOSS may have privilege or remote code execution fails but all the ones I've heard of require a local user with an account on the system to run some dodgy binary or click a link to a malicious site that uses a script or Flash to mess with your system.
No OS/App is perfect, just some are way closer than others.
Virii is correct plural form
Umm... Actually, "virii" *is* the correct plural form of "virus". Back in the DOS days, this was the common spelling. Just like "radii" is the plural form of "radius".
Yep, You're right
Evidently Google doesn't do it either.
Fully patched windows?
Well apart from the difficulty in fully patching windows before you expose it to the internet - yeah sure.
If it's fully patched up I would (and have) popped it on the DMZ with the firewall off - I wouldn't advise anyone do it full time (like I wouldn't advise a linux user to run as root with all services running as root and no firewall) but if you want to test something for a few hours, it's fine.
FYI, Windows 7 and Vista come with an integral firewall (enabled by default) and an anti-malware package (Defender). Strangely, Microsoft Security Essentials is not included but is available by download for free. Results from VirusTotal suggest the MSE is quicker to recognise new threats than several popular AV programs.
It is unwise to run any system connected to the Internet without a local firewall, regardless of the O/S concerned. Whilst many people may feel safe because their broadband routers have integral firewalls, few people check the logs regularly or have logs forwarded to their system. My previous router, like many popular broadband routers, was running a version of Busybox with such a firewall but fell victim to an exploit in which someone gained access and then altered the router's firewall policy and routing....
"Windows firewall is easy enough to bypass...."
How? Asking the user to switch it off and ignore the ensuing messages in red doesn't count.
You're correct about Radius, but not Virus.
Wikipedia probably isnt the best reference to use, but I'm short of time
You'll aslo find the same in an epsiode of QI, various forums and notice a distinct lack of the term virii on etymology sites!
RE: re: petur
"Not tomention my "fully patched" version of Windows already has a firewall. Please feel free to let me know what vulnerabilities I'm exposed to."
I wouldn't trust any security package from MS. If their other software is anything to go by, their firewall is probably about as hard to get through as a wet paper bag.
"How many Windows PCs are actually directly connected to the internet these days anyway?"
Err, lots. Granny gets the little box from BT and plugs one end into the wall and the computer into the other end...
OK, my appologies
I am not infullable*, I made an assumption about the plural of virus.
If it's not virii, then it's a common mistake to make. I'll look into it.
* you may notice the Red Dwarf reference... then again you may not. :)
Granny isn't technically directly connected to the net then, the box from BT will have NAT on it which isn't the best defence but it's still a 'layer', although wide spread use of IPv6 will make NAT pretty useless in terms of defence.
I did notice the Dwarf reference, and believe it or not it shed some light on a dark day! So my thanks to you :-D
I'll see your Linux virus and I'll raise you..
..a CP/M virus.
Yup. Written by me (no payload just the infection bit) for CP/M 3 on the Amstrad CPC range of computers. Not sure about the exact date but presumably late 1980s.
Since most machines only had 3" floppy drives and most people rebooted when they wanted to switch applications it probably never would have been much of a threat to world civilisation :)
Tbh most of what I remember is the sheer hell of trapping BDOS calls then the excitement of updating allocation information to patch in my code changes. Ah - the happy carefree days of student life :D
You're so awesome. I think I'll apply your principals to my production systems. After all, you apparently have it all figured out.
Layered security is the proven method of securing ANY machine/network. So why poo poo a software firewall if it is part of a wider security platform? Oh, thats right, because you know it all....
Then we have exactly described the problem.
... on you...
Post your IP address, and put your money where your mouth / arse is...
"It is insane not to use the firewall system provided to secure your PC"
Here is a quick question for you. How many ports does a desktop oriented linux distro have open and listening for connections in a default install?
If the answer is less than 1 then there is no urgent need to run a firewall at all.
Don't assume that becauseWindows *desktops* listen on an insane number of ports by default that Linux ones do to.
re: invincible Windows
(note the date!)
Yup, that's an XP exploit, but I wouldn't doubt even one second that Mafia$oft's security practices regarding Windows 7 aren't fundamentally better, since it's the _behaviour_ and the security _process_ not so much the _system implementation_ that counts.
Mass noun in Latin
Virus comes to English from Latin. The Latin word vīrus (the ī indicates a long i) means "poison; venom", denoting the venom of a snake. This Latin word is probably related to the Greek ἰός (ios) meaning "venom" or "rust" and the Sanskrit word visham meaning "toxic, poison".
Since vīrus in antiquity denoted something uncountable, it was a mass noun. Mass nouns — such as air, rice, and helpfulness in English — pluralize only under special circumstances, hence the non-existence of plural forms in the texts.
It is unclear how a plural might have been formed under Latin grammar if the word had acquired a meaning requiring a plural form. In Latin vīrus is generally regarded as a neuter of the second declension, but neuter second declension nouns ending in -us (rather than -um) are so rare that there are no recorded plurals. Neuter nouns of other declensions always end in -a (in the nominative, accusative and vocative), but even if we were to apply this rule to vīrus, it would be conjecture to guess whether this should give us vīra, vīrua, or something else. There simply is no known plural for this word in Classical Latin.
In Neo-Latin, a plural form is necessary, in order to express the modern concept of ‘viruses’. Dictionaries such as Whitaker's Words therefore treat it as a second-declension noun with the following fairly ordinary forms:
nominative vīrus vīra
vocative vīrus/vīre vīra
accusative vīrus vīra
genitive vīrī vīrōrum
dative vīrō vīrīs
ablative vīrō vīrīs
This is a title
Petur - you are best off having some sort of firewall, even with Linux. It's easy to forget services you have running. Just being behind a NAT box is better than nothing, but if your PC is connected directly to the interwebs, it's safest to use a firewall - https://help.ubuntu.com/10.04/keeping-safe/C/firewall.html
2 and 3 are right though.
petur: You didn't need to install them because
1) Built into the linux kernel (if the distro sets it up right)
2) Don't open ports, don't allow random code to act as services running as root
3) Have a nice secure SELinux config setup.
Assume you've got your security in line and you may even be able to reflect a targeted attack. Of course the confusion over targeted vs blanket continues to spread, everything is simply 'security', not running random crap on untrusted devices/websites is a good way to be blanket secure and is probably where Microsoft still falls down.
“Windows is known for being vulnerable to attacks by hackers and more susceptible to computer viruses than other operating system” could not be supported by the facts.
I think you will find that it does, if nothing more than sheer market saturation making it a worthwhile target.
Don't get me wrong, nothing wrong with Windows fine desktop O/S. However just like the shitty little padlocks you get with your new suitcase, you wouldn't use them as is, you'd get something a little stronger to make sure, like cable ties and decent locks. Same with Windows, everyone who buys Windows, always leaves the shop via the security stand, just ensure they pick up an AV(irus)/AM(alware)/AS(pyware) package.
I don't ever leave a shop via the security stand. I think the free alternatives are mostly better than a lot of the stuff you need to pay for.
Or atleast cheaper, and use less resources. Just my experience as in the UK the only AV etc shops seem to sell is Norton, and in PC world the main price they show for a machine includes Norton, with the "stand alone" price in smaller text below.
Guess buying it in store makes it easier for somebody with little computer knowledge like somebodies Nan or something.
Use MS Security Essentials - does the job.
There saved £30.
"Don't get me wrong, nothing wrong with Windows fine desktop O/S. However ... everyone who buys Windows, always leaves the shop via the security stand, just ensure they pick up an AV(irus)/AM(alware)/AS(pyware) package."
So, you've pinpointed something that's wrong with Windows almost immediately - "Security".
Do you want me to tell you a few other things? (The most obvious one is that when you want to "stop" the system you first have to click on "start". A usability analysts nightmare!)
Huh? You think Linux is easy to shutdown?
If you were Windows a user wanting to shutdown your box I could tell you over the phone with no hesitation. I'd also suggest that while clicking 'start' to stop is a bit odd everyone knows that everything is on that menu anyway.
If you are a Linux user I have to ask you twenty questions first before I could work out how to do it.
I tried to cancel my Xbox live subscription recently - and the veins are still pulsating on my forehead. Much as MS piss me off, I have to point out that it's not Windows' inferiority as a product that causes it to be universally targeted by hackers. It's the fact it's so ubiquitous. What hacker is going to waste his time causing grief for users of Black Hat Arse Edition v1.45458372 with its user base of seven? You'll have noticed a couple of stories about Mac-focused attacks in the tech news recently. This will be down to Apple's recent success drawing attention to the platform. The reality is that Windows is titanium armour plated compared to less popular OSs.
Jeez I feel dirty now. I'm off to shit in my xbox. I'll show you a ring of death, you bastard.
Someone who hasn't missed the point entirely! the security risk to ANY OS is directly proportional to market share (ubiquity). How about all the linux folk who've posted here telling us that you don't need added protection for your uber-OS come and post again once ChromeOS has been released and started gaining traction?
As a linux varint (IIRC?) it's only a matter of time before the hordes fleeing to Google from MS, and subsequently all Linux users, find themselves the objects of affection of a new generation of black hats coding not for Windoze but for OSX ChromeOS and Linux.
"Someone who hasn't missed the point entirely! the security risk to ANY OS is directly proportional to market share (ubiquity)."
What a load of old rubbish. The security risk to any operating system is *inversely* proportional to the amount of Clue applied to the subject by those who make it. You're assuming that every programmer is as stupid as the MS ones.
There's a few people at MS who know what they're doing.
If there were a LOT of people at MS who knew what they're doing then Windows wouldn't top the pwned charts quite so reliably.
"...coding not for Windoze but for OSX ChromeOS and Linux."
So, which distro? Which patch level(s)? Which browser?
Some of it can be guessed at (esp. in OSX), but stop and think about this for a moment... popping a *nix box isn't as simple, nor is it as straightforward.
As for the marketshare claptrap, will someone kindly explain why MacOS 9,8,7, etc had a rather decent pile of viruses floating about for them, but OSX blackhats are forced to rely on trojans and extremely stupid users to get their wares installed?
( g'wan, say the same for Windows, but read this first: http://news.cnet.com/8301-27080_3-20006478-245.html )
As for this bit:
"the security risk to ANY OS is directly proportional to market share (ubiquity). "
If that were true, then 5-10% of all malware out right now should be OSX-related... instead the number is (roughly) 0.001% (give or take a decimal place).
Now - all that said... the truth lies somewhere in-between. Yes there are market-share factors, but anyone who claims it to be the end-all be-all is a fool. Likewise for anyone who claims that any OS is infallible.
Umm, no. Not true.
"The security risk to ANY OS is directly proportional to market share (ubiquity)"
I think you forgot to add ".. and system design". The reason MS has such a massive problem is that the OS wasn't built from the ground up for process and user separation, they only started working on that since about Win NT 4. The "others" share the Unix heritage of default user and process segregation, so don't have to start from scratch.
Sure, other OS can suffer malware - no OS will ever fix a room temperature user IQ - but it's much harder to hose the box by accident, even if it's fresh out of the box*. I'm writing this from a Windows desktop, left is the new Macbook Pro, on my right is a laptop with OpenSuSE and virtual box to run suspect Windows files, so I'm fairly familiar with most platforms..
(*) Amusing fact: just bought a Macbook, and guess what was the first thing it did? Patching -- and asking for a reboot..
So market share is the only factor?
You think that OS architecture and careful implementation have nothing to do with it, then? Cosdwallop! All OS's are NOT created equal. Some are better than others. Most are better than WIndows.
Of course some of the black hats will target Linux and Mac OS X. And there will certainly be some issues. But nothing like the disaster that MS has left us with - millions of zombies worldwide.
"The reality is that Windows is titanium armour plated compared to less popular OSs."
You forgot to select the "Joke Alert" icon there mate.
Have you read El Reg before? About once per week (sometimes more) there is an article about how Windows systems are now able to be compromised in a new and exciting way. Hardly "titanium armour plated".
"That type of self-defeating behaviour..."
Then why does Google leave a choice for mac OS X? Isn't that defeat?
Chrome OS is for netbooks. I would be seriously amazed if it could be used to compile code or do anything else than access Google's online products. It's a kind of Andriod on steroids.
Google wants to be independent of any technology from another company. One can see that, because all the technology Google uses, is open source. Using mac OS X, that uses open standards to connect to the outside world, or Linux which offers complete control, Google's IT infrastructure becomes 100% vendor independent.
Their desktop client was the last piece of vendor lock-in they had. Removing that makes a lot of business sense. because it drives down costs. And also generates more knowledge about open source. Which can then be used to offer more advertisements (<-Google's core business remember?).
So the whole security thing is a smoke screen. Some of it is true of course, all of Microsoft products are insecure by design, but it's mostly a nice phun towards Microsoft. An easy score.
Chrome < Android
>"Chrome OS is for netbooks".
It's a thin client OS. It's perfect for a huge business. It just sits there and lets big servers do all the work. You don't store apps on it and you don't leave data on it.
> "It's a kind of Andriod on steroids"
No it's not. It's more like an anorexic Android stripped to it's bra and knickers.
Bra and knickers. Mmmm