One way to be safe from flash exploits

Use Lynx!

No ads!

Works with El Reg!

What else do you need!

@Steven Pepperell

funny, I cannot get El Reg on my underarm deodorant

ROM POM POM!

the one that whiffs like the perfume counter at Boots

Response to a compromised system.

>How about trying that and deleting the EXE from the system so

>that it doesn't start after the next reboot?

Pierre & David Webb were saying various similar things, about how to get back to the console to recover.

But you don't know what the program that you're removing has done already.

Such recovery (and can be done on any system of course) is only of any use for backing up the data on the system. The system should then be wiped and re-installed and the data selectively restored to the machine.

Once anything is compromised, then everything is compromised. On any system.

@ Rob Dobs

Within the GNU/Linux realm at least, the technique of discovering a brand-new vulnerability and sitting on it for awhile has a tendency to backfire. There's a strong chance that someone else with nobler intentions than yours will discover it -- and it will be patched away before you get a chance to make any use of it.

For everyone going through the Source Code with a fine-toothed comb and intent on causing mischief, there will be several more examining the Source Code with the intent to fix any problems they find. The probability of a new exploit being used for mischief is simply the inverse of the ratio by which "good guys" outnumber "bad guys".

In the Microsoft and Apple camps, though, the equation is reversed. Most of the "good guys" don't have the benefit of the Source Code. Remember also that both Microsoft and Apple are in the position where admitting to the existence of bugs in their software is equated with showing weakness.

@Damian Gabriel Moran

I was going to say use Links but thought somebody would mistake it for something else. I was wrong, theres always one.

Black Helichopers, cause Damian the pun police are after you! :P

@Christian Harju

No, you're wrong on many fronts.

I quite recently bought a new PC, which I'm going to compare with Mac offerings.

My spec:

Quad core 2.4GHz (ie 9.6 total)

2GB stock memory

500GB stock HD

GeForce 8600GT

8x DVD RW

-----------------

£400

I run Vista on this, and Ubuntu on my other PC which we use for work stuff, so I'll include this in the price, although I'd argue that I could run it with a *nix distro to make it more closely comparable in capability to OS X.

£200

Peripherals are gathered over the years, so I'm not going to include them. Anyone who's interested, my mouse is worth about £40, keyboard about £30 and monitor probably about £80, if that (CTX CRT oO), actually, what the hell. I'll throw in my headset as well.

£200

--------

£800 total

Now let's compare. iMac first.

2.8GHz Intel

Core 2 Extreme

2GB memory

500GB hard drive1

8x double-layer SuperDrive

ATI Radeon HD 2600 PRO with 256MB memory

Ready to ship: 3 days

Free Shipping

£1,429.00

(£1,216.16 ex VAT)

Worse processor, worse graphics card, I would expect worse keyboard and mouse, no headset, better monitor but I really couldn't care less about that. Let's assume that the motherboard is as good, and, taking a real leap of the imagination, that the graphics card, keyboard, mouse, headset and CPU are balanced out by the monitor, that's a disparity of £630.

Now I don't want to be harsh on Apple so I'll look at the Mac Pro as well. I tried to configure it as closely as possible to mine, ie no software extras, almost the same CPU, same GFX (although not quite, the difference in GFX card, ie the standard single Radeon, should balance the difference in CPU, ie the 2.8GHz quad, almost perfectly), same HD.

Now let's take the monitor and headset off of my specs price, bringing it to £670. 16X over 8X DVD drive is pretty negligible price-wise. Cost of this system?

£1,489.00

That's a difference of over £800. Just to put that in perspective, the difference is 122% more than I paid for my system, including Vista. Just for jokes, let's say I used Ubuntu on it instead. I'd be paying £1,019 more for an equivalent Apple system. That's 216% more. Just to point out, I was expecting there to be a difference, but seeing this really does shock me.

@Ken Hagan

"A process in Windows may have fewer privileges than the launching user, but not more."

That's surely why, in the example I mentioned, an app lauched by an unprivileged user was able to keep running with unlimited privilege in every user's session, including the admin account. I must have been fooled by my misconceptions. I must have IMAGINED that these 20 windows per second were spawning, surely.

"(Windows has no setuid bit, for example." setuid... right no good. Not allowed on my systems (and should be considered as deprecated). But to be honest, when one chooses to install an app with the "setuid" bit, one should be prepared to face problems, And do do so you MUST be admin ( and a stupid admin, if I can give my opinion).

"Firstly, WAY too many lusers "run as Admin" on Windows"

True. That's because WAY too many Ladmins allows them to.

"Secondly, once a regular account has been compromised, it MAY (and I'm no expert in these matters) be relatively straightforward to elevate that compromise to the whole system using some local vulnerability"

Clearly you're not expert in these matters. Once a luser account has been compromised under Windoze, it is indeed quite easy to compromise the whole system (due to the very lame privilege separation in Win, this was what I was saying in my previous comments, you M$ fanbois can still read, right?). This is "almost" impossible on a *NIX system (the "almost" being here thanks to the 0.00001% stupid *NIX admins who give sudo permissions away).

And still. An app's privileges are not dependent on the originating user's permissions under Windows. Definitely not. And that's the problem. Do you need yet another example? A user with "limited admin privilege" can be allowed to install an application, but still be unable to mess with the system's core. Still, if the installation process involves the creation of Desktop shortcuts, every account on the system will end up with the shortcut on the desktop. That's nothing, as compared to the case I described upper in this thread. But it further proves that privilege separation is lame in Windows.

@Ken Hagan (bombproof)

Right-o. All 3 OSes are now quite secure, which does not mean that they can sit outside a tightly controlled local network. Good to see that MS finally caught up on the security ground (their counter-measures can be bypassed, but it's still a significant improvement). Bad news for Apple, but it's a consequence-less waking call, I'm sure they can harden the bloody thing. Linux guys shouldn't sleep on that one, sure, but that's not the way "they" (neutral-style distanciation) usually behave.

Let's all ditch our PC-like machines and switch to VMS, VX teams are just waiting for "new" challenges!

@ Shakje

Yes you can get a non-Apple machine pretty cheap but to compare Windows to Mac you should really comare a to another 'big name' manufacturer.

Why don't you go and compare the Dell One (£999) with the iMac 20" (£949), very similar systems. The mac only has half the memory (1Gb) but a faster processor (2.4 vs 2.2). Apple flog the memory upgrade for £60 so that would put the iMac at £1009. Can't comment on the difference in graphics.

Looks like the iMac price is actually pretty reasonable when truely compared like for like.

@Jim

Why?

Why should you "...really comare a to another 'big name' manufacturer."?

The kit Shakje selected for his comparison was all perfectly respectable and comparable stuff - and available from a vast range of sources. I think that may be the point he was making!

Why is it that Apple fanboys seem to *expect* to be exploited by a "big name" corporation? Bless them.

The icon (irony alert) is sarcasm btw.

@ Jim

True enough... It you want a perfect comparison, then you must include an element of being ripped off by a "'big name' manufacturer". Was it your intention to reiterate the point which Shakje made?