PDA

View Full Version : Russian company picks hole in XP Service Pack 2


Self-Designer
02-08-2005, 02:45 PM
Quoted from: InfoWorld (http://www.infoworld.com/article/05/01/31/HNholesinxpsp2_1.html?source=NLC-SEC2005-01-31)

Russian security company Positive Technologies has released a patch to a security hole it said it discovered in Microsoft (Profile (http://www.infoworld.com/Microsoft/company_45844.html?index=0&view=0&curNodeId=0), Products (http://www.infoworld.com/Microsoft/company_45844.html?index=0&view=1&curNodeId=0), Articles (http://www.infoworld.com/Microsoft/company_45844.html?index=0&view=2&curNodeId=0)) Corp.'s Windows XP Service Pack 2 (SP2) last year.

"It has been over one month and we have not heard from Microsoft, so we decided to issue our own patch," Maximov said. "We understand that Microsoft wants to protect its product, but we feel it is more important for people to know about the problem and to know there is a tool to protect them."...

The PTmsHORP utility can be can be found online for download at http://www.ptsecurity.ru/ptmshorp.asp or at http://www.maxpatrol.com/ptmshorp.asp.

Did anyone heard about it?

JMulder
02-08-2005, 02:59 PM
I'm not going to come out for or against this, but it sounds like a great way to spread a virus.

Self-Designer
02-08-2005, 04:08 PM
Yes, that's why I worry about it...

Though in a 2nd thought, my computer was attacked 4 times in the next week - 1 begin2search spy, 2 times a bla.exe appeared on my c:\ and tried to run (my antivirus stopped it) and 1 time, the most frightening one, 3 files from c:\ were missed, luckily I have another computer that helped me to find how to fix it via the internet (NTDLR is missing or something...)... So I feel like someone took arrive on my computer... I have a router, norton antivirus and internet security (but only 2004 i think) and i check spies with spybout... nada! When those appear, i find them, but i can't find any backdoor / torjan that let anyone to put them in my computer :S

So, maybe this babe is my hope... and maybe it's just a new torjan :sad:

DePingus
02-08-2005, 06:00 PM
Yea...this is brilliant! Let's all patch Windows with this right away!
[WARNING: Sarcasm alert! Do not under any circumstances update a Windows installation with a non-Microsoft released "patch".]

jeffthomann
02-08-2005, 06:15 PM
It'd feel a lot safer if they'd release the source code with the download...

Self-Designer
02-08-2005, 06:27 PM
And how can you know that the exe file contains exactly the source code? ;)

Anyway, i gave adaware a try and i found some new spies... Hate those thingies :hmm:

kiaran
02-08-2005, 08:37 PM
I need to rant about something here. I keep hearing about all these people who go digging into Windows to find security holes and leaks etc... I want to strangle these people with their own intestines.

If everyone would just use the OS and leave it the F*#@ alone none of these 'security issues' would ever see the light of day. Microsoft doesn't make security holes, people dicking around where they shouldn't be are the problem.

ARGH!! I'm really angry about this because I recently spent four days fixing all the computers in my house because of a goddamn virus that leaked in through my router.

I'm not angry with Microsoft, I'm angry with the prepubecent, greasy, fat, idiots sitting in their parents basements 'finding security holes' to 'help us'. F*$# these idiots.

JDex
02-08-2005, 08:40 PM
Where in the world do you guys get these viri???

I never get them (not complaining here).

And how can a company that doesn't have access to Windows Source code, write a security patch for Windows...

Dennik
02-08-2005, 08:52 PM
This is either a hoax because Windows are not open source, or the patch is actually a stand alone application.

Self-Designer
02-08-2005, 09:22 PM
...If everyone would just use the OS and leave it the F*#@ alone none of these 'security issues' would ever see the light of day. Microsoft doesn't make security holes, people dicking around where they shouldn't be are the problem...

Right! And we didn't have to use locks in our homes and cars if there were no thiefs! And our cars were so much simpler if we knew how to drive save! Who needs safe belts??

Sorry, but i had to take it that far :blush:

But, that's how it is, the world is not perfect, u know ;)

JMulder
02-08-2005, 09:30 PM
OK, I'm no coding genius, but I think I understand what these guys are claiming.

Apparently, Microsoft added code in SP2 that allows the developer to mark memory areas as non-executable (presumably to help protect against buffer-overrun attacks). These guys claim that they have found a way to execute code stored in one of these non-executable memory areas. If this is the case, it could be a valid windows vulnerability.

However, I can't see how releasing their own 'patch' could resolve this, if the problem is as deeply embedded as they imply.

I also have a problem with going around Microsoft if indeed MS has ignored them for over 30 days. Sure, their 'patch' may work, but what else does it break? Does it affect performance to an annoying degree? It could also be that MS is still investigating the issue themselves, or they have found that the vulnerability is only present in unrealistic situations (my favorite was one of those where you could elevate yourself to admin levels, but you needed admin privileges to do it!).

Furthermore, last year MS switched to a monthly, or quarterly (can't remember which) schedule for releasing security updates. Critical updates were the exception. It could be that this issue is not considered 'critical' and will be addressed in an upcoming security update. It could just as well be that these guys haven't applied all the security updates themselves, and they have 'discovered' a known problem that was already fixed.

I'm just speculating, but I still recommend against applying an OS patch from a third party.

kiaran
02-08-2005, 10:35 PM
But, that's how it is, the world is not perfect, u know

Agreed. But that won't stop me from ranting about it ;)

JMulder
02-08-2005, 10:47 PM
It appears that MS has released several security updates today:
http://www.microsoft.com/technet/security/current.aspx

I can't tell if one of these addresses the Russian firm's findings...

Self-Designer
03-27-2005, 09:36 PM
OK, and what do u say about this: http://www.autopatcher.com/

I've found it via: http://www.fileconnect.net/comments.php?shownews=8830&catid=3

smoothoperator
03-28-2005, 12:28 AM
lol. I love reading posts about Microsoft users having security issues. Seems to be soo many.
I sleep well being a mac user.
Just buggin.
Microsoft needs to fix these things. I'd actually consider getting a pc is it wasnt for all these problems they have.

JDex
03-28-2005, 12:35 AM
Trust me... 99% of people who have all these problems spend too much time P2Ping, using warez, checking out pr0n, installing any and every freeware app they can find... and click yes on "do you want to install this unknown activeX control that will probably kill your computer" popup that comes up... while I agree that OSX is more secure... it's not as bad as you are lead to believe... Do not let the idiots of the world make you avoid powerful tools... get a PC, keep it up to date... install a maintenance free Antivirus app, use firefox, use your common sense and download adaware (run it once every week or two) and you will likely run problem free.

L.Rawlins
03-28-2005, 12:43 AM
^ He speaketh the truth.

darktding
03-28-2005, 01:06 AM
what is warez?:deal:

BigErn
03-28-2005, 01:08 AM
Trust me... 99% of people who have all these problems spend too much time P2Ping, using warez, checking out pr0n, installing any and every freeware app they can find... and click yes on "do you want to install this unknown activeX control that will probably kill your computer" popup that comes up... while I agree that OSX is more secure... it's not as bad as you are lead to believe... Do not let the idiots of the world make you avoid powerful tools... get a PC, keep it up to date... install a maintenance free Antivirus app, use firefox, use your common sense and download adaware (run it once every week or two) and you will likely run problem free.

this should be page.1 of how to use a MS OS! I have no probs either doing the same routine. "free Antivirus app, use firefox, use your common sense and download adaware" Its a minor pain I agree but worth it.

theCloudmover
03-28-2005, 01:25 AM
lol. I love reading posts about Microsoft users having security issues. Seems to be soo many.
I sleep well being a mac user.


Agreed.

I saw first hand what these virii/adaware/trojan horses can do to a PC when my Uncle stayed here over the Christmas holidays. It hijacked his machine, launched his browser automatically, shut the machine off randomly and kept replicating itself.

Adaware, Norton (which was running when this happened), and Spybot didn't work.

After we figured out what was going on and just marvelled at the what was going on we had to try to shut the machine down go into the command line and execute a program there to get rid of it.

BTW He is the head of technology for a major corporation and as far as we figured out it was a combination Firewall Breaker( This one I think. (http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073080) ) and browser hijack.

TWO FREAKIN DAYS to get "clean!!" He lost some software and was just a 100% pissed off. I for the life of me can't see how you windows guys live with this 24 seven.

JDex
03-28-2005, 01:28 AM
...

TWO FREAKIN DAYS to get "clean!!" He lost some software and was just a 100% pissed off. I for the life of me can't see how you windows guys live with this 24 seven.

We don't...

theCloudmover
03-28-2005, 01:31 AM
We don't...

Oops. I meant to say "I for the life of me can't see how you windows guys live with this kind of threat 24 seven."

You do. :)

ben_o
03-28-2005, 01:31 AM
Several of my $0.02's....

JDex's suggestions would keep you fairly safe.... but the problem is that it shouldn't be this way. You shouldn't have to install all sorts of programs and drivers after the OS just to safely browse the internet.

No other OS needs such aggressive anti-virus/firewall/anti-malware software products running taking up a sizeable chunk of resources just to get onto the internet.

Oh and before anyone bring's up the "90% marketshare = 90% viruses" or the "Virii or massive security holes are inevitable" series of arguments, don't. It's not big and it's certainly not clever.

-> Where non-M$ internet-based products rule the market (Apache, *nix/BSD servers, etc) M$ products still have the lion's share of exploited holes, and security problems.

-> I would feel happy enough leaving my linux machine for a short time on a broadband connection without any preparation. A default install of windows xp would be torn to shreds within a day.

-> Windows virus's ~ 10,000 (Symantec so figure is probably inflated)
-> MacOs + Linux virus's including theoretical ones that have never been seen in the 'wild' ~ 30

Oh and if you believe the news about linux being more insecure than Windows XP... just look at who paid for the studies to be taken:

Just some recent examples from slashdot->

http://it.slashdot.org/article.pl?sid=05/03/26/1428259&from=rss
http://linux.slashdot.org/article.pl?sid=05/03/25/238257&from=rss

Apologies to those who think I'm just mouthing off, but I'm tired after just having to clean a relative's machine, who was running IE, with Norton Security suite... I am a little fed up with M$ at the moment.

Try 'ubuntu linux'. It's possible the easiest linux I've seen to get into. (If you don't like the Gnome desktop, try Kubuntu.)

Ben

theCloudmover
03-28-2005, 01:37 AM
I've been dabling with Linux (Debian and Mandrake) at work for a few months now. Seems like a beautiful system. If I ever do buy a windows machine I'll probably use Linux.

JDex
03-28-2005, 01:42 AM
Well, if you want to get technical... OSX is every bit as vulnerable when it comes to these types of attacks... it's just that no one is writing (or releasing) them... I bet that if Mac ownership ever exceeds 25% of the overall market... there will be a very nasty bug that will nearly cripple the majority of the userbase... because of their false sense of security.

About 5 years ago I witnessed a Unix hacking test at a hospital... in about 42 minutes over 56k the hacker had the medical and billing information of every "dummy" patient in the system (about 16000 entries)... granted this guy was apparently one of the best in the world... but the reality is there is no safe system if it is connected to the web.

theCloudmover
03-28-2005, 01:49 AM
Well, if you want to get technical... OSX is every bit as vulnerable when it comes to these types of attacks... it's just that no one is writing (or releasing) them... I bet that if Mac ownership ever exceeds 25% of the overall market... there will be a very nasty bug that will nearly cripple the majority of the userbase... because of their false sense of security.

About 5 years ago I witnessed a Unix hacking test at a hospital... in about 42 minutes over 56k the hacker had the medical and billing information of every "dummy" patient in the system (about 16000 entries)... granted this guy was apparently one of the best in the world... but the reality is there is no safe system if it is connected to the web.

Agreed.

But as of right NOW OSX is extremely safe and I think that counts for something.

I am frankly surprised that this atmosphere of "exploits" seems to be getting worse. You guys should start sending Mr. Gates t-shirts with the "Linux Penguin." Maybe then he'll get the message.

Very interesting discussion... :thumbsup:

JDex
03-28-2005, 01:51 AM
You shouldn't have to install all sorts of programs and drivers after the OS just to safely browse the internet.

Really? Can't say I've installed a driver since Windows 2000. XP has everything I need (actually I take it back, Wacom and two video card updates since Nov 2002)... but still, this notion of Windows needs thousands of finniky user installed drivers just to make my mouse work garbage spewed in the over-zealous mac community is a farce and perpetual propeganda spewed by the mouths of ignorant babes... It was never as bad as is said (although in 98, it was bad but still not "that" bad)... and certainly is not the case any longer.

Oh and before anyone bring's up the "90% marketshare = 90% viruses" or the "Virii or massive security holes are inevitable" series of arguments, don't. It's not big and it's certainly not clever.

Wow... that's pretty closed minded to the forces of nature, vandalism and theft... really there is alot in the "security through obscurity" that always has held true... and the odds that this will be any different are right up their with Brittney Spears celebrating a 50th wedding anniversary with that guy she's married to now.

JDex
03-28-2005, 02:10 AM
Agreed.

But as of right NOW OSX is extremely safe and I think that counts for something.

I am frankly surprised that this atmosphere of "exploits" seems to be getting worse. You guys should start sending Mr. Gates t-shirts with the "Linux Penguin." Maybe then he'll get the message.

Very interesting discussion... :thumbsup:

It certainly does... and I love OSX (flaws and all)... Tiger looks very promising, the mention of a major OpenGL overhaul is very good... very very good OS, superior in many respects, and for the time-being... security is one. Apple... well lets just say that we have history, not much of it good, but I am onboard the OSX happy bus... just not on the Windows is the devil and if you use it your data will vanish... tommorrow buy a mac... if you don't people will laugh at you, loser.

No one here has done this, today, in this thread... but these people are everywhere, and it's frankly laughable. As for Gates... he's a crooked business man, who had some foresight and tenacity and made an overall good product that dominated one of the largest industries in the modern world... and made alot of serious mistakes in the process. Does he know it? darn tootin... is he interested in fixing it? you betcha... can he? we'll see.

As an acquaintence of mine recently mentioned (paraphrasing)... Apple is in a position to completely take over through brute force the entertainment/digital content industry... and he's right. Will they? We'll see. Will they make alot of mistakes? you betcha. Will Apple become vulnerable to security problems? darn tootin.

gruvsyco
03-28-2005, 02:33 AM
Agreed.

I saw first hand what these virii/adaware/trojan horses can do to a PC when my Uncle stayed here over the Christmas holidays. It hijacked his machine, launched his browser automatically, shut the machine off randomly and kept replicating itself.

Adaware, Norton (which was running when this happened), and Spybot didn't work.

After we figured out what was going on and just marvelled at the what was going on we had to try to shut the machine down go into the command line and execute a program there to get rid of it.

BTW He is the head of technology for a major corporation and as far as we figured out it was a combination Firewall Breaker( This one I think. (http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073080) ) and browser hijack.

TWO FREAKIN DAYS to get "clean!!" He lost some software and was just a 100% pissed off. I for the life of me can't see how you windows guys live with this 24 seven.


That's a pretty freakin talented infection... you should have asked it to make you some coffee while it was at it. I've been doing IT stuff for 13 years and have NEVER seen anything like that. The ONLY time I ever hear of reports of this is from some Mac or Linux user that says they know someone that it happened to. Seriously, head of technology?

ben_o
03-28-2005, 02:34 AM
Really? Can't say I've installed a driver since Windows 2000. XP has everything I need (actually I take it back, Wacom and two video card updates since Nov 2002)... but still, this notion of Windows needs thousands of finniky user installed drivers just to make my mouse work garbage spewed in the over-zealous mac community is a farce and perpetual propeganda spewed by the mouths of ignorant babes... It was never as bad as is said (although in 98, it was bad but still not "that" bad)... and certainly is not the case any longer.

Yeah, fair enough. I meant it in a 'what-needs-to-be-installed-before-it-all-works' kinda way, but I meant it as more of a reflection on the need for proprietory products for something that I believe is in the remit of the OS manufacturer, which is the security of the OS itself. (Not including MLBKAC induced infections, aka malfunction lies between keyboard and chair...)

Oh and before anyone bring's up the "90% marketshare = 90% viruses" or the "Virii or massive security holes are inevitable" series of arguments, don't. It's not big and it's certainly not clever.
Wow... that's pretty closed minded to the forces of nature, vandalism and theft... really there is alot in the "security through obscurity" that always has held true... and the odds that this will be any different are right up their with Brittney Spears celebrating a 50th wedding anniversary with that guy she's married to now.

It was an inflammatory comment I admit, and it seems I didn't make myself clear amongst the bile. I meant that with the marketshare that Windows has, it has a disproportionate number of serious security problems involving the core applications/services or kernel of Windows.

Whilst I agree "security through obscurity" does lend strength to the overall security of an OS, it does so at a cost. It becomes very difficult to fix problems without the direct aid of the OS owner. If it has a pretty good code-base (ie MacOS), then this is not so much of a problem for the end-user. If the OS is poor OR if published exploits take weeks to fix then trouble arises.

ben_o
03-28-2005, 02:44 AM
That's a pretty freakin talented infection... you should have asked it to make you some coffee while it was at it. I've been doing IT stuff for 13 years and have NEVER seen anything like that. The ONLY time I ever hear of reports of this is from some Mac or Linux user that says they know someone that it happened to. Seriously, head of technology?

I think if it is true, its one of those cases where someone has tried to fix it manually, as a kind of challenge to themselves. Malware infections are normally tenacious enough nowadays that format->reinstall->clean backup is the cleanup method most guaranteed to work and takes a short enough time (but depends on the files that are reinstalled though.)

But I agree, two days is hyperinflated and I've never heard of anything like it, that wasn't directly caused by laziness or curiousity on the behalf of the IT crew. (Mainly curiousity though)

theCloudmover
03-28-2005, 04:22 AM
I think if it is true, its one of those cases where someone has tried to fix it manually, as a kind of challenge to themselves. Malware infections are normally tenacious enough nowadays that format->reinstall->clean backup is the cleanup method most guaranteed to work and takes a short enough time (but depends on the files that are reinstalled though.)

But I agree, two days is hyperinflated and I've never heard of anything like it, that wasn't directly caused by laziness or curiousity on the behalf of the IT crew. (Mainly curiousity though)

I posted a link to what was (I think) the firewall breaker. I know it had "kill" in the name. Here it is again.

KillAV (http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073080)



As for the two days...
Timeline:
(Warning:Mac guy trying to remember Windows Jargon. I'm sure I've made many,MANY mistakes.)

My aunt and my two young cousins also used this laptop during their visit. I think that is important information since we don't know the "how" of this episode.

After breakfast:
It was there. It was a browser hijack that reset IE with a different home-page.-- We looked at it- He wrinkled his brow - ran Spybot - boom - gone- did what he had to do online.

Afternoon:
We did what we had to during the day- turn machine on -Hijack still there- Ran Spybot & Ad-aware- clean? Nope- Still there. Checked settings-Firewall active-He smiled -unchecked System Restore.Unplugged the little wireless dongle antenna from computer-Cool- Ran Spybot, Ad-aware and the Norton Antivirus. It says Clean. Boom. STILL there. Tried to run Norton again. Machine shuts off. Repeat four or five times. Machine either shuts off or crashes at the end of a cleaning.

After dinner.
Turned Machine on- Runs fine- IE Launches by itself then crashes machine. Changes user account -OK - machine stable- Desktop wallpaper different(?)- home-page still hijacked- needs to run something with Windows XP or Norton CD- Discs at home. :banghead:

Next day.
BUYS new Norton disc at store. Runs app. Still there- He looks through all the places windows keeps things: registry(?)-I start looking online with my mac for the names he gives me- We find the name of the things- He goes into safe mode(?) runs an app I found on Norton online in the command line and it's gone. He said the exploit acted like Gaobot.

That's two days I think.

Now, My Unc isn't a programmer or IT guy(Technology isn't "JUST" computers.) He'd hire you smart fellows to do that kind of work. He is, however very familiar with Windows, servers, etc. and knows his way around a Windows machine. I was frankly shocked not just at the virus, but at what you have to know to get rid of these things. Mr. & Mrs. Joe everybody could NEVER have gotten rid of this thing.

Please understand I have no hate for Windows or Windows users. As a gamer since PONG, I'm envious of all the cool games you guys have. :cry: So believe what you want. I have no reason to lie or inflate.

I'll see if I can get the name homepage hi-jacker.

ben_o
03-28-2005, 04:52 AM
Cloudmover, I get your point now.... it was just the way it was put it made it seem like this was in a work/office setting.

I wholeheartedly agree that the amount of tech know-how home users are expected to have to keep their machines their own is too high for the amount of good reliable information they get. Every hoax virus warning turns into a mass-forwarded email, and spyware goes unnoticed - 'So that isn't how it normally works then?'

M$ hater though I am, I do think that they are starting to step in the right direction for the home market after SP2, with its focus on security updates and informing people when their anti virus subscription runs out or if there are updates to apply. If they could've only included a wizard to help non-geeks toughen up their home system....

Eugh... just commended M$ on trying to focus more on security....
[zealous reflex]Linux! try http://www.ubuntulinux.org/ or http://www.knoppix.net [/zealous relex]

Ben

cgclay
03-28-2005, 04:53 AM
hmm... I havn't had any security issues in the past 5 years running Windows. I will admit to one time catching some spyware, but I then switched to Firefox, problem solved. No security breaches, no viruses, no spyware other than that and I've been to every kind of site imaginable on the internet. I run a minimal level of security which consists soley of Norton Anti-Virus and a router. I havn't even updated XP recently. Am I just lucky or do alternative OS users grossly exaggerate Window's security problem?

I tend to believe the latter based on my trouble free experiences

theCloudmover
03-28-2005, 05:10 AM
hmm... I havn't had any security issues in the past 5 years running Windows. I will admit to one time catching some spyware, but I then switched to Firefox, problem solved. No security breaches, no viruses, no spyware other than that and I've been to every kind of site imaginable on the internet. I run a minimal level of security which consists soley of Norton Anti-Virus and a router. I havn't even updated XP recently. Am I just lucky or do alternative OS users grossly exaggerate Window's security problem?

I tend to believe the latter based on my trouble free experiences

:D
By being on this site you are hardly the average computer user. I'm sure you are quite advanced - know your software, hardware and keep everything in tip-top shape. Hey, you use Firefox for goodness sake. Most average users don't know that you can even USE ANOTHER browser to surf the net. IE was at 90% the last time I checked. (http://news.com.com/Growth+rate+slips+for+Firefox+usage/2100-1032_3-5592677.html)

...also, I think, since we Mac users ARE in the minority, we are a bit more vocal about the problems we see our Windows comrades have. I actually point and laugh.



To be fair: My mom, sister, brother-and-law, best friend, other Uncle, my girlfriend and her family have never had a problem with any kind of security or virus. Just the standard hardware issues. They do, however, DESPISE the updates since most of them have a 56k modem.

My other best friend did have a major virus attack that made the CompUSA guy gasp when he told them "I never turned on the Firewall." That was a funny day.

BillSpradlin
03-28-2005, 05:28 AM
Saying that OSX is more secure is a fallable statement. The reason Windows gets attacked as much as it does and that people "find" security holes for it so often is that the vast majority of users around the world use Windows as an operating system. If we all used Macs, or if we all used Linux, then guess what, there would be holes and security attacks just as abundant. Hackers don't waste their time finding holes for OSX because the userbase compared to Windows is not as high, thus why waste time hacking an OS that isn't as widely used.

OSX can just as easily be hacked and virii written for it. Linux is, in many cases, more open to security flaws and hacks than Windows is.

Use some common sense people.

spakman
03-28-2005, 05:30 AM
As far as malware countermeasure effectiveness goes, it has been my understanding that for some time now, malware is now written so that priority 1 is to target the most popular firewalls and anti-spywarer configurations before initiating their main directive.

It is only after they have neutralized "security" systems, that they go about their main job, of either damaging the OS, or silently collecting information. If the trojan in question cannot neutralize a security system, an abort command is initiated so that no trace of the attempted infection remains on the targeted computer, thus keeping its existence out of the public record for as long as possible.

By approaching an assault in this manner, it is much more difficult to collect any information on just what it was that port scanned or pinged your system. Without this information, security solutions are left with little or no information to act upon - if they haven't already been compromized by a successful stage 1 infiltration.

I wonder how many security solution companies advertise this fact - that they are now the first programs to be targeted before the malware writer's main objective commences.

(It's the bullet you don't see that gets you)

cgclay
03-28-2005, 05:40 AM
:D


heh... I should probably turn on some kind of firewall.

I agree with BillSpradlin here, that is very much the case. I think a lot of people get on Microsoft's case about the security holes because they don't seem to fix them in a very timely fashion though

However, I think Mac users complain more about those security holes than actual Windows users do

spakman
03-28-2005, 05:54 AM
Saying that OSX is more secure is a fallable statement....
...Use some common sense people.

Too true. (though it is inheriently easier to make more secure) . I'm still waiting for that someone to take advantage of what I think is apples dumbest feature so far: The ability to embed applications in texedit docs. I wonder if there will ever come a time when a textedit file gets spread around, embedded with some devious Applescript/Unix script, set off to run as root, executing who knows what kind of commands on your machine.

I think it was that cow in Ren & Stimpy who said: "I don't like it. I don't like it at all."

theCloudmover
03-28-2005, 05:58 AM
Saying that OSX is more secure is a fallable statement. The reason Windows gets attacked as much as it does and that people "find" security holes for it so often is that the vast majority of users around the world use Windows as an operating system. If we all used Macs, or if we all used Linux, then guess what, there would be holes and security attacks just as abundant. Hackers don't waste their time finding holes for OSX because the userbase compared to Windows is not as high, thus why waste time hacking an OS that isn't as widely used.

OSX can just as easily be hacked and virii written for it. Linux is, in many cases, more open to security flaws and hacks than Windows is.


Agreed.

How's this: "As of RIGHT NOW - March 28 2005 - OSX is more secure to active and known Virii, Spyware and Malware than it's WindowsXP counterpart."
Of course, the possibility exists for malicious code to be written for OSX. I don't doubt that it will happen sometime in the future. But thats the FUTURE...

Ask yourself:
You have a project due Thursday and you have to use the internet extensively to complete the assignment. You have the choice between two machines -a Mac and a PC - each with broadband connections, no router, no firewall, no anti-spyware and no Firefox. Which machine is going to get you to Thursday in one piece?

Which would be more secure THIS WEEK?


As for Linux I know very little about Linux and have only dabbled with the distros. Is this true?

tachy0n
03-28-2005, 07:49 AM
How's this: "As of RIGHT NOW - March 28 2005 - OSX is more secure to active and known Virii, Spyware and Malware than it's WindowsXP counterpart."
Of course, the possibility exists for malicious code to be written for OSX. I don't doubt that it will happen sometime in the future. But thats the FUTURE...

Ask yourself:
You have a project due Thursday and you have to use the internet extensively to complete the assignment. You have the choice between two machines -a Mac and a PC - each with broadband connections, no router, no firewall, no anti-spyware and no Firefox. Which machine is going to get you to Thursday in one piece?

Which would be more secure THIS WEEK?



Personally i'm from the 'tried and tested' school of thought rather then the 'hope it wont happen' one...Cause the thing about the 'future' is that it takes seconds for it to become the present. At least with windows, i fully expect it to bite me in the ass so i dont ever let it (firewalls, AVs, routers, backups etc ) God only save you OSX guys if ever some bored cracker decides to take you for a spin....

Don Kayote
03-28-2005, 07:53 AM
However, I think Mac users complain more about those security holes than actual Windows users do

http://www.geekoftheday.com/images/stories/geeks/gotd_050325.jpg

Yeah, we windows users got other ways to express our opinion.

MickeyManny
03-28-2005, 08:15 AM
Do the math. Microsoft OS's are the most widely used in the world FOR A REASON. I am not going to waste my time or energy explaining this because if you have any sense you can figure it out. It's the people who pick their computers for look that I think are really sad. Its' either that or for some silly boycott most of the time. I've known too many... If you know HOW the computer works, and you are part of the mass majority that enjoy a company that is open to 3rd partys and a drive to improve, then you are part of this majority and you are probably a sensable person with some intelligence and one how doesn't base their decisions on emotion.

Self-Designer
03-28-2005, 08:52 AM
Oh men, should have predicted it. Look at the 1st post (http://www.cgtalk.com/showpost.php?p=1953142&postcount=1) and my last post (http://www.cgtalk.com/showpost.php?p=2090497&postcount=14) (not this, the one before, dah! ;)) and where da heck have you got to?? I was just cerious if anyone heard about those one and what ppl think about such things, not about M$ security holes or unix/OSX not worthy to make a virus of... :banghead:

Para
03-28-2005, 09:26 AM
Don Kayote: Is this a pissing contest? ;)

One thing that makes me wonder is that there's tens of thousands of spyware/adware/virii/worms/trojans out there but I have never gotten a single one of them and I've used Windows-based systems for the last 10 years (Win95, Win98, Win2k, WinNT 3.5 and 4, WinXP). The one thing that worries me is that for some reason people who don't know what they really should do as a precaution are put very high in the tech support hierarchy (no offense but that seems to be the case in the uncle story a few posts earlier). I know that most people would like to just press the magical button and get a completely working system but that's actually part of the reason why systems in general are as insecure as they are. For example installing Linux on iPod is basically showing security problems in iPod's software protection. This is dependant on point of view, I assume.

About OS:ses...yes, OSX is definately more secure than Windows XP at the moment. This may change drastically in next 4 weeks with the introduction of XP64 and Tiger - or not. For me security isn't an issue since I've learned to live with it and tuned my computer to do all the protection stuff passively without any need of guidance but assuming the security of Windows would fall back to the level it was 10 years ago I still wouldn't change to another OS just because there isn't any training material available for the OS itself and if there actually is, the price of a new Mac isn't really tempting either.

I'd like to end this post with a short prediction: In the next 2 years people will get smarter and while they learn a lot about security, the systems they use will also get more secure. I base this assumption on the fact that lately both computer usage education and security issues have been big issues all over the world.

Beamtracer
03-28-2005, 09:59 AM
Microsoft doesn't make security holes, people dicking around where they shouldn't be are the problem.

ARGH!! I'm really angry about this because I recently spent four days fixing all the computers in my house because of a goddamn virus that leaked in through my router.
Hehehehe! Let me guess... you're using the Internet Explorer as your browser, and now you've been attacked with malware. Why didn't you switch to Firefox?

OSX is every bit as vulnerable when it comes to these types of attacks... it's just that no one is writing (or releasing) them... I bet that if Mac ownership ever exceeds 25% of the overall market... there will be a very nasty bug that will nearly cripple the majority of the userbase... because of their false sense of security.
That's not true, JDex. There are technical reasons why Microsoft Windows is more vulnerable to attack. I could list some of them but the thread would get too long and boring. However, you can read the details here (http://www.theregister.co.uk/2003/12/16/windowsstyle_security_hell_stalks_mac/).

Look at web servers for example. Most of the servers that run websites are UNIX based rather than Windows. Yet most of the attacks that specifically target web servers happen to Windows machines.

The UNIX based operating systems, such as Linux, BSD and Mac OS X are inherently more secure than Windows. Fair enough if you like Windows for other reasons, but security is not its best feature.

Anyone running Internet Explorer browser is asking for trouble. Switch to Firefox now. The free download is available here:
http://www.mozilla.org/products/firefox/

JMcWilliams
03-28-2005, 10:14 AM
I know i have said this before on another thread, but I got hold ghostsurf along with zonealarm and ever since I have never had any spyware/trojan problems whatsoever, i mean, nothing! :D

CGTalk Moderation
03-28-2005, 10:14 AM
This thread has been automatically closed as it remained inactive for 12 months. If you wish to continue the discussion, please create a new thread in the appropriate forum.