Thor, Sorry, I didn't make my points clear enough. I was replying sarcastically to Cassidy's remarks and asking him to prove his claims.
Regards. On Tue, May 18, 2010 at 4:40 PM, Thor (Hammer of God) <t...@hammerofgod.com>wrote: > What messages warning you from using Windows? I certainly hope you do not > have me confused with the OP – I already used the term “hysteria” to > describe his ideas and subsequent recommendations. The entire premise is > fatally flawed, and the subsequent replies show a level of ignorance that I > have not seen in a “professional” security person in some time. It’s not > surprising to see that the background of his site “remains blackened in > protest against the many illegal and unethical activities of the USA.” > Hysterical indeed. > > > > In fact, this thread has inspired me to add a new section to the Hammer of > God website (currently undergoing major renovation) called “Tard of the > Month” where I’ll take claims like the one submitted by the OP and > basically… well, you know what I’ll do. > > > > I just want to make sure you understand that **I** didn’t have anything do > with any ludicrous comments about abandoning the Windows platform because > all the oxygen in my computer was being consumed by what Symantec notes as > “new threats.” > > > > t > > > > *From:* Christian Sciberras [mailto:uuf6...@gmail.com] > *Sent:* Tuesday, May 18, 2010 3:40 AM > *To:* Cassidy MacFarlane > *Cc:* Thor (Hammer of God); full-disclosure@lists.grok.org.uk > > *Subject:* Re: [Full-disclosure] Windows' future (reprise) > > > > Happens they are completely unrelated stories. Also happens that I won't > fall for someone's hysteria from using windows. > > By the way, I don't know you, but I would depend on the _fact_ that I've > been using a product without a hitch rather then someone's claims that the > said product will fall in a year's time. > > By the way, I think it would do you a lot of good if you quote Thor's > messages warning us from using Windows etc. > > If you only have a troll's remarks to add, then leave the discussion. > > As of this time, there is only one huge security risk all researchers agree > on; human error aka people's stupidity.... > > > > > On Tue, May 18, 2010 at 11:01 AM, Cassidy MacFarlane < > cassidy.macfarl...@grantmanagement.co.uk> wrote: > > Sent from my HTC > > > -----Original Message----- > From: Thor (Hammer of God) <t...@hammerofgod.com> > > Sent: 15 May 2010 21:59 > To: full-disclosure@lists.grok.org.uk <full-disclosure@lists.grok.org.uk> > Subject: Re: [Full-disclosure] Windows' future (reprise) > > No, It's Tim Mullen. No "Bill" here. > > No, I don't misunderstand: You said "You may recall that last year, the > average annual growth rate of new threats (as defined by Symantec) was 243%. > This enabled me to predict that the number of new threats in this year's > Symantec Threat Report would be 243% of last years." IOW, you took what > Symantec's numbers were for one year, and guessed they would be the same for > this year, and then posted how you were almost right. Congratulation, you > can make statements in the obvious. > > You people really need to get your stories straight. Isn't there some club > or something you guys can join to at least sync up your talking points? > First we hear about how AV is stupid, unneeded, useless, a waste of money, > and if you install it then you are ignorant. Then we hear about how some > people can "bypass AV" using kernel hooks on windows XP and call it an "8.0 > Earthquake." Now you come out and say that you predict that AV will not be > able to keep up with these new "threats" and that people must stop using > Windows as a result since Windows "is not likely of producing any secure > version of anything anytime soon." > > > Then you blithe on about how people should "avoid any software that locks > them into a Microsoft Platform like the plague" and specifically note .NET > for businesses but of course fail to provide any examples of where they > should go, or any real advice on your "mitigation strategy." > > What it is about .NET that should be avoided like the plague? Wait, before > you answer that, let's make sure you are qualified to answer. One must > assume that you are an expert .NET developer and that you have keen insight > into the very foundation of the platform in order to know unequivocally that > it should not be used under any circumstances. Please give us some code > examples of your .NET projects where it failed so miserably, even given your > expertise, and then provide the "proper" secure solution in your magic > TardWare solution. Certainly someone speaking with such authority on the > matter can come up with examples in no time. > > Additionally, you've clearly performed migration engagements for these > people you "advise." Please let us know what the actual migration plan was, > and how you have so brilliantly created a one-off cost migration path. I'm > really interested in the details about that. I would particularly like to > know what authentication infrastructure you would build to support secure > enterprise-based services, your solution for client access and > administration, and your overall network concepts. Also, what is your > preferred replacement for .NET again? Details on your SDL process would be > fantastic as well. > > You've got a great opportunity to really contribute to the industry by > providing us with your qualifications and subsequent solutions to these > problems, so I'm really looking forward to seeing what you have to say on > the matter beyond "Symantec said we'd have this amount of growth, so I said > that too, and I was almost right. And since I was almost right, it is > imperative to drop all Windows products and re-write all of your .NET code > immediately because AV won't be able to keep up with it." > > t > > -----Original Message----- > From: full-disclosure-boun...@lists.grok.org.uk [mailto: > full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi > > Sent: Saturday, May 15, 2010 1:07 PM > To: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Windows' future (reprise) > > Is that you, Bill? > > I think you misunderstand. 9 months ago, I measured the growth rate at > 243%, using Symantec's stats. 9 months ago I posted that number here, > together with a prediction of this year's stats. Recently, I got this > year's stats and compared them with that prediction. I found that this > prediction was 75.4% accurate. I am now reporting those results back to the > group. And this is trolling how? > > My point is that the prediction was not wildly wrong, and so that leads me > to wonder if anything else I said, 9 months ago, was also not wildly wrong. > > My main reason for claiming that Windows is inherently insecure is because > it's closed source. However it's also because of the sloppy, monolithic > spaghetti code that Windows is made of. If you're claiming Windows is in > fact inherently secure, I assume this means you don't use AV on any of your > Windows machines, and advise everyone you know to uninstall it? > > I never said migration would be free or easy. That is why I am posting > this data here, because I see it as a vulnerability, a very big > vulnerability that many companies have not woken up to. The very fact that > migration is hard, lengthy, and expensive, means that the vulnerability is > larger than ever. > > Stu > > > On 15 May 2010 at 14:40, Thor (Hammer of God) wrote: > > From: "Thor (Hammer of God)" <t...@hammerofgod.com> > > To: "full-disclosure@lists.grok.org.uk" <full- > > disclos...@lists.grok.org.uk> > > Date sent: Sat, 15 May 2010 14:40:29 +0000 > > Subject: Re: [Full-disclosure] Windows' future (reprise) > > > I am constantly amazed at posts like this where you make yourself sound > like some sort of statistical genius because you were "able to predict" that > since last year was %243, that this year would be %243. Wow. Really? > > > > And for the record, these claims of 'inherent insecurity' in Windows are > simply ignorant. If you are still running Windows 95 that's your problem. > Do a little research before post assertions based on 10 or 20 year old > issues. > > > > This smacks of the classic troll, where you say things like "nothing that > Microsoft makes is secure and it never will be" and then go on to say how > easy it is to migrate, and how it's free, with only a one off cost, and how > to move off of .NET. > > > > Obvious "predictions," ignorant assumptions, and a total lack of any true > understanding of business computing. Yep, "troll." > > > > t > > > > -----Original Message----- > > From: full-disclosure-boun...@lists.grok.org.uk [mailto: > full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi > > Sent: Saturday, May 15, 2010 6:12 AM > > To: full-disclosure@lists.grok.org.uk > > Subject: [Full-disclosure] Windows' future (reprise) > > > > Hi All! > > > > Just a followup from my posting of 9 months ago (which can be found > > here): > > > > > > http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg37173.html > > > > > Symantec have released "Internet Security Threat Report: Volume XV: > > April 2010". My posting from last year was based on the previous > "Internet Security Threat Report: Volume XIV: April 2009". So I thought it > would be interesting to check my numbers. The new edition of the Threat > Report is here: > > > > http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202 > > > > You may recall that last year, the average annual growth rate of new > threats (as defined by Symantec) was 243%. This enabled me to predict that > the number of new threats in this year's Symantec Threat Report would be > 243% of last years; eg. I predicted 9 months ago the number of new threats > in this year's Symantec Threat Report would be 243% * 1656227, or > 3840485.87. > > > > The actual number of new threats in this year's Symantec Threat Report is > 2895802, an error on my part of 24.6%. > > > > This is quite a chunk, however it is not that far off. My excuses: > > > > - my number was based on averages, so it will never be exact. There will > be a natural variance in the growth rate, caused by many factors. > > > > - in the new edition, Symantec have altered the raw data a little - the > number of new threats for 2009, 2008, 2007 etc is slightly different to > those same years, as listed in the previous version of the report. I have > not updated my projection to allow for this. > > > > - Symantec note that "The slight decline in the rate of growth should not > discount the significant number of new signatures created in 2009. > Signature-based detection is lagging behind the creation of malicious > threats..." (page 48). > > > > Am I retreating from my position? Absolutely not. I am now expecting > the number of new threats in next years' report to be 7036798.86. This is > 2895802 * 243%. This includes the error introduced by Symantec's changes to > the raw data. I don't think it matters much. > > > > As this flood of new threats will soon overpower AV companies' > > ability to catalogue them (by 2015, at 243% growth, there will be > > 2.739 MILLION new threats PER DAY (over 1900 new threats per minute)), > and as Symantec admits above that "signature-based detection is lagging", > and as Microsoft are not likely to produce a secure version of anything > anytime soon, I am not at all hopeful of a clean resolution to this problem. > > > > I continue to advise that users should, where possible, deploy > alternatives; that they should, if they have not already, create and action > a migration strategy; and that they should avoid like the plague, any > software which locks them into a Microsoft platform. > > Business .NET applications, I'm lookin' at you. > > > > Those failing to migrate will discover their hardware runs slower and > slower, while doing the same job as it did previously. They will need to > take this productivity hit, OR buy a new computer, which will also > eventually surcumb to the same increasing slowness. They will need to buy > new machines more and more frequently. Eventually, they will run out of > money - or, for the especially deep-pocketed, they will find they cannot > deploy the new machines fast enough, before they are already too slow to > use. The only alternative to this treadmill is to dump Windows. The sooner > it is dumped, the less money is wasted buying new hardware, simply to keep > up with security- induced slowness. > > > > Why spend all that time and money on a series of new Windows machines, > without fixing the actual problem, which is the inherent insecurity of > Windows? People can spend the same time and money replacing Windows, and > then they won't need to worry about the problem any more. The difference is > that sticking with Windows incurs ongoing and increasing costs, while a > migration incurs a one- off cost. > > > > I don't think it takes a genius to see which approach will cost less. > > > > Notes: > > - see page 10 of the Volume XIV (2009) edition, and page 48 of Volume XV > (2010) edition, for the relevant stats > > > > - since my post of last year, I have also noticed a similar exponential > curve in the number of threats detected by Spybot Search and Destroy (a > popular anti-spyware tool). This curve can be seen > > here: > > > > http://www.safer-networking.org/en/updatehistory/index.html > > > > - my projection of growth rates up to 2016 (written last year) is > > here: > > > > http://www.cyberdelix.net/files/malware_mutation_projection.pdf > > > > Comments welcome.. > > > > > Stu > > > > --- > > Stuart Udall > > stuart a...@cyberdelix.dot net - http://www.cyberdelix.net/ > > > > --- > > * Origin: lsi: revolution through evolution (192:168/0.2) > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > --- > Stuart Udall > stuart a...@cyberdelix.dot net - http://www.cyberdelix.net/ > > --- > * Origin: lsi: revolution through evolution (192:168/0.2) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > www.grantmanagement.co.uk > > www.gmhelp.co.uk > > Please consider the environment before printing this email and any > attachments. > This message and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. If you are not the intended recipient please disregard and delete > this message. Please note that any views or opinions presented in this email > do not necessarily represent those of the company. Whilst this email and any > attachment(s) have been scanned for the presence of viruses, the company > accepts no liability for any damage caused by any virus transmitted by this > email. > > Company Registration: SC187301 > 14 Coates Edinburgh EH3 7AF > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/