Re: [Full-disclosure] Windows' future (reprise)
Hey kids, whazup? On Sat, May 15, 2010 at 11:40 AM, Thor (Hammer of God) t...@hammerofgod.com wrote: If you are still running Windows 95 that's your problem. Nevertheless, if one runs Windows 7, here is the problem: http://en.windows7sins.org/ Regards, Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
Oh my G! I'm going to quote that site next time I get to help a *nix newbie figure out permissions without sudo. Seriously by that reason I could accuse linux users of exerting too much freedom giving the allusion of godly control - which as you might have guessed is a sin. ...unless you redefined sin as using MS windows? On Tue, May 25, 2010 at 6:13 PM, M.B.Jr. marcio.barb...@gmail.com wrote: Hey kids, whazup? On Sat, May 15, 2010 at 11:40 AM, Thor (Hammer of God) t...@hammerofgod.com wrote: If you are still running Windows 95 that's your problem. Nevertheless, if one runs Windows 7, here is the problem: http://en.windows7sins.org/ Regards, Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On Tue, May 18, 2010 at 11:27:22AM -0400, valdis.kletni...@vt.edu wrote:
(Note that the esteemed Mr READ_THE_LIST_CHARTER overlooked unknown
knowns - that class
of stuff we don't realize or refuse to admit we actually *do* know:
ok, i know i am a writer not a reader (like a narcisist chukcha is ;) )
can you recommend reading about malware that belongs to a class of malware the
existence of which provably cannot be proved within current technology ... if
one assumes current technology itself is consistent [1]
the disclosed idea of backdooring the compiler doesn't count, because currently
people are *examining* compilers (well, assuming they can do it).
did someone {\TeX , .pdf } producer managed to represent in text some
_abstract??_ backdooring that is undetectable with current plausible budgets
(as in god can backdoor all of your bases or it may be possible to screw the
electric field in exploitable way in any circumstances ) ?
[1]
http://en.wikipedia.org/w/index.php?title=Large_cardinal_propertyoldid=18071390
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On 18 May 2010 at 14:40, Thor (Hammer of God) wrote: In fact, this thread has inspired me to add a new section to the Hammer of God website (currently undergoing major renovation) Uh-huh... get a new version of Dreamweaver did we? :) I just want to make sure you understand that *I* didn't have anything do with any ludicrous comments Sure, we understand that completely. we really do :) Just teasing, tx for the chats, lookin forward to next time... Stu --- Stuart Udall stuart a...@cyberdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
LOL. Actually, I *did* get a new version of Dreamweaver! But I think I'll stick with Expression - I like it... but, I'll still have to see what DW will do for me. It's great that we can make fun of each other without the other taking it too personally. Good stuff. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi Sent: Wednesday, May 19, 2010 1:08 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) On 18 May 2010 at 14:40, Thor (Hammer of God) wrote: In fact, this thread has inspired me to add a new section to the Hammer of God website (currently undergoing major renovation) Uh-huh... get a new version of Dreamweaver did we? :) I just want to make sure you understand that *I* didn't have anything do with any ludicrous comments Sure, we understand that completely. we really do :) Just teasing, tx for the chats, lookin forward to next time... Stu --- Stuart Udall stuart a...@cyberdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
Sent from my HTC -Original Message- From: Thor (Hammer of God) t...@hammerofgod.com Sent: 15 May 2010 21:59 To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) No, It's Tim Mullen. No Bill here. No, I don't misunderstand: You said You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%. This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of last years. IOW, you took what Symantec's numbers were for one year, and guessed they would be the same for this year, and then posted how you were almost right. Congratulation, you can make statements in the obvious. You people really need to get your stories straight. Isn't there some club or something you guys can join to at least sync up your talking points? First we hear about how AV is stupid, unneeded, useless, a waste of money, and if you install it then you are ignorant. Then we hear about how some people can bypass AV using kernel hooks on windows XP and call it an 8.0 Earthquake. Now you come out and say that you predict that AV will not be able to keep up with these new threats and that people must stop using Windows as a result since Windows is not likely of producing any secure version of anything anytime soon. Then you blithe on about how people should avoid any software that locks them into a Microsoft Platform like the plague and specifically note .NET for businesses but of course fail to provide any examples of where they should go, or any real advice on your mitigation strategy. What it is about .NET that should be avoided like the plague? Wait, before you answer that, let's make sure you are qualified to answer. One must assume that you are an expert .NET developer and that you have keen insight into the very foundation of the platform in order to know unequivocally that it should not be used under any circumstances. Please give us some code examples of your .NET projects where it failed so miserably, even given your expertise, and then provide the proper secure solution in your magic TardWare solution. Certainly someone speaking with such authority on the matter can come up with examples in no time. Additionally, you've clearly performed migration engagements for these people you advise. Please let us know what the actual migration plan was, and how you have so brilliantly created a one-off cost migration path. I'm really interested in the details about that. I would particularly like to know what authentication infrastructure you would build to support secure enterprise-based services, your solution for client access and administration, and your overall network concepts. Also, what is your preferred replacement for .NET again? Details on your SDL process would be fantastic as well. You've got a great opportunity to really contribute to the industry by providing us with your qualifications and subsequent solutions to these problems, so I'm really looking forward to seeing what you have to say on the matter beyond Symantec said we'd have this amount of growth, so I said that too, and I was almost right. And since I was almost right, it is imperative to drop all Windows products and re-write all of your .NET code immediately because AV won't be able to keep up with it. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi Sent: Saturday, May 15, 2010 1:07 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) Is that you, Bill? I think you misunderstand. 9 months ago, I measured the growth rate at 243%, using Symantec's stats. 9 months ago I posted that number here, together with a prediction of this year's stats. Recently, I got this year's stats and compared them with that prediction. I found that this prediction was 75.4% accurate. I am now reporting those results back to the group. And this is trolling how? My point is that the prediction was not wildly wrong, and so that leads me to wonder if anything else I said, 9 months ago, was also not wildly wrong. My main reason for claiming that Windows is inherently insecure is because it's closed source. However it's also because of the sloppy, monolithic spaghetti code that Windows is made of. If you're claiming Windows is in fact inherently secure, I assume this means you don't use AV on any of your Windows machines, and advise everyone you know to uninstall it? I never said migration would be free or easy. That is why I am posting this data here, because I see it as a vulnerability, a very big vulnerability that many companies have not woken up to. The very fact that migration is hard, lengthy, and expensive, means that the vulnerability is larger than ever. Stu
Re: [Full-disclosure] Windows' future (reprise)
Happens they are completely unrelated stories. Also happens that I won't fall for someone's hysteria from using windows. By the way, I don't know you, but I would depend on the _fact_ that I've been using a product without a hitch rather then someone's claims that the said product will fall in a year's time. By the way, I think it would do you a lot of good if you quote Thor's messages warning us from using Windows etc. If you only have a troll's remarks to add, then leave the discussion. As of this time, there is only one huge security risk all researchers agree on; human error aka people's stupidity On Tue, May 18, 2010 at 11:01 AM, Cassidy MacFarlane cassidy.macfarl...@grantmanagement.co.uk wrote: Sent from my HTC -Original Message- From: Thor (Hammer of God) t...@hammerofgod.com Sent: 15 May 2010 21:59 To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) No, It's Tim Mullen. No Bill here. No, I don't misunderstand: You said You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%. This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of last years. IOW, you took what Symantec's numbers were for one year, and guessed they would be the same for this year, and then posted how you were almost right. Congratulation, you can make statements in the obvious. You people really need to get your stories straight. Isn't there some club or something you guys can join to at least sync up your talking points? First we hear about how AV is stupid, unneeded, useless, a waste of money, and if you install it then you are ignorant. Then we hear about how some people can bypass AV using kernel hooks on windows XP and call it an 8.0 Earthquake. Now you come out and say that you predict that AV will not be able to keep up with these new threats and that people must stop using Windows as a result since Windows is not likely of producing any secure version of anything anytime soon. Then you blithe on about how people should avoid any software that locks them into a Microsoft Platform like the plague and specifically note .NET for businesses but of course fail to provide any examples of where they should go, or any real advice on your mitigation strategy. What it is about .NET that should be avoided like the plague? Wait, before you answer that, let's make sure you are qualified to answer. One must assume that you are an expert .NET developer and that you have keen insight into the very foundation of the platform in order to know unequivocally that it should not be used under any circumstances. Please give us some code examples of your .NET projects where it failed so miserably, even given your expertise, and then provide the proper secure solution in your magic TardWare solution. Certainly someone speaking with such authority on the matter can come up with examples in no time. Additionally, you've clearly performed migration engagements for these people you advise. Please let us know what the actual migration plan was, and how you have so brilliantly created a one-off cost migration path. I'm really interested in the details about that. I would particularly like to know what authentication infrastructure you would build to support secure enterprise-based services, your solution for client access and administration, and your overall network concepts. Also, what is your preferred replacement for .NET again? Details on your SDL process would be fantastic as well. You've got a great opportunity to really contribute to the industry by providing us with your qualifications and subsequent solutions to these problems, so I'm really looking forward to seeing what you have to say on the matter beyond Symantec said we'd have this amount of growth, so I said that too, and I was almost right. And since I was almost right, it is imperative to drop all Windows products and re-write all of your .NET code immediately because AV won't be able to keep up with it. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi Sent: Saturday, May 15, 2010 1:07 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) Is that you, Bill? I think you misunderstand. 9 months ago, I measured the growth rate at 243%, using Symantec's stats. 9 months ago I posted that number here, together with a prediction of this year's stats. Recently, I got this year's stats and compared them with that prediction. I found that this prediction was 75.4% accurate. I am now reporting those results back to the group. And this is trolling how? My point is that the prediction was not wildly wrong, and so that leads me to wonder if anything
Re: [Full-disclosure] Windows' future (reprise)
What messages warning you from using Windows? I certainly hope you do not have me confused with the OP - I already used the term hysteria to describe his ideas and subsequent recommendations. The entire premise is fatally flawed, and the subsequent replies show a level of ignorance that I have not seen in a professional security person in some time. It's not surprising to see that the background of his site remains blackened in protest against the many illegal and unethical activities of the USA. Hysterical indeed. In fact, this thread has inspired me to add a new section to the Hammer of God website (currently undergoing major renovation) called Tard of the Month where I'll take claims like the one submitted by the OP and basically... well, you know what I'll do. I just want to make sure you understand that *I* didn't have anything do with any ludicrous comments about abandoning the Windows platform because all the oxygen in my computer was being consumed by what Symantec notes as new threats. t From: Christian Sciberras [mailto:uuf6...@gmail.com] Sent: Tuesday, May 18, 2010 3:40 AM To: Cassidy MacFarlane Cc: Thor (Hammer of God); full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) Happens they are completely unrelated stories. Also happens that I won't fall for someone's hysteria from using windows. By the way, I don't know you, but I would depend on the _fact_ that I've been using a product without a hitch rather then someone's claims that the said product will fall in a year's time. By the way, I think it would do you a lot of good if you quote Thor's messages warning us from using Windows etc. If you only have a troll's remarks to add, then leave the discussion. As of this time, there is only one huge security risk all researchers agree on; human error aka people's stupidity On Tue, May 18, 2010 at 11:01 AM, Cassidy MacFarlane cassidy.macfarl...@grantmanagement.co.ukmailto:cassidy.macfarl...@grantmanagement.co.uk wrote: Sent from my HTC -Original Message- From: Thor (Hammer of God) t...@hammerofgod.commailto:t...@hammerofgod.com Sent: 15 May 2010 21:59 To: full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) No, It's Tim Mullen. No Bill here. No, I don't misunderstand: You said You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%. This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of last years. IOW, you took what Symantec's numbers were for one year, and guessed they would be the same for this year, and then posted how you were almost right. Congratulation, you can make statements in the obvious. You people really need to get your stories straight. Isn't there some club or something you guys can join to at least sync up your talking points? First we hear about how AV is stupid, unneeded, useless, a waste of money, and if you install it then you are ignorant. Then we hear about how some people can bypass AV using kernel hooks on windows XP and call it an 8.0 Earthquake. Now you come out and say that you predict that AV will not be able to keep up with these new threats and that people must stop using Windows as a result since Windows is not likely of producing any secure version of anything anytime soon. Then you blithe on about how people should avoid any software that locks them into a Microsoft Platform like the plague and specifically note .NET for businesses but of course fail to provide any examples of where they should go, or any real advice on your mitigation strategy. What it is about .NET that should be avoided like the plague? Wait, before you answer that, let's make sure you are qualified to answer. One must assume that you are an expert .NET developer and that you have keen insight into the very foundation of the platform in order to know unequivocally that it should not be used under any circumstances. Please give us some code examples of your .NET projects where it failed so miserably, even given your expertise, and then provide the proper secure solution in your magic TardWare solution. Certainly someone speaking with such authority on the matter can come up with examples in no time. Additionally, you've clearly performed migration engagements for these people you advise. Please let us know what the actual migration plan was, and how you have so brilliantly created a one-off cost migration path. I'm really interested in the details about that. I would particularly like to know what authentication infrastructure you would build to support secure enterprise-based services, your solution for client access and administration, and your overall network concepts. Also, what is your
Re: [Full-disclosure] Windows' future (reprise)
On Sun, May 16, 2010 at 08:49:29PM -0400, valdis.kletni...@vt.edu wrote: On Sun, 16 May 2010 23:49:00 BST, lsi said: Malware is flooding at 243% (+/- error). This is consuming the oxygen in your machine. The basic error in your analysis is that although there may in fact be snip why flame about constants about detectable malware when the world missed 100% of the undetectable malware? :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
Thor, Sorry, I didn't make my points clear enough. I was replying sarcastically to Cassidy's remarks and asking him to prove his claims. Regards. On Tue, May 18, 2010 at 4:40 PM, Thor (Hammer of God) t...@hammerofgod.comwrote: What messages warning you from using Windows? I certainly hope you do not have me confused with the OP – I already used the term “hysteria” to describe his ideas and subsequent recommendations. The entire premise is fatally flawed, and the subsequent replies show a level of ignorance that I have not seen in a “professional” security person in some time. It’s not surprising to see that the background of his site “remains blackened in protest against the many illegal and unethical activities of the USA.” Hysterical indeed. In fact, this thread has inspired me to add a new section to the Hammer of God website (currently undergoing major renovation) called “Tard of the Month” where I’ll take claims like the one submitted by the OP and basically… well, you know what I’ll do. I just want to make sure you understand that **I** didn’t have anything do with any ludicrous comments about abandoning the Windows platform because all the oxygen in my computer was being consumed by what Symantec notes as “new threats.” t *From:* Christian Sciberras [mailto:uuf6...@gmail.com] *Sent:* Tuesday, May 18, 2010 3:40 AM *To:* Cassidy MacFarlane *Cc:* Thor (Hammer of God); full-disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] Windows' future (reprise) Happens they are completely unrelated stories. Also happens that I won't fall for someone's hysteria from using windows. By the way, I don't know you, but I would depend on the _fact_ that I've been using a product without a hitch rather then someone's claims that the said product will fall in a year's time. By the way, I think it would do you a lot of good if you quote Thor's messages warning us from using Windows etc. If you only have a troll's remarks to add, then leave the discussion. As of this time, there is only one huge security risk all researchers agree on; human error aka people's stupidity On Tue, May 18, 2010 at 11:01 AM, Cassidy MacFarlane cassidy.macfarl...@grantmanagement.co.uk wrote: Sent from my HTC -Original Message- From: Thor (Hammer of God) t...@hammerofgod.com Sent: 15 May 2010 21:59 To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) No, It's Tim Mullen. No Bill here. No, I don't misunderstand: You said You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%. This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of last years. IOW, you took what Symantec's numbers were for one year, and guessed they would be the same for this year, and then posted how you were almost right. Congratulation, you can make statements in the obvious. You people really need to get your stories straight. Isn't there some club or something you guys can join to at least sync up your talking points? First we hear about how AV is stupid, unneeded, useless, a waste of money, and if you install it then you are ignorant. Then we hear about how some people can bypass AV using kernel hooks on windows XP and call it an 8.0 Earthquake. Now you come out and say that you predict that AV will not be able to keep up with these new threats and that people must stop using Windows as a result since Windows is not likely of producing any secure version of anything anytime soon. Then you blithe on about how people should avoid any software that locks them into a Microsoft Platform like the plague and specifically note .NET for businesses but of course fail to provide any examples of where they should go, or any real advice on your mitigation strategy. What it is about .NET that should be avoided like the plague? Wait, before you answer that, let's make sure you are qualified to answer. One must assume that you are an expert .NET developer and that you have keen insight into the very foundation of the platform in order to know unequivocally that it should not be used under any circumstances. Please give us some code examples of your .NET projects where it failed so miserably, even given your expertise, and then provide the proper secure solution in your magic TardWare solution. Certainly someone speaking with such authority on the matter can come up with examples in no time. Additionally, you've clearly performed migration engagements for these people you advise. Please let us know what the actual migration plan was, and how you have so brilliantly created a one-off cost migration path. I'm really interested in the details about that. I would particularly like to know what authentication infrastructure you would build to support secure
Re: [Full-disclosure] Windows' future (reprise)
On Tue, 18 May 2010 18:00:52 +0300, Georgi Guninski said: why flame about constants about detectable malware when the world missed 100% of the undetectable malware? :) There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we now know we don't know. But there are also unknown unknowns. These are things we do not know we don't know. -- United States Secretary of Defense Donald Rumsfeld (Note that the esteemed Mr Rumsfeld overlooked unknown knowns - that class of stuff we don't realize or refuse to admit we actually *do* know: If Rumsfeld thinks that the main dangers in the confrontation with Iraq were the unknown unknowns, that is, the threats from Saddam whose nature we cannot even suspect, then the Abu Ghraib scandal shows that the main dangers lie in the unknown knowns - the disavowed beliefs, suppositions and obscene practices we pretend not to know about, even though they form the background of our public values. -- Slavoj Zizek The computer industry is full of its own unknown knowns... pgpyUDFQ0WN1c.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
All I saw was sent from my HTC from him. Maybe I'm glad I missed it ;) On May 18, 2010, at 8:15 AM, Christian Sciberras uuf6...@gmail.com wrote: Thor, Sorry, I didn't make my points clear enough. I was replying sarcastically to Cassidy's remarks and asking him to prove his claims. Regards. On Tue, May 18, 2010 at 4:40 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: What messages warning you from using Windows? I certainly hope you do not have me confused with the OP – I already used the term “hysteria” to describe his ideas and subsequent recommendations. The entire premise is fatally flawed, and the subsequent replies sho w a level of ignorance that I have not seen in a “professional” security person in some time. It’s not surprising to see that the background of his site “remains blackened in protest against the man y illegal and unethical activities of the USA.” Hysterical indeed. In fact, this thread has inspired me to add a new section to the Hammer of God website (currently undergoing major renovation) called “Tard of the Month” where I’ll take claims like the one submitted by the OP and basically… well, you know what I’ll do. I just want to make sure you understand that *I* didn’t have anythin g do with any ludicrous comments about abandoning the Windows platfo rm because all the oxygen in my computer was being consumed by what Symantec notes as “new threats.” t From: Christian Sciberras [mailto:uuf6...@gmail.com] Sent: Tuesday, May 18, 2010 3:40 AM To: Cassidy MacFarlane Cc: Thor (Hammer of God); full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) Happens they are completely unrelated stories. Also happens that I won't fall for someone's hysteria from using windows. By the way, I don't know you, but I would depend on the _fact_ that I've been using a product without a hitch rather then someone's claims that the said product will fall in a year's time. By the way, I think it would do you a lot of good if you quote Thor's messages warning us from using Windows etc. If you only have a troll's remarks to add, then leave the discussion. As of this time, there is only one huge security risk all researchers agree on; human error aka people's stupidity On Tue, May 18, 2010 at 11:01 AM, Cassidy MacFarlane cassidy.macfarl...@grantmanagement.co.uk wrote: Sent from my HTC -Original Message- From: Thor (Hammer of God) t...@hammerofgod.com Sent: 15 May 2010 21:59 To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) No, It's Tim Mullen. No Bill here. No, I don't misunderstand: You said You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%. This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of last years. IOW, you took what Symantec's numbers were for one year, and guessed they would be the same for this year, and then posted how you were almost right. Congratulation, you can make statements in the obvious. You people really need to get your stories straight. Isn't there some club or something you guys can join to at least sync up your talking points? First we hear about how AV is stupid, unneeded, useless, a waste of money, and if you install it then you are ignorant. Then we hear about how some people can bypass AV using kernel hooks on windows XP and call it an 8.0 Earthquake. Now you come out and say that you predict that AV will not be able to keep up with these new threats and that people must stop using Windows as a result since Windows is not likely of producing any secure version of anything anytime soon. Then you blithe on about how people should avoid any software that locks them into a Microsoft Platform like the plague and specifically note .NET for businesses but of course fail to provide any examples of where they should go, or any real advice on your mitigation strategy. What it is about .NET that should be avoided like the plague? Wait, before you answer that, let's make sure you are qualified to answer. One must assume that you are an expert .NET developer and that you have keen insight into the very foundation of the platform in order to know unequivocally that it should not be used under any circumstances. Please give us some code examples of your .NET projects where it failed so miserably, even given your expertise, and then provide the proper secure solution in your magic TardWare solution. Certainly someone speaking with such authority on the matter can come up with examples in no time. Additionally, you've clearly performed migration engagements for these people you advise. Please let us know what the actual migration plan was, and how you have so brilliantly
Re: [Full-disclosure] Windows' future (reprise)
--On Tuesday, May 18, 2010 14:40:45 + Thor (Hammer of God) t...@hammerofgod.com wrote: What messages warning you from using Windows? I certainly hope you do not have me confused with the OP – I already used the term “hysteria” to describe his ideas and subsequent recommendations. The entire premise is fatally flawed, and the subsequent replies show a level of ignorance that I have not seen in a “professional” security person in some time. It’s not surprising to see that the background of his site “remains blackened in protest against the many illegal and unethical activities of the USA.” Hysterical indeed. In fact, this thread has inspired me to add a new section to the Hammer of God website (currently undergoing major renovation) called “Tard of the Month” where I’ll take claims like the one submitted by the OP and basically… well, you know what I’ll do. I just want to make sure you understand that *I* didn’t have anything do with any ludicrous comments about abandoning the Windows platform because all the oxygen in my computer was being consumed by what Symantec notes as “new threats.” OK. What about the CO2 in your computer? :-) -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
Is my business at risk, if I say the wrong thing, and my customers go out of business because their hardware/software combination is no longer viable? I imagine these questions are on the minds of many IT managers, and with a chart on the wall showing 243% mutation, it is only reasonable that they be asked. Stu --- Stuart Udall stuart at () cyberdelix dot net - http://www.cyberdelix.net/ In business, you are always exposed to some level of risk when you charge for professional services. That's why you carry various business insurance policies should you engage in a project in which you are responsible for some level of loss on behalf of your client. $5 million in EO is typical, though I've seen a little as $1 million as a requirement. Given that malware and virus mitigation is a systemic issue, I doubt you could be held responsible for a company going out of business because an AV program made their hardware and software unviable. However, when you make public posts to a mailing list that is replicated worldwide about how you are consulting for a business that purchased a $24,000 .net application (or whatever it was) but then go on to say how you know absolutely nothing about .net, I do think you are opening yourself up for legal action should the company have issues (which, they probably will) and there is basically proof in your own words that you are unqualified to do the work. I know my way around different .nix installations a bit. I can make stuff run, and I actually quite good at screwing up a kernel rebuild. However, I don't trust myself to set up a secure unix installation; certainly not to a point that I would provide professional services and bill clients for. If I were to do that, I would (and should) be held liable for damages arising out errors I am responsible for. The right thing to do here, from a business and ethics standpoint, is to subcontract a .net professional who can represent you properly. The job will get done properly, you will make money, and your customer will be happy. You're in London, right? Call up some guys at NGS and see if they can help you. There are some really good people there. t ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On 16 May 2010 at 20:49, valdis.kletni...@vt.edu wrote: To: stu...@cyberdelix.net Copies to: full-disclosure@lists.grok.org.uk Subject:Re: [Full-disclosure] Windows' future (reprise) From: valdis.kletni...@vt.edu Date sent: Sun, 16 May 2010 20:49:29 -0400 On Sun, 16 May 2010 23:49:00 BST, lsi said: Malware is flooding at 243% (+/- error). This is consuming the oxygen in your machine. The basic error in your analysis is that although there may in fact be 243% more malware samples, that doesn't translate into 243% more oxygen consumption. Yes, I agree that the oxygen is not being used at 243%. Last year, I did get a bit excited and said some things like that, (you'll need 200 of today's processors, just for malware filtering, by 2015.), I do think that was wrong. So this year, I took pains not to say that, you'll note I only said the oxygen was being consumed, I didn't say at what rate. To go with your pizza example, say the CPU is the pizza, back in the 80's I had the whole pizza to myself (no AV). Then I installed AV and I had slightly less pizza; the AV takes a small slice of pizza for itself. As the years have passed the AV is doing more and more work. That means its slice of pizza is growing, and the remainder, which is what I get, is shrinking. This is to ignore all the other junk that modern systems run, which also have their bit of pizza too. What I don't know is *how much* extra pizza is being consumed. As you say, 243% extra samples does not correspond to 243% less pizza for me. I am not familiar with the innards of an AV scan engine, so this might be naive - but surely there will be more CPU used by the AV as the number of signatures increases. Therefore, there must come a time, assuming malware continues to increase in number, when eventually, my PC will use all of its CPU on malware filtering. Yes - maybe that is 20 years away, and I will have upgraded by then. But is it 20 years away? And what if I can't upgrade? What about in the meantime - am I going to tolerate my slow machine? How slow is too slow? Time is money. Why would anyone willingly allow their machine to run slowly, and thus cost themselves money? As I said last year - as soon as Joe Average Business User figures out he can do stuff 25% faster, just by dumping his OS*, he will want to dump his OS. Note, 25% faster was a guess, that would be easy enough to measure, will need some old AV software and signature sets, to clock how fast they run while a set of tests are run, then install new AV and new signature sets and rerun the tests. Then run the tests with the AV switched off. * he doesn't realise what a pain it is, but it's not his problem... it's mine! And everyone else who is paid to keep stuff running. Although I see it an an opportunity rather than a problem. Even Thor has his chance, he should get coding on that connector, then sell it to all his former competitors Consider a pizza cut into 8 pieces and somebody comes along and eats 6 of them. Now consider an identical pizza cut 16 ways and somebody eats 12 slices. The rate of slice consumption has doubled, but the actual amount of pizza consumed hasn't changed. Similarly, the fact there's (say) 5 million new malware samples doesn't mean there's 5 million new holes in Windows this year. What you have is 5 million new ways of poking the same 20 or 30 new holes. This makes it a lot easier for the A/V companies. Although they may have 37 different samples, there's a very good chance they were produced using a Metasploit-like mindset - pick an exploit, add a payload, launch. And 37 samples that use the same exploit but have 37 different payloads need one detection rule (for the exploit), not 37. Thank you for explaining this. So what it will come down to is how efficient the AV is at reducing that big number (total threats) to a smaller number (total detection rules). 37:1 is a big ratio, is that likely, however? Would you know the ratio as currently enjoyed by current AV software, by any chance? Stu --- Stuart Udall stuart a...@cyberdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On 17 May 2010 at 18:08, Thor (Hammer of God) wrote: Is my business at risk, if I say the wrong thing, and my customers go out of business because their hardware/software combination is no longer viable? In business, you are always exposed to some level of risk when you charge for professional services. That's why you carry various business insurance No, I'm not worried about being sued, I'm worried about my revenue streams disappearing. However, when you make public posts to a mailing list that is replicated worldwide about how you are consulting for a business that purchased a $24,000 .net application (or whatever it was) but then go on to say how you know absolutely nothing about .net, I do think you are opening yourself up for legal action Not at all - my customer is fully aware that I know nothing about their software. They got sick of me giving them my disclaimer. They are happy for me to work on it because otherwise, they need to pay a large amount in annual support fees, to the company who wrote the software. However, I don't trust myself to set up a secure unix installation; certainly not to a point that I would provide professional services and bill clients for. If I were to do that, I would (and should) be held liable for damages arising out errors I am responsible for. Small print is always good. Also, some systems need to be more secure than others. For public servers, I outsource to another outsourcer. The right thing to do here, from a business and ethics standpoint, is to subcontract a .net professional who can represent you properly. I am pushing my customer to re-sign the service contract with the developers of the product. They don't want to spend the money. There's politics too - the guy who made the purchasing decision doesn't want to admit it was a mistake, so he is pretending there are no problems with the software, and therefore there is no need to pay for the service contract (or so goes his logic). It'd make an excellent case study for someone... The job will get done properly, you will make money, and your customer will be happy. You're in London, right? Call up some guys at NGS and see if they can help you. There are some really good people there. Thanks. I don't have access to the source, however, so I doubt there's anything that can be done. This app, even the error messages are encrypted! (is that some .NET wheeze? lovely) So it can be quite touch and go. But it still costs them less than their annual support contract would. Stu --- Stuart Udall stuart a...@cyberdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On 17 May 2010 at 0:18, valdis.kletni...@vt.edu wrote: On Mon, 17 May 2010 03:48:36 BST, lsi said: It is mutating at approx 243% per annum, a rate which is more than twice as fast as Moore's Law (200% every 24 months). I do find this alarming, because I want my CPU back. So does everyone else I know. Unfortunately, you haven't shown that the CPU actually consumed is going up by 243% or any significant fraction thereof. Admittedly, A/V products are slowly taking more and more resources, but nowhere near a Moore's Law rate. Do some benchmarking. Time how long it takes to scan a collection of 500 or so random files using a 2007 version of your favorite A/V software and signatures, and time how long this week's version take. The difference between the two numbers is the CPU you can get back. I guarantee it has no relationship to the 243% you're complaining about (for starters, even if it *was* gaining 243% a year, that's a 243% grown rate of the 5% or so your anti-virus uses, not of your entire CPU capacity. Indeed. Although 243% of 5% will get quite large quite soon too. I think it might be less than that right now - 2% maybe. The problem is really that even 0.5% will turn into 42.36% after 5 years, at 243% growth. (I have triple checked that, I'm certain it's right, that's outrageous, it's because it's an exponential curve, gets steep quickly). (It will be 243% of 5%, divided by the efficiency ratio you mentioned earlier. That ratio is critical. The smaller it is, the less it holds back the 243%.) I'm not analysing infections, I'm analysing new threats (as defined by Symantec). Read Thor's description of the difference between threats and risks. Defending against threats doesn't consume additional CPU. Defending against risks *may* consume additional CPU. My interpretation of risk assessment tells me that if the chances of denial-of-service due to malware flooding is small, but the potential damage is substantial, despite the improbability, then that risk must be mitigated. I do understand that additional new threats (as defined by Symantec) may, or may not, impact on CPU due to the efficiency ratio you explained earlier. It's not possible to accurately quantify the risk until key numbers, such as the average CPU usage per detection rule, and the average efficiency ratio, are known. What we can say right now is that there is a risk, of size unknown, that malware flooding will result in DOS conditions. We cannot say how big the risk is yet. But also, we cannot say that it does not exist. As numbers such as average CPU usage per detection rule, and the average efficiency ratio, are likely to be commercial secrets, that will mean we will be forced to navigate blind. This heightens the risk and thus the level of mitigation that is required. That is why my advice remains to evacuate the platform. Stu --- Stuart Udall stuart a...@cyberdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
An interesting point - Unicode? I don't think 5Mb files are infeasible, especially as time passes, that'll be just a blip before long. Stu You call it a blip yet you are counting in infections for *everywhere* and *anyone* so, what makes you think service providers (which have been comfy in the last 6 years with a dialup-grade connection) to abruptly switch to high-speed fiber-optic? I'm just saying that your statistics are based on too little variables - it would be like saying Earth will die of hunger just because a product is out of stock at a local supermarket. You yourself mentioned an error margin of ~24%. This will only *grow* by next year. Lastly, I stand my point: Malware cannot be taken is a combination (as you and other certain specialists think of it). Reason number one being that a software combination (hash) can vary from between malware, useful or utterly useless; ie, the combination of having only malware is so undefinable that you can't put it in any equation. Symantec's results are not wrong, it is how you/people use them that may be wrong, such as attempting to predict anything out of them. On Sun, May 16, 2010 at 6:32 AM, lsi stu...@cyberdelix.net wrote: Hi Bill! Thanks for the tip on the DIR command, I did in fact notice that, however it doesn't give percentages (or total space), AFAIK, and my monitoring bot wants percentages. My df also reports the computer name (so I can make sense of the output when the space on multiple machines is listed one after the other in a report, and if an alert is generated by the monitoring bot). The new version of my df uitil is 1951 bytes, the version on my site is old. I'm sorry I upset you because I mentioned .NET, is it because you make a living off it? Sorry to be the bearer of bad tidings. .NET is merely one case of many, I picked it as an example because I am currently supporting a customer with a £23,000 .NET application that has them utterly locked to Microsoft, and I have no hope at all of selling them unix anything. Which is a shame for them (I just made a packet cleaning a nasty virus infection from one of their XP PCs). As for the .NET connector for PHP, yes, I made that up, and the problem is where? You wanted a migration strategy, I gave you one! I did say off top of head. You want me to research it? That's £120/hr. I also don't see a problem posting my mail from a Windows PC. Why do I need to be running unix before I can report that malware is mutating at 243%? I don't, is the short answer. Why don't you criticise my arguments, instead of myself, or my job, or my computer, or my email program, or my personal migration strategy, or my software? Is it because you can't? I think so. Stu On 16 May 2010 at 3:06, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full- disclos...@lists.grok.org.uk Date sent: Sun, 16 May 2010 03:06:18 + Subject:Re: [Full-disclosure] Windows' future (reprise) This just gets better all the time. I have to admit, it was fun at first, but now's I grow weary, mostly because this is just sad. For you to actually think that one can't find out how much free drive space in Windows would be funny it were not so ridiculous. And it's been built into DIR forever. Oh, and your .bas file is 60,000 some odd bytes, not 1951. I think you are confusing the size with the last time you actually did research into what you are talking about. The main point here is for people to see how easy it is for someone who admits that they know nothing about .NET, nor care to learn anything about .NET, to honestly and publically say that people must uninstall it as if it were the plague. You actually get paid to tell people to uninstall it and use a .NET connector to PHP - whatever the hell that is. Simply amazing to me. And yet, it's fine for YOU to continue to use a closed source operating system to run your dear Peg closed source email program because you don't feel like practicing what you preach. To think that you consider insight into moving a couple of computers over to *nix as the basis to make sweeping generalized statements of how migrating is a one-off cost staggers the imagination. But, everyone is entitled to their opinion, so good luck with yours dude. But what you are doing to the poor people who not only trust you but also pay you seems to be quite a disservice indeed. But that's between you and whatever your ethic is. So in a nutshell (and I'll drop off after this as I think this has played itself out) you hate closed source and .NET and get paid to tell other people to migrate to non-existent .NET connector's to PHP after switching from Windows to BSD, but compose the very email that you so vehemently condemn them on a closed source operating system with a closed source program
Re: [Full-disclosure] Windows' future (reprise)
The error in your overall thesis is your failure to identify the difference between threat and risk. You are interacting with Symantec's report of x new threats as if it actually means something, or more specifically, that these new threats somehow translate into some new level of risk. They don't. According to Stephen Hawking, there are new threats emerging based on the statistical probability of the existence of aliens. Therefore, a threat exists where I may be struck in the head by a falling block of green alien poo, frozen in the atmosphere after being flushed out by a passing pan-galactic alien survey ship. However, the actual *risk* of me being hit in the head while walking to a matinée of The Rocky Horror Picture Show doesn't dictate that I apply a small mixture of Purell and Teflon to my umbrella and fill my squirt gun with alien repellent. The risk of me personally being struck by falling alien poo is *far* lower than the risk of any one of the almost 7 billion people on the planet being struck by falling alien poo. You may be able to calculate the risk of my being poo'd in relation to any given human being poo'd, but no level of math will allow you to determine what my or any other person's individual chance of being poo'd is. Your argument would call everyone to change the way they protect themselves from falling alien poo out of the mere existence of a threat without really qualifying the associated risk. That does nothing for anyone, and would only cause a rise in the cost of umbrellas and squirt guns and would probably result in the theater putting the kibosh on Rock Horror completely and charging people to watch Born Free. (Insert clever association of Born Free with free open source products here. See what I did there?) Further, the basis of this threat is that you would actually have to trust what Stephen Hawking is saying in the first place. In his case, there really isn't any way to know that he's the one saying it, is there? For all we know, the ghost of Carl Sagan could have hacked into his computer and has made Mr. Hawking's requests to have his Depends changed translated into run for your lives, the aliens are coming, the aliens are coming when his computer talks. My point is that you are taking threat statistics from Symantec that don't mean anything on their own, as there is no definition of how those threats would apply to any given system, and directly converting them into some global level of risk - and you are doing so to such extremes that you actually conclude that the solution is to do away with Microsoft products based on some unproven and imagined postulate that closed source is somehow at the core of the issue while at the same time admitting you don't know anything about the platform. The fact that you are actually using Windows and programs written with Visual Studio out of convenience to you critically damages your argument. If you as the author of this idea refuse to migrate from Windows or applications written with Windows development products and frameworks just because it is *not convenient* for you, how could you possibly expect anyone supporting any infrastructure of consequence to take your advice or even consider your ideas as anything other than hysteria when they would have to engage in unfathomable expense, effort and time to create a total and complete paradigm change in their business simply to try to defend against being hit by falling alien poo? t An interesting point - Unicode? I don't think 5Mb files are infeasible, especially as time passes, that'll be just a blip before long. Stu On 15 May 2010 at 14:59, Christian Sciberras wrote: Date sent: Sat, 15 May 2010 14:59:46 +0100 Subject:Re: [Full-disclosure] Windows' future (reprise) From: Christian Sciberras uuf6429 () gmail com To: stuart () cyberdelix net ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
Imagine you are in an enclosed space. It starts to flood. As the water level rises, the amount of oxygen you have available falls. Unless it stops flooding, eventually you will have no oxygen at all. So, the CPU, RAM, diskspace, and network bandwidth of your machine, as well as limits imposed by integer math, are the enclosed space. Those specify the finite processing limits of your machine. Malware is the flood. Oxygen is what's left in your enclosed space/machine, once your malware defences have run. Malware is flooding at 243% (+/- error). This is consuming the oxygen in your machine. You can enlarge your enclosed space, with hardware upgrades, but that's not stopping the flooding. Eventually you will find it's not possible to upgrade the machine (usually a software dependency of some kind). At this point the machine will run slower and slower. Your alternatives will be to disconnect the machine from the internet, and partially/completely disable malware filters; or to replace the machine. As you can see you're spending money on upgrades and replacements, and losing productivity and/or capabilities (eg. internet access). Meanwhile, the malware is still flooding into your enclosed space. Every second that goes by, the rate of flooding increases. Your boss is screaming at you for spending a zillion on hardware. Your users are whinging because everything is running like a dog. Your support staff are running around constantly fixing machines on which the AV has failed (yet again) to stop the latest 0-day variant. Your company's customers are livid because you had to tell them you had a trojan on an accounts machine and their credit card data is now on the web. Your wife has the hump because you're never home, except in a bad mood, your kids think you are a boarder, and the dog hates you because you never take it for walks anymore. And you now need to go to your boss and ask for more money for more upgrades. What are you gonna do? Are you going to let your IT run like this forever? Do you think your boss will like it when you ask him for more budget? What is your long-term strategy for fixing this problem? Stu On 16 May 2010 at 19:08, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk Date sent: Sun, 16 May 2010 19:08:26 + Subject:Re: [Full-disclosure] Windows' future (reprise) The error in your overall thesis is your failure to identify the difference between threat and risk. You are interacting with Symantec's report of x new threats as if it actually means something, or more specifically, that these new threats somehow translate into some new level of risk. They don't. According to Stephen Hawking, there are new threats emerging based on the statistical probability of the existence of aliens. Therefore, a threat exists where I may be struck in the head by a falling block of green alien poo, frozen in the atmosphere after being flushed out by a passing pan-galactic alien survey ship. However, the actual *risk* of me being hit in the head while walking to a matinée of The Rocky Horror Picture Show doesn't dictate that I apply a small mixture of Purell and Teflon to my umbrella and fill my squirt gun with alien repellent. The risk of me personally being struck by falling alien poo is *far* lower than the risk of any one of the almost 7 billion people on the planet being struck by falling alien poo. You may be able to calculate the risk of my being poo'd in relation to any given human being poo'd, but no level of math will allow you to determine what my or any other person's individual chance of being poo'd is. Your argument would call everyone to change the way they protect themselves from falling alien poo out of the mere existence of a threat without really qualifying the associated risk. That does nothing for anyone, and would only cause a rise in the cost of umbrellas and squirt guns and would probably result in the theater putting the kibosh on Rock Horror completely and charging people to watch Born Free. (Insert clever association of Born Free with free open source products here. See what I did there?) Further, the basis of this threat is that you would actually have to trust what Stephen Hawking is saying in the first place. In his case, there really isn't any way to know that he's the one saying it, is there? For all we know, the ghost of Carl Sagan could have hacked into his computer and has made Mr. Hawking's requests to have his Depends changed translated into run for your lives, the aliens are coming, the aliens are coming when his computer talks. My point is that you are taking threat statistics from Symantec that don't mean anything on their own, as there is no definition of how those threats would apply to any given system, and directly
Re: [Full-disclosure] Windows' future (reprise)
On Sun, 16 May 2010 23:49:00 BST, lsi said: Malware is flooding at 243% (+/- error). This is consuming the oxygen in your machine. The basic error in your analysis is that although there may in fact be 243% more malware samples, that doesn't translate into 243% more oxygen consumption. Consider a pizza cut into 8 pieces and somebody comes along and eats 6 of them. Now consider an identical pizza cut 16 ways and somebody eats 12 slices. The rate of slice consumption has doubled, but the actual amount of pizza consumed hasn't changed. Similarly, the fact there's (say) 5 million new malware samples doesn't mean there's 5 million new holes in Windows this year. What you have is 5 million new ways of poking the same 20 or 30 new holes. This makes it a lot easier for the A/V companies. Although they may have 37 different samples, there's a very good chance they were produced using a Metasploit-like mindset - pick an exploit, add a payload, launch. And 37 samples that use the same exploit but have 37 different payloads need one detection rule (for the exploit), not 37. pgpS5P6hT3cAt.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On 17 May 2010 at 1:06, Christian Sciberras wrote: Malware is not flooding. It only s much as changes and not at an alarming rate neither. It is mutating at approx 243% per annum, a rate which is more than twice as fast as Moore's Law (200% every 24 months). I do find this alarming, because I want my CPU back. So does everyone else I know. Happens that any piece of [individual] malware is smaller than 5Mb (as in my example) therefor what you call a flood is nothing more then a couple of droplets of water in a lake. Did you ever try and use your computer when it was doing a virus scan? That's much more than a droplet of CPU that you are missing. Besides, competent anti-viruses automatically clean their own signature base from systems immune to certain malware (eg patched). Nice. That would improve things I think (assuming the patch does in fact make the machine invulnerable to the malware that it can no longer detect). Also, thankfully, I don't get infected with new malware X times per day, in fact, I don't recall ever being infected in the last 6/7 years I've run Windows (your point of focus). I'm sure I'm not alone, so where do you put us in your equation? Surely you can't infect non-existent workstations? I'm not analysing infections, I'm analysing new threats (as defined by Symantec). However if I was analysing infections, I'd call you an outlier (anomaly), and exclude you from my computation. You would be one of the few. Impressive though. Stu On Mon, May 17, 2010 at 12:49 AM, lsi stu...@cyberdelix.net wrote: Imagine you are in an enclosed space. It starts to flood. As the water level rises, the amount of oxygen you have available falls. Unless it stops flooding, eventually you will have no oxygen at all. So, the CPU, RAM, diskspace, and network bandwidth of your machine, as well as limits imposed by integer math, are the enclosed space. Those specify the finite processing limits of your machine. Malware is the flood. Oxygen is what's left in your enclosed space/machine, once your malware defences have run. Malware is flooding at 243% (+/- error). This is consuming the oxygen in your machine. You can enlarge your enclosed space, with hardware upgrades, but that's not stopping the flooding. Eventually you will find it's not possible to upgrade the machine (usually a software dependency of some kind). At this point the machine will run slower and slower. Your alternatives will be to disconnect the machine from the internet, and partially/completely disable malware filters; or to replace the machine. As you can see you're spending money on upgrades and replacements, and losing productivity and/or capabilities (eg. internet access). Meanwhile, the malware is still flooding into your enclosed space. Every second that goes by, the rate of flooding increases. Your boss is screaming at you for spending a zillion on hardware. Your users are whinging because everything is running like a dog. Your support staff are running around constantly fixing machines on which the AV has failed (yet again) to stop the latest 0-day variant. Your company's customers are livid because you had to tell them you had a trojan on an accounts machine and their credit card data is now on the web. Your wife has the hump because you're never home, except in a bad mood, your kids think you are a boarder, and the dog hates you because you never take it for walks anymore. And you now need to go to your boss and ask for more money for more upgrades. What are you gonna do? Are you going to let your IT run like this forever? Do you think your boss will like it when you ask him for more budget? What is your long-term strategy for fixing this problem? Stu On 16 May 2010 at 19:08, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk Date sent: Sun, 16 May 2010 19:08:26 + Subject:Re: [Full-disclosure] Windows' future (reprise) The error in your overall thesis is your failure to identify the difference between threat and risk. You are interacting with Symantec's report of x new threats as if it actually means something, or more specifically, that these new threats somehow translate into some new level of risk. They don't. According to Stephen Hawking, there are new threats emerging based on the statistical probability of the existence of aliens. Therefore, a threat exists where I may be struck in the head by a falling block of green alien poo, frozen in the atmosphere after being flushed out by a passing pan-galactic alien survey ship. However, the actual *risk* of me being hit in the head while walking to a matinée of The Rocky Horror Picture Show doesn't dictate that I apply a small mixture of Purell and Teflon to my umbrella
Re: [Full-disclosure] Windows' future (reprise)
On Mon, 17 May 2010 03:48:36 BST, lsi said: It is mutating at approx 243% per annum, a rate which is more than twice as fast as Moore's Law (200% every 24 months). I do find this alarming, because I want my CPU back. So does everyone else I know. Unfortunately, you haven't shown that the CPU actually consumed is going up by 243% or any significant fraction thereof. Admittedly, A/V products are slowly taking more and more resources, but nowhere near a Moore's Law rate. Do some benchmarking. Time how long it takes to scan a collection of 500 or so random files using a 2007 version of your favorite A/V software and signatures, and time how long this week's version take. The difference between the two numbers is the CPU you can get back. I guarantee it has no relationship to the 243% you're complaining about (for starters, even if it *was* gaining 243% a year, that's a 243% grown rate of the 5% or so your anti-virus uses, not of your entire CPU capacity. I'm not analysing infections, I'm analysing new threats (as defined by Symantec). Read Thor's description of the difference between threats and risks. Defending against threats doesn't consume additional CPU. Defending against risks *may* consume additional CPU. pgpLnEzQhKMdX.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
I am constantly amazed at posts like this where you make yourself sound like some sort of statistical genius because you were able to predict that since last year was %243, that this year would be %243. Wow. Really? And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. This smacks of the classic troll, where you say things like nothing that Microsoft makes is secure and it never will be and then go on to say how easy it is to migrate, and how it's free, with only a one off cost, and how to move off of .NET. Obvious predictions, ignorant assumptions, and a total lack of any true understanding of business computing. Yep, troll. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi Sent: Saturday, May 15, 2010 6:12 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Windows' future (reprise) Hi All! Just a followup from my posting of 9 months ago (which can be found here): http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg37173.html Symantec have released Internet Security Threat Report: Volume XV: April 2010. My posting from last year was based on the previous Internet Security Threat Report: Volume XIV: April 2009. So I thought it would be interesting to check my numbers. The new edition of the Threat Report is here: http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202 You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%. This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of last years; eg. I predicted 9 months ago the number of new threats in this year's Symantec Threat Report would be 243% * 1656227, or 3840485.87. The actual number of new threats in this year's Symantec Threat Report is 2895802, an error on my part of 24.6%. This is quite a chunk, however it is not that far off. My excuses: - my number was based on averages, so it will never be exact. There will be a natural variance in the growth rate, caused by many factors. - in the new edition, Symantec have altered the raw data a little - the number of new threats for 2009, 2008, 2007 etc is slightly different to those same years, as listed in the previous version of the report. I have not updated my projection to allow for this. - Symantec note that The slight decline in the rate of growth should not discount the significant number of new signatures created in 2009. Signature-based detection is lagging behind the creation of malicious threats... (page 48). Am I retreating from my position? Absolutely not. I am now expecting the number of new threats in next years' report to be 7036798.86. This is 2895802 * 243%. This includes the error introduced by Symantec's changes to the raw data. I don't think it matters much. As this flood of new threats will soon overpower AV companies' ability to catalogue them (by 2015, at 243% growth, there will be 2.739 MILLION new threats PER DAY (over 1900 new threats per minute)), and as Symantec admits above that signature-based detection is lagging, and as Microsoft are not likely to produce a secure version of anything anytime soon, I am not at all hopeful of a clean resolution to this problem. I continue to advise that users should, where possible, deploy alternatives; that they should, if they have not already, create and action a migration strategy; and that they should avoid like the plague, any software which locks them into a Microsoft platform. Business .NET applications, I'm lookin' at you. Those failing to migrate will discover their hardware runs slower and slower, while doing the same job as it did previously. They will need to take this productivity hit, OR buy a new computer, which will also eventually surcumb to the same increasing slowness. They will need to buy new machines more and more frequently. Eventually, they will run out of money - or, for the especially deep-pocketed, they will find they cannot deploy the new machines fast enough, before they are already too slow to use. The only alternative to this treadmill is to dump Windows. The sooner it is dumped, the less money is wasted buying new hardware, simply to keep up with security- induced slowness. Why spend all that time and money on a series of new Windows machines, without fixing the actual problem, which is the inherent insecurity of Windows? People can spend the same time and money replacing Windows, and then they won't need to worry about the problem any more. The difference is that sticking with Windows incurs ongoing and increasing costs, while a migration incurs a one- off cost. I don't think it takes a genius to see which
Re: [Full-disclosure] Windows' future (reprise)
On Sat, 15 May 2010 14:40:29 + Thor (Hammer of God) t...@hammerofgod.com wrote: And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. To be fair to the original poster, there are activities that I wouldn't want to do on a Windows machine, and if you read Brian Krebs' blog, the same goes double for small businesses: Online banking comes to mind. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
That kind of goes for everything, doesn't it? T On May 15, 2010, at 10:32 AM, Peter Besenbruch p...@lava.net wrote: On Sat, 15 May 2010 14:40:29 + Thor (Hammer of God) t...@hammerofgod.com wrote: And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. To be fair to the original poster, there are activities that I wouldn't want to do on a Windows machine, and if you read Brian Krebs' blog, the same goes double for small businesses: Online banking comes to mind. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
Is that you, Bill? I think you misunderstand. 9 months ago, I measured the growth rate at 243%, using Symantec's stats. 9 months ago I posted that number here, together with a prediction of this year's stats. Recently, I got this year's stats and compared them with that prediction. I found that this prediction was 75.4% accurate. I am now reporting those results back to the group. And this is trolling how? My point is that the prediction was not wildly wrong, and so that leads me to wonder if anything else I said, 9 months ago, was also not wildly wrong. My main reason for claiming that Windows is inherently insecure is because it's closed source. However it's also because of the sloppy, monolithic spaghetti code that Windows is made of. If you're claiming Windows is in fact inherently secure, I assume this means you don't use AV on any of your Windows machines, and advise everyone you know to uninstall it? I never said migration would be free or easy. That is why I am posting this data here, because I see it as a vulnerability, a very big vulnerability that many companies have not woken up to. The very fact that migration is hard, lengthy, and expensive, means that the vulnerability is larger than ever. Stu On 15 May 2010 at 14:40, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full- disclos...@lists.grok.org.uk Date sent: Sat, 15 May 2010 14:40:29 + Subject:Re: [Full-disclosure] Windows' future (reprise) I am constantly amazed at posts like this where you make yourself sound like some sort of statistical genius because you were able to predict that since last year was %243, that this year would be %243. Wow. Really? And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. This smacks of the classic troll, where you say things like nothing that Microsoft makes is secure and it never will be and then go on to say how easy it is to migrate, and how it's free, with only a one off cost, and how to move off of .NET. Obvious predictions, ignorant assumptions, and a total lack of any true understanding of business computing. Yep, troll. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi Sent: Saturday, May 15, 2010 6:12 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Windows' future (reprise) Hi All! Just a followup from my posting of 9 months ago (which can be found here): http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg37173.html Symantec have released Internet Security Threat Report: Volume XV: April 2010. My posting from last year was based on the previous Internet Security Threat Report: Volume XIV: April 2009. So I thought it would be interesting to check my numbers. The new edition of the Threat Report is here: http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202 You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%. This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of last years; eg. I predicted 9 months ago the number of new threats in this year's Symantec Threat Report would be 243% * 1656227, or 3840485.87. The actual number of new threats in this year's Symantec Threat Report is 2895802, an error on my part of 24.6%. This is quite a chunk, however it is not that far off. My excuses: - my number was based on averages, so it will never be exact. There will be a natural variance in the growth rate, caused by many factors. - in the new edition, Symantec have altered the raw data a little - the number of new threats for 2009, 2008, 2007 etc is slightly different to those same years, as listed in the previous version of the report. I have not updated my projection to allow for this. - Symantec note that The slight decline in the rate of growth should not discount the significant number of new signatures created in 2009. Signature-based detection is lagging behind the creation of malicious threats... (page 48). Am I retreating from my position? Absolutely not. I am now expecting the number of new threats in next years' report to be 7036798.86. This is 2895802 * 243%. This includes the error introduced by Symantec's changes to the raw data. I don't think it matters much. As this flood of new threats will soon overpower AV companies' ability to catalogue them (by 2015, at 243% growth, there will be 2.739 MILLION new threats PER DAY (over 1900 new threats per minute)), and as Symantec
Re: [Full-disclosure] Windows' future (reprise)
An interesting point - Unicode? I don't think 5Mb files are infeasible, especially as time passes, that'll be just a blip before long. Stu On 15 May 2010 at 14:59, Christian Sciberras wrote: Date sent: Sat, 15 May 2010 14:59:46 +0100 Subject:Re: [Full-disclosure] Windows' future (reprise) From: Christian Sciberras uuf6...@gmail.com To: stu...@cyberdelix.net In a nutshell, I disagree. For one thing, that much variants would exhaust the number of combinations per malware, unless we are talking about malware in excess of 5 Mb. I'm not disagreeing with the prediction of an increase, nor for a possibility of a grim future for windows. I'm just saying that at those numbers, there is more probability of a (very) wrong predication. Cheers. On Sat, May 15, 2010 at 2:11 PM, lsi stu...@cyberdelix.net wrote: Hi All! Just a followup from my posting of 9 months ago (which can be found here): http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg37173.html Symantec have released Internet Security Threat Report: Volume XV: April 2010. My posting from last year was based on the previous Internet Security Threat Report: Volume XIV: April 2009. So I thought it would be interesting to check my numbers. The new edition of the Threat Report is here: http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202 You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%. This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of last years; eg. I predicted 9 months ago the number of new threats in this year's Symantec Threat Report would be 243% * 1656227, or 3840485.87. The actual number of new threats in this year's Symantec Threat Report is 2895802, an error on my part of 24.6%. This is quite a chunk, however it is not that far off. My excuses: - my number was based on averages, so it will never be exact. There will be a natural variance in the growth rate, caused by many factors. - in the new edition, Symantec have altered the raw data a little - the number of new threats for 2009, 2008, 2007 etc is slightly different to those same years, as listed in the previous version of the report. I have not updated my projection to allow for this. - Symantec note that The slight decline in the rate of growth should not discount the significant number of new signatures created in 2009. Signature-based detection is lagging behind the creation of malicious threats... (page 48). Am I retreating from my position? Absolutely not. I am now expecting the number of new threats in next years' report to be 7036798.86. This is 2895802 * 243%. This includes the error introduced by Symantec's changes to the raw data. I don't think it matters much. As this flood of new threats will soon overpower AV companies' ability to catalogue them (by 2015, at 243% growth, there will be 2.739 MILLION new threats PER DAY (over 1900 new threats per minute)), and as Symantec admits above that signature-based detection is lagging, and as Microsoft are not likely to produce a secure version of anything anytime soon, I am not at all hopeful of a clean resolution to this problem. I continue to advise that users should, where possible, deploy alternatives; that they should, if they have not already, create and action a migration strategy; and that they should avoid like the plague, any software which locks them into a Microsoft platform. Business .NET applications, I'm lookin' at you. Those failing to migrate will discover their hardware runs slower and slower, while doing the same job as it did previously. They will need to take this productivity hit, OR buy a new computer, which will also eventually surcumb to the same increasing slowness. They will need to buy new machines more and more frequently. Eventually, they will run out of money - or, for the especially deep-pocketed, they will find they cannot deploy the new machines fast enough, before they are already too slow to use. The only alternative to this treadmill is to dump Windows. The sooner it is dumped, the less money is wasted buying new hardware, simply to keep up with security- induced slowness. Why spend all that time and money on a series of new Windows machines, without fixing the actual problem, which is the inherent insecurity of Windows? People can spend the same time and money replacing Windows, and then they won't need to worry about the problem any more. The difference is that sticking with Windows incurs ongoing and increasing costs, while a migration incurs a one- off cost. I don't think it takes a genius to see which approach will cost less. Notes: - see page 10 of the Volume XIV (2009) edition, and page 48 of Volume XV (2010) edition
Re: [Full-disclosure] Windows' future (reprise)
My main reason for claiming that Windows is inherently insecure is because it's closed source. As opposed to crowd sourcing, which some claim is inherently more secure because more [uneducated] eyes review the source code? This is along the lines of, 'Linux does not get viruses' argument. Give me a break... On Sat, May 15, 2010 at 4:06 PM, lsi stu...@cyberdelix.net wrote: Is that you, Bill? I think you misunderstand. 9 months ago, I measured the growth rate at 243%, using Symantec's stats. 9 months ago I posted that number here, together with a prediction of this year's stats. Recently, I got this year's stats and compared them with that prediction. I found that this prediction was 75.4% accurate. I am now reporting those results back to the group. And this is trolling how? My point is that the prediction was not wildly wrong, and so that leads me to wonder if anything else I said, 9 months ago, was also not wildly wrong. My main reason for claiming that Windows is inherently insecure is because it's closed source. However it's also because of the sloppy, monolithic spaghetti code that Windows is made of. If you're claiming Windows is in fact inherently secure, I assume this means you don't use AV on any of your Windows machines, and advise everyone you know to uninstall it? I never said migration would be free or easy. That is why I am posting this data here, because I see it as a vulnerability, a very big vulnerability that many companies have not woken up to. The very fact that migration is hard, lengthy, and expensive, means that the vulnerability is larger than ever. Stu On 15 May 2010 at 14:40, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full- disclos...@lists.grok.org.uk Date sent: Sat, 15 May 2010 14:40:29 + Subject: Re: [Full-disclosure] Windows' future (reprise) I am constantly amazed at posts like this where you make yourself sound like some sort of statistical genius because you were able to predict that since last year was %243, that this year would be %243. Wow. Really? And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. This smacks of the classic troll, where you say things like nothing that Microsoft makes is secure and it never will be and then go on to say how easy it is to migrate, and how it's free, with only a one off cost, and how to move off of .NET. Obvious predictions, ignorant assumptions, and a total lack of any true understanding of business computing. Yep, troll. t [SNIP] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On Sat, May 15, 2010 at 7:40 AM, Thor (Hammer of God) t...@hammerofgod.com wrote: I am constantly amazed at posts like this where you make yourself sound like some sort of statistical genius because you were able to predict that since last year was %243, that this year would be %243. Wow. Really? I agree that the post is a bit pompous...however: And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. This smacks of the classic troll, where you say things like nothing that Microsoft makes is secure and it never will be But...it is true that nothing Microsoft (or anyone, perhaps) makes is secure. And given that Microsoft has a decades long history of far worse than industry average security I think it is pretty reasonable to surmise that Windows will never be secure. and then go on to say how easy it is to migrate, and how it's free, with only a one off cost, and how to move off of .NET. We migrated. With only a one off cost. Been a few years now. Business is looking good. Obvious predictions, ignorant assumptions, and a total lack of any true understanding of business computing. Yep, troll. Trollish but not entirely wrong. BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
No, It's Tim Mullen. No Bill here. No, I don't misunderstand: You said You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%. This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of last years. IOW, you took what Symantec's numbers were for one year, and guessed they would be the same for this year, and then posted how you were almost right. Congratulation, you can make statements in the obvious. You people really need to get your stories straight. Isn't there some club or something you guys can join to at least sync up your talking points? First we hear about how AV is stupid, unneeded, useless, a waste of money, and if you install it then you are ignorant. Then we hear about how some people can bypass AV using kernel hooks on windows XP and call it an 8.0 Earthquake. Now you come out and say that you predict that AV will not be able to keep up with these new threats and that people must stop using Windows as a result since Windows is not likely of producing any secure version of anything anytime soon. Then you blithe on about how people should avoid any software that locks them into a Microsoft Platform like the plague and specifically note .NET for businesses but of course fail to provide any examples of where they should go, or any real advice on your mitigation strategy. What it is about .NET that should be avoided like the plague? Wait, before you answer that, let's make sure you are qualified to answer. One must assume that you are an expert .NET developer and that you have keen insight into the very foundation of the platform in order to know unequivocally that it should not be used under any circumstances. Please give us some code examples of your .NET projects where it failed so miserably, even given your expertise, and then provide the proper secure solution in your magic TardWare solution. Certainly someone speaking with such authority on the matter can come up with examples in no time. Additionally, you've clearly performed migration engagements for these people you advise. Please let us know what the actual migration plan was, and how you have so brilliantly created a one-off cost migration path. I'm really interested in the details about that. I would particularly like to know what authentication infrastructure you would build to support secure enterprise-based services, your solution for client access and administration, and your overall network concepts. Also, what is your preferred replacement for .NET again? Details on your SDL process would be fantastic as well. You've got a great opportunity to really contribute to the industry by providing us with your qualifications and subsequent solutions to these problems, so I'm really looking forward to seeing what you have to say on the matter beyond Symantec said we'd have this amount of growth, so I said that too, and I was almost right. And since I was almost right, it is imperative to drop all Windows products and re-write all of your .NET code immediately because AV won't be able to keep up with it. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi Sent: Saturday, May 15, 2010 1:07 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) Is that you, Bill? I think you misunderstand. 9 months ago, I measured the growth rate at 243%, using Symantec's stats. 9 months ago I posted that number here, together with a prediction of this year's stats. Recently, I got this year's stats and compared them with that prediction. I found that this prediction was 75.4% accurate. I am now reporting those results back to the group. And this is trolling how? My point is that the prediction was not wildly wrong, and so that leads me to wonder if anything else I said, 9 months ago, was also not wildly wrong. My main reason for claiming that Windows is inherently insecure is because it's closed source. However it's also because of the sloppy, monolithic spaghetti code that Windows is made of. If you're claiming Windows is in fact inherently secure, I assume this means you don't use AV on any of your Windows machines, and advise everyone you know to uninstall it? I never said migration would be free or easy. That is why I am posting this data here, because I see it as a vulnerability, a very big vulnerability that many companies have not woken up to. The very fact that migration is hard, lengthy, and expensive, means that the vulnerability is larger than ever. Stu On 15 May 2010 at 14:40, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full- disclos...@lists.grok.org.uk Date sent: Sat, 15 May
Re: [Full-disclosure] Windows' future (reprise)
On Sat, May 15, 2010 at 1:22 PM, Jeffrey Walton noloa...@gmail.com wrote: As opposed to crowd sourcing, which some claim is inherently more secure because more [uneducated] eyes review the source code? There are far more educated eyes able to review the Linux source code than the Windows source code. The uneducated people reviewing it don't seem to be hurting anything while the educated people reviewing it are helping a lot if all of the patches I see coming in every day are any measure. This is along the lines of, 'Linux does not get viruses' argument. Well...has it ever? I've been running it on a day to day basis on my desktop since 1994 and have never once gotten a virus. I have been active in the community since then and I have never met anyone who got one. So... BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
And what of the pass the hash group of attacks, not to mention the insecure hashing to begin with? Combine that with token manipulation and process migration and you have a very deadly combination to almost any windows network that you don't see anywhere else. Exploiting windows networks in this way is trivial at best, and is built in to the operating system as a set of 'features'. That's not to say the *nix platform doesn't have it's own security problems, but at least they're a.) dealt with in a more timely manner, and b.) easily analyzed by anyone. Even if 99/100 people that looks at it is 'uneducated' as you put it i'd rather have the one set of eyes on it going 'hey this needs to be fixed' and educating eveyone else on how to manage it, a la the Debian PRNG SSH bug a couple years ago. Imagine how that wouldve gone if Microsoft had dealt with a similar issue. Having said that I have to say even though some people may not find Stuart's research interesting, he's simply trying to report his findings. He's doing this to help paint a picture of security in the state it's ACTUALLY in, and try to predict where it's progressing to. Everything in nature can be modeled with mathematics, why not threat trends? On May 15, 2010, at 4:22 PM, Jeffrey Walton noloa...@gmail.com wrote: My main reason for claiming that Windows is inherently insecure is because it's closed source. As opposed to crowd sourcing, which some claim is inherently more secure because more [uneducated] eyes review the source code? This is along the lines of, 'Linux does not get viruses' argument. Give me a break... On Sat, May 15, 2010 at 4:06 PM, lsi stu...@cyberdelix.net wrote: Is that you, Bill? I think you misunderstand. 9 months ago, I measured the growth rate at 243%, using Symantec's stats. 9 months ago I posted that number here, together with a prediction of this year's stats. Recently, I got this year's stats and compared them with that prediction. I found that this prediction was 75.4% accurate. I am now reporting those results back to the group. And this is trolling how? My point is that the prediction was not wildly wrong, and so that leads me to wonder if anything else I said, 9 months ago, was also not wildly wrong. My main reason for claiming that Windows is inherently insecure is because it's closed source. However it's also because of the sloppy, monolithic spaghetti code that Windows is made of. If you're claiming Windows is in fact inherently secure, I assume this means you don't use AV on any of your Windows machines, and advise everyone you know to uninstall it? I never said migration would be free or easy. That is why I am posting this data here, because I see it as a vulnerability, a very big vulnerability that many companies have not woken up to. The very fact that migration is hard, lengthy, and expensive, means that the vulnerability is larger than ever. Stu On 15 May 2010 at 14:40, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full- disclos...@lists.grok.org.uk Date sent: Sat, 15 May 2010 14:40:29 + Subject:Re: [Full-disclosure] Windows' future (reprise) I am constantly amazed at posts like this where you make yourself sound like some sort of statistical genius because you were able to predict that since last year was %243, that this year would be %243. Wow. Really? And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. This smacks of the classic troll, where you say things like nothing that Microsoft makes is secure and it never will be and then go on to say how easy it is to migrate, and how it's free, with only a one off cost, and how to move off of .NET. Obvious predictions, ignorant assumptions, and a total lack of any true understanding of business computing. Yep, troll. t [SNIP] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
Sent from my HTC Touch Pro2 on the Now Network from Sprint®. -Original Message- From: BMF badmotherfs...@gmail.com Sent: Saturday, May 15, 2010 4:54 PM To: full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) On Sat, May 15, 2010 at 7:40 AM, Thor (Hammer of God) t...@hammerofgod.com wrote: I am constantly amazed at posts like this where you make yourself sound like some sort of statistical genius because you were able to predict that since last year was %243, that this year would be %243. Wow. Really? I agree that the post is a bit pompous...however: And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. This smacks of the classic troll, where you say things like nothing that Microsoft makes is secure and it never will be But...it is true that nothing Microsoft (or anyone, perhaps) makes is secure. And given that Microsoft has a decades long history of far worse than industry average security I think it is pretty reasonable to surmise that Windows will never be secure. and then go on to say how easy it is to migrate, and how it's free, with only a one off cost, and how to move off of .NET. We migrated. With only a one off cost. Been a few years now. Business is looking good. Obvious predictions, ignorant assumptions, and a total lack of any true understanding of business computing. Yep, troll. Trollish but not entirely wrong. BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
On Sat, 15 May 2010 16:22:26 -0400 Jeffrey Walton noloa...@gmail.com wrote: This is along the lines of, 'Linux does not get viruses' argument. Give me a break... I set up a dual boot arrangement on a friend's machine. The Windows side promptly got infected. The guy was furious and blamed his son. Fortunately, it was a relatively easy infection to clean. The tip off that all was not as the man claimed, was when I found several copies of the virus saved to his home directory in the Linux side. It seems he hadn't been able to get the attachment to run under Linux, and had switched to Windows. Now, I am NOT arguing about Linux being safe because no-one writes malware for it. I am arguing that that the guy was safe running Linux because: a) He could only save the attachment to disk. b) Had it been Linux malware, he would have had to make it executable. The guy wasn't knowledgeable enough to do all that. He also didn't know that much about how malware gets delivered. I suspect that there is a broad correlation between computer knowledge and safe on-line behavior. The irony is that the less a person, or employee knows about computers, the better off everyone would be if that person ran Linux. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
IOW, you took what Symantec's numbers were for one year, and guessed they would be the same for this year, and then posted how you were almost right. You definitely misunderstand. AFAIK, Symantec do not publish the number 243%. I calculated it myself, using this sum: (0.92 + 3.67 + 1.64 + 1.24 + 4.44 + 2.65) / 6 I also calculated those numbers, using the general formula y(n+1) / y(n). This is all explained on the link I gave in my original post: http://www.cyberdelix.net/files/malware_mutation_projection.pdf Even in the most recent report, Symantec only refer to the growth rate by saying it was more than double (eg, 200+%) - although I haven't read it closely, they may well elaborate on that at some point. You people really need to get your stories straight. There is only one of me, I assure you. Then you blithe on about how people should avoid any software that locks them into a Microsoft Platform like the plague and specifically note .NET for businesses but of course fail to provide any examples of where they should go, or any real advice on your mitigation strategy. I agree Windows needs mitigation, that is why I am posting. I didn't mention alternatives as that's not my purpose, to promote a specific product, and I wouldn't want my observations to be tainted by it. However, now you've asked, I'd recommend FreeBSD, without even seeing your spec. Desktops? PC-BSD. As for .NET, off top of head I'd suggest a .NET connector for PHP, running on FreeBSD of course. What it is about .NET that should be avoided like the plague? Wait, Sorry but I already answered that. It's because it locks the customer into a Microsoft platform. One must assume that you are an expert .NET developer You'd assume wrong - it doesn't take an expert to recognise a dependency. Additionally, you've clearly performed migration engagements for these people you advise. Please let us know what the actual migration plan was, and how you have so brilliantly created a one-off cost migration path. I'm really interested in the details about that. I'm sure you are, and I'd be happy to oblige. My rates for that kind of work start at £120/hr. Please PM me for more info. Details on your SDL process would be fantastic as well. Continuous incremental improvement (TQM). RERO. Prototyping. Agile is the word used nowadays I believe... revolution through evolution, as I said Stu -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi Sent: Saturday, May 15, 2010 1:07 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) Is that you, Bill? I think you misunderstand. 9 months ago, I measured the growth rate at 243%, using Symantec's stats. 9 months ago I posted that number here, together with a prediction of this year's stats. Recently, I got this year's stats and compared them with that prediction. I found that this prediction was 75.4% accurate. I am now reporting those results back to the group. And this is trolling how? My point is that the prediction was not wildly wrong, and so that leads me to wonder if anything else I said, 9 months ago, was also not wildly wrong. My main reason for claiming that Windows is inherently insecure is because it's closed source. However it's also because of the sloppy, monolithic spaghetti code that Windows is made of. If you're claiming Windows is in fact inherently secure, I assume this means you don't use AV on any of your Windows machines, and advise everyone you know to uninstall it? I never said migration would be free or easy. That is why I am posting this data here, because I see it as a vulnerability, a very big vulnerability that many companies have not woken up to. The very fact that migration is hard, lengthy, and expensive, means that the vulnerability is larger than ever. Stu On 15 May 2010 at 14:40, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full- disclos...@lists.grok.org.uk Date sent:Sat, 15 May 2010 14:40:29 + Subject: Re: [Full-disclosure] Windows' future (reprise) I am constantly amazed at posts like this where you make yourself sound like some sort of statistical genius because you were able to predict that since last year was %243, that this year would be %243. Wow. Really? And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. This smacks of the classic troll, where you say things like nothing that Microsoft makes is secure and it never will be and then go on to say how easy
Re: [Full-disclosure] Windows' future (reprise)
This just gets better all the time. I have to admit, it was fun at first, but now's I grow weary, mostly because this is just sad. For you to actually think that one can't find out how much free drive space in Windows would be funny it were not so ridiculous. And it's been built into DIR forever. Oh, and your .bas file is 60,000 some odd bytes, not 1951. I think you are confusing the size with the last time you actually did research into what you are talking about. The main point here is for people to see how easy it is for someone who admits that they know nothing about .NET, nor care to learn anything about .NET, to honestly and publically say that people must uninstall it as if it were the plague. You actually get paid to tell people to uninstall it and use a .NET connector to PHP - whatever the hell that is. Simply amazing to me. And yet, it's fine for YOU to continue to use a closed source operating system to run your dear Peg closed source email program because you don't feel like practicing what you preach. To think that you consider insight into moving a couple of computers over to *nix as the basis to make sweeping generalized statements of how migrating is a one-off cost staggers the imagination. But, everyone is entitled to their opinion, so good luck with yours dude. But what you are doing to the poor people who not only trust you but also pay you seems to be quite a disservice indeed. But that's between you and whatever your ethic is. So in a nutshell (and I'll drop off after this as I think this has played itself out) you hate closed source and .NET and get paid to tell other people to migrate to non-existent .NET connector's to PHP after switching from Windows to BSD, but compose the very email that you so vehemently condemn them on a closed source operating system with a closed source program because you don't have time to figure out how to use your computer at the same time. (direct quote). I think I got it. Thanks for sharing. Oh, one last thing - your dear Pegasus 4.51 Windows-based program that you hypocritically hold on to while demonizing Windows and .NET was... wait for it wait for it written with Visual Studio 2008 C++ - a proud Microsoft .NET Framework development platform! Ladies and Gentlemen, Goodnight! t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi Sent: Saturday, May 15, 2010 7:15 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) On 16 May 2010 at 0:09, Thor (Hammer of God) wrote: Just as I expected. A wishy washy response, nothing concrete or even vaguely resembling substantive material, backtracking on an exact quote, the obligatory reference to your formula ala Craig Wright, with the final oh, I'm sure you would like to know, but I'll have to charge you in order to tell you. Well spotted, I am a consultant... I get paid to behave that way! It was your misquote I corrected, if you call that a backtrack, suit yourself! I was giving you my working so you could reproduce my numbers... never mind. I was wrong to assume that you would try to educate yourself about .NET Other than how to uninstall it, I have no desire to know anything about it. The amount of free disk space on a drive utility you wrote Yeah, how crap, it's called df in unix, everyone hates it enormously! A truly useless tool. That must be why a df command appeared in Version 1 of ATT UNIX. Windows doesn't have something like that, so I made one myself. You should see the new version, writes to STDOUT, supports multiple drives on one commandline, 1951 bytes of source, 154k uncompressed EXE, beat it if you can P.S. The headers on your email show that you are using Pegasus Mail for Windows (4.51). I know a guy who can help you switch to Linux if you want. I think he charges about £120/hr. Amusing, however Pegasus is a perfect example of the difficulty users face when migrating. As my dear Peg isn't open source, it's one of the reasons this machine still runs Windows (along with Quake, and the tools I have created over years to help me work, and their PowerBasic compiler). I don't want to be on the phone to a customer and trying to figure out how to use my computer at the same time, so I decided to go slow for now. I think this is a fair decision. My servers run unix, it's just this desktop that is left. I'm not in a big hurry, this machine is nicely optimised. I'm not looking forward to the day that I have to rewrite all my tools. I know it will be a total PITA, take ages, introduce bugs and generally cost me a packet. Unfortunately, long-term, the alternative is even worse. I am very familiar with the issues faced when migrating, as I have those issues. Does this surprise you? Stu -Original Message- From: full-disclosure-boun
Re: [Full-disclosure] Windows' future (reprise)
On 16 May 2010, at 04:06, Thor (Hammer of God) wrote: Oh, one last thing - your dear Pegasus 4.51 Windows-based program that you hypocritically hold on to while demonizing Windows and .NET was... wait for it wait for it written with Visual Studio 2008 C++ - a proud Microsoft .NET Framework development platform! Sadly, a bad example: it was ported from Borland, an increasingly fragile and unsupported compiler. It's also not a .net app, which IMNSHO makes a world of difference to the point being made, but never mind that, you've had your last word. FTR: David did say some supportive things about RAD and .net. It's all there in his blog, and I can't be bothered looking for it. I also note that Pegasus wines reasonably well, so using the header to identify the platform of the sender may mislead you. It is, alas, a well-rounded GUI mailer that Unix people such as myself rather like compared to the mint-flavoured-wire GUI alternatives. Cheers, Sabahattin smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
Hi Bill! Thanks for the tip on the DIR command, I did in fact notice that, however it doesn't give percentages (or total space), AFAIK, and my monitoring bot wants percentages. My df also reports the computer name (so I can make sense of the output when the space on multiple machines is listed one after the other in a report, and if an alert is generated by the monitoring bot). The new version of my df uitil is 1951 bytes, the version on my site is old. I'm sorry I upset you because I mentioned .NET, is it because you make a living off it? Sorry to be the bearer of bad tidings. .NET is merely one case of many, I picked it as an example because I am currently supporting a customer with a £23,000 .NET application that has them utterly locked to Microsoft, and I have no hope at all of selling them unix anything. Which is a shame for them (I just made a packet cleaning a nasty virus infection from one of their XP PCs). As for the .NET connector for PHP, yes, I made that up, and the problem is where? You wanted a migration strategy, I gave you one! I did say off top of head. You want me to research it? That's £120/hr. I also don't see a problem posting my mail from a Windows PC. Why do I need to be running unix before I can report that malware is mutating at 243%? I don't, is the short answer. Why don't you criticise my arguments, instead of myself, or my job, or my computer, or my email program, or my personal migration strategy, or my software? Is it because you can't? I think so. Stu On 16 May 2010 at 3:06, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full- disclos...@lists.grok.org.uk Date sent: Sun, 16 May 2010 03:06:18 + Subject:Re: [Full-disclosure] Windows' future (reprise) This just gets better all the time. I have to admit, it was fun at first, but now's I grow weary, mostly because this is just sad. For you to actually think that one can't find out how much free drive space in Windows would be funny it were not so ridiculous. And it's been built into DIR forever. Oh, and your .bas file is 60,000 some odd bytes, not 1951. I think you are confusing the size with the last time you actually did research into what you are talking about. The main point here is for people to see how easy it is for someone who admits that they know nothing about .NET, nor care to learn anything about .NET, to honestly and publically say that people must uninstall it as if it were the plague. You actually get paid to tell people to uninstall it and use a .NET connector to PHP - whatever the hell that is. Simply amazing to me. And yet, it's fine for YOU to continue to use a closed source operating system to run your dear Peg closed source email program because you don't feel like practicing what you preach. To think that you consider insight into moving a couple of computers over to *nix as the basis to make sweeping generalized statements of how migrating is a one-off cost staggers the imagination. But, everyone is entitled to their opinion, so good luck with yours dude. But what you are doing to the poor people who not only trust you but also pay you seems to be quite a disservice indeed. But that's between you and whatever your ethic is. So in a nutshell (and I'll drop off after this as I think this has played itself out) you hate closed source and .NET and get paid to tell other people to migrate to non-existent .NET connector's to PHP after switching from Windows to BSD, but compose the very email that you so vehemently condemn them on a closed source operating system with a closed source program because you don't have time to figure out how to use your computer at the same time. (direct quote). I think I got it. Thanks for sharing. Oh, one last thing - your dear Pegasus 4.51 Windows-based program that you hypocritically hold on to while demonizing Windows and .NET was... wait for it wait for it written with Visual Studio 2008 C++ - a proud Microsoft .NET Framework development platform! Ladies and Gentlemen, Goodnight! t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of lsi Sent: Saturday, May 15, 2010 7:15 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Windows' future (reprise) On 16 May 2010 at 0:09, Thor (Hammer of God) wrote: Just as I expected. A wishy washy response, nothing concrete or even vaguely resembling substantive material, backtracking on an exact quote, the obligatory reference to your formula ala Craig Wright, with the final oh, I'm sure you would like to know, but I'll have to charge you in order to tell you. Well spotted, I am a consultant... I get paid to behave that way
Re: [Full-disclosure] windows future
Hi All, Sorry for the delay, I had some urgent migration planning to attend to ... ;) Stats below. Short version: evacuate. Long version: - stats are in, exponential curve is real, see it for yourself here: http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf (page 10) - I also added up the numbers at http://www.virusbtn.com/resources/malwareDirectory/prevalence/index.xml?year=2009 ... exponential curve also visible, though I think their stats are dodgy, their website is already suffering from math limits - it is reporting current yearly stats as NaN% (Not A Number). - average rate of change per year (annual growth rate), calculated from Symantec's chart: 243% - approximate date when number of NEW threats reached 1 Million: 2008 - approximate date when number of NEW threats will reach 1 Billion: 2015 - approximate date when number of NEW threats will reach 2 Billion: 2016 - charts showing this: http://www.cyberdelix.net/files/malware_mutation_projection.pdf - will the AV companies be able to classify 1 billion new threats per year? that is 2.739 MILLION new threats per DAY (over 1900 new threats per minute). - will your computer cope with scanning every EXE, DLL, PIF etc 1 billion times, every time you use them? - aside from the theoretical limits imposed by hardware and software, there is one extra limit, imposed by users. Users will not tolerate machines operating slowly, and will seek alternative platforms well before 100% CPU utilisation (either as a direct result of the size of the blacklist, or indirectly caused by swapping due to low RAM). This user limit might be lower than 20% CPU utilisation. If users figure out that 20% of their time is being wasted, and rising fast, they will run for the exit. - will you tolerate your machine constantly processing a list a billion items long? - do you plan to, and can you afford to, upgrade your compute power by 243%, every year? - will you do this, even though you know viable alternative platforms exist, at less total cost to yourself? - if you're already irritated that AV is slowing down your machine, consider that malware levels will be 500 times higher in approx 5 years (assuming growth rates continue at 243%). That means your AV will be running 500 times slower. Unless you upgrade your machine by 500 x current (eg. to an effective speed of approx 1000 GHz), your machine is going to slow down even more. Given that chipmakers don't seem to be able to get much past 5GHz, without melting the die, that means you'll need 200 of today's processors, just for malware filtering, by 2015. - Moore's Law says compute power doubles (200%) every 24 months. However, malware is growing at 243% every 12 months. Thus it is already exceeding Moore's Law, by a massive margin. I suspect this means this race is unwinnable, and we should give up now, and devote our resources to something sustainable. - how AV writers will generate 2.7 million new threats/day: Evolvable Malware: http://www.genetic-programming.org/hc2009/3-Noreen/Noreen-Presentation.ppt A Field Guide to Genetic Programming: http://www.gp-field-guide.org.uk/ Wiki: http://en.wikipedia.org/wiki/Genetic_programming - the insecurity of Windows creates a public space, of sorts, an area of common ground, with shared ownership - and this is thus susceptible to the tragedy of the commons ... http://en.wikipedia.org/wiki/Tragedy_of_the_commons ... so no, I don't think malware authors will slow down the mutation rate, so as to prolong the life of the platform, they do not work together. As Messagelabs puts it, there's no honour amongst thieves ... http://www.messagelabs.com/mlireport/MLIReport_Annual_2008_FINAL.pdf - the greenhouse emissions caused by billions of computers checking billions of items for billions of malware are likely to be measurable, and will increasingly erode the world's ability to meet environmental targets - my own maths might be dodgy, please check it, spreadsheet: http://www.cyberdelix.net/files/malware_mutation_projection.ods Stu On 28 Aug 2009 at 15:32, lsi wrote: From: lsi stu...@cyberdelix.net To: full-disclosure@lists.grok.org.uk Date sent: Fri, 28 Aug 2009 15:32:45 +0100 Thanks for the comments, indeed, the exponential issue arises due to use the of blacklisting by current AV technologies, and a switch to whitelisting could theoretically mitigate that, however, I'm not sure that would work in practice, there are so many little bits of code that execute, right down to tiny javascripts that check you've filled in an online form correctly, and the user might be bombarded with prompts. Falling back on tweaks to user privileges and UAC prompts is hardly fixing the problem. The core problem is the platform is inherently insecure, due to its development, licensing and
Re: [Full-disclosure] windows future
All this shows is that there's exponential growth in the number of *threats*. It doesn't give any data about the number of actual *infections*. I mean, its quite possible that all these bits of malware are just targeting the same group of vulnerable Windows boxen, and they're just competing to conquer the same fixed base. After all, if you extrapolated from the exponential growth of maggots on a rotting carcass, you'd be predicting that the entire world would be covered in maggots not too far from the future. --Rohit Patnaik lsi wrote: Hi All, Sorry for the delay, I had some urgent migration planning to attend to ... ;) Stats below. Short version: evacuate. Long version: - stats are in, exponential curve is real, see it for yourself here: http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf (page 10) - I also added up the numbers at http://www.virusbtn.com/resources/malwareDirectory/prevalence/index.xml?year=2009 ... exponential curve also visible, though I think their stats are dodgy, their website is already suffering from math limits - it is reporting current yearly stats as NaN% (Not A Number). - average rate of change per year (annual growth rate), calculated from Symantec's chart: 243% - approximate date when number of NEW threats reached 1 Million: 2008 - approximate date when number of NEW threats will reach 1 Billion: 2015 - approximate date when number of NEW threats will reach 2 Billion: 2016 - charts showing this: http://www.cyberdelix.net/files/malware_mutation_projection.pdf - will the AV companies be able to classify 1 billion new threats per year? that is 2.739 MILLION new threats per DAY (over 1900 new threats per minute). - will your computer cope with scanning every EXE, DLL, PIF etc 1 billion times, every time you use them? - aside from the theoretical limits imposed by hardware and software, there is one extra limit, imposed by users. Users will not tolerate machines operating slowly, and will seek alternative platforms well before 100% CPU utilisation (either as a direct result of the size of the blacklist, or indirectly caused by swapping due to low RAM). This user limit might be lower than 20% CPU utilisation. If users figure out that 20% of their time is being wasted, and rising fast, they will run for the exit. - will you tolerate your machine constantly processing a list a billion items long? - do you plan to, and can you afford to, upgrade your compute power by 243%, every year? - will you do this, even though you know viable alternative platforms exist, at less total cost to yourself? - if you're already irritated that AV is slowing down your machine, consider that malware levels will be 500 times higher in approx 5 years (assuming growth rates continue at 243%). That means your AV will be running 500 times slower. Unless you upgrade your machine by 500 x current (eg. to an effective speed of approx 1000 GHz), your machine is going to slow down even more. Given that chipmakers don't seem to be able to get much past 5GHz, without melting the die, that means you'll need 200 of today's processors, just for malware filtering, by 2015. - Moore's Law says compute power doubles (200%) every 24 months. However, malware is growing at 243% every 12 months. Thus it is already exceeding Moore's Law, by a massive margin. I suspect this means this race is unwinnable, and we should give up now, and devote our resources to something sustainable. - how AV writers will generate 2.7 million new threats/day: Evolvable Malware: http://www.genetic-programming.org/hc2009/3-Noreen/Noreen-Presentation.ppt A Field Guide to Genetic Programming: http://www.gp-field-guide.org.uk/ Wiki: http://en.wikipedia.org/wiki/Genetic_programming - the insecurity of Windows creates a public space, of sorts, an area of common ground, with shared ownership - and this is thus susceptible to the tragedy of the commons ... http://en.wikipedia.org/wiki/Tragedy_of_the_commons ... so no, I don't think malware authors will slow down the mutation rate, so as to prolong the life of the platform, they do not work together. As Messagelabs puts it, there's no honour amongst thieves ... http://www.messagelabs.com/mlireport/MLIReport_Annual_2008_FINAL.pdf - the greenhouse emissions caused by billions of computers checking billions of items for billions of malware are likely to be measurable, and will increasingly erode the world's ability to meet environmental targets - my own maths might be dodgy, please check it, spreadsheet: http://www.cyberdelix.net/files/malware_mutation_projection.ods Stu On 28 Aug 2009 at 15:32, lsi wrote: From: lsi stu...@cyberdelix.net To: full-disclosure@lists.grok.org.uk Date sent:Fri, 28 Aug 2009 15:32:45 +0100
Re: [Full-disclosure] windows future
Studies show that 78.3% of all statistics are worthless. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full- disclosure-boun...@lists.grok.org.uk] On Behalf Of Rohit Patnaik Sent: Friday, September 04, 2009 8:04 AM Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] windows future All this shows is that there's exponential growth in the number of *threats*. It doesn't give any data about the number of actual *infections*. I mean, its quite possible that all these bits of malware are just targeting the same group of vulnerable Windows boxen, and they're just competing to conquer the same fixed base. After all, if you extrapolated from the exponential growth of maggots on a rotting carcass, you'd be predicting that the entire world would be covered in maggots not too far from the future. --Rohit Patnaik lsi wrote: Hi All, Sorry for the delay, I had some urgent migration planning to attend to ... ;) Stats below. Short version: evacuate. Long version: - stats are in, exponential curve is real, see it for yourself here: http://eval.symantec.com/mktginfo/enterprise/white_papers/b- whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf (page 10) - I also added up the numbers at http://www.virusbtn.com/resources/malwareDirectory/prevalence/index.xml ?year=2009 ... exponential curve also visible, though I think their stats are dodgy, their website is already suffering from math limits - it is reporting current yearly stats as NaN% (Not A Number). - average rate of change per year (annual growth rate), calculated from Symantec's chart: 243% - approximate date when number of NEW threats reached 1 Million: 2008 - approximate date when number of NEW threats will reach 1 Billion: 2015 - approximate date when number of NEW threats will reach 2 Billion: 2016 - charts showing this: http://www.cyberdelix.net/files/malware_mutation_projection.pdf - will the AV companies be able to classify 1 billion new threats per year? that is 2.739 MILLION new threats per DAY (over 1900 new threats per minute). - will your computer cope with scanning every EXE, DLL, PIF etc 1 billion times, every time you use them? - aside from the theoretical limits imposed by hardware and software, there is one extra limit, imposed by users. Users will not tolerate machines operating slowly, and will seek alternative platforms well before 100% CPU utilisation (either as a direct result of the size of the blacklist, or indirectly caused by swapping due to low RAM). This user limit might be lower than 20% CPU utilisation. If users figure out that 20% of their time is being wasted, and rising fast, they will run for the exit. - will you tolerate your machine constantly processing a list a billion items long? - do you plan to, and can you afford to, upgrade your compute power by 243%, every year? - will you do this, even though you know viable alternative platforms exist, at less total cost to yourself? - if you're already irritated that AV is slowing down your machine, consider that malware levels will be 500 times higher in approx 5 years (assuming growth rates continue at 243%). That means your AV will be running 500 times slower. Unless you upgrade your machine by 500 x current (eg. to an effective speed of approx 1000 GHz), your machine is going to slow down even more. Given that chipmakers don't seem to be able to get much past 5GHz, without melting the die, that means you'll need 200 of today's processors, just for malware filtering, by 2015. - Moore's Law says compute power doubles (200%) every 24 months. However, malware is growing at 243% every 12 months. Thus it is already exceeding Moore's Law, by a massive margin. I suspect this means this race is unwinnable, and we should give up now, and devote our resources to something sustainable. - how AV writers will generate 2.7 million new threats/day: Evolvable Malware: http://www.genetic-programming.org/hc2009/3-Noreen/Noreen- Presentation.ppt A Field Guide to Genetic Programming: http://www.gp-field-guide.org.uk/ Wiki: http://en.wikipedia.org/wiki/Genetic_programming - the insecurity of Windows creates a public space, of sorts, an area of common ground, with shared ownership - and this is thus susceptible to the tragedy of the commons ... http://en.wikipedia.org/wiki/Tragedy_of_the_commons ... so no, I don't think malware authors will slow down the mutation rate, so as to prolong the life of the platform, they do not work together. As Messagelabs puts it, there's no honour amongst thieves ... http://www.messagelabs.com/mlireport/MLIReport_Annual_2008_FINAL.pdf - the greenhouse emissions caused by billions of computers checking billions of items for billions of malware are likely to be measurable
Re: [Full-disclosure] windows future
On Fri, 04 Sep 2009 15:46:19 BST, lsi said: - approximate date when number of NEW threats reached 1 Million: 2008 - approximate date when number of NEW threats will reach 1 Billion: 2015 - approximate date when number of NEW threats will reach 2 Billion: 2016 This is assuming an exponential growth model, when there's no realistic reason to believe it to be so. There are however good reasons to expect that the correct model is the logistics curve (slow growth at first, a steep middle section, then flattening out asymptotic to a horizontal line). For starters, new threats have to come from *somewhere*, and there's only a limited supply of dark-side code hackers, and a limited supply of people worth fleecing (sure, OLPC may distribute 100M laptops - but those are going to people who can't be monetized easily). From whence will the 1 billion new threats in the 2015-16 span come from? Who will create these, and who will make money from them? At what point will some of the marginal players leave the game and find other avenues of making money? Remember - if the threat pool is 100,000, and you have 1,000 threats, you have 1% of the market, and can probably live well off that 1% if monetized. But if you have 1,000 threats in a pool of a billion, you're a marginal player and not likely to get rich fast doing that. - charts showing this: http://www.cyberdelix.net/files/malware_mutation_projection.pdf - will the AV companies be able to classify 1 billion new threats per year? that is 2.739 MILLION new threats per DAY (over 1900 new threats per minute). - will your computer cope with scanning every EXE, DLL, PIF etc 1 billion times, every time you use them? You don't have to scan it a billion times. You need to scan it *once* for one billion attacks. And proper pattern-matching should help a lot here - quite often, you'll have 2,934 exploit codes in the wild, all using the same attack code lifted from Metasploit or milw0rm or whatever. So only one check is needed. A bigger danger here is if we start seeing *single* threats that include a really good real-time polymorphism/obfuscator - *that* could really suck. - aside from the theoretical limits imposed by hardware and software, there is one extra limit, imposed by users. Users will not tolerate machines operating slowly, and will seek alternative platforms well before 100% CPU utilisation (either as a direct result of the size of the blacklist, or indirectly caused by swapping due to low RAM). This user limit might be lower than 20% CPU utilisation. If users figure out that 20% of their time is being wasted, and rising fast, they will run for the exit. Interesting statistic - year before last, around 10% of all new computer purchases were replacements for malware-infested boxes. Just buying a new one was easier/cheaper than trying to fix the old one for a lot of people. Second interesting statistic - the vast majority of that 10% ended up using the exact same operating system. So even when it's well past the 20% mark and the box is basically unusable, they *still* don't run for the exit. pgpnpWV6NEzFm.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
And that's also ignoring the fact that you don't have to scan for things that you know you're not exposed/vulnerable to. For example, I don't take precautions against Feline Immunodeficiency Virus, because I know it can't infect humans. I also don't take precautions against Ebola or Smallpox because the chance I'd be exposed to them is vanishingly small. In the same way, I don't worry about IIS threats - I'm not running an IIS server. I'm not worried about threats to Outlook - its not my mail client. I don't worry about boot sector virii from the late 80s/early 90s - they're far too rare to spend time on. Likewise, I don't care about threats against which I've already applied vendor patches or service packs. The total number of threats may be growing exponentially, but once you factor in the growing immunity of my computer system to said threats, the number of outstanding threats (things for which I don't have immunity, and are capable of infecting my machine) drops to a much more manageable level. --Rohit Patnaik valdis.kletni...@vt.edu wrote: On Fri, 04 Sep 2009 15:46:19 BST, lsi said: - approximate date when number of NEW threats reached 1 Million: 2008 - approximate date when number of NEW threats will reach 1 Billion: 2015 - approximate date when number of NEW threats will reach 2 Billion: 2016 This is assuming an exponential growth model, when there's no realistic reason to believe it to be so. There are however good reasons to expect that the correct model is the logistics curve (slow growth at first, a steep middle section, then flattening out asymptotic to a horizontal line). For starters, new threats have to come from *somewhere*, and there's only a limited supply of dark-side code hackers, and a limited supply of people worth fleecing (sure, OLPC may distribute 100M laptops - but those are going to people who can't be monetized easily). From whence will the 1 billion new threats in the 2015-16 span come from? Who will create these, and who will make money from them? At what point will some of the marginal players leave the game and find other avenues of making money? Remember - if the threat pool is 100,000, and you have 1,000 threats, you have 1% of the market, and can probably live well off that 1% if monetized. But if you have 1,000 threats in a pool of a billion, you're a marginal player and not likely to get rich fast doing that. - charts showing this: http://www.cyberdelix.net/files/malware_mutation_projection.pdf - will the AV companies be able to classify 1 billion new threats per year? that is 2.739 MILLION new threats per DAY (over 1900 new threats per minute). - will your computer cope with scanning every EXE, DLL, PIF etc 1 billion times, every time you use them? You don't have to scan it a billion times. You need to scan it *once* for one billion attacks. And proper pattern-matching should help a lot here - quite often, you'll have 2,934 exploit codes in the wild, all using the same attack code lifted from Metasploit or milw0rm or whatever. So only one check is needed. A bigger danger here is if we start seeing *single* threats that include a really good real-time polymorphism/obfuscator - *that* could really suck. - aside from the theoretical limits imposed by hardware and software, there is one extra limit, imposed by users. Users will not tolerate machines operating slowly, and will seek alternative platforms well before 100% CPU utilisation (either as a direct result of the size of the blacklist, or indirectly caused by swapping due to low RAM). This user limit might be lower than 20% CPU utilisation. If users figure out that 20% of their time is being wasted, and rising fast, they will run for the exit. Interesting statistic - year before last, around 10% of all new computer purchases were replacements for malware-infested boxes. Just buying a new one was easier/cheaper than trying to fix the old one for a lot of people. Second interesting statistic - the vast majority of that 10% ended up using the exact same operating system. So even when it's well past the 20% mark and the box is basically unusable, they *still* don't run for the exit. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
- approximate date when number of NEW threats will reach 1 Billion: 2015 This is assuming an exponential growth model, when there's no realistic reason to believe it to be so. The reason to believe the exponential model will remain valid, is that it is the model that is currently valid. A different model will need to explain how the existing exponential curve is derailed. There are however good reasons to expect that the correct model is the logistics curve (slow growth at first, a steep middle section, then flattening out asymptotic to a horizontal line). For starters, new threats have to come from *somewhere* [...] From whence will the 1 billion new threats in the 2015-16 span come from? Who will create these, Did you see the link I posted to the Evolvable Malware PPT? Mutation will be automated. Resistance is useless... ;) and who will make money from them? Presumably, the same gangs who do so now. They won't need to recruit billions of new coders to make their billions of new variants. It'll all be generated overnight, by their botnet, which, when it's not sending spam, etc, will be revectoring itself, using the GP algorithms previously noted. At what point will some of the marginal players leave the game and find other avenues of making money? I answered this one already as well... they will leave soon after the number of vulnerable hosts starts to fall, which will happen either though mass extinction (due to malware overload) or due to re- deployment with a Real OS. [...] A bigger danger here is if we start seeing *single* threats that include a really good real-time polymorphism/obfuscator - *that* could really suck. But Valdis old chap, that is exactly what the GP algorithms do, the proof-of-concept is already out there (see the GP PPT). Interesting statistic - year before last, around 10% of all new computer purchases were replacements for malware-infested boxes. Just buying a new one was easier/cheaper than trying to fix the old one for a lot of people. These numbers are probably skewed by some kind of newbie effect. Once you have had your machine for a while, as I'm sure you know, simply dumping it is not always an option. Businesses, for example, may simply be unable to dump an old system, as it runs some legacy something, which just happens to be mission-critical. Second interesting statistic - the vast majority of that 10% ended up using the exact same operating system. So even when it's well past the 20% mark and the box is basically unusable, they *still* don't run for the exit. They're newbies. You wait till they've done that 5 times. Then ask them, are you a happy bunny... and how much money have you spent, in total... - I have already decommissioned one server, due to malware growth - it was an old 486 machine, whose sole purpose was to serve AV updates for a client's LAN. All went well for a few years, however the hard drive started to fill with signature updates. So, I upgraded the drive, however due to a BIOS limitation (or was that NT4? FAT16?), the maximum size I could use was 2Gb. That would have filled as well, except I moved the AV server software onto their main server (and proceeded to fill its disk instead, but that's another story) - and sent the old 486 to recycling... So this old server, you might think of course, it's a mere 486, to which I reply, and a canary is also a weakling. That is why people put them in mines, because they are very sensitive to carbon monoxide levels, and drop dead well before humans do. So when the canary dies, the mine is evacuated. This old server was a canary. Its tight resource limits meant it was very sensitive to malware levels. It dropped dead several years ago now. The NaN% on the Virus Bulletin site is another canary. Sure, this can probably be fixed, weak coding you say - again, I say this weakness is merely the low-hanging fruit, the first victims of a rising tide, which is not even close to its peak. Stu --- Stuart Udall stuart a...@cyberdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
On Sun, 30 Aug 2009 01:09:55 BST, lsi said: The biological metaphor does suggest that Microsoft would take some kind of evasive action, and I think their only option is to license unix, just as Apple did (although Apple did it for different reasons). Doing this will solve many problems, they can keep their proprietary interface and their reputation, and possibly even their licensing and marketing models, while under the hood, unix saves the day. Unlikely to work - there's just Too Damned Many legacy binaries that have all sorts of dependencies on undocumented quirks of the Windows APIs. So you end up needing to use a Wine-like shim to provide the API the binaries need - and if the shim is good enough for the backward-combatable binaries, it's *also* good enough for the malware to attack. If IE9 has a bug and some Javascript scribbles something into the 'Documents' folder, that Javascript really doesn't care if it's a Documents folder on a real Windows box, or one that's in a directory being managed by a shim on a Unix/Linux box. All it cares about is that it *behaves* like a Documents folder. Hint: If a Windows user's home directory is on a remote file share, it really doesn't care if it's a Genuine Windows(TM) or a Samba share, does it? Heck, it doesn't even know/care if its domain controller is Windows or Samba. All it cares is that the file share and the DC *act* like Windows. And unfortunately, that's true for both legitimate binaries and malware. pgphsCyqnpSar.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 28 Aug 2009 16:34:27 -0400 Paul Schmehl pschmehl_li...@tx.rr.com wrote: --On Friday, August 28, 2009 13:40:28 -0500 Rohit Patnaik quanti...@gmail.com wrote: To be fair, Linux has come a very long way in that regard. I purchased an Asus Eee 900 with Linux preinstalled, and everything worked right out of the box. Flash, Java, OpenOffice, the works. It was a vindication of my view that the real obstacle to Linux on the desktop isn't the user, but rather the OEM. With low-cost, low-power netbooks becoming more prevalent, OEMs are finding that the cost of the Windows license begins to take up a rather high percentage of the overall cost. Therefore, many are preinstalling and preconfiguring Linux. At the same time, consumers are finding that application incompatibilities don't really matter for them, since the Linux equivalents are able to handle data coming from a Windows box with a minimum of fuss. That's good news. Once updating issues are resolved and Xorg becomes as good as Mac and Windows graphics (it's almost there now - it just doesn't quite have the pop or wow factor of Macs), the obstacles to migration (for the consumer) will be availability and the knowledge that an alternative exists. At that point I think we'll see Microsoft's market share begin eroding badly. KDE4 is quite close, but it definitely requires a bit of tweaking(or that might just be Slackware)... -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkqaLzcACgkQi04xwClgpZgCWwP7BaycPtYOq1SDbt5YWDUlM8xsO/RE SJDYoEAqiju+Gb64r/UEmS62pP5sMGTB4i6CUkXLHavVXbKun0J26VHFFYLQAWLSACB8 t960F7ICYFkZrgdDTcyMOSVDrIKZWu2gaKLo9wHQxdCLNI6O1kRUtI1LAGKHSYu7bTmb UhXJFxg= =2h6t -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Like them or not, M$ has done quite a bit with its SDL[1], and though quite late in the game, the memory protection mechanism's in Vista and Windows 7. As far as anti-virus software goes, it's mostly useless[2][there was a recent article on signature lead time, I can't find it for some reason] already. [1]http://www.pcworld.com/businesscenter/blogs/bizfeed/167111/opinio n_pigs_fly_microsoft_leads_in_security.html?tk=rss_news [2]http://pcworld.about.com/od/virusesphishingspam/Botnets-Defeat- Most-Anti-Virus.htm On Sat, 29 Aug 2009 20:09:55 -0400 lsi stu...@cyberdelix.net wrote: I'm saying that the world's malware authors, in their race to stay ahead of AV, are engaging in an uncoordinated, slow-motion DDOS of the world's AV systems. They are flooding the blacklists, and this flooding is accelerating. If it continues, the world's AV systems will be useless, as will be the machines they are protecting. Note, I have NOT gone off and compiled some stats, I've just noted an existing trend, and extrapolated it. Here's an article from 2005, again, the numbers suggest an exponential curve. http://www.theregister.co.uk/2005/01/05/mcafee_avert_report/ The biological metaphor does suggest that Microsoft would take some kind of evasive action, and I think their only option is to license unix, just as Apple did (although Apple did it for different reasons). Doing this will solve many problems, they can keep their proprietary interface and their reputation, and possibly even their licensing and marketing models, while under the hood, unix saves the day. They will need to eat some very humble pie, a few diehards might jump from Redmond's towers, and the clash of cultures will toast some excellent marshmellows... but they will save their business. Do they have a choice? Malware numbers are suggesting they don't. Licensing the solution suits Microsoft's business model (much easier for them to buy in a fix than build one, they tried that already), they did in fact do it many times previously, starting with a certain product called MS-DOS, and it means they can keep their customer base, they just sell them an upgrade which is in fact a completely new system - again, just as Apple did with OSX. Actually, I think the simplest thing for them to do would be to buy Apple, then they can rebadge OSX, instead of reinventing it. Stu On 28 Aug 2009 at 10:24, Rohit Patnaik wrote: Date sent: Fri, 28 Aug 2009 10:24:25 -0500 From: Rohit Patnaik quanti...@gmail.com To:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] windows future I'm not sure I agree with the basic premise of this scenario. You're suggesting that getting exposed to malware is some kind of inevitability, and that eventually there will be enough different kinds of malware that filtering them all will be impossible. I don't think that's valid. Good browsing habits, running a firewall, and keeping your machine updated will prevent almost all malware from even getting access to your machine. Then all we have to worry about are the few bits of code that are capable of getting through our defenses. To reiterate the biological analogy, we don't rely on antibiotics to stop infection. We rely on good hygiene. In the same way, just as increased biological infection rates led to a push for greater public hygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see a push for greater computer hygiene as malware infection rates rise. Windows already includes a firewall to prevent automated worm infections, and Microsoft is working to harden network facing applications, as evidenced by their recent decision to have IE run with limited privileges. As malware becomes more virulent, the immunity of Windows will likewise grow, putting a damper on any sort of exponential growth curve. --Rohit Patnaik lsi wrote: Thanks for the comments, indeed, the exponential issue arises due to use the of blacklisting by current AV technologies, and a switch to whitelisting could theoretically mitigate that, however, I'm not sure that would work in practice, there are so many little bits of code that execute, right down to tiny javascripts that check you've filled in an online form correctly, and the user might be bombarded with prompts. Falling back on tweaks to user privileges and UAC prompts is hardly fixing the problem. The core problem is the platform is inherently insecure, due to its development, licensing and marketing models, and nothing is going to fix that. Even if fixing it became somehow possible, the same effort could be spent improving a competing system, rather than fixing a broken one. Just to complete the extrapolation, the below. Assuming that mutation rates continue to increase exponentially, infection rates will reach a maximum when the average computer reaches 100% utilisation
Re: [Full-disclosure] windows future
Then all we have to worry about are the few bits of code that are capable of getting through our defenses. Problem is, to go forth with the bio analogy, while our antibodies forget with time how to deal with aggressive agents we are not exposed to, antiviruses cannot. This would imply running a full system check, to see what the host is vulnerable to. How can you know? Are you packed with a vulnerability tester? Do you trust the updates installed on the system? If so, what with a malware that makes the system think it's patched? So to me an antivirus still has to check files for system-irrelevant malware (even if it was to prevent the user from being a sane carrier). As an antivirus manufacturer I can't make assumptions about users' hygiene. IMO, this malware threshold will be reached, where signature-based antiviruses will consume a hell of a lot machine ressource to check a given file against all possible signatures (even with optim in the checking process). This will force the manufacturers to move to another paradigm, perhaps behaviour based, checking what the file does to the system rather than what it contains. My 2 cents on the matter.. BTW, I'm all for good hygiene, I'm just not confident the average user is ready for it yet. User education FTW -rd* - Mail Original - De: Rohit Patnaik quanti...@gmail.com À: full-disclosure@lists.grok.org.uk Envoyé: Vendredi 28 Août 2009 17h24:25 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: [Full-disclosure] windows future I'm not sure I agree with the basic premise of this scenario. You're suggesting that getting exposed to malware is some kind of inevitability, and that eventually there will be enough different kinds of malware that filtering them all will be impossible. I don't think that's valid. Good browsing habits, running a firewall, and keeping your machine updated will prevent almost all malware from even getting access to your machine. Then all we have to worry about are the few bits of code that are capable of getting through our defenses. To reiterate the biological analogy, we don't rely on antibiotics to stop infection. We rely on good hygiene. In the same way, just as increased biological infection rates led to a push for greater public hygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see a push for greater computer hygiene as malware infection rates rise. Windows already includes a firewall to prevent automated worm infections, and Microsoft is working to harden network facing applications, as evidenced by their recent decision to have IE run with limited privileges. As malware becomes more virulent, the immunity of Windows will likewise grow, putting a damper on any sort of exponential growth curve. --Rohit Patnaik lsi wrote: Thanks for the comments, indeed, the exponential issue arises due to use the of blacklisting by current AV technologies, and a switch to whitelisting could theoretically mitigate that, however, I'm not sure that would work in practice, there are so many little bits of code that execute, right down to tiny javascripts that check you've filled in an online form correctly, and the user might be bombarded with prompts. Falling back on tweaks to user privileges and UAC prompts is hardly fixing the problem. The core problem is the platform is inherently insecure, due to its development, licensing and marketing models, and nothing is going to fix that. Even if fixing it became somehow possible, the same effort could be spent improving a competing system, rather than fixing a broken one. Just to complete the extrapolation, the below. Assuming that mutation rates continue to increase exponentially, infection rates will reach a maximum when the average computer reaches 100% utilisation due to malware filtering. Infection rates will then decline as vulnerable hosts die off due to their inability to filter. These hosts will either be replaced with new, more powerful Windows machines (before these themselves surcumb to the exponential curve), OR, they will be re-deployed, running a different, non-Windows platform. Eventually, the majority of computer owners will get the idea that they don't need to buy ever-more powerful gear, just to do the same job they did yesterday (there may come a time when the fastest machine available is unable to cope, there is every possibility that mutation rates will exceed Moore's Law). The number of vulnerable hosts will then fall sharply, as the platform is abandoned en-masse. At this time, crackers who have been depending upon a certain amount of cracks per week for income, will find themselves short. They will then, if they have not already, refocus their activities on more profitable revenue streams. If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days
Re: [Full-disclosure] windows future
I'm saying that the world's malware authors, in their race to stay ahead of AV, are engaging in an uncoordinated, slow-motion DDOS of the world's AV systems. They are flooding the blacklists, and this flooding is accelerating. If it continues, the world's AV systems will be useless, as will be the machines they are protecting. Note, I have NOT gone off and compiled some stats, I've just noted an existing trend, and extrapolated it. Here's an article from 2005, again, the numbers suggest an exponential curve. http://www.theregister.co.uk/2005/01/05/mcafee_avert_report/ The biological metaphor does suggest that Microsoft would take some kind of evasive action, and I think their only option is to license unix, just as Apple did (although Apple did it for different reasons). Doing this will solve many problems, they can keep their proprietary interface and their reputation, and possibly even their licensing and marketing models, while under the hood, unix saves the day. They will need to eat some very humble pie, a few diehards might jump from Redmond's towers, and the clash of cultures will toast some excellent marshmellows... but they will save their business. Do they have a choice? Malware numbers are suggesting they don't. Licensing the solution suits Microsoft's business model (much easier for them to buy in a fix than build one, they tried that already), they did in fact do it many times previously, starting with a certain product called MS-DOS, and it means they can keep their customer base, they just sell them an upgrade which is in fact a completely new system - again, just as Apple did with OSX. Actually, I think the simplest thing for them to do would be to buy Apple, then they can rebadge OSX, instead of reinventing it. Stu On 28 Aug 2009 at 10:24, Rohit Patnaik wrote: Date sent: Fri, 28 Aug 2009 10:24:25 -0500 From: Rohit Patnaik quanti...@gmail.com To: full-disclosure@lists.grok.org.uk Subject:Re: [Full-disclosure] windows future I'm not sure I agree with the basic premise of this scenario. You're suggesting that getting exposed to malware is some kind of inevitability, and that eventually there will be enough different kinds of malware that filtering them all will be impossible. I don't think that's valid. Good browsing habits, running a firewall, and keeping your machine updated will prevent almost all malware from even getting access to your machine. Then all we have to worry about are the few bits of code that are capable of getting through our defenses. To reiterate the biological analogy, we don't rely on antibiotics to stop infection. We rely on good hygiene. In the same way, just as increased biological infection rates led to a push for greater public hygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see a push for greater computer hygiene as malware infection rates rise. Windows already includes a firewall to prevent automated worm infections, and Microsoft is working to harden network facing applications, as evidenced by their recent decision to have IE run with limited privileges. As malware becomes more virulent, the immunity of Windows will likewise grow, putting a damper on any sort of exponential growth curve. --Rohit Patnaik lsi wrote: Thanks for the comments, indeed, the exponential issue arises due to use the of blacklisting by current AV technologies, and a switch to whitelisting could theoretically mitigate that, however, I'm not sure that would work in practice, there are so many little bits of code that execute, right down to tiny javascripts that check you've filled in an online form correctly, and the user might be bombarded with prompts. Falling back on tweaks to user privileges and UAC prompts is hardly fixing the problem. The core problem is the platform is inherently insecure, due to its development, licensing and marketing models, and nothing is going to fix that. Even if fixing it became somehow possible, the same effort could be spent improving a competing system, rather than fixing a broken one. Just to complete the extrapolation, the below. Assuming that mutation rates continue to increase exponentially, infection rates will reach a maximum when the average computer reaches 100% utilisation due to malware filtering. Infection rates will then decline as vulnerable hosts die off due to their inability to filter. These hosts will either be replaced with new, more powerful Windows machines (before these themselves surcumb to the exponential curve), OR, they will be re-deployed, running a different, non-Windows platform. Eventually, the majority of computer owners will get the idea that they don't need to buy ever-more powerful gear, just to do the same job they did yesterday (there may come a time when the fastest machine available
Re: [Full-disclosure] windows future
I'm not saying malware will frighten users away, I am saying that malware will leave them no choice but to leave. This is not a decision users make, they will not be able to buy a Windows computer, as they will no longer work. Sure you can turn them on, but that's all. Once you load up your AV, you'll have no RAM left to load Notepad. Your CPU will be constantly processing AV updates and your disk will fill with AV sigs. The machine will be unusable. Also, there are software-imposed limits to malware filtering, as well as the hardware limits I mentioned earlier, I can only think of one right now, and that is 32-bit integer math, I'm pretty sure once the number of mutations gets a bit past 2 billion, there will be problems with this, possibly mitigated, at a significant cost to performance, by using double integers, or by using 64-bit integers and dropping support for 32-bit machines (again, long term these approaches will also be exhausted). Whitelisting ... my guess is that there will be trillions of legitimate pieces of code, and this list will also grow too large for the average computer to handle. However, as noted in my other mail to Rohit, I think that before these limits are reached, Microsoft will bite the bullet and drop in a unix core. Social engineering: yes, point taken, although, someone is still cranking out binaries, as per the original link I posted: http://www.theregister.co.uk/2009/08/13/malware_arms_race/ ... and to be honest, it doesn't matter if it's only one guy who pumps out trillions of mutations, it's still gonna DOS the AV. I'm not commenting on Windows vs unix vs Mac, I didn't mean to start that thread, I'm just commenting on Windows, and how it appears to be holding a one-way ticket to oblivion. Is that an iceberg, dead ahead? The numbers are telling us that it is. PS. Have you seen PC-BSD? :) http://www.pcbsd.org/ ... it's FreeBSD + KDE + sexy installer ... On 28 Aug 2009 at 16:45, Paul Schmehl wrote: Date sent: Fri, 28 Aug 2009 16:45:39 + From: Paul Schmehl pschmehl_li...@tx.rr.com To: full-disclosure@lists.grok.org.uk Subject:Re: [Full-disclosure] windows future Send reply to: Paul Schmehl pschmehl_li...@tx.rr.com full-disclosure.lists.grok.org.uk mailto:full-disclosure- requ...@lists.grok.org.uk?subject=unsubscribe mailto:full-disclosure-requ...@lists.grok.org.uk?subject=subscribe --On Friday, August 28, 2009 09:32:45 -0500 lsi stu...@cyberdelix.net wrote: The world will awaken from the 20+ year nightmare that was Windows, made possible only by manipulative market practices, driven by greed, and discover the only reason it was wracked with malware, was because it had all its eggs in one basket. That's crazy talk. I hate Windows as much as the next guy, but there's a reason they have such a large market share and it's not *just* manipulative market practices. Most people outside the insular geek world use computers to perform tasks for them. They think of the computer as a tool, and they expect it to do the job they want without getting in the way or requiring them to learn to count in hex. When someone else comes up with a system that has excellent graphics, runs Flash and other things without complaint, and just works without expecting them to lift the hood and diagnose problems, doesn't require them to install all sorts of extras to have a working system *and* is priced competitively with Windows, they will buy it. Macs are competitive with Windows in every category except one; price. And by price I mean the cost of walking into a store and walking out with a working system. Apple's biggest mistake has always been trying to hoard the hardware market for their OS - the same mistake Sun makes - which drives up the price and makes them less competitive. Unix (really Linux mostly) is getting there but still has a ways to go. I say these things as a hard core Unix user who loves FreeBSD. There are many reasons that I love FreeBSD and use it exclusively when I can, but things like making Flash work are not for the faint of heart. It won't be the malware that will drive people *away* from Windows (if it was they would have been driven away long ago), it will be the (dare I say it?) user friendliness of a system *and* price competitiveness that will *attract* buyers to it. BTW, your comments about crackers and ecosystems are several years behind. The current technology crackers are using to great success is social engineering. Actually breaking into systems is almost passe these days. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue
Re: [Full-disclosure] windows future
I'm saying that the world's malware authors, in their race to stay ahead of AV, are engaging in an uncoordinated, slow-motion DDOS of the world's AV systems. They are flooding the blacklists, and this flooding is accelerating. If it continues, the world's AV systems will be useless, as will be the machines they are protecting. You are extrapolating, based on an incorrect assumption - that blacklists will exist forever. When the number of bad files exceeds the number of good files, then whitelists will reign instead. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
Thanks for the comments, indeed, the exponential issue arises due to use the of blacklisting by current AV technologies, and a switch to whitelisting could theoretically mitigate that, however, I'm not sure that would work in practice, there are so many little bits of code that execute, right down to tiny javascripts that check you've filled in an online form correctly, and the user might be bombarded with prompts. Falling back on tweaks to user privileges and UAC prompts is hardly fixing the problem. The core problem is the platform is inherently insecure, due to its development, licensing and marketing models, and nothing is going to fix that. Even if fixing it became somehow possible, the same effort could be spent improving a competing system, rather than fixing a broken one. Just to complete the extrapolation, the below. Assuming that mutation rates continue to increase exponentially, infection rates will reach a maximum when the average computer reaches 100% utilisation due to malware filtering. Infection rates will then decline as vulnerable hosts die off due to their inability to filter. These hosts will either be replaced with new, more powerful Windows machines (before these themselves surcumb to the exponential curve), OR, they will be re-deployed, running a different, non-Windows platform. Eventually, the majority of computer owners will get the idea that they don't need to buy ever-more powerful gear, just to do the same job they did yesterday (there may come a time when the fastest machine available is unable to cope, there is every possibility that mutation rates will exceed Moore's Law). The number of vulnerable hosts will then fall sharply, as the platform is abandoned en-masse. At this time, crackers who have been depending upon a certain amount of cracks per week for income, will find themselves short. They will then, if they have not already, refocus their activities on more profitable revenue streams. If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over, just as the days of the mass-market platform it depends on, will also be over. And then, crackers will need to be very good crackers, to generate enough income from their small-scale attacks. If they aren't very good, they might find it easier and more profitable to get a 9-to-5 job. The number of malware authors will then fall sharply. The world will awaken from the 20+ year nightmare that was Windows, made possible only by manipulative market practices, driven by greed, and discover the only reason it was wracked with malware, was because it had all its eggs in one basket. Certainly, vulnerabilities will persist, and skilled cracking groups may well find new niches from which to operate. But diversifying the ecosystem raises the barrier to entry, to a level most garden-variety crackers will find unprofitable, and that will be all that is required, to encourage most of them to do something else with their lives, and significantly reduce the incidence of cybercrime. (now I phrase it like that, it might be said, that by buying Microsoft, you are indirectly channelling money to organised crime gangs, who most likely engage in other kinds of criminal activity, in addition to cracking, such as identity theft, money laundering, and smuggling. That is, when you buy Microsoft, you are propping up the monoculture, and that monoculture feeds criminals, by way of its inherent flaws. Therefore, if you would like to reduce criminal activity, don't buy Microsoft.) -EOF On 27 Aug 2009 at 13:45, lsi wrote: From: lsi stu...@cyberdelix.net To: full-disclosure@lists.grok.org.uk Date sent: Thu, 27 Aug 2009 13:45:01 +0100 Priority: normal Subject:[Full-disclosure] windows future Send reply to: stu...@cyberdelix.net full-disclosure.lists.grok.org.uk mailto:full-disclosure- requ...@lists.grok.org.uk?subject=unsubscribe mailto:full-disclosure-requ...@lists.grok.org.uk?subject=subscribe [Some more extrapolations, this time taken from the fact that malware mutation rates are increasing exponentially. - Stu] (actually, this wasn't written for an FD audience, please excuse the bit where it urges you to consider your migration strategy, I know you're all ultra-l33t and don't have a single M$ box on your LAN) http://www.theregister.co.uk/2009/08/13/malware_arms_race/ If this trend continues, there will come a time when the amount of malware is so large, that anti-malware filters will need more power than the systems they are protecting are able to provide. At this time, those systems will become essentially worthless, and
Re: [Full-disclosure] windows future
I'm not sure I agree with the basic premise of this scenario. You're suggesting that getting exposed to malware is some kind of inevitability, and that eventually there will be enough different kinds of malware that filtering them all will be impossible. I don't think that's valid. Good browsing habits, running a firewall, and keeping your machine updated will prevent almost all malware from even getting access to your machine. Then all we have to worry about are the few bits of code that are capable of getting through our defenses. To reiterate the biological analogy, we don't rely on antibiotics to stop infection. We rely on good hygiene. In the same way, just as increased biological infection rates led to a push for greater public hygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see a push for greater computer hygiene as malware infection rates rise. Windows already includes a firewall to prevent automated worm infections, and Microsoft is working to harden network facing applications, as evidenced by their recent decision to have IE run with limited privileges. As malware becomes more virulent, the immunity of Windows will likewise grow, putting a damper on any sort of exponential growth curve. --Rohit Patnaik lsi wrote: Thanks for the comments, indeed, the exponential issue arises due to use the of blacklisting by current AV technologies, and a switch to whitelisting could theoretically mitigate that, however, I'm not sure that would work in practice, there are so many little bits of code that execute, right down to tiny javascripts that check you've filled in an online form correctly, and the user might be bombarded with prompts. Falling back on tweaks to user privileges and UAC prompts is hardly fixing the problem. The core problem is the platform is inherently insecure, due to its development, licensing and marketing models, and nothing is going to fix that. Even if fixing it became somehow possible, the same effort could be spent improving a competing system, rather than fixing a broken one. Just to complete the extrapolation, the below. Assuming that mutation rates continue to increase exponentially, infection rates will reach a maximum when the average computer reaches 100% utilisation due to malware filtering. Infection rates will then decline as vulnerable hosts die off due to their inability to filter. These hosts will either be replaced with new, more powerful Windows machines (before these themselves surcumb to the exponential curve), OR, they will be re-deployed, running a different, non-Windows platform. Eventually, the majority of computer owners will get the idea that they don't need to buy ever-more powerful gear, just to do the same job they did yesterday (there may come a time when the fastest machine available is unable to cope, there is every possibility that mutation rates will exceed Moore's Law). The number of vulnerable hosts will then fall sharply, as the platform is abandoned en-masse. At this time, crackers who have been depending upon a certain amount of cracks per week for income, will find themselves short. They will then, if they have not already, refocus their activities on more profitable revenue streams. If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over, just as the days of the mass-market platform it depends on, will also be over. And then, crackers will need to be very good crackers, to generate enough income from their small-scale attacks. If they aren't very good, they might find it easier and more profitable to get a 9-to-5 job. The number of malware authors will then fall sharply. The world will awaken from the 20+ year nightmare that was Windows, made possible only by manipulative market practices, driven by greed, and discover the only reason it was wracked with malware, was because it had all its eggs in one basket. Certainly, vulnerabilities will persist, and skilled cracking groups may well find new niches from which to operate. But diversifying the ecosystem raises the barrier to entry, to a level most garden-variety crackers will find unprofitable, and that will be all that is required, to encourage most of them to do something else with their lives, and significantly reduce the incidence of cybercrime. (now I phrase it like that, it might be said, that by buying Microsoft, you are indirectly channelling money to organised crime gangs, who most likely engage in other kinds of criminal activity, in addition to cracking, such as identity theft, money laundering, and smuggling. That is, when you buy Microsoft, you are propping up the monoculture, and that monoculture feeds criminals, by way of its inherent flaws. Therefore, if you would like to reduce criminal activity, don't buy
Re: [Full-disclosure] windows future
--On Friday, August 28, 2009 09:32:45 -0500 lsi stu...@cyberdelix.net wrote: The world will awaken from the 20+ year nightmare that was Windows, made possible only by manipulative market practices, driven by greed, and discover the only reason it was wracked with malware, was because it had all its eggs in one basket. That's crazy talk. I hate Windows as much as the next guy, but there's a reason they have such a large market share and it's not *just* manipulative market practices. Most people outside the insular geek world use computers to perform tasks for them. They think of the computer as a tool, and they expect it to do the job they want without getting in the way or requiring them to learn to count in hex. When someone else comes up with a system that has excellent graphics, runs Flash and other things without complaint, and just works without expecting them to lift the hood and diagnose problems, doesn't require them to install all sorts of extras to have a working system *and* is priced competitively with Windows, they will buy it. Macs are competitive with Windows in every category except one; price. And by price I mean the cost of walking into a store and walking out with a working system. Apple's biggest mistake has always been trying to hoard the hardware market for their OS - the same mistake Sun makes - which drives up the price and makes them less competitive. Unix (really Linux mostly) is getting there but still has a ways to go. I say these things as a hard core Unix user who loves FreeBSD. There are many reasons that I love FreeBSD and use it exclusively when I can, but things like making Flash work are not for the faint of heart. It won't be the malware that will drive people *away* from Windows (if it was they would have been driven away long ago), it will be the (dare I say it?) user friendliness of a system *and* price competitiveness that will *attract* buyers to it. BTW, your comments about crackers and ecosystems are several years behind. The current technology crackers are using to great success is social engineering. Actually breaking into systems is almost passe these days. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
To be fair, Linux has come a very long way in that regard. I purchased an Asus Eee 900 with Linux preinstalled, and everything worked right out of the box. Flash, Java, OpenOffice, the works. It was a vindication of my view that the real obstacle to Linux on the desktop isn't the user, but rather the OEM. With low-cost, low-power netbooks becoming more prevalent, OEMs are finding that the cost of the Windows license begins to take up a rather high percentage of the overall cost. Therefore, many are preinstalling and preconfiguring Linux. At the same time, consumers are finding that application incompatibilities don't really matter for them, since the Linux equivalents are able to handle data coming from a Windows box with a minimum of fuss. --Rohit Patnaik Paul Schmehl wrote: --On Friday, August 28, 2009 09:32:45 -0500 lsi stu...@cyberdelix.net wrote: The world will awaken from the 20+ year nightmare that was Windows, made possible only by manipulative market practices, driven by greed, and discover the only reason it was wracked with malware, was because it had all its eggs in one basket. That's crazy talk. I hate Windows as much as the next guy, but there's a reason they have such a large market share and it's not *just* manipulative market practices. Most people outside the insular geek world use computers to perform tasks for them. They think of the computer as a tool, and they expect it to do the job they want without getting in the way or requiring them to learn to count in hex. When someone else comes up with a system that has excellent graphics, runs Flash and other things without complaint, and just works without expecting them to lift the hood and diagnose problems, doesn't require them to install all sorts of extras to have a working system *and* is priced competitively with Windows, they will buy it. Macs are competitive with Windows in every category except one; price. And by price I mean the cost of walking into a store and walking out with a working system. Apple's biggest mistake has always been trying to hoard the hardware market for their OS - the same mistake Sun makes - which drives up the price and makes them less competitive. Unix (really Linux mostly) is getting there but still has a ways to go. I say these things as a hard core Unix user who loves FreeBSD. There are many reasons that I love FreeBSD and use it exclusively when I can, but things like making Flash work are not for the faint of heart. It won't be the malware that will drive people *away* from Windows (if it was they would have been driven away long ago), it will be the (dare I say it?) user friendliness of a system *and* price competitiveness that will *attract* buyers to it. BTW, your comments about crackers and ecosystems are several years behind. The current technology crackers are using to great success is social engineering. Actually breaking into systems is almost passe these days. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
--On Friday, August 28, 2009 13:40:28 -0500 Rohit Patnaik quanti...@gmail.com wrote: To be fair, Linux has come a very long way in that regard. I purchased an Asus Eee 900 with Linux preinstalled, and everything worked right out of the box. Flash, Java, OpenOffice, the works. It was a vindication of my view that the real obstacle to Linux on the desktop isn't the user, but rather the OEM. With low-cost, low-power netbooks becoming more prevalent, OEMs are finding that the cost of the Windows license begins to take up a rather high percentage of the overall cost. Therefore, many are preinstalling and preconfiguring Linux. At the same time, consumers are finding that application incompatibilities don't really matter for them, since the Linux equivalents are able to handle data coming from a Windows box with a minimum of fuss. That's good news. Once updating issues are resolved and Xorg becomes as good as Mac and Windows graphics (it's almost there now - it just doesn't quite have the pop or wow factor of Macs), the obstacles to migration (for the consumer) will be availability and the knowledge that an alternative exists. At that point I think we'll see Microsoft's market share begin eroding badly. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows future
First off, I want to second what Rohit said below. I have a 901 and it came that way as well. Granted I've hacked the shit out of it and now it's running something else and very well at that, but by default they are super easy machines to run. And everything just works. Paul Schmehl wrote: --On Friday, August 28, 2009 13:40:28 -0500 Rohit Patnaik quanti...@gmail.com wrote: To be fair, Linux has come a very long way in that regard. I purchased an Asus Eee 900 with Linux preinstalled, and everything worked right out of the box. Flash, Java, OpenOffice, the works. It was a vindication of my view that the real obstacle to Linux on the desktop isn't the user, but rather the OEM. With low-cost, low-power netbooks becoming more prevalent, OEMs are finding that the cost of the Windows license begins to take up a rather high percentage of the overall cost. Therefore, many are preinstalling and preconfiguring Linux. At the same time, consumers are finding that application incompatibilities don't really matter for them, since the Linux equivalents are able to handle data coming from a Windows box with a minimum of fuss. That's good news. Once updating issues are resolved and Xorg becomes as good as Mac and Windows graphics (it's almost there now - it just doesn't quite have the pop or wow factor of Macs), the obstacles to migration (for the consumer) will be availability and the knowledge that an alternative exists. At that point I think we'll see Microsoft's market share begin eroding badly. IMO - the Linux graphics are equivalent with Windows. Mac though, that's another thing. Ubuntu did good to try to add a lot more pretty into their desktop with the last release, to specifically compete with Mac, but Mac still owns that beast. Mac's really are something else to look at. But I'd never own one. ;p I like Apple as much as I like Microsoft. Y'all have a great weekend. :) -- Rob (I am a PC and I run Linux.) +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
