On Nov 17, 2006, at 6:36 PM, Marc CASTEELS wrote:
In my opinion, a user workstation should have
zero / NIL server functionality onboard. It should not have any thing
that reacts on the data it receives. So no PUSH style processes.
That means no personal file sharing of your local hard drive. You
would have to have a dedicated server that everyone connects to.
It also means no acting as a host for non networkable printers.
No Remote Desktop either, so for support, you better be ready to hike
to whatever location needs you to personally interact with the computer.
No, there are lots and lots and lots of reasons a workstation OS
should have the ability to have server processes running. However,
that is the ABILITY to have it. I do agree that there should never be
ANY server processes turned on by default on any workstation class
OS. And hey, what do you know... that is in fact the exact way OS X
is setup. Lots of under the hood abilities waiting and ready, but
they all need to explicitly be turned on.
And with the newer INTEL processors and Windows Vista .. I was told
that
there are certain 'Virtual PCs' running without us knowing, and the
only
way to show their presence it by showing that some CPU time is lost.
This is untrue at the basic level. That is, if you are using
BootCamp, at no time is there ever any windows "virtual pc" stuff
running when using OS X. They are 100% separate bootable operating
systems and the two have no way to interact.
When using Parallels, the same may not hold true... however, even
going back to Virtual PC, these "virtual machines" are run in a jail,
there is no code that can "leap out" and get into OS X. There are
distinct processes that allow the Mac OS to send or control data
going on in the virtual environment, and there are a few distinct
paths for the virtual environment to send data out, but in both cases
they are specific and regulated. On the outbound side, there has
never been an exploit even shown on a proof of concept. On the
inbound, at least with later versions of Virtual PC, I can think of
some ways you can make a trojan horse on OS X (or even OS 9) that can
do bad things to the virtual machine (later versions of Virtual PC
had very powerful Applescript abilities). So although there was never
even a proof of concept made known, I can say that it should in
theory be possible going inbound.
They are Virtual processes hiding at the hardware/firmware level.
I think what you may be thinking of here is how the Intel chipset
support "virtualization" in the processor. But that is entirely
different then having a virtual environment running without your
knowledge. What that is, is the chipset understands the concept of
virtual environments, and has special functions that better allow
virtual environments to get at time slices and access to specific
shared hardware. This is one of the reasons Parallels runs Windows in
darn near native speed. But the key is, you still need something like
Parallels to unlock those virtualization abilities and make use of
them. They aren't sitting there doing things without you knowing.
Civil
Liberties people have a lot of work and they are damn necessary.
This I can't argue with. There are still processes running that Apple
(or others) have put in there to monitor what is going on. I can't
speak off the top of my head about things in OS X client, but in OS X
Server there is a specific process that monitors the serial number of
the server, and can disable the server if it detects a known pirate
number. So far I'm not aware that Apple has that process reaching out
to them, but there is nothing stopping them from doing so.
On the Mac side of things, so far, Apple seems to be pretty honest
when it comes to spying on the OS (the same can NOT be said for
iTunes, nor for many Mac software vendors). On the Windows side, MS
is regularly, and arrogantly spying on OS users (just check out the
whole Windows Genuine Advantage fiasco that MS made into a
"mandatory" update, and then had it collect a large amount of
personally identifiable information about your machine, and send it
all back to MS headquarters. And if it happened to decide, correctly
or not as there were a massive number of incorrect flagings, that you
had a pirate version of Windows, it not only collected all that
IDable info, it also phoned home every time you used the computer and
told them things like where you where, how long you were on the
machine, and in some cases, what you were doing with the machine!)
And we need not breach the level of spyware present in just about
every Windows application, from MS or from others (Adobe is another
big offender).
I am convinced that nearly ALL of the misery we currently have with
SPAM
and viruses, is because manufacturers were primarily thinking about
themselves, rather than the users/customers.
Actually there are two reasons we have the massive virus issues
(which should not be confused with spam). 1: MS was lazy and arrogant
and didn't give a damn about security until very recently. So their
software was riddled with security holes. and 2: Windows users are
dumb, stupid, moronic, idiots who can't learn from their mistakes...
these people would burn their hands by touching a hot stove, scream
in pain, and when someone asked them what was wrong, they would show
them by touching the hot stove again. Windows users don't care enough
to learn how to actually use their computer, so they don't bother
taking simple steps to massively reduce their virus risk. And on top
of it, they are easily duped into CHOOSING to run obvious trojan horses.
Spam on the other hand, is simple mass marketing. There is huge
amounts of money to be made by spamming, and if there is money to be
made, people will do whatever they can to get at it. Think about the
level of junk postal mail you get. I'd guess everyone here averages
6-10 pieces of junk postal mail a day (I know I get at least one
Capitol One credit card offer EACH DAY). And this level is maintained
while the sender has to pay per peice they mail. Now enter spam,
where you don't pay per piece, rather, for almost free, you can hit
millions of people in a single shot. If junk postal mail senders
didn't have to pay per piece like spammers get away with, how much
junk postal mail do you think you would get per day!
I may sound like a fundamentalist these days when I advise all my
customers to disallow HTML in emails, but I do mean it.
Do you know that we get pricelists and quotations from
distributors and
vendors, and because the pricing data in there are variables from the
vendor's database the prices are changing AFTER we received it. There
are many indecent practises, and it is so popular to run with the
masses
all in the direction of Outlook Entourage etc...
Actually, you just listed a legitimate use for HTML email. The
problems with HTML come in with the spammers who use uniquely named
graphics files in their HTML email, so when they are referenced off
their server when you display the email, you just told them they sent
to an active email address, and one that is owned by someone that
looks at the spam. That makes you gold to them, and you are sure to
get bumped to the top of the list of good addresses ready to get more
spam.
By the way, this trick does not work with Mail.app by default. The
default setting in Mail is to NOT load images from a remote server.
You have to either turn it on to always load them (a dumb idea), or
you have to click a button in the email telling it to load them (a
good idea, as that lets you selectively override it for emails that
you want to see the images, such as advertisements from trusted sources)
Other problems with HTML email (that are lessened these days as even
Outlook and Outlook express now stop this by default), is when viri
are hidden in scripts in the HTML code that cause either the virus to
be run as soon as you open the email, or in some other way download
or compromise your computer as soon as the email is displayed and the
HTML is rendered. This was a HUGE problem years ago, because most
HTML email clients also are set to auto display any message that is
selected in the message list. So you delete the message you were
reading, and the next one down becomes auto selected, in turn becomes
auto opened and displayed, rendering the HTML, and executing the virus.
Again, so far, this has not be exploited in OS X, and although it was
very common on Windows, any current versions of email clients for
Windows I believe now guard against this. However, that only reduces
its occurrence on Windows, as large LARGE numbers of users have not
upgraded to current versions of their email clients.
People should stop thinking that virus technology is used only for
things
that do straight-forward damage such as wiping a disk or making files
corrupted.
Most current viri is there either to act as spyware and popup
providers (to generate ad income to some dirtbag) or to zombifiy a
computer to act as a spam sending source (to generate ad income to
some diftbag), or even to do both.
Gone are the days of a virus being usually harmless and there only to
stroke the ego of some kid, or the days of a virus being there to do
harm because some misguided dick thinks it somehow is fitting
revenge. Nope, like everything else related to computers these days,
even the viri are all about making money.
I
seriously want to know if the more recent versions of Acrobat send
information back to then sender of the document or Adobe.
I use Acrobat, and I am unaware of anything in PDFs that
automatically returns any information to anyone. Adobe does (on the
PC versions) phone home during the install to "activate" the
software. This is done to help against piracy. I'm not sure if the
latest Mac version is now doing that as well (since OS X can create
PDFs directly, I haven't upgraded from Acrobat 6 yet, and v6 did not
phone home during the install... v7 might as v7 is part of Adobe
Creative Suite 2, and I've heard rumor that as of CS 2, Adobe is now
doing the same activation on the Mac as they have been doing for a
while on the PC).
I am a systems administrator and we have certain ISP equipment running
across the (small) country. I see clearly that certain waves of SPAM
result out of certain application usage.
If you use any Windows "Shareware" you can almost bet it installed
some kind of spyware with it. I have stopped using Windows shareware
because that market has become so freaking dirty. Even almost all the
freeware is actually shareware/spyware that the author has simply
lied about in order to get someone to download it. I've resorted to
almost exclusively using either commercial software, or simply
writing my own. The few apps on Windows that I use that aren't either
self written or commercial, are ones that are very clear about how
the shareware or freeware works (ie: they are released by reputable
companies or developers and spell out everything up front).
I'm of the personal opinion that windows software piracy is as bad as
it is because of the fact that no one can trust windows shareware and
freeware any more. So they all do the same as me, stick to
commercial... and if they can't afford it, and lack the skills to
write their own, they pirate commercial software instead, because it
is less risky then installing shareware!
And we are tracking and analyzing to find out the relation between app
versions and certain SPAM behavior.
I'd actually be very interested in seeing your results. I'd love to
see statistical evidence against certain apps... that way I know what
to avoid myself (and potentially come up with better ways of stopping
spam from getting to my servers)
-chris
<www.mythtech.net>
___________________________________________________________________________
To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to
<[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
