On Thu, Oct 13, 2011 at 10:25 PM, Dante Lanznaster <dant...@gmail.com>wrote:
> On Thu, Oct 13, 2011 at 6:17 PM, Paul Saenz <forensicneoph...@gmail.com> > wrote: > > Actually I think M$ did something that is very similar to *nix type > > permissions when Vista came out. The thing is that most people probably > > don't know how to use it. I just recovered the files off a guys computer > > that was infected with a virus and all his file folders disappeared. His > > password was kitty (his wife's choice) Now when you are in vista, 7 or > up, > > you can't do administration tasks without the administrator password. The > > problem is that most people use a password like Kitty or Scorpio. At > least > > that's what I usually find when someone comes to me when they need their > > laptop reinstalled. > > Actually, Microsoft didn't change the permissions *at all* with Vista or 7. > The > file permissions were still the same way as before, the way that NTFS is. > What > they added was UAC, which asks the user if they really wanted to do that > task > which required an administrative access. Actually, UAC was the unix similar feature I was talikng about. I just didn't know the acronym. Sudo is part of the unix permissions strategy and M$ did add UAC when Vista came out. That strategy is nix permission strategy, and it was added with Vista. So the fact is, you are wrong. M$ di change permissions and it is very similar to nix, as I said. UAC has full permissions. As I said origianlly, M$ did change to a unix type permissions strategy, and I do know exactly what I'm talking about. Without saying so, I was presenting the case that in general it is the user's fault when they get hacked. I was clearly showing that when I said that the fault was in the fact that the typical user picks a weak password. The fact is that the reason M$ get hacked more is because it is a bigger target AND because a higher rate of M$ users are unsophisticated. It is also because M$ is more widely used as a desktop in 1st world nations. Third world nations use linux a lot, but that's not where the money is, so it's not as tempting for a hacker to hack 4 million computer's in Somalia. I didn't bother mentioning those things because basically most people on this list know it. Very similar to sudo. Which, by the > way, if a user is on the sudoers file, and want to wreck his computer, just > go > to the root, do a "sudo rm -rf *" and bam! Pretty much same outcome as an > infection, the computer is wrecked. How exactly did the *nix permission > protect anyone, again? Also, even if you had XP or 2000, and if you weren't > an administrator, you'd be asked to type in the administrator password to > do > a lot of things, you know, things that required *administrative > access*. But then > again, try to tell Jane Doe that she can't install that latest cute > kitty screensaver > on the computer she bought with her own money. > > > Of course it would be much more powerful security if they used owner, > user > > and group, but if people don't have enough sense to use a password > stronger > > than kitty, then forget it. M$ works relentlessly to give all the hackers > a > > roadmap to their OS vulnerabilities the second Tuesday of every month. If > > they educated people about passwords, they could be much more effective. > I > > tend to think that they don't want to do that, because it creates a whole > > new industry. Well actually at least a couple of new industries if you > count > > the hackers too. I think those industries create a lot of revenue for M$ > > too. > > Apparently you have absolutely no knowledge of NTFS security. You're right about that. And I have no interest in NTFS security. > Or knowledge > about the regular patch schedule of the OS. But you're wrong about that. When I said that Microsoft works "relentlessly" I was using the word facetiously. You seem to take issue with that. It's just a joke. I know that Microsoft is putting out the patches to give users updates, but when they do, the hackers look at the code so that they can figure out what the vulnerabilities are. I was just making a joke about how Microsoft knowingly but unintentionally informs hackers of it's vulnerabilities. > I'll leave a couple links > here for you > to do some light reading and become at least somewhat familiar with it: > > I'm not going to waste my time reading that M$ trash! That would be a total waste of time. I already know enough about M$, and what I was intending to say about their patch day was absolutely true and correct. You seem to get worked up a bit when people say things about M$. As usual, you make informatory statements. You remind me of when I was a little kid and there was always some hot head in the neighbourhood or at school who had to prove a point. Pushing people around and saying I'm better than you at this, and I'm better than you at that. You seem to think that people who aren't aware of some M$ feature are not worthy of kindness and respect. Where did you get a twisted juvenile mindset like that? How did your brain get so twisted? Is it because of knowing to much Microsoft? I'm always amazed when I come across people who are so snotty. How old are you? Do you talk like that to your friends? Is this list a place where the real you gets to reveal it's ugly face. Do you hide your true self in the real world, and then find relief by letting your true self come out on this list? Do you talk to your wife, or your girlfriend or your boss like they are complete idiots just because they aren't aware of some feature in Microsoft? I'm afraid that some day, if you ever grow up, which I doubt, you are going to realize that your behaviour is crude, boorish, immature, and unprofessional to say the least, and that you will be ashamed of yourself. But like I said, I doubt if that day will ever come. Where you mistreated as a child? I feel sorry for you. You have to live with yourself. Do you have real friends, or do you just think you have friends because you are always too drunk to really know the difference? No, I'm serious. It really makes me wonder how a person becomes so bitter and nasty. Is being a nasty person the only way you can find comfort? Are you like Ebenezer Scroog? You know the dumbest person in the world can be your best and sweetest friend, but one of the worst fates in life is to have a nasty character. It doesn't matter how dumb or smart you are, everyone will hate you. You can talk to peoples face and they will smile at you, but when you walk away, they sneer at you to each other. It amazes me that so many members on this list think that for some reason this list is a good place to be nasty to people. The truth is that people who have nasty characters can relieve themselves on this list, and no one can hold them accountable. It is a place where your true character will come out. You won't talk like that to your mom, or your dad, or your girlfriend, or your boss, or your children unless you're really drunk, which is another time or place where your true character will come out, but then you will be in trouble. The fact is that there are several NASTY people on this list. If you are one of them, then you know who you are. YOU ARE A NASTY PERSON. WRETCHED, BITTER, UNCULTURED, CRUDE, UNREFINED, IMMATURE, BOORISH and MALICIOUS. All of those things are an indication of IGNORANCE. No mature person will behave that way. The only way you will truly be happy is when you wind up in hell with all the other people who are just like you. > http://www.pcguide.com/ref/hdd/file/ntfs/secGen-c.html > http://is.gd/XTBpmq > > Plenty of security parameters in place, including what? Oh look at that, > user, > group, owner, and some other gold nuggets in there as well. Is that > powerful > enough? It is. It is *very* powerful. Except that when the user wants to > run > something and permissions get in the way, what do they do? Go ahead and > give full control to themselves at the first opportunity. Nothing that > executing > a "sudo chmod" would avoid. > > With regards to Patch Tuesday, they're not "working relentlessly to give > all > the hackers a roadmap". Patch Tuesday is where they publish patches for > current vulnerabilities so that users can install it and defend themselves. > A > significant number of infections out there, especially the self-spreading > worms, > happen mostly because of unpatched systems. Think conficker and blaster. > I do agree that some vulnerabilities take time to be patched, but Microsoft > does not release details about them until they're patched. A lot of > security > researchers also work under responsible disclosure so that details do not > become public until there's a patch available. It is up to the end user to > be > aware of it and install it. Don't want to install patches? Well, that's > *hardly* > the operating system's fault, isn't it? > > How long have security-minded people been trying to educate people about > passwords? Many many years. Have users listened? Absolutely not. Would > it make a difference if Microsoft did it? Absolutely not. Remembering > complicated passwords is *hard*. Having a different password for each site? > That's even *harder*. That's not even including regular password changes. > Will things change? I sure hope so, but it's 2011, almost 2012, and people > still think that "bluesky" or "kitty" or their birth date are > acceptable passwords. > There are tools in place to enforce strong passwords with any Windows > machine, but at the first opportunity, users will ask someone knowledgeable > to "turn that **** off". > > To sum it up, yes, it *is* the user's fault their machine got infected. I > know > plenty of knowledgeable people that use Windows daily and don't get > infected > because they have "street smarts" or whatever it is that you might call > being > savvy. I have been using Windows in all my machines for as long as I can > remember, and my last problem with virus, in my own computer, was in the > mid 90s because I did something stupid and infected my computer. I've also > been using the Internet since 1997, and I don't feel like I have to > "unplug" my > computers from the net and use them in an airtight room to be safe. I work > in > this industry, I do Windows sysadmin and helpdesk for a living. And I've > managed to be pretty good at it too. But one thing that hasn't changed over > all these years, is how users treat their computers and how they'll get > duped > into doing really dumb stuff. Do you really think it's the OS's fault? > Well, > it's all market share. Think about the recent Mac malware streak, that > Apple > itself had to catch up with it and release an OS update to get rid of the > Mac > Defender scareware. How's that different than an anti-malware signature > update on Windows? While at it, if you have an Android phone, you better > take a good look at it, because that's the next target. Plenty of malware > out > there already. And that's linux-based, with your *nix permissions and > everything. > > -- > Dante > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >
_______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
