On Fri, Oct 14, 2011 at 2:08 AM, Paul Saenz <forensicneoph...@gmail.com>wrote:
> > > On Thu, Oct 13, 2011 at 10:25 PM, Dante Lanznaster <dant...@gmail.com>wrote: > >> On Thu, Oct 13, 2011 at 6:17 PM, Paul Saenz <forensicneoph...@gmail.com> >> wrote: >> > Actually I think M$ did something that is very similar to *nix type >> > permissions when Vista came out. The thing is that most people probably >> > don't know how to use it. I just recovered the files off a guys computer >> > that was infected with a virus and all his file folders disappeared. His >> > password was kitty (his wife's choice) Now when you are in vista, 7 or >> up, >> > you can't do administration tasks without the administrator password. >> The >> > problem is that most people use a password like Kitty or Scorpio. At >> least >> > that's what I usually find when someone comes to me when they need their >> > laptop reinstalled. >> >> Actually, Microsoft didn't change the permissions *at all* with Vista or >> 7. The >> file permissions were still the same way as before, the way that NTFS is. >> What >> they added was UAC, which asks the user if they really wanted to do that >> task >> which required an administrative access. > > > Actually, UAC was the unix similar feature I was talikng about. I just > didn't know the acronym. Sudo is part of the unix permissions strategy and > M$ did add UAC when Vista came out. That strategy is nix permission > strategy, and it was added with Vista. So the fact is, you are wrong. M$ di > change permissions and it is very similar to nix, as I said. UAC has full > permissions. > > As I said origianlly, M$ did change to a unix type permissions strategy, > and I do know exactly what I'm talking about. Without saying so, I was > presenting the case that in general it is the user's fault when they get > hacked. I was clearly showing that when I said that the fault was in the > fact that the typical user picks a weak password. The fact is that the > reason M$ get hacked more is because it is a bigger target AND because a > higher rate of M$ users are unsophisticated. It is also because M$ is more > widely used as a desktop in 1st world nations. Third world nations use linux > a lot, but that's not where the money is, so it's not as tempting for a > hacker to hack 4 million computer's in Somalia. I didn't bother mentioning > those things because basically most people on this list know it. > There's more to permissions than just sudo like behavior. Windows permissions are more complex and detailed than *nix because they have detailed ACLs and not just read, write, execute. Moving to *nix permissions would mean simplifying a lot and they can't do that at this point because people have environments setup a certain way > > > > > Very similar to sudo. Which, by the >> way, if a user is on the sudoers file, and want to wreck his computer, >> just go >> to the root, do a "sudo rm -rf *" and bam! Pretty much same outcome as an >> infection, the computer is wrecked. How exactly did the *nix permission >> protect anyone, again? Also, even if you had XP or 2000, and if you >> weren't >> an administrator, you'd be asked to type in the administrator password to >> do >> a lot of things, you know, things that required *administrative >> access*. But then >> again, try to tell Jane Doe that she can't install that latest cute >> kitty screensaver >> on the computer she bought with her own money. >> >> > Of course it would be much more powerful security if they used owner, >> user >> > and group, but if people don't have enough sense to use a password >> stronger >> > than kitty, then forget it. M$ works relentlessly to give all the >> hackers a >> > roadmap to their OS vulnerabilities the second Tuesday of every month. >> If >> > they educated people about passwords, they could be much more effective. >> I >> > tend to think that they don't want to do that, because it creates a >> whole >> > new industry. Well actually at least a couple of new industries if you >> count >> > the hackers too. I think those industries create a lot of revenue for M$ >> > too. >> >> Apparently you have absolutely no knowledge of NTFS security. > > > You're right about that. And I have no interest in NTFS security. > > >> Or knowledge >> about the regular patch schedule of the OS. > > > But you're wrong about that. When I said that Microsoft works > "relentlessly" I was using the word facetiously. You seem to take issue with > that. It's just a joke. I know that Microsoft is putting out the patches to > give users updates, but when they do, the hackers look at the code so that > they can figure out what the vulnerabilities are. I was just making a joke > about how Microsoft knowingly but unintentionally informs hackers of it's > vulnerabilities. > > >> I'll leave a couple links >> here for you >> to do some light reading and become at least somewhat familiar with it: >> >> I'm not going to waste my time reading that M$ trash! That would be a > total waste of time. I already know enough about M$, and what I was > intending to say about their patch day was absolutely true and correct. > > You seem to get worked up a bit when people say things about M$. As usual, > you make informatory statements. You remind me of when I was a little kid > and there was always some hot head in the neighbourhood or at school who had > to prove a point. Pushing people around and saying I'm better than you at > this, and I'm better than you at that. You seem to think that people who > aren't aware of some M$ feature are not worthy of kindness and respect. > Where did you get a twisted juvenile mindset like that? How did your brain > get so twisted? Is it because of knowing to much Microsoft? I'm always > amazed when I come across people who are so snotty. > > How old are you? Do you talk like that to your friends? Is this list a > place where the real you gets to reveal it's ugly face. Do you hide your > true self in the real world, and then find relief by letting your true self > come out on this list? Do you talk to your wife, or your girlfriend or your > boss like they are complete idiots just because they aren't aware of some > feature in Microsoft? I'm afraid that some day, if you ever grow up, which I > doubt, you are going to realize that your behaviour is crude, boorish, > immature, and unprofessional to say the least, and that you will be ashamed > of yourself. But like I said, I doubt if that day will ever come. > > Where you mistreated as a child? I feel sorry for you. You have to live > with yourself. Do you have real friends, or do you just think you have > friends because you are always too drunk to really know the difference? No, > I'm serious. It really makes me wonder how a person becomes so bitter and > nasty. Is being a nasty person the only way you can find comfort? Are you > like Ebenezer Scroog? You know the dumbest person in the world can be your > best and sweetest friend, but one of the worst fates in life is to have a > nasty character. It doesn't matter how dumb or smart you are, everyone will > hate you. You can talk to peoples face and they will smile at you, but when > you walk away, they sneer at you to each other. > > It amazes me that so many members on this list think that for some reason > this list is a good place to be nasty to people. The truth is that people > who have nasty characters can relieve themselves on this list, and no one > can hold them accountable. It is a place where your true character will come > out. You won't talk like that to your mom, or your dad, or your girlfriend, > or your boss, or your children unless you're really drunk, which is another > time or place where your true character will come out, but then you will be > in trouble. The fact is that there are several NASTY people on this list. If > you are one of them, then you know who you are. YOU ARE A NASTY PERSON. > WRETCHED, BITTER, UNCULTURED, CRUDE, UNREFINED, IMMATURE, BOORISH and > MALICIOUS. All of those things are an indication of IGNORANCE. No mature > person will behave that way. > > The only way you will truly be happy is when you wind up in hell with all > the other people who are just like you. > > > >> http://www.pcguide.com/ref/hdd/file/ntfs/secGen-c.html >> http://is.gd/XTBpmq >> >> Plenty of security parameters in place, including what? Oh look at that, >> user, >> group, owner, and some other gold nuggets in there as well. Is that >> powerful >> enough? It is. It is *very* powerful. Except that when the user wants to >> run >> something and permissions get in the way, what do they do? Go ahead and >> give full control to themselves at the first opportunity. Nothing that >> executing >> a "sudo chmod" would avoid. >> >> With regards to Patch Tuesday, they're not "working relentlessly to give >> all >> the hackers a roadmap". Patch Tuesday is where they publish patches for >> current vulnerabilities so that users can install it and defend >> themselves. A >> significant number of infections out there, especially the self-spreading >> worms, >> happen mostly because of unpatched systems. Think conficker and blaster. >> I do agree that some vulnerabilities take time to be patched, but >> Microsoft >> does not release details about them until they're patched. A lot of >> security >> researchers also work under responsible disclosure so that details do not >> become public until there's a patch available. It is up to the end user to >> be >> aware of it and install it. Don't want to install patches? Well, that's >> *hardly* >> the operating system's fault, isn't it? >> >> How long have security-minded people been trying to educate people about >> passwords? Many many years. Have users listened? Absolutely not. Would >> it make a difference if Microsoft did it? Absolutely not. Remembering >> complicated passwords is *hard*. Having a different password for each >> site? >> That's even *harder*. That's not even including regular password changes. >> Will things change? I sure hope so, but it's 2011, almost 2012, and people >> still think that "bluesky" or "kitty" or their birth date are >> acceptable passwords. >> There are tools in place to enforce strong passwords with any Windows >> machine, but at the first opportunity, users will ask someone >> knowledgeable >> to "turn that **** off". >> >> To sum it up, yes, it *is* the user's fault their machine got infected. I >> know >> plenty of knowledgeable people that use Windows daily and don't get >> infected >> because they have "street smarts" or whatever it is that you might call >> being >> savvy. I have been using Windows in all my machines for as long as I can >> remember, and my last problem with virus, in my own computer, was in the >> mid 90s because I did something stupid and infected my computer. I've also >> been using the Internet since 1997, and I don't feel like I have to >> "unplug" my >> computers from the net and use them in an airtight room to be safe. I work >> in >> this industry, I do Windows sysadmin and helpdesk for a living. And I've >> managed to be pretty good at it too. But one thing that hasn't changed >> over >> all these years, is how users treat their computers and how they'll get >> duped >> into doing really dumb stuff. Do you really think it's the OS's fault? >> Well, >> it's all market share. Think about the recent Mac malware streak, that >> Apple >> itself had to catch up with it and release an OS update to get rid of the >> Mac >> Defender scareware. How's that different than an anti-malware signature >> update on Windows? While at it, if you have an Android phone, you better >> take a good look at it, because that's the next target. Plenty of malware >> out >> there already. And that's linux-based, with your *nix permissions and >> everything. >> >> -- >> Dante >> _______________________________________________ >> LinuxUsers mailing list >> LinuxUsers@socallinux.org >> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >> > > > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > >
_______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
