My bad Chris you're right I say the same thing I forgot about phones and tables. I guess I meant to say as system administrators On Oct 14, 2011 12:07 PM, "Chris Penn" <cantorm...@gmail.com> wrote:
> "We all love Linux and we are the "few" that can take advantage of it, > but in the real world we have to deal with other stuff and there is > where you proof how smart you are." > > My family and I take advantage of Linux on the desktop, server, > cluster, router, tablet and phone. > > Chris... > > On Fri, Oct 14, 2011 at 1:20 PM, Hugo Arriola <hharri...@gmail.com> wrote: > > I agree with Peter again, being a Systems administrator it is not a fight > > between brands, open or closed source. Is the ability of maintain systems > up > > an running a 100%. We all love Linux and we are the "few" that can take > > advantage of it, but in the real world we have to deal with other stuff > and > > there is where you proof how smart you are. > > > > On Oct 14, 2011 11:11 AM, "Peter Manis" <peter.ma...@gmail.com> wrote: > >> > >> > >> On Fri, Oct 14, 2011 at 2:08 AM, Paul Saenz <forensicneoph...@gmail.com > > > >> wrote: > >>> > >>> > >>> On Thu, Oct 13, 2011 at 10:25 PM, Dante Lanznaster <dant...@gmail.com> > >>> wrote: > >>>> > >>>> On Thu, Oct 13, 2011 at 6:17 PM, Paul Saenz < > forensicneoph...@gmail.com> > >>>> wrote: > >>>> > Actually I think M$ did something that is very similar to *nix type > >>>> > permissions when Vista came out. The thing is that most people > >>>> > probably > >>>> > don't know how to use it. I just recovered the files off a guys > >>>> > computer > >>>> > that was infected with a virus and all his file folders disappeared. > >>>> > His > >>>> > password was kitty (his wife's choice) Now when you are in vista, 7 > or > >>>> > up, > >>>> > you can't do administration tasks without the administrator > password. > >>>> > The > >>>> > problem is that most people use a password like Kitty or Scorpio. At > >>>> > least > >>>> > that's what I usually find when someone comes to me when they need > >>>> > their > >>>> > laptop reinstalled. > >>>> > >>>> Actually, Microsoft didn't change the permissions *at all* with Vista > or > >>>> 7. The > >>>> file permissions were still the same way as before, the way that NTFS > >>>> is. What > >>>> they added was UAC, which asks the user if they really wanted to do > that > >>>> task > >>>> which required an administrative access. > >>> > >>> Actually, UAC was the unix similar feature I was talikng about. I just > >>> didn't know the acronym. Sudo is part of the unix permissions strategy > and > >>> M$ did add UAC when Vista came out. That strategy is nix permission > >>> strategy, and it was added with Vista. So the fact is, you are wrong. > M$ di > >>> change permissions and it is very similar to nix, as I said. UAC has > full > >>> permissions. > >>> > >>> As I said origianlly, M$ did change to a unix type permissions > strategy, > >>> and I do know exactly what I'm talking about. Without saying so, I was > >>> presenting the case that in general it is the user's fault when they > get > >>> hacked. I was clearly showing that when I said that the fault was in > the > >>> fact that the typical user picks a weak password. The fact is that the > >>> reason M$ get hacked more is because it is a bigger target AND because > a > >>> higher rate of M$ users are unsophisticated. It is also because M$ is > more > >>> widely used as a desktop in 1st world nations. Third world nations use > linux > >>> a lot, but that's not where the money is, so it's not as tempting for a > >>> hacker to hack 4 million computer's in Somalia. I didn't bother > mentioning > >>> those things because basically most people on this list know it. > >>> > >>> > >>> > >>> > >>>> Very similar to sudo. Which, by the > >>>> way, if a user is on the sudoers file, and want to wreck his computer, > >>>> just go > >>>> to the root, do a "sudo rm -rf *" and bam! Pretty much same outcome as > >>>> an > >>>> infection, the computer is wrecked. How exactly did the *nix > permission > >>>> protect anyone, again? Also, even if you had XP or 2000, and if you > >>>> weren't > >>>> an administrator, you'd be asked to type in the administrator password > >>>> to do > >>>> a lot of things, you know, things that required *administrative > >>>> access*. But then > >>>> again, try to tell Jane Doe that she can't install that latest cute > >>>> kitty screensaver > >>>> on the computer she bought with her own money. > >>>> > >>>> > Of course it would be much more powerful security if they used > owner, > >>>> > user > >>>> > and group, but if people don't have enough sense to use a password > >>>> > stronger > >>>> > than kitty, then forget it. M$ works relentlessly to give all the > >>>> > hackers a > >>>> > roadmap to their OS vulnerabilities the second Tuesday of every > month. > >>>> > If > >>>> > they educated people about passwords, they could be much more > >>>> > effective. I > >>>> > tend to think that they don't want to do that, because it creates a > >>>> > whole > >>>> > new industry. Well actually at least a couple of new industries if > you > >>>> > count > >>>> > the hackers too. I think those industries create a lot of revenue > for > >>>> > M$ > >>>> > too. > >>>> > >>>> Apparently you have absolutely no knowledge of NTFS security. > >>> > >>> You're right about that. And I have no interest in NTFS security. > >>> > >>>> > >>>> Or knowledge > >>>> about the regular patch schedule of the OS. > >>> > >>> But you're wrong about that. When I said that Microsoft works > >>> "relentlessly" I was using the word facetiously. You seem to take issue > with > >>> that. It's just a joke. I know that Microsoft is putting out the > patches to > >>> give users updates, but when they do, the hackers look at the code so > that > >>> they can figure out what the vulnerabilities are. I was just making a > joke > >>> about how Microsoft knowingly but unintentionally informs hackers of > it's > >>> vulnerabilities. > >> > >> And you think open source doesn't have this problem? > >> Being closed source at least the users are getting the patch about the > >> same time as the attackers are able to reverse engineer the patch. > >> With open source someone has to commit the change to the software > (kernel, > >> application, etc), which is usually public, then a new version has to be > >> released. How many people actually build from source these days? > probably a > >> pretty small percentage. So the developers need to have a very strong > >> commitment to security to do a release for every single security related > >> change. That just doesn't make sense all the time. > >> > >>> > >>> > >>>> > >>>> I'll leave a couple links > >>>> here for you > >>>> to do some light reading and become at least somewhat familiar with > it: > >>>> > >>> I'm not going to waste my time reading that M$ trash! That would be a > >>> total waste of time. I already know enough about M$, and what I was > >>> intending to say about their patch day was absolutely true and correct. > >>> > >> > >> Being informed of both sides is not a total waste of time. I recommend > >> being more open to understanding all sides. It gives you more > information to > >> back up your opinions and will be helpful when developing a solution to > >> something because you actually know why one thing is beneficial and > another > >> may not be. > >> > >>> > >>> You seem to get worked up a bit when people say things about M$. As > >>> usual, you make informatory statements. You remind me of when I was a > little > >>> kid and there was always some hot head in the neighbourhood or at > school who > >>> had to prove a point. Pushing people around and saying I'm better than > you > >>> at this, and I'm better than you at that. You seem to think that people > who > >>> aren't aware of some M$ feature are not worthy of kindness and respect. > >>> Where did you get a twisted juvenile mindset like that? How did your > brain > >>> get so twisted? Is it because of knowing to much Microsoft? I'm always > >>> amazed when I come across people who are so snotty. > >>> > >>> How old are you? Do you talk like that to your friends? Is this list a > >>> place where the real you gets to reveal it's ugly face. Do you hide > your > >>> true self in the real world, and then find relief by letting your true > self > >>> come out on this list? Do you talk to your wife, or your girlfriend or > your > >>> boss like they are complete idiots just because they aren't aware of > some > >>> feature in Microsoft? I'm afraid that some day, if you ever grow up, > which I > >>> doubt, you are going to realize that your behaviour is crude, boorish, > >>> immature, and unprofessional to say the least, and that you will be > ashamed > >>> of yourself. But like I said, I doubt if that day will ever come. > >>> > >>> Where you mistreated as a child? I feel sorry for you. You have to live > >>> with yourself. Do you have real friends, or do you just think you have > >>> friends because you are always too drunk to really know the difference? > No, > >>> I'm serious. It really makes me wonder how a person becomes so bitter > and > >>> nasty. Is being a nasty person the only way you can find comfort? Are > you > >>> like Ebenezer Scroog? You know the dumbest person in the world can be > your > >>> best and sweetest friend, but one of the worst fates in life is to have > a > >>> nasty character. It doesn't matter how dumb or smart you are, everyone > will > >>> hate you. You can talk to peoples face and they will smile at you, but > when > >>> you walk away, they sneer at you to each other. > >>> > >>> It amazes me that so many members on this list think that for some > reason > >>> this list is a good place to be nasty to people. The truth is that > people > >>> who have nasty characters can relieve themselves on this list, and no > one > >>> can hold them accountable. It is a place where your true character will > come > >>> out. You won't talk like that to your mom, or your dad, or your > girlfriend, > >>> or your boss, or your children unless you're really drunk, which is > another > >>> time or place where your true character will come out, but then you > will be > >>> in trouble. The fact is that there are several NASTY people on this > list. If > >>> you are one of them, then you know who you are. YOU ARE A NASTY PERSON. > >>> WRETCHED, BITTER, UNCULTURED, CRUDE, UNREFINED, IMMATURE, BOORISH and > >>> MALICIOUS. All of those things are an indication of IGNORANCE. No > mature > >>> person will behave that way. > >>> > >>> The only way you will truly be happy is when you wind up in hell with > all > >>> the other people who are just like you. > >> > >> I do not find Dante's response to be that bad of a response. There may > >> have been a sentence or two that might have been strong, but overall he > is > >> making good points. > >> Your response to this was out of line. > >> > >>> > >>> > >>>> > >>>> http://www.pcguide.com/ref/hdd/file/ntfs/secGen-c.html > >>>> http://is.gd/XTBpmq > >>>> > >>>> Plenty of security parameters in place, including what? Oh look at > that, > >>>> user, > >>>> group, owner, and some other gold nuggets in there as well. Is that > >>>> powerful > >>>> enough? It is. It is *very* powerful. Except that when the user wants > to > >>>> run > >>>> something and permissions get in the way, what do they do? Go ahead > and > >>>> give full control to themselves at the first opportunity. Nothing that > >>>> executing > >>>> a "sudo chmod" would avoid. > >>>> > >>>> With regards to Patch Tuesday, they're not "working relentlessly to > give > >>>> all > >>>> the hackers a roadmap". Patch Tuesday is where they publish patches > for > >>>> current vulnerabilities so that users can install it and defend > >>>> themselves. A > >>>> significant number of infections out there, especially the > >>>> self-spreading worms, > >>>> happen mostly because of unpatched systems. Think conficker and > blaster. > >>>> I do agree that some vulnerabilities take time to be patched, but > >>>> Microsoft > >>>> does not release details about them until they're patched. A lot of > >>>> security > >>>> researchers also work under responsible disclosure so that details do > >>>> not > >>>> become public until there's a patch available. It is up to the end > user > >>>> to be > >>>> aware of it and install it. Don't want to install patches? Well, > that's > >>>> *hardly* > >>>> the operating system's fault, isn't it? > >>>> > >>>> How long have security-minded people been trying to educate people > about > >>>> passwords? Many many years. Have users listened? Absolutely not. Would > >>>> it make a difference if Microsoft did it? Absolutely not. Remembering > >>>> complicated passwords is *hard*. Having a different password for each > >>>> site? > >>>> That's even *harder*. That's not even including regular password > >>>> changes. > >>>> Will things change? I sure hope so, but it's 2011, almost 2012, and > >>>> people > >>>> still think that "bluesky" or "kitty" or their birth date are > >>>> acceptable passwords. > >>>> There are tools in place to enforce strong passwords with any Windows > >>>> machine, but at the first opportunity, users will ask someone > >>>> knowledgeable > >>>> to "turn that **** off". > >>>> > >>>> To sum it up, yes, it *is* the user's fault their machine got > infected. > >>>> I know > >>>> plenty of knowledgeable people that use Windows daily and don't get > >>>> infected > >>>> because they have "street smarts" or whatever it is that you might > call > >>>> being > >>>> savvy. I have been using Windows in all my machines for as long as I > can > >>>> remember, and my last problem with virus, in my own computer, was in > the > >>>> mid 90s because I did something stupid and infected my computer. I've > >>>> also > >>>> been using the Internet since 1997, and I don't feel like I have to > >>>> "unplug" my > >>>> computers from the net and use them in an airtight room to be safe. I > >>>> work in > >>>> this industry, I do Windows sysadmin and helpdesk for a living. And > I've > >>>> managed to be pretty good at it too. But one thing that hasn't changed > >>>> over > >>>> all these years, is how users treat their computers and how they'll > get > >>>> duped > >>>> into doing really dumb stuff. Do you really think it's the OS's fault? > >>>> Well, > >>>> it's all market share. Think about the recent Mac malware streak, that > >>>> Apple > >>>> itself had to catch up with it and release an OS update to get rid of > >>>> the Mac > >>>> Defender scareware. How's that different than an anti-malware > signature > >>>> update on Windows? While at it, if you have an Android phone, you > better > >>>> take a good look at it, because that's the next target. Plenty of > >>>> malware out > >>>> there already. And that's linux-based, with your *nix permissions and > >>>> everything. > >>>> > >>>> -- > >>>> Dante > >>>> _______________________________________________ > >>>> LinuxUsers mailing list > >>>> LinuxUsers@socallinux.org > >>>> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > >>> > >>> > >>> _______________________________________________ > >>> LinuxUsers mailing list > >>> LinuxUsers@socallinux.org > >>> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > >>> > >> > >> > >> _______________________________________________ > >> LinuxUsers mailing list > >> LinuxUsers@socallinux.org > >> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > >> > > > > _______________________________________________ > > LinuxUsers mailing list > > LinuxUsers@socallinux.org > > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > > > > > > -- > "As we open our newspapers or watch our television screens, we seem to > be continually assaulted by the fruits of Mankind's stupidity." > -Roger Penrose > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >
_______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
