Not to argue the point but NT is a version that was "hardened" for business use, Windows (WFW, 3.11, 98, whatever you want to use as the baseline) was created as a consumer friendly OS, not a simplified Mainframe.
-----Original Message----- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, May 18, 2011 1:54 PM To: NT System Admin Issues Subject: RE: Interesting news from Apple Windows NT was never created as a consumer product. Choices were made in Windows XP that made it inherently less secure in order to not scare off the consumer users and because of poorly behaved applications, even then. We are still paying that price. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: John Cook [mailto:john.c...@pfsf.org] Sent: Wednesday, May 18, 2011 1:51 PM To: NT System Admin Issues Subject: RE: Interesting news from Apple Big difference is that 'nix was created as more of a professional level OS and Windows was created as a consumer product. It's pretty hard to "get the cat back in the bag" once it's out. -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, May 18, 2011 1:36 PM To: NT System Admin Issues Subject: Re: Interesting news from Apple On Wed, May 18, 2011 at 12:25 PM, John Aldrich <jaldr...@blueridgecarpet.com> wrote: > Mostly I was thinking of the typical Windows type > stuff where they trick you into downloading an EXE file and running it. Same thing can happen on Linux. And from the sound of the report, that's what's hitting the Mac's. It's really just a social engineering attack: Trick the user into downloading and running malicious software. There's not much you can do to combat that, except have the admins take away the ability for users to run software. And that won't help home users who are their own admins. "There are seldom good technological solutions to behavioral problems." (Ed Crowley) The one thing traditional *nix systems have going for them is that it's easier to lock down the environment, since they've been doing that pretty much from the start. Just mount /tmp and /home with "noexec" and users can't execute anything they can write to. In the Windows world, you've got to deal with a fsckton of crappy software that breaks in weird ways when you try this or other nominally sensible things. And I include Windows itself in that. Here's a fun trick: Copy WINVER.EXE to EXAMPLE.LNK. It will still run via several methods, such as the command line. So you either block .LNK files from running -- breaking *all user shortcuts*, including "Recent Documents" -- or you allow an obvious path for attackers. Great job Microsoft. But that's not a security model thing, it's a crappy implementation thing. You can work around it with enough time and money. And someday Microsoft might fix their bugs, at least. Dealing with the crappy third-party software... well, hopefully one has enough pull with one's vendors to have them fix their bugs. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
