> Michael Scheidell wrote: > > ...omissis... > > If our clients were DELIBERATELY spamming, say they thought they > were going to send out a marketing mail or some such, then you would > be correct. > > But they were not. They were simply using the largest software > company on Earth's products - Microsoft - like everyone else > in the world who has those products do. > > I have a Mac G4 running OSX sitting on my desk here, next to my > Windows box. I also have a FreeBSD system running FreeBSD6 and > firefox 3 in the other room. > > On either of those systems I could have done EXACTLY THE SAME THING > that the user at this client who got cracked into did - I could > have opened the same e-mails, gone to the same websites, etc. - and > I WOULDN'T have been cracked. > > So, explain again why this was THEIR fault? Don't you think that > the botnet writer has just a tiny tiny bit of blame here? What about > the software developer being paid more money than God sitting up in > a nice comfortable office in Redmond who wrote that piece of shit > that our client was using, and included dozens of security holes > that are exploited by botnet writers, don't you think that HE > has just a tiny tiny bit of culpability? > > Every other current production operating system on the face of the > earth > doesn't seem to be regularly hijacked by spammers. So, why are you > going to give Microsoft a pass? > > Why exactly is it that when a user of Microsoft Windows doesn't > apply patches that it's their fault when their system is cracked? > What exactly do you think a patch IS? If their system had been written > properly in the beginning it wouldn't need to be patched. If they > weren't logged in as administrator - which is necessary for Windows > desktop systems since most Windows software developers are shit-ass > lazy > bastards who ignore the Microsoft directives about writing usermode > programs so they don't have to run as the root, I mean administrative, > user to get any functionality out of them - then even if they had been > cracked it would only be their profile trashed, and the bot wouldn't go > any further. > > If you write software for Apple and you do it in such a way that > your MacOS X software requires root access to run, then if your > software gets ANY amount of visibility, you will get a call from > Apple politely trying to educate you, and if you ignore this then > they get nasty, and if you ignore that, then they publically speak > against your software - and then all the Apple users will stop > buying your shit, and you will be out of business. > > What, you think Microsoft has LESS pull than Apple in this area, > and couldn't do the same thing? > > In the last 3-4 years there's been less than 5 root-exploitable > holes in Apache - which is arguably the most popular UNIX program > ever, and is installed on the most Unix systems in the world - > yet Apache isn't even installed on all of them. I can't remember > when the last root-exploit came out for a program that is enabled > on FreeBSD out of the box - it might have been the Telnet > bug so many years ago. > > Yet, every week there's DOZENS of security patches that MS releases > for XP and Vista and soon, Windows 7. > > So, please save your moralizing. Microsoft is the richest software > company in the world, they get PAID REAL MONEY by everyone that uses > their crap - yet they can't produce a secure OS to save their lives. > By contrast, Debian, Ubuntu, FreeBSD, OpenBSD - all UNPAID, and all > ROUTINELY release os's that are not attackable by botnets. And Apple > used FreeBSD as it's base for Darwin - and they ALSO have no problems > in this regard either. Please, name 5 viruses that routinely attack > MacOSX. > > Our clients retain outside expertise because THEY KNOW THEY ARE > BONEHEADS when it comes to software. And, your expecting boneheads > to actually see through the ten thousand tons of marketing BULLCRAP > that Microsoft's bowl movements dump on the business world every year, > claiming their stuff is so great, so secure, so all-fired-wonderful? > > You say the world really needs to protect itself from botnets? > Jesus, I think the world REALLY needs to protect itself from > MICROSOFT. They OBVIOUSLY have absolutely NO SENSE WHATSOEVER > of responsibility for the piece-o-shit, holey as swiss cheese, > crapware that they stick up the collective ass of the world's > businesses every year. > > I can almost excuse the botnet writers - they at least are > amoral sociopaths and are doing EXACTLY as I would expect criminals > to behave. But, Microsoft couldn't be more two-faced if every > one of their employees had eyes, ears, nose and a mouth on the > back of their heads. They EVEN HAD a secure security model - > remember NT 3.51? You know, the ONLY version of Windows where > ring 0 was separated from usermode programs? And they chucked > that out with NT4 when they pushed the video system into ring > 0 so that crap-ass games could run faster. Who cares that > it allowed malware to take over the system. > > Michael, get some perspective, please. Your blaming the victim.
I have few sites running webalizer. Webalizer is a tool to generate daily and monthly statistics about site accesses. None of these statistics show a Mac OS client among the top 15 User Agents. This is why botnet writers only care to write for the MS OSes: they are the most spread one. MacOS X invulnerability to botnets is less than proven and, given that most desktop computer users don't have any knowledge of what's going on behind their own monitor, I believe a botnet could gain access to a Mac OS X system as easily as it can to a MS one. So, to me the victims actually are the culprit because probably they did allow a botnet to install into their systems. It doesn't matter if they are running Appl€, M$ or even a Sinclair system... They are (probably) computer-ignorant computer users who allowed a botnet to install an run and they probably wouldn't even care to remove the botnet if their peer didn't check their mail against some BLs. This list is generally not interested in M$ vs Appl€ wars. Giampaolo > > ...omissis... >
