Giampaolo Tomassoni wrote:
Michael Scheidell wrote:
...omissis...
If our clients were DELIBERATELY spamming, say they thought they
were going to send out a marketing mail or some such, then you
would be correct.
But they were not. They were simply using the largest software
company on Earth's products - Microsoft - like everyone else in the
world who has those products do.
I have a Mac G4 running OSX sitting on my desk here, next to my
Windows box. I also have a FreeBSD system running FreeBSD6 and
firefox 3 in the other room.
On either of those systems I could have done EXACTLY THE SAME THING
that the user at this client who got cracked into did - I could
have opened the same e-mails, gone to the same websites, etc. - and
I WOULDN'T have been cracked.
So, explain again why this was THEIR fault? Don't you think that
the botnet writer has just a tiny tiny bit of blame here? What
about the software developer being paid more money than God sitting
up in a nice comfortable office in Redmond who wrote that piece of
shit that our client was using, and included dozens of security
holes that are exploited by botnet writers, don't you think that HE
has just a tiny tiny bit of culpability?
Every other current production operating system on the face of the
earth doesn't seem to be regularly hijacked by spammers. So, why
are you going to give Microsoft a pass?
Why exactly is it that when a user of Microsoft Windows doesn't
apply patches that it's their fault when their system is cracked?
What exactly do you think a patch IS? If their system had been
written properly in the beginning it wouldn't need to be patched.
If they weren't logged in as administrator - which is necessary for
Windows desktop systems since most Windows software developers are
shit-ass lazy bastards who ignore the Microsoft directives about
writing usermode programs so they don't have to run as the root, I
mean administrative, user to get any functionality out of them -
then even if they had been cracked it would only be their profile
trashed, and the bot wouldn't go any further.
If you write software for Apple and you do it in such a way that
your MacOS X software requires root access to run, then if your
software gets ANY amount of visibility, you will get a call from
Apple politely trying to educate you, and if you ignore this then
they get nasty, and if you ignore that, then they publically speak
against your software - and then all the Apple users will stop
buying your shit, and you will be out of business.
What, you think Microsoft has LESS pull than Apple in this area,
and couldn't do the same thing?
In the last 3-4 years there's been less than 5 root-exploitable
holes in Apache - which is arguably the most popular UNIX program
ever, and is installed on the most Unix systems in the world - yet
Apache isn't even installed on all of them. I can't remember when
the last root-exploit came out for a program that is enabled on
FreeBSD out of the box - it might have been the Telnet bug so many
years ago.
Yet, every week there's DOZENS of security patches that MS releases
for XP and Vista and soon, Windows 7.
So, please save your moralizing. Microsoft is the richest software
company in the world, they get PAID REAL MONEY by everyone that
uses their crap - yet they can't produce a secure OS to save their
lives. By contrast, Debian, Ubuntu, FreeBSD, OpenBSD - all UNPAID,
and all ROUTINELY release os's that are not attackable by botnets.
And Apple used FreeBSD as it's base for Darwin - and they ALSO have
no problems in this regard either. Please, name 5 viruses that
routinely attack MacOSX.
Our clients retain outside expertise because THEY KNOW THEY ARE
BONEHEADS when it comes to software. And, your expecting boneheads
to actually see through the ten thousand tons of marketing
BULLCRAP that Microsoft's bowl movements dump on the business world
every year, claiming their stuff is so great, so secure, so
all-fired-wonderful?
You say the world really needs to protect itself from botnets?
Jesus, I think the world REALLY needs to protect itself from
MICROSOFT. They OBVIOUSLY have absolutely NO SENSE WHATSOEVER of
responsibility for the piece-o-shit, holey as swiss cheese,
crapware that they stick up the collective ass of the world's
businesses every year.
I can almost excuse the botnet writers - they at least are amoral
sociopaths and are doing EXACTLY as I would expect criminals to
behave. But, Microsoft couldn't be more two-faced if every one of
their employees had eyes, ears, nose and a mouth on the back of
their heads. They EVEN HAD a secure security model - remember NT
3.51? You know, the ONLY version of Windows where ring 0 was
separated from usermode programs? And they chucked that out with
NT4 when they pushed the video system into ring 0 so that crap-ass
games could run faster. Who cares that it allowed malware to take
over the system.
Michael, get some perspective, please. Your blaming the victim.
I have few sites running webalizer. Webalizer is a tool to generate
daily and monthly statistics about site accesses. None of these
statistics show a Mac OS client among the top 15 User Agents. This is
why botnet writers only care to write for the MS OSes: they are the
most spread one.
You never heard of http://en.wikipedia.org/wiki/Morris_worm then?
Way fewer systems back than than MacOS X systems on the Internet today.
We definitely have critical mass of non-Windows systems for a virus to
spread among them.
MacOS X invulnerability to botnets is less than
proven
First, what affects users is deployed bots, NOT how vulnerable the
system is.
Second, I was talking about every other OS than Windows - that
isn't just MacOS X, it's Linux and FreeBSD and Linux certainly has far
greater installed base than MacOS X. I'm not sure why your wanting to
cast this as a Mac vs PC thing, because it's not - it's a Windows vs
the rest of the world, thing.
You are also highly misinformed about botnets. All a bot needs is
a critical mass of systems on the Internet to spread. Those systems
do not need to be every system on the Internet, they do not need to
be the most spread system.
I will point out that MacOS 7, os* & os9 were HIGHLY virus-prone,
yet there were far fewer of them than OSX today.
When MacOS X came it out pretty much put all the anti-virus writers
that wrote Mac-only AV software out of business, and the ones
that wrote dual-Windows/Mac AV software mostly dropped their Mac OS
AV products. And today there's far, far more MacOS X systems online
than there ever were System 9 Macs online.
The AV software today that runs on MacOS X, like for example ClamAV,
is exclusively used to scan for WINDOWS viruses. That AV software
also builds and runs perfectly on FreeBSD, SunOS and Linux, as
well as the other commercial Unixes.
Bots don't exist for Linux/FreeBSD/OpenBSD because those
bot writers have repeatedly tried to write bots for them
and FAILED, simple as that. And as for MacOS X, there's been only
a small handful of security breaches - the most publicized ones
are the ones that the PWN to OWN Zero Day contest disclosed - and
there's NO bots in the wild that take advantage of any of
those holes. NONE of the PWNtoOWN contests resulted in an owned
Linux system, for that matter.
For crying out loud, the bot writers built a botnet out of
NON-WINDOWS-ROUTERS because the manufacturer-supplied firmware
is so crappy on them. Apparently you never heard of Network Bluepill?
http://en.wikipedia.org/wiki/Psyb0t
http://arstechnica.com/business/news/2008/01/wireless-router-security-flaws-could-fuel-viral-outbreak.ars
Note that BluePill spreads through holes in the http server on
these routers. That's because while these systems run BusyBox
Linux, they don't run Apache as a webserver (it's too big) and
BusyBox stripped all user-auth stuff out of Linux to shrink it
down, so once your on one of these routers, your root.
If you think that the bot writers aren't periodically
attempting to write Linux/FreeBSD/MacOS X bots, your
very naieve. They have been trying for a decade, getting
nowhere, and only succeeding on a Linux version that stripped
out all security. For the record, the PWNtoOWN contest vulnerability was
in Flash, not MacOSX, that vulnerability certainly existed BEFORE the
Zero Day contest, yet was never exploited by a botnet - obviously
because the bot writers realized that it was more complex
to exploit than the contest made it appear to be.
> and, given that most desktop computer users don't have any
knowledge of what's going on behind their own monitor, I believe a
botnet could gain access to a Mac OS X system as easily as it can to
a MS one.
Dream on. Obviously your a pro-Windows person and anti-Linux
person and you cannot tolerate your image of Windows being torn down.
Fact: Most spam that comes from botnets comes from bots on rooted
WINDOWS systems. Deal with it. Claiming Unix is vulnerable in
the lab is a waste of time.
So, to me the victims actually are the culprit because probably they
did allow a botnet to install into their systems. It doesn't matter
if they are running Appl€, M$ or even a Sinclair system...
Sinclair doesn't have critical mass and never did.
Your simply blaming the victim. Let me spell it out more simply.
The cause of this are the virus writers, enabled by incompetent
Microsoft programmers who leave hundreds of holes in Windows,
and enabled by Microsoft Corp's corporate culture that "Security
is Somebody Else's Problem", and funded by the spammers who
are mostly organized crime syndicates, nowadays.
The victims are the consumers who spend hard-earned cash on their
Windows systems, expect them to work properly, and have no
interest in spamming anyone.
They are
(probably) computer-ignorant computer users who allowed a botnet to
install an run and they probably wouldn't even care to remove the
botnet if their peer didn't check their mail against some BLs.
Those computer-ignorant users are the ones funding your paycheck.
If they knew what they were doing they wouldn't need you. Try
having a bit more respect for them.
You might consider this, that if you could get more of them
"computer-ignorant computer users" switched to Linux or MacOS X
then we wouldn't have as many vulnerable systems, because
Mickeysoft in Redmond might actually see a reduction of the
number of semitrucks full of cash that pull into their office
every day, and as a result might get serious about security
in their OS.
When Vista Home by default sets up the operator account as
Administrator, and to auto-login, with NO password, that's not being
serious about security.
This list is generally not interested in M$ vs Appl€ wars.
May I ask how you were appointed list spokesperson? Just curious.
Ted
Giampaolo
...omissis...
