Stop Microsoft
All Things Microsoft => Microsoft as a Company => Topic started by: fez on 23 July 2002, 10:51
-
Hello,
I have (unfortunately) been working with computers running windows based operating systems for around 6 years now. Not long, I'll warrant, but long enough to have a reasonable understanding. I have surfed constanty during that time, I have surfed ALL sites, normal everyday sites, information sites, kids sites for my son, music/mp3 sites, warez sites, Illegal sites, Porn sites, you name it, I've surfed it.
I have had a permanent internet connection, my PC is online 24 hours a day. I run No Anti virus software and I have NEVER HAD A VIRUS!!! Wanna know why? Its because Ive figured out that most "viruses" are not in fact "viruses". They are merely scripts that have been written to exploit holes in defective software....... Mainly microsoft outlook and outlook express. It would almost seem that computer Viruses dont even really exist (as such)and that the term "computer virus" is merely a convenient term to cover up a software bug that has been overlooked by microsoft!!!
Most people dont understand viruses and there is this huge paranoia about them, scan this, scan that. I mean lets scrutinise it, we get a CD with a pc magazine and they recommend we scan it for viruses....
Why is that?
Did they write one and put it on the disc for us to run?
Or are we supposed to believe that some file from some program like winzip or photoshop may have suddenly corrupted and became some hiddious file eating monster that will now infect our entire system?...
no .. Folks, if a file corrupted on the disc the program simply would not work! It wouldnt suddenly write itself into a virus program and infect our entire system because viruses do not come from corrupt files, they are codes that are deliberately written BY PEOPLE, to PERFORM SPECIFIC TASKS. and it is a FACT that ordinary files DO NOT CORRUPT AND SUDDENLY BECOME VIRUSES!!!!
Did you know that when you open certain emails or web pages like those in html coding for example, outlook will automatically enter any restricted areas included on the page and automatically run any executable files that are hidden there BY DEFAULT!!! It wont tell you ' oh by the way, this page has a macro or hidden java script that may contain a "virus" do you want me to open it?' It will just open it anyway. And now at last (after around 7 years of fuckups) Microsoft has recently released a patch that will (apparently) eliminate these holes (in IE6). But then, hey, its outlook, so virus writers will soon find and invent ways to exploit more holes. But mr gates has dropped any liability with his invention of viruses so when someone writes a code to exploit his defective software he can just say "Oh, it was a "virus". Now, Is that legal? or is it just that no-one has really analysed the situation before. We just all took it for granted that viruses were part of pc life. Well, maybe we should be rethinking that attitude. It would seem that virus terminology has been invented and nurtured by mr gates and performs a huge financial service for him.
So one very simple answer is DONT RUN OUTLOOK!!!! or anything to do with it. Use a web based email server or any number of non-microsoft mail programs and DONT OPEN ANY FORWARDS OR ANYTHING FROM SOMEONE YOU DONT KNOW ! If freinds of yours get a joke or something they want to send you, tell them to send it as a regular email not as a forward because most 'viruses' forward themselves and you DONT OPEN FORWARDS!!!
I would also like to point out that if you or I bought a car or a house or stereo, blender, chainsaw, toothpick... you name it, ... whatever.... if we bought it and it didnt work, we could take it back to the place of purchase for replacement, repair or refund. Yet if we buy an item of software and it dosent work and we lose all our work of years, our business or our life because of it, the company is not liable??? How does that work?
How come these companies are BY LAW allowed to release buggy software and are not held liable for it? Is it because computers are so confusing for so many and they just think, oh it must be me or the pc, or is because microsoft has promoted that attitude, and somewhere through it all bill gates somehow learnt to invent terms like "virus" to cover his ass and confuse people. As far as I am concerned he is no more than a criminal. I mean, after the mess we all experience just trying to get a pc to do its tasks, its pretty obvious whats going on.......we are being screwed by a megolmaniacal asshole who, quite obviously has a deal with people in high places so that he can fuck us all and not have to pay.
Now I admit that there other buggy and insecure software releases, not just from microsoft, and that there are many other ways of being hacked, ICQ, etc (notably, mainly all software released by microsoft and its affiliates) but most of them just use that as an entry point and utimately, attack outlook or some other code in Windows and exploit its holes to access your system.
So!! if you dont want to get a 'virus', the solution is real simple, realise that bill gates is a corrupt, incompetent asshole and a REAL 'class A' criminal and DONT INSTALL OR RUN OUTLOOK!!! or anything to do with it....
fez
-
I had windows98 for a long time without running outlook and only using Netscape. I put on Norton and scanned eventually and found only 14 viru (at three different times... 2, 4, and then 8... now i got Linux). I had ZoneAlarm 2.6 and then ZA 3.0 when it came out
-
my dad just had a problem with lookout, it took him and me like 2 hours to figure out that outlook had a problem and didn't want to load my moms acount, i was almost to the point of saying "hmmm, never had anything like that happen to me" for when he said "yeah, linux is so great when you have like no sound support on that thinkpad, if a *real* os was installed like windows it would be fine" what i think some people just don't get is its not linux's fault if it can't support a peice of hardware, its the people that made that hardware for not like realesing info on it. though i think that the outlook problem had him confused and pissed, he just accepts that windows sucks and still uses it, becuase he doens't want to learn anything, and worst of all, my internet connection is routed through that peice of trash windows box. one day i think i might get him to try linux, or even stop using that bundled windows trash.
-
If I were in your position I would run away from home (this is meant to be a joke, standard M$ non-liable disclaimer).
-
its the only thing he knows, and he doens't want to learn, maybe i can pull a nostalga trick, cuase even though he didn't know it, he has worked with unix, like booting mainframes and such, its just that that job didn't tell him anything other then do this this and this and its booted and such, i learned a greap tech support tip from him thouhg, when shit breaks, take the teliphone at your office, and take it off the hook so the 200+ people that are calling to harrase you and ask why there terminals aren't worknig and why the machine doesn't work won't bother you. but that was back in the 70's 80's, but i also think he doens't like windows too much, he just doen't want to learn things, but im gonna try, iv been telling him about opensource and stuff, owell, but today with the lookout problem i think i might be able to tell him about how much of the linux os is based on text config files, cuase we got in a discussion of the windows registry and how that could be a problem, he then told that he hates the windows registry. and that in win3.1 there was alot of textbased config files and such. i think i am going to show him XF86Config, /etc/inittab, and maybe some . files in the /home dirs. and maybe what you can do with then, cuase with linux, youre god (tm) well, sorry to rant too long, not enough caffien today
-
reading the first post, all the evidence seems to be watertight, however, the author seems to suggest that the solution is to continue running windows as your only operating system, but just spend a shitload of your life jump[ing through hoops. You pay for a computer and then you're not even allowed to open your own email for fear of a "virus"? what?
why not just get an operating system that lets you open attachments and doesn't fuck up?
seriously, anybody that reads any of this stuff and wants to continue with windows under the impression it's safe is banging their head against a wall.
I run windows for some things, but it's due to shitty hardware problems and also, i expect it to break down all the time, which it does.
Don't try and get windows into a working state, you will lose...
-
the longlevity of an idea is proportional to is wrongness/*sorry, was reading the fortune files again*/
-
you'd better open a page
www.hateoutlooklikewindows.com (http://www.hateoutlooklikewindows.com)
or
www.gotaproblemwithoutsolution.com (http://www.gotaproblemwithoutsolution.com)
or
www.mainstreamswimmer.com (http://www.mainstreamswimmer.com)
decide wether you are completely unhappy with windows and change to linux, apple or whatever or like&live windows with all its crappy attributes like outlook and bluescreen.
(http://smile.gif)
-
I look at the forum and I notice a few things.
1. Most of the people who post here are from europe.
2. Most of the people who post here are Linux/*nix users.
I am a Linux user, I'm also a system administrator wo works on a integrated Network. It's hard for people to migrate from OS to OS and harder for people to move from platform to platform. Especially when your economic enviroment is centered around a peice of software that is considered economically viable. The real fault here is with the U.S. Economy, and the U.S. Government. The Feds dropped an anti-trust case against the green monster itself. proof that the Economy is not ready for a swift migration. It's like the oil industry. Oil brings in to much money to just forget about, even if it is killing our children's future. We can't change it swiftly, it must come when it has to. Fortunately the time is very near. With current hardware advancments and economic turnovers (OEM's can't afford to make computers AND license M$ products)
anyway just my two-bits
...
-
the USA's economy is at least as good as that of most terrestrial countries at the moment, however you make good points.
-
quote:
"outlook not so good", wow that magic 8-ball knows everything. Next I will ask it about exchange.
taken from undeadlinux.com
-
Though the idea works in today's world, one of the premises ('viruses don't exist, they are outlook bugs' - or something similar) is, ofcourse, completely non-true. For the ignorant, viruses (and, actually, pretty much everything on computer-software-area) originated from BEFORE Outlook. Before Windows even. Before Microsoft, even. These old viruses aren't much of a threat these days, since they do way to little damage compared to outlook-viruses, but they DO exist (in software labs, probably, not in the wild I hope).
And yes, viruses can, and do, infect executables. In Windows (usually), Linux (barely), both (yes, those exist) or other systems. And yes, those can spread to CD's (when they are written, not afterwards, but still).
What IS true, is that there are a lot of viruses specifically for Outlook, which should therefore be called outlook-viruses (not e-mail virusus). Those are the ones haunting the net these days.
But those aren't the only ones - there are other, normal executable-infecting viruses (usually on Windows), and IIS (a MS program...) viruses (Code Red was one. Actually, it was a worm, which is something else, but still).
Plus, on MS-systems, viruses spread like wildfire automatically. Under Unix (dunno bout Mac), you must be a complete retard to get a virus, since most of your executables will be owned by root, non-writable by normal users, and you'll be running as a normal user. User-writable executables shouldn't be run by root (for those who do not yet know, running a Linux/Unix system as root is BRAINDEAD).That actually does mean there is _some_ virus-problem possible, but it can't infect files not owned by the same user who was stupid enough to get it, nor is it able to harm the system.
But still, thinking you're out of harms way, viruses concerned, just because you don't use Outlook/Windows is as braindead as using Outlook/Windows.
-
Yes...but.
In todays commercial world, virus as a threat for *nix, is almost pointless. We all know it's damn hard without getting root, so any virus that gets written is going to be written by someone very smart (not a script knowledgable kiddie - I'm sure ex eleven can offer some sage words here). in fact it's at the level that if someone is going to do it, it will probably be a targeted attack, and as such if you are going to be hit by such an attack/hack, then virus software/firewalls are not going to help.
That's primarily the point. It's too fucking easy for some lame, bored, unintelligent kid to write a virus and have it execute through such a highly used e-mail program. Other e-mail proggies don't suffer to this extent. And this here is what most people fail to understand, most viruses are written by people who don't really know that much about computers and software, just look at the profiles of those people arrested for writing this stuff.
Virus exist outside of M$, but the point being made was that it's the easiest start to make in stopping them. M$ are seriously at fault because after all these years it's still too easy to write virus that will execute on M$. With all other software (and I must admit this is secondary evidence about macs), bugs susceptable to virus are announced early, programmers work damn fast to protect their customers by patching the hole, or writting a defence. The shear number of hacks, and virus in existance due to Windows vastly outnumbers it's user database.
Most hacks on servers were big news, until a few years ago. Ask yourself WHY? It's easy, hacks used to be specific, then M$ hit the server scene big time, now it's so fucking common-place I'm scared to release my data unless I know a company is not using windows on it's server (and yes I do check).
No-one with an ounce of intelligence will deny you should watch out for virus, but I want it to be occasional, if I get attacked I want it to be by someone much more fucking smarter than I am, and yes lookout is responsable for more virus that it's market share - by a long fucking way, read through the virus lists published by the security companies (Norton and Co.).
I am aware I used virus and hacking and virus protection and firewall a little interchangeably, but I know the difference, and it's all part of the security issue (Virus as you appear to be aware are only a small part of it all - just the most known).
Ironically at this new job of mine, I have to use outlook, and I have to ask why? I think it's the worst e-mail program I have ever used.
-
quote:
Originally posted by pkd:
In todays commercial world, virus as a threat for *nix, is almost pointless.
No it's not. Ignoring stupid sysadmins who infect the system (those probably exist), a virus can spread in a Unix enviroment. The result will be far less devestating, if you look at damage to the system, but if an important manager/accountant or whatever gets his files deleted or scrambled, there *will* be damage.
quote:
We all know it's damn hard without getting root, so any virus that gets written is going to be written by someone very smart (not a script knowledgable kiddie - I'm sure ex eleven can offer some sage words here). in fact it's at the level that if someone is going to do it, it will probably be a targeted attack, and as such if you are going to be hit by such an attack/hack, then virus software/firewalls are not going to help.
Partially true. In Unix, someone who wants to seriously damage the entire system, or servers (which are hopefully run by above-room-temperature-IQ-persons) will indeed need skills far above those of the common script kiddie. But that still does not eliminate the thread to normal users.
Really, it isn't that hard to make a 'virus' that mails itself to users it sees on the HD, then scrambles a few files. On Linux. The problem here is executing it (unlike outlook this isn't done automatically), but face it - most lusers are stupid enough to execute files if they're packed nicely enough. And that WILL cause damage.
quote:
That's primarily the point. It's too fucking easy for some lame, bored, unintelligent kid to write a virus and have it execute through such a highly used e-mail program. Other e-mail proggies don't suffer to this extent. And this here is what most people fail to understand, most viruses are written by people who don't really know that much about computers and software, just look at the profiles of those people arrested for writing this stuff.
This is true.
quote:
Virus exist outside of M$, but the point being made was that it's the easiest start to make in stopping them. M$ are seriously at fault because after all these years it's still too easy to write virus that will execute on M$.
also true.
quote:
With all other software (and I must admit this is secondary evidence about macs), bugs susceptable to virus are announced early, programmers work damn fast to protect their customers by patching the hole, or writting a defence.
Not true. Granted, most (big) OS software realeases bugpatches in days, if not hours after discovery. Not all do this. And there is more in the software world besides OS and MS, and MS isn't the only one who uses security through obscurity.
quote:
The shear number of hacks, and virus in existance due to Windows vastly outnumbers it's user database.
That is only partially caused by Outlooks flaws. Well, a huge part probably, but not 100% of it.
Since Outlook is - by far - the most used e-mail client, and Windows is - by far - the most used Desktop OS (the target of most viruses - servers aren't targeted by viruses, they have worms and hacks), it is only logical that virtually all viruses are written for these, since the writers want to cause a lot of damage.
quote:
Most hacks on servers were big news, until a few years ago. Ask yourself WHY? It's easy, hacks used to be specific, then M$ hit the server scene big time, now it's so fucking common-place I'm scared to release my data unless I know a company is not using windows on it's server (and yes I do check).
Actually, IIS is, while flawed, not as flawed as you guys think (well, most of you). When patched, that is - and most IIS servers weren't at the time those hacks started. Do note that with IIS, it wasn't uncommon that patches were available before the exploits were used - ppl just didn't use the patches. Unpached Apache servers aren't that secure either (more secure than unpatched IIS, but still)
quote:
No-one with an ounce of intelligence will deny you should watch out for virus, but I want it to be occasional, if I get attacked I want it to be by someone much more fucking smarter than I am, and yes lookout is responsable for more virus that it's market share - by a long fucking way, read through the virus lists published by the security companies (Norton and Co.).
Ppl who are smarter that the average Linux user won't attack other ppl in most cases - only complete and utter losers do that (if they are smarter - script kiddies are losers too, but should be pitied because of there ignorance). But anyway, script kiddies will always attack you. Ever heard of DoS? Linux can't stop DoS attacks. Syn floods perhaps (with Syn cookies), but not true bandwith-orientated DoS.
I already discussed that next statement of yours a few paragraphs up.
quote:
I am aware I used virus and hacking and virus protection and firewall a little interchangeably, but I know the difference, and it's all part of the security issue (Virus as you appear to be aware are only a small part of it all - just the most known).
Allright then.
But anyway, my point is that MS is, maybe, 50% responsible for todays security problems. Maybe. This is actually a lot, but not nearly 100%.
Users - and their ignorance and stubborn refusal to learn even a goddamed tiny bit about security - are the real underlying problem. Without that, there wouldn't be a problem even under Windows. With it, Linux is not safe as well.
I predict that if Linux makes is as a desktop-OS, there will be a huge increase in Linux virusus. I hope, and think, that you will all be spared, but I guarantee you that the common user will not.
[/quote]
Ironically at this new job of mine, I have to use outlook, and I have to ask why? I think it's the worst e-mail program I have ever used.[/QUOTE]
Really? Do they really force you to do that? How? Why?
-
Viruses run in Linux as a normal user can *not* scramble system files and executables without root access. Only root has access to the binary executables on a Linux system. Hence a virus can not propogate itself by the definition of a virus in Linux. That is, it can not attach itself to other executable files, it has no permissions to do so. Most (not all) of the Oulook problems are actually "worms" or a combination of worms and viruses.
Now, having said that, the new Lindows OS (ick) will be *very* susceptible to viruses because it defaults to having everyone use the system as "root" and the "root" user has no password (duh! duh! duh! duh!). Lindows will probably be the worst thing that has ever happened to Linux since it began. Hell, at least Apple was smart enough with OSX not to have normal users log on to the system as root. Why Lindows and it's brain dead CEO ever had this brain cramp I'll never know. It completely goes against the most basic security rule of UNIX.
-
but as the fortune file goes, lindows is whats gonna take off
-
If a stupid linux user runs a "cute" program sent by a "friend", said program can exploit a bug in the kernel and gain root privilages.... see http://www.ryanspc.com/index.pl?page=exploits (http://www.ryanspc.com/index.pl?page=exploits)
under the link "ptrace24.c Shieze. Time to update my kernel...
-t.
-
Ok, what kernel am I running? Right, you don't know. It would be *very* unlikely that a virus is going to make any headway on Linux systems because Linux is extremely diverse. Each distribution runs different patch kernel versions and patch levels. It's "highly" unlikely that a stupid user is going to run such a program, and if they do the system be configured in such a way that the program is lucky enough to be able to exploit it. Go ahead and write a virus using this exploit and see how far you get. BTW, kernels <2.4.9 are now fairly old. RedHat 7.3 is at 2.4.18+.
Sure it is not impossible, but highly unlikely that a virus will ever do a lot of damage because of the combination of good security and diversity in configuration. With Windows it is easy, low security, every system is virtually the same.
-
yeah, like my kernel versin is 2.4.19-ChoasNETOS-JMK-try3
thank god for gentoo's kernel patch
-
quote:
Originally posted by VoidMain:
Viruses run in Linux as a normal user can *not* scramble system files and executables without root access. Only root has access to the binary executables on a Linux system. Hence a virus can not propogate itself by the definition of a virus in Linux. That is, it can not attach itself to other executable files, it has no permissions to do so. Most (not all) of the Oulook problems are actually "worms" or a combination of worms and viruses.
My point is that it can access user files - like documents etc - and damage those. Plus, it can make it so it excutes on login or whatever.
In business world, who do you think owns the most important files? Root, with system files that keeps the system running, or the users, who own the actual data that keeps the business running?
And normal users CAN own binaries. They just usually don't. Or not the important ones, anyways (I own a few files on my computer - "hello" for example :D )
Viruses may change in a Linux-world, and they may very well be much less dangerous. But they WILL exist and do damage.
quote:
Now, having said that, the new Lindows OS (ick) will be *very* susceptible to viruses because it defaults to having everyone use the system as "root" and the "root" user has no password (duh! duh! duh! duh!). Lindows will probably be the worst thing that has ever happened to Linux since it began. Hell, at least Apple was smart enough with OSX not to have normal users log on to the system as root. Why Lindows and it's brain dead CEO ever had this brain cramp I'll never know. It completely goes against the most basic security rule of UNIX.
Unfortunatly, this is true.
-
I disagree, assuming Lindows does not become a "standard", god help us. As long as the most basic security rules are followed I do not believe that "viruses" (by the definition of virus) will ever become a problem in Linux/UNIX. Of course we will have to wait and see.
I've been waiting 10 years now and have yet to see a single virus outside of M$. On the other hand I have seen thousands in M$. Remember, a virus has to be able to attach itself to other programs, replicate and propogate itself, or it is not a virus. If you get an email with an attachment, and you save that attachment, make it executable, run it, and it deletes all of your personally owned files, that is not a virus, it's just malicious code.
[ July 24, 2002: Message edited by: VoidMain ]
-
Well, then maybe my defenition of a virus is flawed. Maybe what I described was a worm, not a virus. Not that normal people will know the difference (after all, by this description, most current viruses are worms as well).
Besides, to see viruses outside MS (the ones you define), search for 'linux virus' on Google. The first one I found, 'Bliss', is a cool one - it has it's own antivirus (http://smile.gif) . This virus will indeed need root access (or at least writeble executables) though. There are loads more.
-
I use this really good virus checker combination on all my windows PC's.
The first tools is called fdisk (great tool) and the other is this thing i use called linux which clears it up nicely (http://smile.gif)
Jokes aside you have to be careful with windoze, i only use it for gaming compatibility but i always have my trusty virus checkrer by my side.
[EDIT] Missed something, pull out that pesky RJ45 from the back of your PC and disable you CD-ROM and floppy drives. Trust no-one and sing happy songs.
[ July 24, 2002: Message edited by: Tux ]
-
quote:
Originally posted by DC:
Well, then maybe my defenition of a virus is flawed. Maybe what I described was a worm, not a virus. Not that normal people will know the difference (after all, by this description, most current viruses are worms as well).
Besides, to see viruses outside MS (the ones you define), search for 'linux virus' on Google. The first one I found, 'Bliss', is a cool one - it has it's own antivirus (http://smile.gif) . This virus will indeed need root access (or at least writeble executables) though. There are loads more.
Sure, anyone can write a virus, but in order for it to be effective it has to have the ability to spread. Generally in *NIX it does not have that ability. Maybe one day it will happen but like I said, I haven't seen it in the last 10 years, nor have I heard of *anyone* who has actually had a virus problem in *NIX.
You are correct, your definition of virus is flawed. And a lot of "worms" now days are incorrectly listed as viruses, although a lot of them are accompanied by a virus. The worm does help it along. But of course it seems these worms are only a problem in M$ Lookout. Who's dumb fuck idea was it to allow a mail program to have the ability to automatically execute code contained within an email message????
-
well i have to use windows for internetting, as you know, due to duff hardware. I use AVG antivirus since it is free for personal use and is as good as its pay alternatives (i used to use another free one which was swiped from under me by a lying company). HOWEVER i have only had about 4 viruses in my time and none of them have ever caused any noticable problems. Why? windows fucks up so much and gets reinstalled so much on its own that the viruses have never made themselves known to me.
Much more important to me is my firewall. I use zonealarm, which is also free for home use, and is excellent and simple to use. Why people worry about "viruses" when there are real people out there trying to break into your machine i'll never know.
As for viruses in unix, Lindows can fucking suck cock and die for all i care. The more i hear about this "system" the more it pisses me off. It's Microsoft windows' younger brother. ANd it will be even worse than M$Windows, since it is dressed in sheep's clothing.
A binary being run by somebody only has access to files owned by somebody, and so if they only have write access to files, for example in /home/somebody then the WORST that can happen is that those files get wiped. That is the worst, end of story. If somebody backs up their files, then no sweat. Of course, if the admin is dumb, then a lot more could happen. I hear of people saying "oh i just run everything as root, i never got around to making any new users, and it's easier for me anyway" but then i also hear of people saying "this lindows looks like the easiest way for me to switch, i think i'll BUY it"...
Re: bugs and holes, unlike windows, the linux kernel is open source, get it? many people do not realise the knock on effects of this. When somebopdy says "new hole in windows 2000, then hundreds of thousands of computers are vulnerable at a stroke, since they all use the same kernel. Also, windows is so fucking crap that even if all copies of windows 2000 get the new service update installed, some copies are just going to cack up and need reinstalled pretty quick anyway, and who can be arsed applying new updates to their cruddy windows box when it'll just need reinstalled soon anyway? (not me, last time i installed an M$ update it fucked my cdwriter program and i needed to reinstall, how "ironic") HOWEVER, since linux (and BSD i think) uses open source kernels, you can literally write your own modifications, and many do, and many more include their modified versions in distributions, plus the kernel gets updated a shitload more frequently than windows' kernel does, and this adds up to a fuckload more kernels out there. Out of a thousand linux users, all with versions of linux from the last six months, you could easily find a couple of hundred different kernels, yes? am i right, or have i missed something? get that many windows xP users, and count how many different kernels you get, and then find one of the holes in the kernel and bingo, point proven.
[ July 24, 2002: Message edited by: Calum ]
-
Calum, we can always rely on you to 'set the score'
-
It's sad how often new Linux users will do everything as root. It's not a *large* problem yet, and it's better than them using Windows, but if Windows starts failing than it'll become more of a problem.
What would be ideal I suppose is a way to easily run programs with limited privileges, such as restrictions on network access (stop worms), overwriting/deletion (but allow new file creation), and limits on CPU and disk-space usage. Otherwise, a user just downloads what he/she thinks is a benevolent program, runs it, and loses his data. Perhaps Root should be able to only let certain users run certain approved programs.
-
You can already do most of what you are asking. On RedHat if you look at the "/etc/security/limits.conf" file you can see how you can limit users in many ways. I'm sure this is part of all distros but not sure what config directory it would be in (do a "locate limits.conf"). Also for on a standard distribution install (it's called "ulimit"). Do a man "bash" and search for "ulimit". Also you can limit how much disk space a user can have with "quota".
Although I have not tried any of them I believe there are kernel security enhancement patches that will allow more control over who/what/when/where/how a user or program can access the network.
[ July 29, 2002: Message edited by: VoidMain ]
-
*nod* I know that users can be limited in those ways (though I didn't know the name of the file, thank you Voidman (http://smile.gif) ). The problem I see though is that users have full access to their private files, so anything they download and run will have full access to those files (unless they do something akin to sudo). Basically I was considering putting further restrictions on certain files, beyond the restrictions on the users that run the files. A model that could help I suppose is 2 accounts for every user, one with the user's full rights and a testing account that doesn't have access to the user's important files. It's just that it's hard to prevent the user from hurting themself. Unless they're only allowed to execute programs in /usr and /bin, they'll probably just keep downloading and running malware. Note that this is unlikely to compromise the security of the entire system (except for those fools who constantly use root), it's just that non-system files can be important, too.
-
Unlike Windows, there are several steps that a user must take to run a program (even it is only in his/her personal space). It takes coherent thought. If you trust the user enough to even use the system at all then the default limits put in place are more than enough in my opinion. If a user knows enough about how to download and run a program and they still get burned then it's their own damn fault.
In Windows however, it is not the user's fault in most cases because it is the design flaws of the operating system that allows such an easy mutilation of not only the user's personal area but the rest of the system in most cases.
If you want to put such heavy restrictions on the user then you should run them under a restricted shell (rbash). Do a "man bash" and search for "RESTRICTED SHELL".
Or see:
http://www.gnu.org/manual/bash-2.05a/html_node/bashref_75.html (http://www.gnu.org/manual/bash-2.05a/html_node/bashref_75.html)
With this you can set their path in such a way that they can not run executables except for specific directories that they do not have permission to write to. That includes denying them the ablility to run a command in a local directory with a "./" in front of it.
[ July 29, 2002: Message edited by: VoidMain ]
-
Thanks for the great link Voidman, I'm not surprised that Linux already has support for what I was suggesting (http://smile.gif) .
-
Well, this is not really a Linux specific feature but a feature of bash. I have used other restricted shells (restricted Korn shell, similar to restricted bash) as long as I've been using UNIX (10 years). I only use it for giving limited shell access to remote users. I never would inflict it on my normal local users.
Most security "wishes" have been included in *NIX for a very very long time. I have found that rather than wishing for something, I do a search and find there is already a way to do what I would have wished for in nearly all cases.
-
virus damage on linux/unix minimal? not if it is a root virus. 99/100 if your system is compremised on linux you reinstall. period. thats because linux can be some complcated (configurable) theres infinate many ways to hide it. windows has it easy here. because it is harder to forge files and install a root kit that makes the kernel its bitch (http://smile.gif) (although having my choice of bitches the windows kernel is *not* one of them)
-
Someone breaking into your computer through a remote exploit and installing a root kit is *not* a virus. Geez... But since you brought it up, certainly if you do not run a firewall (and know how to configure one) then you need to make sure you turn off all unnecessary services and keep the ones updated that you do need, subscribing to the CERT mailing list certainly wouldn't hurt.
So if you are good and do the above then the only way you should really be vulnerable is if you are running a server and do not adhere to good administrative basics. That is, run intrusion detection both on the network (snort, etc) and on the local system (tripwire, etc), and of course keep good backups. I have unfortunately had to recover systems for people who have had their systems rooted for lack of good administration and upkeep. It really isn't rocket science. It usually only takes me a couple of hours to completely recover a rooted system, even if they don't have backups.
A couple of basic ways to find what files have been modified is if you are running an RPM based system then just run a verify on each of the RPMS that are installed. It will tell you very quickly which files are not original (I don't know why they don't hack the RPM database too, have never seen that done).
But before that you want to make sure you are running a good copy of the most basic commands. Usually the first commands replaced in a root kit are commands like: ps, ls, top, netstat, find, login, etc. So you want to put static linked versions of any of those types of commands you want to run onto the rooted system into a directory and set your PATH to that directory. Then you can see what processes the script kiddie has running and you can determine roughly the time of the break in. Then you can use your good "find" command to find any files/directories created/modified in that time period. You will usually find all of the pieces to the root kit at that point.
Recovering includes, killing the processes that they started, copying all the pieces of the root kit to a quarantine area, restoring the original files, upgrading the service that was vulnerable, get the email address that the passwords were being sent to from the kiddie password sniffer so you can notify the appropriate service provider, looking for any IP addresses in any logs (system, Apache, etc) of unusual activity. Remove any users that were added by Mr script kiddie and change all passwords.
Finally when you have all the information, call the FBI and nail their ass. Then end up in jail without a computer or an X-Box just like the script kiddie Mafia Boy.
[ July 29, 2002: Message edited by: VoidMain ]