M$ and their publicity stunt

M$ and their publicity stunt

Post by Byro » Tue, 10 Aug 1999 04:00:00



What I find amusing about M$ putting the box up for people to hack
is the fact that they still seem to ignore other more glaring
vulnerabilities than the ability to compromise root (or Administrator).

Let's say Microsoft spends all this time and money etc. gathering
information from all the cracking attacks and comes up with a more solid
TCP/IP stack because of it.  (Personally I think this is nothing more than a
marketing ploy, but let's just suppose.)  That's great.  But what happens
when the next Word macro virus comes along (gee, what a great idea, allowing
auto-start macros in files that are often distributed by e-mail) or the next
.exe virus starts floating around?  I can hear your average Joe User now:
"Happy99.exe?  Hmm, what's this?  Oooo, fireworks, how pretty."

What is Microsoft going to do about this?  Has anyone heard anything about
it?  This is a serious flaw because in my experience, no matter how many
*ing times you tell your average Joe User not to do something, he will do
it no matter what, because he just doesn't get it.

By the way, none of these Windows wonders are new ideas.  I remember when
script.ini and now that damned DM ][ trojan were a big deal on IRC.  I am an
sop in #*chat on Dalnet (nick Eternal_Darkness) and I *still* see this
shit everywhere.  For those of you who don't know, once someone is infected
with one of these, it sets itself up as a script that automatically sends
itself to people on IRC as they join the same channel as you.  Someone has
to accept the .exe from the infected person, (gee, a 35Kb .exe from someone
I don't know.. hey, why don't I accept it and then run it to see what it
is...)run it, and join a channel so that it can auto-send itself to others
(hmm, I can't imagine why all these DCC windows keep popping up all by
themselves.. nah that's not worthy of investigation...).  Same with trojaned
e-mail messages (anyone remember the Unix flash-mailer?  That used to be
common, although there were much nastier attacks around).  Notice how few
people have even heard of this class of attacks (which rely in some part or
another on the stupidity of the victim) during all the years that they were
only for Unix, but when some genius comes up with Windows equivalents you
see them everywhere.  What does this tell us?

--
Byron Mendoza
Note:  My opinions do not necessarily reflect those
of my employer--they are _mine_.  Besides, he's
not worthy; he forces me to use Windows at work.

 
 
 

M$ and their publicity stunt

Post by Ben Slus » Wed, 11 Aug 1999 04:00:00


This is the big flaw in MS Windoze: it allows those who are not qualified
to manage a computer to do so anyway. There's not much to be done about it,
except for maybe pointing and laughing.

--
Ben Slusky                    | "The pyramid is opening!"

"will program for food"             | "The one with the ever-widening
PGP keyID E2C2D949            |  hole in it!"  -Firesign Theatre

 
 
 

M$ and their publicity stunt

Post by t.. » Fri, 13 Aug 1999 04:00:00



> This is the big flaw in MS Windoze: it allows those who are not qualified
> to manage a computer to do so anyway. There's not much to be done about it,
> except for maybe pointing and laughing.

        People who are not qualified try to administer Linux/ Unix
too. It just seems to be that they are more aware of their limitations
and more willing to learn.

--
             Tim.

 
 
 

M$ and their publicity stunt

Post by Stephen Satche » Fri, 13 Aug 1999 04:00:00


The principle difference between the administration of Linux systems in
particular and Unix-based systems in general and the breadth of Microsoft
operating systems is that there is more information available in the
public domain for the Unix and Unix look-alike systems.  Microsoft has a
large amount of its intellectual property income derived from education
about their systems, and the only way to really learn Microsoft is to
spend roughly $10K/year doing so...and then selling your experise to
those who aren't willing to make that investment.

The Unix community, on the other hand, is more used to the concept of
sharing the information without demanding payment up front.

The companies who sell Unix operating systems have been far more free
with information regarding the administration of their systems as part of
the regular documentation set for the system.  I still have a couple of
boxes of Solaris documetation that came with a Sun system, and a large
SCO XENIX library as well.  What I got with my Windows 95 system was a
Help file that doesn't even tell me how to launch WORDPAD properly, let
alone how to harden my system against crackers who would try to crack
passwords over the network.

With the growth of BSD and Linux, the cost of the "information" has
dropped dramatically.  Witness the level of information available in this
newsgroup, much of which can be found in the HOWTO documents that can be
freely downloaded or come as part of a distribution that costs less than
$100.

The tools provided with the standard Linux system are pretty good,
although frankly not good enough to keep the really capable crackers out
of your system.  The good thing about the OSS movement is that people who
care will find ways to provide better security to those who want it, and
with any luck without having everyone pay a pretty penny for the ability.

I'm a professional programmer.  I earn money writing code.  I earn money
obscuring code.  That said, I like the idea of firewall code being out in
the open and freely available.  That's the nature of this war against the
children who want to destroy instead of create.  The "dark-side" hackers
who think that prowness is measured by how well they can crack a security
system, instead of how they can expand the envelope of knowledge and
practice.

And I see I'm on my soap-box, so I'll get down now...



>> This is the big flaw in MS Windoze: it allows those who are not
>> qualified to manage a computer to do so anyway. There's not much to be
>> done about it, except for maybe pointing and laughing.

>     People who are not qualified try to administer Linux/ Unix
>too. It just seems to be that they are more aware of their limitations
>and more willing to learn.

 
 
 

M$ and their publicity stunt

Post by Positve » Fri, 13 Aug 1999 04:00:00


What?   You can LOCK DOWN the Windows desktop quite nicely with Microsoft
tools.


> This is the big flaw in MS Windoze: it allows those who are not qualified
> to manage a computer to do so anyway. There's not much to be done about
it,
> except for maybe pointing and laughing.

> --
> Ben Slusky       | "The pyramid is opening!"

> "will program for food"       | "The one with the ever-widening
> PGP keyID E2C2D949       |  hole in it!"  -Firesign Theatre

 
 
 

M$ and their publicity stunt

Post by Positve » Fri, 13 Aug 1999 04:00:00





> >> This is the big flaw in MS Windoze: it allows those who are not
qualified
> >> to manage a computer to do so anyway. There's not much to be done about
it,
> >> except for maybe pointing and laughing.

> > People who are not qualified try to administer Linux/ Unix
> >too. It just seems to be that they are more aware of their limitations
> >and more willing to learn.

> But linux lets you login as a different user than administrator.
> So the change of accidental removing important files is less.

I believe that there is a third party SU tool for NT.

The Windows family currently comprises 5 OS's at the moment.  Each with a
slightly different IP stack (and OS feature set) to boot.    Just to confuse
things even more.

 
 
 

M$ and their publicity stunt

Post by Byro » Sat, 14 Aug 1999 04:00:00


Why spend extra time and money to force Windows to do something
it was never originally designed to do instead of running a faster,
more stable OS that does this by design?  What love of Windows'
features could make this decision anything but a no-brainer?


> What?   You can LOCK DOWN the Windows desktop quite nicely with Microsoft
> tools.



> > This is the big flaw in MS Windoze: it allows those who are not
qualified
> > to manage a computer to do so anyway. There's not much to be done about
> it,
> > except for maybe pointing and laughing.

> > --
> > Ben Slusky       | "The pyramid is opening!"

> > "will program for food"       | "The one with the ever-widening
> > PGP keyID E2C2D949       |  hole in it!"  -Firesign Theatre

 
 
 

M$ and their publicity stunt

Post by t.. » Sat, 14 Aug 1999 04:00:00



> What?   You can LOCK DOWN the Windows desktop quite nicely with Microsoft
> tools.

        Lock down or lock up? ;)

--
             Tim.

 
 
 

M$ and their publicity stunt

Post by t.. » Sat, 14 Aug 1999 04:00:00





> >> This is the big flaw in MS Windoze: it allows those who are not qualified
> >> to manage a computer to do so anyway. There's not much to be done about it,
> >> except for maybe pointing and laughing.

> >       People who are not qualified try to administer Linux/ Unix
> >too. It just seems to be that they are more aware of their limitations
> >and more willing to learn.

> But linux lets you login as a different user than administrator.
> So the change of accidental removing important files is less.

        True, but that didn't stop me destroying several Linux
installs experimenting as a complete newbie ;) Though I'd hope there
weren't too many newbie administrators out there...

--
             Tim.