Re: how did Microsoft break away from OS/2?
- From: jasonmbowen@xxxxxxxxx
- Date: 5 May 2006 07:10:56 -0700
tholen@xxxxxxxxxxxx wrote:
Jason Bowen writes:
Leauki wrote:
Windows NT was slower and less compatible than OS/2, but it was always
more stable and more secure.
Not from my perspective. I've never had an infected OS/2 machine, whereas
a Windows laptop got infected simply by being connected to a network.
Specifically, what was your laptop infected with?
The systems people who discovered the excessive network traffic ran
a virus scan on it, the virus scan turned up nothing.
Whose Windows laptop got infected by simply connecting to a network in
the statement above?
Does it matter?
Does it matter?
Yes, it matters.
Why?
The laptop user should be aware of the laptops condition.
The issue here is whether Windows is secure or not, not whether the
users should know about the condition of the laptop.
If the laptop owner doesn't secure the laptop they can be compromised.
The point is that Windows is not secure. That lack of security is quite independent > >> of
who owns the laptop.
How come I've never had a virus?
How am I supposed to know the history of your machine?
It is connected to a network where there are compromised Windows
machines, isn't that the criteria you gave for infection?
If Windows isn't secure, shouldn't I suffer the same problem?
The question isn't whether you should, but rather whether you could.
If there were no security holes in Windows, then there wouldn't be
a need for security patches.
Is Windows any different than any other operating system in this
regard?
Do you have a name
given by a body such as CERT or do you know the attack vector?
All I know is that the machine was trying to spread the virus by
sending out packets looking for open ports on other machines
connected to the same network. The systems people said that it
had sent out 20,000 attempts in the few hours it had been connected
to their network.
So this laptop wasn't your laptop correct?
Does it matter?
The condition of the laptop shows the knowledge level of the owner.
Does it matter? The point is that Windows is not secure. That
lack of security is quite independent of who owns the laptop.
Quite incorrect.
Classic unsubstantiated and erroneous claim.
Quite substantiated as I can put a windows machine on the Internet and
not have it infected. The owner of the laptop you describe cannot and
hence introduced user error in to the equation.
An owner that applys patches and follows best
security practices will fare better.
Classic illogic, given that nobody can apply a patch that does not
yet exist.
OS/2 users are in this boat aren't they?
I've run OpenBSD, Linux,
Mac OS X, Windows 9x, Win 2k, Windows XP, Windows Server 2003, Solaris
and OS/2 at home and have never had a problem.
Are you trying to suggest that Windows has no security holes because
you've never encountered a problem?
I've mitigated the problems, hence I know how to avoid them. You've
never had a security problem with OS/2? Have you audited the code of
it?
Obviously the Windows machine wasn't connected to a network that also
had an infected machine attached to the same network.
No it has actually. I've defeated viruses/spyware/trojans at the
firewall and also via virus scan.
Are you trying to suggest that the addition of a firewall eliminates
Windows' vunerability to security holes?
No, but security isn't a product but a process and with a properly
configured firewall I block the traffic of those that seek to
compromise my machines.
They've all been on the same network, it is called the Internet.
Classic illogic. In the case described above, the attack being
generated by the infected laptop never got outside of the local
network because the gateway was configured to prevent it. So,
when portions of the network are isolated in such a fashion, it
is quite illogical to say that your machines have all been on the
same network called the Internet. A lot depends on how your
subnet is managed.
Any node on the Internet is subject to any scan that gets through to
it, including scans from all the infected machines on the internet.
The cases are the same, the scans are coming over a network that the
machines are connected to. The particular network you are describing
appears to have an egress firewall to provent scans from leaving it
isn't special in any regards, it is just keeping that attack from
leaving the local network. Are you as ignorant about networking as you
were about rotational speeds in DVD drives?
I know that a default
XP install without a virus scanner, and without installing all the
known patches, and without being behind a NATed firewall will succumb
to the massive scans on the Internet within minutes but I view that as
user error.
I don't; the key words here are "default XP install". The default is
not secure.
If a person can secure there machine it is user error, ignorace or
incompetence.
I don't; the key words here are "default XP install". The default is
not secure.
I do, security is a process, not a product. If your car needs regular
maintenance to run and you don't perform it and it dies, do you
consider the car company to be at fault?
If my car is delivered to me with a faulty door lock, I do consider
the car company to be at fault.
You didn't answer the question about maintenance. That is very
telling. If you don't perform regular maintanence on your car and it
dies as a result, do you blame the car company or the owner? Why does
a car owner need to perform regular maintenace?
If you stick a Solaris or Linux box without patches on the
Internet without the same precautions you will be rooted as well,
though it will take longer since less people look for holes in Solaris
or Linux.
Thus Solaris and Linux aren't secure either.
All operating systems that haven't had a code audit to prove their
security not secure?
Thus Solaris and Linux aren't secure either.
Do you define a secure operating system by whether or not somebody is
looking to exploit it?
Do you define a secure operating system by whether or not you've
ever experienced a problem? From what you wrote above, apparently
so.
Can you answer the question posed to you?
Security patches are released to fix holes.
Which means that holes exist. Unsecure.
It means they've been fixed.
If you run an operating
system without applying the patches you are leaving yourself open.
Once cannot apply a patch that does not yet exist.
Your implication is that all software is then insecure because you
can't apply patches that don't yet exist?
Most of the exploits on the internet use vectors that are known and
that have been fixed,
What fraction is "most"?
Without looking it up I'd say over 99% and probably higher than that,
there aren't many zero day exploits as a percentage of the traffic on
the Internet. The big ones like NIMDA, had a patch for months that
nobody applied, including the lazy IT stafff at a place I used to work.
As they ran around the cube farm I pointed out that the patch had been
issued months in advance but being the typical paper certified IT guys
they were, they still tried to deflect blame.
most users just don't care to take the time to
apply updates.
Once cannot apply a patch that does not yet exist.
You seem to want to imply there are a lot of zero day exploits and yet
your belief isn't bared out in real life.
If people run a Sun Server without applying patches do
we say that Solaris is inherently insecure when they get compromised?
Who are you asking for when you say "we"?
The generic we.
Security isn't a product, it is a process.
Once cannot engage in the process of apply a patch that does not yet
exist.
Your supposition on all these zero day exploits is interesting.
The problem is that new security holes are found in Windows on a
regular basis.
Take a look at the changes logs for Solaris, Linux and other operating
systems. Do a new install of RHEL 4 or Solaris 10 and then patch and
tell me how many patches are installed and note the number and the days
on which they came out.
At issue is Windows. I simply note how frequently one of our system
administrators sends out an email with an urgent recommendation that
Windows users apply the latest patches to fix yet another security
hole. Such warnings come much more frequently than they do for
Solaris or Linux.
Yet I see the Red icon on my GNOME panel several times a week sometimes
and you are telling me that Windows issues patches more frequently but
Microsoft only issues patches once a month... how odd. Would you agree
that the lack of specificity in your statement isn't bared out by the
real patch release cycle?
And I've had Windows crash on me surprisingly often, considering
its supposed stability.
What are the crashes based on?
Nothing obvious. Just complete lockup.
Accessing certain hardware or running a certain program?
Not that I could tell.
Are they reproducible?
No, which makes it hard to track down.
Hmmm odd, I've always been able to trouble shoot. It has been my
experience that if XP has a fatal error it comes back with a message
letting you know. If it just freezes, it is probably hardware since
the OS obviously has responded to a trap. You keep removing parts of
the equation until the error goes away. Random errors suggest hardware
problems. Replacing things like memory or other swappable devices
always helps. I couldn't install Warp 3 on a machine with a zip drive
back in the day. I had to open the case and disconnect the drive and
install with un-attached.
If the hardware was at fault, I would expect the lockup to occur
again after rebooting, sooner rather than later.
What you expect is irrelevant, what you prove is relevant.
If the hardware was at fault, I would expect the lockup to occur
again after rebooting, sooner rather than later.
If it is a memory cell that gets used randomly, hence random access
memory, the problem will be random. If the problem occurs when the cpu
hits a certain temperature, the problem will be random if that
temperature is not often hit.
Must be a lot of faulty hardware out there, considering how I've seen
Windows lock up on multiple machines.
There are many faulty device drivers out there that are written by the
hardware manufacturers. Does your statement invalidate the possibility
of the random behavior I described?
If nothing happens
after a certain amount of time, the interest in tracking down a
hardware problem goes away.
.
- Follow-Ups:
- Re: how did Microsoft break away from OS/2?
- From: tholen
- Re: how did Microsoft break away from OS/2?
- References:
- Re: how did Microsoft break away from OS/2?
- From: jasonmbowen
- Re: how did Microsoft break away from OS/2?
- From: tholen
- Re: how did Microsoft break away from OS/2?
- Prev by Date: Re: how did Microsoft break away from OS/2?
- Next by Date: Re: how did Microsoft break away from OS/2?
- Previous by thread: Re: how did Microsoft break away from OS/2?
- Next by thread: Re: how did Microsoft break away from OS/2?
- Index(es):
Relevant Pages
|
