How about fix the OS rather than making work arounds

  • Thread starter Thread starter Greg
  • Start date Start date
G

Greg

Does any one else see this? shouldn't Microsoft fix windows
to prevent this stuff in the first place? Making sure the
crappy OS works and blocks unwanted programs in the first
place is the right way of solving spyware issues. Adding
removal tools instead is only a half-assed attempt to
please the community suffering with Windows. Rebuild the OS
from scratch! don't reuse code, rebuild IE and maybe one
day MS will learn that innovation is key. Keep in mind,
linux machines, Apples, Unix... its much harder to try to
infect those machines.
 
Sounds nice and easy doesn't it? But, there is this thing called the
"Installed Base" and there are also all those applications out there. People
will tell you that they want security, security, security, but they stop
saying that as soon as their apps stop working.

MS can't make all the security changes that they need to all at one time -
since nobody would buy the new OS since their apps would not work anymore.
 
So why don't you switch to linux and quit bitchin?
--
~Ohmster

: Does any one else see this? shouldn't Microsoft fix windows
: to prevent this stuff in the first place? Making sure the
: crappy OS works and blocks unwanted programs in the first
: place is the right way of solving spyware issues. Adding
: removal tools instead is only a half-assed attempt to
: please the community suffering with Windows. Rebuild the OS
: from scratch! don't reuse code, rebuild IE and maybe one
: day MS will learn that innovation is key. Keep in mind,
: linux machines, Apples, Unix... its much harder to try to
: infect those machines.
 
Greg said:
Does any one else see this? shouldn't Microsoft fix windows
to prevent this stuff in the first place? Making sure the
crappy OS works and blocks unwanted programs in the first
place is the right way of solving spyware issues. Adding
removal tools instead is only a half-assed attempt to
please the community suffering with Windows. Rebuild the OS
from scratch! don't reuse code, rebuild IE and maybe one
day MS will learn that innovation is key. Keep in mind,
linux machines, Apples, Unix... its much harder to try to
infect those machines.
Click to expand...

So how do you change the OS to prevent people from downloading junk.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
 
Greg scribbled:

snip...
Keep in mind,
linux machines, Apples, Unix... its much harder to try to
infect those machines.
Click to expand...

FYI:
<quote>
Using 'advanced static analysis': "cd drivers; grep copy_from_user -r ./* |
grep -v sizeof", I discovered 4 exploitable vulnerabilities in a matter of
15 minutes. More vulnerabilities were found in 2.6 than in 2.4. It's a
pretty sad state of affairs for Linux security when someone can find 4
exploitable vulnerabilities in a matter of minutes. Since there was no point
in sending more vulnerability reports when the first hadn't even been
responded to, I'm including all four of them in this mail, as well as a POC
for the poolsize bug. The other bugs can have POCs written for just as
trivially. The poolsize bug requires uid 0, but not any root capabilities.

The scsi and serial bugs depend on the permissions of their respective
devices, and thus can possibly be exploited as non-root. The scsi bug in
particular has a couple different attack vectors that I haven't even
bothered to investigate. Some of these bugs have gone unfixed for several
years.

The PaX team discovered the mlockall DoS. It has been fixed in PaX for 2
years. I have attached their mail and exploit code.

I'd really like to know what's being done about this pitiful trend of Linux
security, where it's 10x as easy to find a vulnerability in the kernel than
it is in any app on the system, where isec releases at least one critical
vulnerability for each kernel version. I don't see that the 2.6 development
model is doing anything to help this (as the
spectrum of these vulnerabilities demonstrate), by throwing experimental
code into the kernel and claiming it to be "stable". Hopefully now these
vulnerabilities will be fixed in a timely manner.
http://neworder.box.sk/explread.php?newsid=13050
<end quote>
 
They do mention that IE can be made secure,
at the expense of being compatible with nothing.
Click to expand...


Well if that's their final word on it, so be it. I've switched to
FireFox, so has everyone I know and no one is looking back. And unless
MS gets this platform back under control, next step for a lot of people
will be an Apple.

I've already spent as much time as I'm going to spend, trying to clean
up other people's Windows systems and having the same spyware show up in
a week.

The Windows OS is now like a critically overweight person who tells the
doctor "I don't have time to exercise".
 
jim hughes said:
Well if that's their final word on it, so be it. I've switched to FireFox,
so has everyone I know and no one is looking back. And unless MS gets
this platform back under control, next step for a lot of people will be an
Apple.

I've already spent as much time as I'm going to spend, trying to clean up
other people's Windows systems and having the same spyware show up in a
week.

The Windows OS is now like a critically overweight person who tells the
doctor "I don't have time to exercise".
Click to expand...


http://secunia.com/product/4227/
http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
 
http://secunia.com/product/4227/
http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx
Click to expand...


Frakn, those are interesting links and your point is well made - FireFox
will have its share of problems too. But for today at least, switching
to Firefox has given my friends some relief because if nothing else, it
leaves behind those obnoxious "search bars" that have attached
themselves to IE, and which none of the spyware tools are able to remove.

The thing is, those of us who have taken responsibility for friends and
relatives' PCs are now at the end of our rope and have to do 'something'
- I'm talking about people who have all but stopped using their PCs
because of things like CWS and VX Transponder. And I can't spend any
more time at their houses locked in a losing battle with this stuff, or
reinstalling Windows and all their applicatinos. If FireFox offers fewer
exploitable hooks today, then I'm going with it.

Maybe IE has to be left to the corporate world (i.e. managed PCs)while
home users migrate to something safer and simpler.

I don't think MS grasps the fact that spyware is THE major threat to the
Windows franchise at this point. Apple is starting to use it in their
marketing, and people are starting to pay attention.
 
I have no trouble with IE and never have on any of my PCs. The reason IE
has been attacked is that it is ubiquitous and from Microsoft. If enough
users use something else, it will be attacked too. Ab insidiuus, non est
prudentia. The best we can do is use the Antispyware programs, at least two
of them concurrently, and avoid installing unnecessary stuff.
 
Okay, I know its true that as more people use other things,
more exploits will be found on those apps. However, its
seems like Microsoft does not do a good enough job
satisfying customers. Both the End user and IT staff have
obviously different needs. However, each "major" change
doesn't satisfy them all. Simple ideas that, Apple for
instance, prevents unwanted programs from running on first
open. The OS asks if you want to open the program; asks for
username and password before changing preference; and
doesn't leave a GIAGANTIC overhead of poor programming to
block it all. The fact is, if MS ever makes huge changes
that completely alter the OS FROM SCRATCH and changes how
the IT staffs work with old, incompatible software, its
still the standard: it will be adopted and used with only a
little hesitation...
 
PN said:
They do mention that IE can be made secure,
at the expense of being compatible with nothing.
Click to expand...

Indeed. If you go to IE's Tools menu, Internet Options, Security tab,
you can make IE as secure as you want. Trouble is, many websites
will stop working.
 
Safe surfing habits (not clicking on every link in sight) will stop
most malware from ever entering one's computer. I've been on
the Internet since before there was a WorldWideWeb, and
have never caught anything bad.
 
Back
Top