Vista vs. Viruses

[Ron Lopshire]

Some good food for thought from KL's Alisa Shevchenko.

Vista vs. Viruses

http://www.viruslist.com/en/analysis?pubid=204791916

A couple of things struck me.

1) Alisa links to and discusses some of the work (Blue Pill) of Joanna
Rutkowska. You can get to most, if not all, of Joanna's work from here.

http://www.invisiblethings.org/index.html

Check out Joanna's Papers Section for movies, PDFs, Power Point
presentations, and more.

2) Where have we heard this before?

Quote: "From this point of view, I can’t take User Account Control
seriously as a security measure against malicious programs. There is a
high probability that a function which irritates the user will be
disabled. Either the user will click on “allow” or s/he will enter the
administrator password without a second thought."

3) Quote: "PatchGuard -> The Vista kernel (only for 64 bit platforms)
is allegedly protected against modification. This is highly relevant
given the fact that kernel mode rootkits are becoming more and more
widespread."

I have mentioned before that _I_ would not even consider putting Vista
on a box without 64-bit architecture.

4) Quote: "IE7 security features -> ActiveX Opt-in is a function which
blocks all ActiveX management tools apart from those which are
explicitly allowed by the users.
...
And as for executing unknown ActiveX components - it's been permitted
before, and it will continue to be permitted."

How many clueless idiots think that _opt-in_ is a safety feature?
Geez. MS's contention that Vista/IE7 is safe/safer/safest deserves,
IMNSHO, to be in the category of "The only thing worse than no
security is a false sense of security."

WinXP was not useable in the Home/SOHO market until SP2. It will be
interesting to see if this is a sign of things to come for Vista.

Ron

 

[Bill]

WinXP was not useable in the Home/SOHO market until SP2. It will be
interesting to see if this is a sign of things to come for Vista.

With alternatives such as Linux, I don't understand why anyone would
want to use any Microsoft product anyway.

 

[Virus Guy]

With alternatives such as Linux, I don't understand why anyone
would want to use any Microsoft product anyway.

At the time (2002-2003), Linux wasn't the ergonomic alternative to
XP. The continued use of Windows-98 was the logical and in retrospect
more secure course of action. Any SOHO or home user with Win-98 and
an Office-2k CD to distribute on all their computers was set for
years. We get along just fine today with such a setup.

Microsoft did it's best to hide Netbeui from XP users, meanwhile
Win-98 networks were securely sharing files (without a NAT router)
using Netbeui while still being able to surf the web with TCP.

 

[Leythos]

With alternatives such as Linux, I don't understand why anyone would
want to use any Microsoft product anyway.

Linux doesn't support the document types, the games, the development
platforms, as well as Windows does, and as I've said before, more than
30 years without a compromised system/network.

 

[Larry Sabo]

[snip]

Microsoft did it's best to hide Netbeui from XP users, meanwhile
Win-98 networks were securely sharing files (without a NAT router)
using Netbeui while still being able to surf the web with TCP.

I regularly put Netbeui on XP systems that need file sharing with
Win98 systems. Works great. Scot Finnie's article provided valuable
guidance and tools...

http://www.scotsnewsletter.com/38.htm#tipadaweek

Cheers,
Larry

 

[Virus Guy]

I regularly put Netbeui on XP systems that need file sharing
with Win98 systems. Works great.

I don't doubt that. Last I heard, the Netbeui files from Win-2K
worked better on XP than what it came with.

My point was that Netbeui was something you had to put a little effort
into getting working on XP, even though it was inherently more secure
at local file sharing on unprotected networks. That didn't seem to
matter to Micro$loth.

 

[Bill]

Linux doesn't support the document types, the games, the development
platforms, as well as Windows does, and as I've said before, more than
30 years without a compromised system/network.

I've yet to see a document type that it didn't support and as for
games, I don't do the online game thing anyhow. It more than suits my
needs...and for free.

 

[Leythos]

I've yet to see a document type that it didn't support and as for
games, I don't do the online game thing anyhow. It more than suits my
needs...and for free.

Sorry, but I could send you my standard contract document and it would
be a mess when you tried to open/convert it in ANYTHING other than using
CrossOver and MS Office. And the same for Excel and other documents, the
open source products don't convert more than the basic formatting, and
many times they don't convert that well.

As for games, MOST of the people with compromised computers DO play
games that are not supported on Linux systems.

Now, what I was saying is that I've run Windows systems for as long as
they've been out, in fact, I design entire networks based on the Windows
platforms, thousands of users, and in all my years (30+, not the MS has
been around that long) I've never had a compromised computer/system that
was still under my control/management - so the hype about Windows being
non-secure, the hype about Linux being secure, really doesn't mean crap
to people that know what they are doing.

What does mean something is the ability to purchase the latest printer,
the latest interface for a widget, the latest games, the latest
multimedia tools, etc... and get those working on my computers, as well
as the same for most people.

I have two FC5 machines running on my desk, and I love to play with
them, even have CrossOver so that I can use MS Office, even loaded
Evolution so that I get that full Exchange experience, but, there is
just nothing as polished as what I get out of MS Office, not to mention
that 99% of our clients and people our clients do business with also use
MS Office.

For residential users, that don't care about most of the above, Linux is
a great cheap OS to load, but, they won't be calling their buddy, their
mother, their son, etc... to get support when they have a problem with
an update and can't get the GUI working.

 

[VideoReDo Sucks]

With alternatives such as Linux, I don't understand why anyone would
want to use any Microsoft product anyway.

Oh? How about trillions of pounds, dollars, euros invested in Microsoft
technology. You'd expect worldwide business to abandon that investment?
Countless complex spreadsheets that businesses depend on and a huge base of
complex corporate documents that can't be used on a linux platform ... you'd
also expect them to abandon those and redo them on a "free" O/S?

Your head must be in a very dark place.

Linux is just fine for the geeky types at home, but not for the rest of the
adult world.

I don't get to see my children and grandchildren very often as we live
thousands of miles apart. I enjoy playing World of Warcraft with my son and
grandson ... we get a feeling of "togetherness" and communion from that. Can
I do that on a linux platform? Linux may indeed be free, but it doesn't
offer me the freedom that I get from Microsoft Windows.

 

[Jason]

I've yet to see a document type that it didn't support

I have a Linux system that I use for a lot of things, but there is no
Photoshop support in Linux and, in general, Adobe products don't run on
that platform, so I am obliged to keep an XP system around. The same
thing goes for several professional audio editing applications. Too bad,
but true.

Jason

 

[Leythos]

I have a Linux system that I use for a lot of things, but there is no
Photoshop support in Linux and, in general, Adobe products don't run on
that platform, so I am obliged to keep an XP system around. The same
thing goes for several professional audio editing applications. Too bad,
but true.

One simple suite of documents don't convert, the largest format used in
the world, MS Office. While SOME documents convert with little or no
changes, MOST that have anything other than TEXT do not properly
convert, and don't even try and convert one and then share it with the
person you sent it too.

 

[Dave Cohen]

With alternatives such as Linux, I don't understand why anyone would
want to use any Microsoft product anyway.

Most mature individuals at some point learn you don't argue religion and
lay low on politics if your friend's have opposing views (and you want
to keep your friends). Linux and Mac seem to have similarly devoted
followers, however while most of us have some commitment in the first
two matters, the vast majority of us don't give a shit what os others
use. You apparently are one of the exceptions and you don't have to
understand.
Dave Cohen