NYT Security Tip - Choose Non-Microsoft Products 298
Giorgio Maone writes "The New York Times article 'Tips for Protecting the Home Computer' follows a story we recently discussed about the proliferation of botnets, and contains some statements which may sound quite unusual from mainstream press, especially if targeted to home users: 'Using a non-Windows-based PC may be one defense against these programs, known as malware ... Alternative browsers, like Firefox and Opera, may insulate users ... NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC'."
So Markoff Doesn't Care for Microsoft (Score:5, Interesting)
I must admit that initially I was a bit humored by the idea that a New York Times author had a right to caution me about computer usage. But when I looked up his credentials [wikipedia.org], he seems to be a qualified and experienced tech writer who probably has good advice for the general public. Granted, his last recommendation: "Don't click if someone offers you something too good to be true. It is." worries me that people may be wary of certain open source projects but in the end, I'd agree that I'd tell my sister and friends just not to install anything and to ask me for specific links to programs that solve problems or fill needs.
In the end, it's a very short article and doesn't provide a very comprehensive picture of security for a home user. You may think its news that Mr. Markoff decided to push people away from Microsoft but he's only telling you the facts about the numbers. You won't have as many problems with Linux but there's no way your daughter's iPod will work with iTunes Music Store on your computer anymore. If he wanted to make this a notable article, he should have delved into trade offs and better coverage of issues.
So Markoff doesn't like the benefits of running Microsoft software. So what?
Re:So Markoff Doesn't Care for Microsoft (Score:5, Insightful)
While we all want people to run Free Software (at least a Free OS) all the time, it's just not practical right now. His advice could mean, use a Mac, which is what I have been recommending to people I've fixed computers for, despite the fact that Linux/BSD/GNU may be better for the long run. iTunes works with Mac, so does quite some other programs (not talking about DirectX games). The common sentimental for people who switched from Windows XP to OS X is usually, why did I used that crap before? Especially when they went to a Windows based computer for whatever reason. I recently got my mother set up on a computer (who never used one before) and I installed Linux, and she thought it was easy enough to use. For a non-power user who just casually browse the web, email, maybe Skype for VoIP, Linux is good enough. For people who are used to proprietary software and not wanting to change, OS X might be a better choice.
Re:So Markoff Doesn't Care for Microsoft (Score:5, Insightful)
Let me put it to you this way: I sell Windows software for a living. Not Mac-ware. Not yet. . Still, I recommend to everyone I know that they get a Mac. I can't, in good conscience, recommend Windows. Malware, yes, that's certainly a huge problem. DRM issues in Vista are another (such as degrading audio if unsigned.) Ridiculous license terms are another (no virtualization for home? Change your hardware, lose your authorization? ridiculous!) Constant reboots and restarts are another. Incorrect configuration out of the box is another - not just privileges, but what is running and what is not, what is turned on and what is not. As near as I can tell, the key Microsoft OS policy is "Wreck the user's day. Every day."
Re: (Score:3, Insightful)
I have no objection at all to closed (or open) systems. Just poorly crafted ones. If I feel that linux ever gets to the level of quality and consistency that OSX has, I'll be happy to recommend it. I use it every day, so I'm sure I'd notice were it to ante up, as it were. Today, as far as I'm concerned, the only OS I am as comfortable recommending to a
Re: (Score:3, Insightful)
1 GPL
2 not GPL but has a Linux version or has source downloadable (+half points)
3 site has massive ads and or flash based ads (- double points)
4 site mentions in a positive way Gator/Claria Bonzi buddy weatherbug or any of the KOS programs (warm up the BGF9000 and pick up a QD glyph)
Re:So Markoff Doesn't Care for Microsoft (Score:4, Insightful)
> Microsoft software. So what?
What benefits?
I am not totally convinced that automated silent virus/malware installation is a "benefit".
Re:So Markoff Doesn't Care for Microsoft (Score:5, Insightful)
For some people that's the only benefit they care about.
Re: (Score:2)
Of course I'd assume OSX has pretty good accounting / tax software that is still easy to use (never checked to be honest)
Noscript is one of the best reasons to run Firefox (Score:5, Informative)
Re:Noscript is one of the best reasons to run Fire (Score:5, Insightful)
Re:Noscript is one of the best reasons to run Fire (Score:5, Insightful)
Re:Noscript is one of the best reasons to run Fire (Score:5, Informative)
The only usable way to control Javascript is site by site, and turning it off by default slashes a whole army of exploits out of your life. Every browser should have this functionality built in.
Amen to that. I use noscript and I have lost count of how many sites fail completely or outright refuse to load if JS is disabled. The number of sites which degrade gracefully is sadly quite small. If every browser had this, maybe web developers would finally get it through their thick skulls that JavaScript is best utilized to enhance the user's experience. Obviously, there are some exceptions, like AJAX applications and the like. It bugs me so much that I have never developed a site that did not degrade gracefully in the absence of JS. In fact, the only way the user would notice something was different was if they had first seen the site with JS and then later without or vice versa. Some of the worst offenders are the "major" tech companies. Try logging into Yahoo webmail with JS turned off to see what I mean.
Re:Noscript is one of the best reasons to run Fire (Score:4, Insightful)
Don't forget to complain to the merchant (Score:3, Interesting)
NYT is out of touch. (Score:4, Informative)
Not use Microsoft? That's unpossible! They must be Mac or Linux users and are completely out of touch because they don't have the problems in the first place.
Seriously, it's good to see the message getting out. Another widely read, "mainstream" source, the BBC, has said the same thing already, like this [slashdot.org]. Of course, everyone without a vested interest in M$'s welfare has been saying enjoying the same for years. Sooner or later, despite billions of advertising dollars and bullshit studies, people are going to get it and real OS choice will happen. Seeing this in the NYT makes me think this is sooner than later.
Re: (Score:2, Funny)
For about four years, neither could the IE team. It just wasn't "innovative" enough for them until a few months ago.
One thing, that's easy. (Score:3, Insightful)
[using anything but M$] is a steep learning curve, and a lot of people think why bothered [sic].
So M$ shoved IE 7 down their throats as a forced update. Borat voice, "Is nice!" If you want a consistent interface instead of, "change for change's sake" use free software.
Back in the real world, my five year old girl is happy with Firefox. I like that her system does not have to be replaced every two years and that it does not catch porn spam or American Express pop ups. Mepis took me all of 20 minut
Nothing's more Fragnmented than M$ GUI. (Score:5, Informative)
I think your argument of "It's so simple a 5 year old can do it" is flawed for one big reason: The five year old isn't used to using IE.
You must have missed this article [informationweek.com]
, complete with screen shots about how inconsistent the M$ GUI has become. Just look at this screenshot [cmpnet.com]. I thought the differences between KDE, Gnome and other toolkits was bad but that's way off, M$ has no excuse for the fundamental differences seen in their own tools. Why would you ever throw a new user into that mess? The worst part is how frequently they change the interface, No one else does it more.I'll conclude with
Uh oh (Score:3, Funny)
Re: (Score:2)
While on the surface..... (Score:2, Informative)
Perhaps the thinking should change to using products that are reasonably secure (regardless of vendor) and using some common sens
Re:While on the surface..... (Score:4, Interesting)
Sure, everything is exploitable, but some things are a lot harder to exploit than others, and both linux and OSX are poster children for this. To imply that OSX is, or ever will be, as vulnerable to hacks as Windows is puts you well into the "disingenuous" category, I'm afraid.
Microsoft would love everyone to think that OSX is just as vulnerable as Windows is, but the fact is, it isn't. It's a lot better organized operating system code-wise, and patches come swiftly and surely from Apple whenever anyone finds anything. Which is quite a contrast to Microsoft's approach, even if they do have a harder time patching Windows.
Re: (Score:3, Insightful)
As a matter of fact, I've probably spent more time looking at Windows source than most people outside of Microsoft. I'm the developer of a major Windows application, easily in the top 1% in terms of complexity and sophistication and 100% compatible through considerable effort across the various large scale Windows platforms, not just the ones you're probably familiar with, but also including all three
Re: (Score:2)
Oh really? Is that why there's only been one remote hole in the default install of OpenBSD in more than 10 years?
Sure, software has bugs. That doesn't mean that good programmers can't write software with less bugs. Further, it doesn't mean that they can't write their software in such a way that any bugs are unlikely to be security holes.
Re: (Score:2)
If you wrote an operating system that did nothing out of the box by default I'm sure you could make it bug free too
Re: (Score:2)
Re: (Score:2)
Sure, you can get in, but if you cant do any damage ( like a ROM based OS for example ) then its not worth their time.
Using a non-Windows-based PC may be one defense... (Score:4, Insightful)
May be? MAY be? MAY BE?
<SARCASM>Sure, I have to worry about my Mac getting co-opted into a botnet 24/7, because we all know how many active threats there are to Macs! </SARCASM>
Man, talk about "understating the case."
The honest way to put it is that running Windows is the #1 way to get yourself into trouble. Adware, outright co-opting of your resources, virus problems... Windows boxes are insecure and risky, more so than any other machine, right out of the packaging.
You want security and simplicity of use? Mac isn't just "an" answer, it is the *only* answer. You want security and not too worried about simplicity? Linux or a Mac. You willing to re-work of all Microsoft's incorrect settings, patch all the browser vulnerabilities, play the target role in the hacker version of whack-a-mole, reboot your PC every few days because MS has discovered another severe vulnerability in their spaghetti code? Buy a Windows PC. Endless entertainment for puzzle solvers who don't care about their data security or computer availability. Been there, done that, found the solution, not going back.
Re:Using a non-Windows-based PC may be one defense (Score:2)
Good point. This weekend's anecdote - you would think a current model Microsoft webcam would install easily on a up to date Microsoft Windows XP - I did and was wrong. Admittedly all it took in the end was a download of another version of directx instead of the one on the CD - but that took several hours on dial up on that computer. Installing stuff really is a puzzle sometimes - I have many examples but things are getting better as a rule.
Most p
Re:Wow! Talk about missing the point (Score:3, Insightful)
I see you are having reading comprehension problems. Read again. Slowly. You may be able to determine that those are two different statements, with two different sets of requirements.
We are being trolled - ignore it (Score:2)
Re:Wow! Talk about running as administrator! (Score:3, Insightful)
Apparently resolving this isn't that simple. Otherwise, ad-aware (not to mention its innumerable brethren) wouldn't be one of the single-most downloaded applications for Windows, now would it? Norton and all the other "security vendors" wouldn't have anything to do either, would they? Do you see tons of users running for adware prevention or virus checkers or third party firewall software on the Mac/OSX the first day they get it? Or later? No - you don'
Microsoft Astroturf (Score:5, Interesting)
Deep Freeze (Score:2, Interesting)
Re: (Score:2)
NYT Security Tips (Score:2)
The essentials, with emphasis added:
Botnet programs and other malicious software largely take aim at PCs running the Microsoft Windows operating system, because Windows' ubiquity makes it fertile ground for network-based attacks.
Using a non-Windows-based PC may be one defense against these programs, known as malware; in addition, anti-malwar
Re: (Score:2)
not particularily. it's how you remain the dominant player in any business. whether you a Boeing in manufacturing or a Wells, Fargo & Co. in banking.
You people just don't understand the paradigm (Score:5, Funny)
Anyone here watch Drawn Together? (Score:3)
On fark, They'd be paging Rick Romero...
NoScript is great, except... (Score:4, Informative)
I like the extra feeling of security I get using NoScript, but I'm pretty close to ditching it because the pain of having to enable and reload every website I visit just to do something like be able to click on an 'about' or 'FAQ' link is too much.
Maybe its just me... (Score:3, Insightful)
In otherwords, my question becomes where the hell do you (you being the individuals who've had these issues) go to get these problems? I want to actually see one for once, because I personally believe that its either a bunch of "bravo sierra" or the users truly have no clue on what to do (or not do) on a computer.
I'm not saying Windows is necessarly better, as for my own personal knowledge, I'm cutting my teeth on Fedora Core 6, and hating positively HATING the fact I've had to do 4 installs (1 initial and 3 re-installs) just to get it up and running, but I'll try it because I always like being fair) but having said that I do not see really any viable alterative software that Linux provides that 1) looks as nice as Windows, 2) operates in a relatively simple manner -- this can be chalked up to my not knowing the system however, and 3) not having to touch the command line or reworking source code. EVER.
In the end while I believe the author is well intentioned, for individuals who just want the computer to work (with a minimal learning curve), Windows is still the champ in that area (even though, some individuals / groups claim it makes it easier for malware authors to operate as well).
MS Should have put out Windows XP Second Edition (Score:4, Interesting)
The last big Windows worm was quite a while ago. They are still alive thanks to the unaware. Windows has a lot of ports open compared to other machines mostly because it was designed to operate in a operate in an Active directory enviornment...and because RPC is overally relied upon. Yes you can get a virus delivered by email, but this is true of any OS where the user is running as root ( admin ( if the os even supports it ) ) and opens up an attachment. Windows users are bombared with viruses that Mac users get and can safely ignore...heck if you tried to run the exe it would just fail. Mail virsuses are getting less and less as well as email providers and spam firewalls are blocking them. A properly written virus ran on Linux or Mac OSx can get thru the protection. Linux and Mac OSx have had plenty of exploits to get a file install things.
While other OSes interact with each other, they don't quite do it with the built in way MS does. This is good for the end user and bad for security. SMB setup has gotten a heck of lot easier on Linux in the last few years, but compared to Windows it'll never be quite as easy. There are products out there like Groupware, but Active Directory is by far the simplest and most useful for setting up a small to massive network. Thousands of companies use it every day to share files and get work done. Install a printer from the active directory isn't super easy, but I ca'tn see a Linux product comparing.
Mac interaction with AD isn't that bad. I wish it had an Active Directory client from the get go, but my Mac users can print, share files, and a few other things okay. Nobody likes to mention that Windows file security is far more advanced then Linux's will be for quite sometime. The ability to permission a file to individual users at varying levels is absolutely crucial. It is a pain for my Mac users to have to remember their NT passwords and visit a NT machine to reset it every once in a while, but it is good enough so they can run Photoshop...with the Mac keyboard.
I won't be suprised to see a mac mode in Vista sometime soon. It wouldn't really be that hard for Windows to stick the file menu up on the top of the screen when a Window takes focus.
The fact of the matter that no ones wants to talk about is MS is becoming fairly secure if installed with it's patches and stuck behind a firewall. This is true of practically all OSes. The big problem MS has it that it doesn't update it's install disks and most of it's vendors don't update their freaking images. If I get a new Dell I would expect not to have to install a single patch that was over two months old, but alas they don't do that for you. Imagie you installed Redhat 3.0 and then put yourself on the network. I'm sure someone out there could right a worm for Redhat 3.0 right? There isn't one port in the default install with a buffer overflow issue? It be an interesting expierement to write worms for older versions of OSs and see how they take. My guess is that there are more Windows 98 boxes running today then RedHat 3.0 boxes ever ran.
The point is OSx or Linux get the marketshare that Windows has you'll see 1000's of older versions of the OS. As it sicks MAC users generally upgrade fast, and Linux users are practically religous about it outside of the server scope. And on the server side it is likely the machines are protected via firewalls.
The browser hole is getting plugged as we speak. Firefox, Opera, and IE are all plugging away. The big issues is that HTML and Javascript t
Just The Numbers... (Score:3)
OS X has 9 unpatched vulnerabilities of 87 listed, plus 1 partial fix. Oldest unpatched is Nov-2006.
Win2K Pro has 24 unpatched vulnerabilities of 145 listed, plus 3 partial fixes. Oldest unpatched is Oct-2002.
WinXP Home has 29 unpatched vulnerabilities of 154 listed, plus 3 partial fixes. Oldest unpatched is Sep-2002.
WinXP Pro has 32 unpatched vulnerabilities of 169 listed, plus 2 partial fixes. Oldest unpatched is Dec-2002.
Linux 2.6.1 kernel has 19 unpatched vulnerabilities of 107 listed, plus 9 partial fixes. Oldest unpatched is May-2004.
My interpretation is that based on these numbers, OS X looks pretty good! Of course, this month of Apple bugs might see the numbers rise somewhat.
Ultimate Firefox Add-Ons for Privacy/Security (Score:5, Informative)
- CookieSafe [mozilla.org]
- Adblock Plus [mozilla.org]
- Flashblock [mozilla.org]
- httpOnly [mozilla.org]
- SafeHistory [mozilla.org]
- SafeCache [mozilla.org]
- IDND [mozilla.org]
- Link Alert [mozilla.org]
- BlockSite [mozilla.org]
- Master Password Timeout [mozilla.org]
- no-referrer [mozilla.org]0
- NoScript [mozilla.org]
Other useful support Add-Ons are:- SwitchProxy Tool [mozilla.org]
- User Agent Switcher [mozilla.org]
- Adblock Filterset.G Updater [mozilla.org]
For Linux users, I also have this useful add-on:Re: (Score:3, Insightful)
Marketshare != Bette Target (Score:3, Interesting)
This is a BS argument. Here is one example of a program with larger marketshare but fewer cracks, both attempts and percentage successes:
Apache [apache.org]
IIS [microsoft.com]
Just because it's a bigger target doesn't mean it's a better target. Windows is a good target because it's big AND because it has a shit-ton of security flaws. You need to be a security expert to properly safeguard Windows, and most people don't have enough security expertise.
Weylin
Re:Marketshare != Bette Target (Score:4, Informative)
Your example is flawed as Apache is more targeted and more successfully hacked specifically because it is far more popular even though it can be much more secure. Link for your reading [theregister.co.uk]
I know you want your opinion to be right but the logic and the math works. Accept it and move on.
Re: (Score:3, Interesting)
Furthermore, we should see more successful attacks against Apache than against IIS, since the implication of the myth is that the problem is one of numbers, not vulnerabilities.
Yet this is precisely the opposite of what we find, historically. IIS has long been the primary target for worms and other attacks, and these attacks have been largely successful.
From my experience dealing with server exploits most site defacements aren't because of Apache flaws, it's insecure
Re:Marketshare != Bette Target (Score:4, Informative)
So I'm not sure what your point was. I don't know which of Apache and IIS is targetted more often. And I don't know which would be a more lucrative target (Apache serves more hosts, but IIS might serve "wealthier" hosts regarding commerce). But Apache is no more secure than IIS, so if IIS is targeted more often, it's not because it's less secure, but for some other reason (like maybe anti-MS fanboy hackers target IIS to make a political point of some sort).
Re:ah yes... (Score:5, Insightful)
Re:ah yes... (Score:4, Insightful)
These are the people who click OK just to get the box to go away. No operating system is going to save them from themselves without removing the luxury of convenience they insist on keeping.
Re: (Score:3, Insightful)
I beg to differ. The product is only as secure as its default settings. Windows XP, pre-SP2 had some very insecure default settings, allowing for these botnets to proliferate. SP2 addresses this issue to some extent, and Vista goes further. You'll find that a lot of compromised machines were hacked because they're running pre-SP2 Windows XP.
You're so wrong (Score:4, Insightful)
- Most OEM installations of Windows will have administrator as the default user, not requiring any logon at startup. In most Linux distros, you are disuaded or even cannot do this (e.g. Ubuntu), instead you work as a non-root user and sudo to do admin tasks.
- Even with SP2 Windows XP enabled the infamous NetBIOS file and print services, just for one example. Nice summary of this and other "features" here [theregister.co.uk]
- A Windows user can readily execute an EXE or VB script etc, e.g. a dodgy email attachment or download from a shady website, simply by double-clicking it from Explorer. Depending on the level of access to resources (see 1) the system may be totally compromised. In Linux by contrast, executing anything beyond what can safely be installed through the software repository requires knowledge of setting file permissions (and often how to build and install from source).
- Similarly for ActiveX, given the user confirms they want to run it, the system is left totally open to abuse.
Small wonder all the spambots, key loggers, spyware and viruses out there in the real world live in Windows, right? Its not simply because of Windows' popularity, doesn't the Mac have 5-10% market share?Re:ah yes... (Score:5, Informative)
I disagree completely.
Windows makes it easy to practice these bad habits... default Administrator login, programs that don't work correctly when run without Admin access, ActiveX, etc. Contrast this with, say, Ubuntu... an excellent Linux distro even for newbies: by default the root account is disabled, when you want to do something system-alterating (e.g. temporarily gain root access), you have to put in your PASSWORD, not just click "Okay". The whole thing is so well-integrated that these password prompts aren't annoying or confusing. The system in general tries to explain to you what you're doing when it's something unusual.
Furthermore, most Linux distros are based on a central software repository which is supported, or at least approved, by the distro's developers. When you install open-source software from this repository, you can have confidence that you're not going to get spyware... and if you're running the stable distribution you can be pretty sure that you're installing software that has been thoroughly debugged as well--as opposed to some IE toolbar crap rushed out the door after a week's dev time.
I also think that Firefox 2.0 is far superior to IE 6 (haven't used 7 yet) in terms of alerting the user to potentially dangerous actions. When you install extensions, Firefox adds a 5-second time delay before you can click on "OK" to force you to actually read those stupid pop-up boxes. It detects suspicious obfuscated URLs, won't run downloaded executables without additional intervention, and checks HTTPS sites that improperly mix secure and non-secure content.
So I *do* think that PC security would improve substantially if the Windows userbase switched en masse to Linux. Granted, there'd be some of the problems with people doing stupid things and not reading warnings, but I don't think it'd just be same-old-same-old...
Re:ah yes... (Score:5, Insightful)
Re:ah yes... (Score:5, Insightful)
Same is true for biological systems - diversity is a good thing as it is less likely to be infected with a disease. Genetic diversity implies a more robust "operating system" species that's harder to destroy. Remember all the hell around the blaster worm. Imagine that MS, Apple, RedHat, Ubuntu... only had 10% marketshare each... it'd be bad, but not nearly as bad as it was.
If you're talking about a focussed professional attack on a specific system: to be honest, the OS you're running is probably pretty insignificant; the chances are there's a simple admin error somewhere along the line.
Re:ah yes... (Score:5, Insightful)
Diversity (Score:2)
It would be like dealing with people. The training manual for one doesn't work with another. Drugs made for one don't work the same for everyone. Diversity is a killer, I tell you. Clones all around!
Re:ah yes... (Score:4, Interesting)
I don't agree: I run Gentoo; since every app I run is compiled from source for the processor architecture I am running, some classes of exploits cannot target me because even if they knew which version of a given app I am running, they can't know precisely the layout of the binary because of the personalized compilation flags I use.
It doesn't rule out exploits, but it does make it a bit harder on them.
With Windows, most of the code you have running is the exact same binary for every x86 machine.
I guess that that is a situation where LINUX is making use of "security through obscurity" and Windows is incapable of doing the same.
Ironic, isn't it?
Re: (Score:2)
This may be true, but it's also a lot harder to take control of a Linux box or a Mac than it is to take control of a Windows PC. I'm going to use Windows and Ubuntu Linux in my examples, as I've never used a Mac beyond some simple applications in computer labs.
If someone visits the wrong website using IE and insufficient anti-virus software, they can quickly become par
Re: (Score:2, Insightful)
Re: (Score:3, Informative)
Actually, it's more than just "security through obscurity". There are some nasty things that Microsoft products do that tend to get them into trouble (executing '.exe' files, ActiveX, etc) and makes their products more vulnerable.
Also "security through obscurity" is a valid practice, but it is not sufficient for good security. I don't tell strangers my computer's IP address (although, I'm pretty certain it would be useless to them and there are many ways to figure it out). The problem is when people are s
Re: (Score:3, Funny)
Well, I'm quite open to everyone about my computer's IP address: it's 127.0.0.1
Re: (Score:2, Funny)
Re: (Score:2)
obscure, like published source code? (Score:3, Insightful)
The old "security through obscurity" solution rears its head yet again..
Sounds like you bought the popularity lie [slashdot.org].
Re:obscure, like published source code? (Score:4, Insightful)
Re:ah yes... (Score:4, Informative)
I don't think this is obfuscation. For the black hatters, it is more like the economics of mining precious metal. If you had several ore loads to choose from, and limited resources to mine them with, you choose the ore load with the richest deposits of gold. It doesn't mean the gold in either deposit is worth any less per ounce, it is just the economy of scale dictates that all other things being equal, you go where the most gold is. Why spend the time and effort to hack an OS that doesn't have 90% of the market share when there is such an OS?
I am sure that if enough people used Linux or OS X or brand X, and it became worth the effort, those OSs would be attacked for more. And Linux et al apps do have flaws that can be exposed (to say they don't would be very arrogant) and are routinely patched (how many megs per yum update if you wait a couple weeks?). And yes I know, in many cases the patching is faster, but the openings are still there, and more will be found if more black hatters start looking as much as they do with MS right now.
And by the way, obfuscation is a useful and valid tool when used with other security precautions. For example, a good firewall set up doesn't just block incoming connections to ports you want closed against port scanning, it will also drop the messages silently so that the sender doesn't have an indication that they actually reached something at that IP address. (TCP/IP allows the option to firewalls et al to tell the sender that the connection was refused. And some firewalls allow you the option to configure this.) A good firewall protects you by actively blocking packets and obscuring your computer. Much better than blocking and letting the sender know it was blocked. In that case the sender would have an IP address it knows for sure has something on the other end to work on. There are likely dozens of good uses of obfuscation (how about not letting others see your PIN when you use the bank machine? Even though you have the only valid card and are taking it with you, you still shouldn't show your PIN).
Re:ding! (Score:5, Insightful)
Users don't like having to make choices about the innards of their computer; they just want shit to work.
Re: (Score:2, Insightful)
Most users never really even wanted a computer as they were sufficiently happy with snail mail and sticky notes. Wall Street in the early nineties was pretty dull and the politicians of the day really wanted something to spark up life (and profits) so the computer industry went from the realm of scientists, mathemeticians, and hobbyists to a consumer necessity nearly overnight--and not because the p
Re: (Score:3, Informative)
That's why I dumped windows for Linux ages ago...
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
Then why isn't the world using a Mac?
They're slowly catching on but consumer's brains don't move as fast as the market. They still think Macs are stupendously expensive (they aren't) and they think Macs aren't "compatible" (whatever that means) and they think they'll be viewed as an alien outsider (which is happening less and less) and they think there's no software for the Mac (yeah, right!) and they don't think they can learn a Mac (it takes 10 minutes) and they don't think there's an alternative to the
Re: (Score:2)
Apple could just flood the market by supporting OEM hardware and matching Microsoft's OEM
Re: (Score:3, Insightful)
Your average user doesn't know what they need a computer for, they just know they need it. So they'll just look at what the salesmen point them at, try to find something cheaper, and get it. They won't care whether or not it runs Windows or Mac (though if they think they're savvy they might swing towards one or the
Re: (Score:3, Interesting)
The IBM PC-Compatible of the 80's got the job done quickly and cheaply when the Mac was the high-priced spread.
Windows 95 swept in on the perfect storm. It ran on entry-level hardware. It arrived at a time when services like AOL were driving towards mass-market acceptance.
The Mac is typically available only in a half dozen or so standard configurations while the Windows PC can be customized endlessly for every environment from the auto body shop to your kid's baseme
Re: (Score:2, Interesting)
..the main stream is finally (slowly) catching on to the reality of choices?
Consumers are relatively stupid that way, but I think it's true that consumers in general are creating a change in the wind. Ever notice how all the consumers demand "choices" in the market, yet whenever there are multiple competitors, consumers do their best to kill off all except one and accidentally create stagnating monopolies? (see 8-track/Cassette, VHS/Beta, PC/Mac etc). Very few people will embrace more than one technology (obviously) but everyone tries to convince everyone they know to also choos
Re:Alternative browsers = more secure? (Score:5, Insightful)
Is this really true? Anecdotal pronouncements like this never seem to come with any references. Everyone says the sky is firmly in place, but how many have looked up recently? It's falling at an amazing speed!
Think about it (Score:5, Insightful)
The 2'nd part is compare bank robberies to 7-11 robberies. Back in the 60's, banks were robbed. BWhy? because they were easy and had lots of money. But then in the 70',s the banks took actions and made it difficult. They still had the money, but it became very difficult to rob them. So the robbers turned to convinence stores who had say a thousand dollars (acceptable), and were easy. At first 7/11 ignored it, but then their ppl were being killed. So they made it very hard for robberies to get a thing. Now, banks and 711 are == difficult, so the robbers are back after banks. WHy? Because if you are going to risk it, then go for the big score. Interestingly, the banks now limit how much money is available to the tellers as well as every teller has a loaded stash.
So what does that mean for Windows vs. OSS. While Windows is easy to crack, everybody will hit it. If ever it becomes >= to *nix in terms of security, then *nix will be hit, because overall, there is much more money on the *nix systems. And if *nix and Windows become better than mainframes, then they will turn to there because there is REAL money.
Re:Think about it (Score:5, Informative)
Re: (Score:3, Insightful)
Umm... where did you pull that out of? Everything I've ever read says exactly the opposite of this. In fact, there are more security incidents with Apache every year than with IIS strictly because it is so much more popular. We can all agree Apache is more secure but only if you know what you're doing.
Here's a link [theregister.co.uk]
I would say that the logical thought process does indeed hold true. It makes a lot of sense for people to target Apache since that's where the majority is. Setting up Apache servers that do a
Re: (Score:3, Informative)
Heh (Score:5, Interesting)
Never mind the recent story that Firefox was vulnerable to a critical (one where "visit bad web page" == pwn3d), unpatched, published exploit for all of 9 days last year (IE was vulnerable for 9 months). This is called a "vulnerability window" and is an important part of any security assessment attempting to measure how secure bits of software are without having to rely on vendor claims. Obviously, that's too quantifiable for use with such a reasoning process. Then we have to reason about all the exploits that aren't public, as if people can silently exploit computers en masse with private exploits and no one will notice. Sure, if they're not interested in a botnet of random computers, they'll stick to targeting specific people and keep their exploits quiet, but that doesn't really impact the security of the population in general. It's also funny that people have this perception sometimes that they only visit "safe" sites. Even assuming they're not one of the porn viewing public, and that they never install smilies or screen savers (great way to get infected) or other such crap, that ignores that we've seen major advertising networks get compromised and serve up exploits. Not to mention the shady ad networks that do that deliberately...
Ironically, when it comes to open vs. closed source, it's usually argued that open source helps make the vulnerabilities more public, so that puts things even more in Firefox's favor. So to argue that IE is even as secure as Firefox requires you to use ridiculous metrics touted only by PR departments in media releases.
So yes, it's true--Firefox does have bugs. There were even 9 days last year when you could've been 0wn3d by an unpatched exploit (assuming you haven't learned to use the noscript extension). But there's no way to hide the sheer magnitude of the difference: 9 days vs. 9 months. Yeah, they can improve. Maybe they'll even manage to do things a lot better. And maybe you can find a few things to quibble with in that story. But the fact is that Microsoft has a terrible security record. Period. No one else is perfect, sure, but let's call a spade a spade here instead of being distracted by a dirty hoe [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
I'm sick of this argument that basically amounts to security by obscurity, which everyone knows doesn't work. It also insults the Mozilla and Opera developers, who don't have the advantage of dovetailing their browser with the underlying operating system, and the disadvantage of being steered by non-technical forces such as marketing.
Almopst every browser security related story on /. for the last 2.5 years has at lea
Re:Alternative browsers = more secure? (Score:4, Insightful)
No, the reality is most non-MS products are more secure by design.
The fact is that years ago MS adopted an insecure architecture, at the time was roundly criticized for this, and has spent the years since being every malware's convenient bitch.
It's not "'cause that is where the money is", it's "'cause the front door is open".
Furthermore playing the numbers games is a fool's contest: MS doesn't publish their problems. Other folks have partial lists (we can assume MS knows of more) and every so often MS deigns to fix some of their problems and release patches, but that in no way is equivalent of maintaining a public bug tracker. Oh, and don't for a moment delude yourself MS's public documentation covers a tenth of their errata, not even MS pretends that.
So please, next time you post, let it not be burping up this old, well debunked, trope yet again. As sad has /. has gotten recently the standard still remains well above the old smaller-target argument.
Re: (Score:2, Interesting)
Re: (Score:2)
It's also possible that Firefox and Opera really *are* more secure than Internet Explorer.
The "attackers go for the biggest target" effect is real, but it's not the whole story. Take webservers for example - Historically, Apache has been more popular than IIS, and yet IIS has had more major security issues. Another good example is Java applets vs. ActiveX controls.
Sure, there are security bugs in all the popular browsers. Realistically, running Firefox on a Unix-derived system (i.e. anything but Windows)
Re: (Score:2)
I'm getting tired of people parroting this argument. Sure-- if you're in the business of building botnets, you're going to look for the most bang for your buck. Windows + IE has a large install base, and so this fits your needs.
But this argument implies that there aren't architectural differences between things like IE and Firefox, or Windows and Linux, and there most certainly are.
I suspect
The popularity argument is stupid and wrong. (Score:2)
We hear this suggestion all the time, but the reality is that the reason Firefox and Opera are "more secure" is that there are less people using them. Their market share isn't worthwhile to the commercial malware authors.
Why not move to the zero cost option that works better, if that's true?
It's not true, of course. Just three days ago, you might have read this [slashdot.org] about IE being naked for more than 200 days last year where Firefox was only exploitable for nine days. You might also have read about explo [slashdot.org]
Re: (Score:2)
Oh wait...
Re: (Score:2, Informative)
Re: (Score:2)
I realize that, but that's pretty sad right? Looks like we Slashdot submitters/editors/readers are just a bunch of lo-life geeks who go to a news site just to get their daily dose of "haha Microsoft sucks!" finger pointing.
Last time I realized that I stopped reading Slashdot for 7 months. It's about to happen again.
There's such a thing as "too much of Slashdot" even for a hardcore geek I
Re: (Score:3, Insightful)
This claim that security holes are strictly an effect of popularity is blatantly wrong.
It's true that more security holes are exposed in popular software, but some software just has less security holes to be exposed. Building secure unix-like operating systems is a topic that a lot of people have put quite a bit of effort in to - for much longer than Windows has even existed. Both GNU/Linux and Mac OS X can take full advantage of that work, since they're Unix-like systems. Windows cannot.
Re: (Score:2)
Re: (Score:2)
BTW, I loath Microsoft products. I'm active in trying to get my employer away from deploying 4000+ desktops with Win2k, and trying to migrate some small businesses I do consultancy work for away from Microsoft onto Linux / BSD based products. I've had enough of supporting inconsistent rubbish.
Re: (Score:2)
You could use the systems which get more secure with more users who are empowered (open source benefit), or you could use the system which stagnates as far as security goes, regardless of the size of the user base, because the problems can be hidden from customers.
Your choice.
PS, OpenBSD has a small user base, yet appears to be leading s
Couldn't have put it better myself (Score:2)
Re: (Score:3, Insightful)
Is not even supported by the article you have quoted. It is claiming that 57% of server hackings are on Linux boxes, but Linux servers were cruising around 75% of all servers & M$ around 21% (according to netcraft) back in 2004 when this article was excreted so adjusting for % active servers hacked... Linux still wins. Great way to prove your p
Re: (Score:3, Informative)
Thanks for the FUD that your hardware might not work. Take the time to run a live CD to see what doesn't work. My machine had everything work except a HP flatbed scanner I bought at Goodwill. Big deal. I replaced an under $10 scanner with another under $10 scanner. The Cannon scanner works fine.
Everything worked without downloading drivers unlike a Windows install. Even my HP prin