01.16.09

Gemini version available ♊︎

UNIX/Linux Offer More Security Than Windows: Evidence

Posted in GNU/Linux, Mail, Microsoft, Security, UNIX, Vista, Windows at 6:38 am by Dr. Roy Schestowitz

“Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system…”

Dennis Fisher, August 7th, 2008

Peter Kraus and David Gerard drew attention to the following interview with an author of adaware a few days ago. It explains in simple terms why Windows is inherently lacking in terms of security as it accommodates intrusion, despite all the denialist spinning [1, 2, 3]. Here is just a portion of this interview:

Eventually, instead of writing individual executables every time a worm came out, I would just write some Scheme code, put that up on the server, and then immediately all sorts of things would go dark. It amounted to a distributed code war on a 4-10 million-node network.

S: In your professional opinion, how can people avoid adware?

M: Um, run UNIX.

S: [ laughs]

M: We did actually get the ad client working under Wine on Linux.

S: That seems like a bit of a stretch!

M: That was a pretty limited market, I’d say.

Patching

Earlier in the week we found reports of new holes in Windows.

As previously announced, Microsoft has released a security update for Windows to close a total of three holes in the SMB protocol implementation. All three holes are based on buffer overflows. Two of them can apparently be exploited to inject and execute code remotely, without previous authentication. The third buffer overflow reportedly only causes the computer to reboot.

This is a lot more serious than Microsoft wants people to realise.

Microsoft Patch Tuesday bug is scary

THE FIRST Patch Tuesday fix of 2009 put out by Microsoft addresses a dangerous security vulnerability in its Server Message Block (SMB) protocol, or so say some insecurity experts

Botnets

“It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”

Jim Allchin, Microsoft

The pace of infection is very high and one worm alone is claimed to have seized millions of Windows-run computers in just one day.

The computer worm that exploits a months-old Windows bug has infected more than a million PCs in the past 24 hours, a security company said today.

One worm alone is spreading like wildfire.

Report: 2.5 million PCs infected with Conficker worm

According to F-Secure, there are already almost 2.5 million PCs infected with the Conficker worm, also known as Downadup. Since the worm has the ability to download new versions of itself, it is expected that the infection could spread much further. The new code is downloaded from domain names generated with a complex algorithm, making it hard to predict what domains will be used to spread the worms updates.

About 300 million PCs are still primed to become zombies too because of this one flaw.

With nearly a third of all Windows systems still vulnerable, it’s no surprise that the “Downadup” worm has been able to score such a success, Kandek said. “These slow [corporate] patch cycles are simply not acceptable,” he said. “They lead directly to these high infection rates.”

In general, it is estimated that 98% of Windows PCs are ripe for hijacking [1, 2].

Attacks

Is there room for some humour in all this?

Here’s a new way to get Microsoft to pay attention to you: Slip a brief message into the malicious Trojan horse program you just wrote.

That’s what an unnamed Russian hacker did recently with a variation of Win32/Zlob, a Trojan program victims are being tricked into installing on their computers.

The message is surprisingly cordial, given that Microsoft’s security researchers spend their days trying to put people like Zlob’s author out of business. “Just want to say ‘Hello’ from Russia. You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast,” the hacker wrote, adding, “Happy New Year, guys, and good luck!”

E-mail

Many people remember Windows for submarines — a fiasco that reportedly led to the departure of many angry engineers. Well, not more than a month passes by and the Royal Navy, which runs Windows, gets stung by a virus infection that causes harm. Interestingly enough, the report from The Register mentions only lost E-mail as the severe consequence, but surely there is considerably more.

The Ministry of Defence confirmed today that it has suffered virus infections which have shut down “a small number” of MoD systems, most notably including admin networks aboard Royal Navy warships.

The Navy computers infected are the NavyStar (N*) system, based on a server cabinet and cable-networked PCs on each warship and used for purposes such as storekeeping, email and similar support functions. N* ship nets connect to wider networks by shore connection when vessels are in harbour and using satcomms when at sea.

It is no surprise that the United States military gradually moves to Red Hat Linux. Crucial operations were getting stung by Windows, even in the recent past.

Along with a rise of botnets, whose masters exploit vulnerabilities in Windows, comes a lot more SPAM as well. SPAM affects everyone.

The demise late last year of four of the world’s biggest spam botnets was good news for anyone with an email inbox, as spam levels were cut in half – almost overnight. But the vacuum has created opportunities for a new breed of bots, some of which could be much tougher to bring down, several security experts are warning.

This short report is based on just a few days. Nothing has improved — security-wise — in Microsoft’s product line.

“Usually Microsoft doesn’t develop products, we buy products. It’s not a bad product, but bits and pieces are missing.”

Arno Edelmann, Microsoft’s European business security product manager

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

  1. Needs Sunlight said,

    January 16, 2009 at 7:39 am

    Gravatar

    I remember in 2000 when WIndows rootkits started to get popular, they’re largely ignored by the press. I’d guess they’re ignored because they bypass any and all AV software, and thus bypass the advertising money. They also go against the myth about Windows being securable that Gates folk like the public to bleat.

    Two interesting pieces:

    “Trusting Trust”
    http://www.acm.org/classics/sep95/
    alternate link:
    http://cm.bell-labs.com/who/ken/trust.html

    “Exploiting Concurrency Vulnerabilities in System Call Wrappers”
    http://www.usenix.org/events/woot07/tech/full_papers/watson/watson.pdf

    The first link, “trusting trust”, shows that no amount of bluster or bluffing can make Windows secure. Without full access to the source code for all components in the system and its applications back doors can be hidden all over.

    Two follow ups for that, also show that at the end of the day, you must have and be able to use the complete source code for the whole system and each and every component or application:
    http://www.dwheeler.com/trusting-trust/
    http://www.schneier.com/blog/archives/2006/01/countering_trus.html

    The second link, “concurrency vulnerabilities”, looks like it completely destroys the myth that add-ons can help. It *looks* like all currently existing security software for Windows can be bypassed without detection or recourse — until such time as Windows is redesigned and rewritten from the Kernel on up.

    To pick on FOSS for a bit, the first two show why the decision to tolerate BLOBs in Debian and the downgrading of the Qt license to LGPL can lead to unmitigated disasters, either through insecurity, vendor lock-in, DRM, and hardware lock-in.

  2. The Mad Hatter said,

    January 16, 2009 at 10:24 pm

    Gravatar

    As an aside, has anyone read 2003 and Beyond by Andrew Grygus? It’s one of the reasons that I started to seriously pursue an alternative to Windows (and Microsoft), and it’s an excellent evaluation of Microsoft’s plans for the years ahead (and it’s interesting to read it 6 years on, and compare what Andrew thought was happening, with what actually happened).

  3. Jose_X said,

    January 18, 2009 at 4:29 pm

    Gravatar

    [ http://cm.bell-labs.com/who/ken/trust.html Reflections on Trusting Trust ]>> The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode.

    To add some:

    Reading source code tells all — if you trust the build system binaries that will be used to turn that source into binaries. In particular, if you have the source to the build system components, it’s easier to trust those build system binaries; however, the build system binaries have to be built themselves, this means you need an existing (simpler) build system. So do you have the source to that? And how about the source to the (even simpler) build system that built this last build system? At some point, dissembling very simple binaries upon which a multi-stage build process will occur may be what is necessary in order to gain the most trust.. or just be really sure you get your binaries from someone that has gone through that trouble. For example, the gcc system should have gone through a lot of care over the years (including back when gcc was much simpler). If gcc+co are safe, then everything else built upon it (eg, a whole distro since even other language platforms like perl, etc, could be built with gcc+co) should be as trustworthy as the sources to each of the component parts of the distro (ie, you can trust those sources that make up the distro if you trust the gcc build system).

  4. Jose_X said,

    January 18, 2009 at 4:36 pm

    Gravatar

    In the prior post, I ignored the obvious hardware issues that parallel. It’s important to at least make sure companies like AMD exist to keep Intel somewhat honest. ..AMD/Intel to keep Nvidia somewhat honest. Etc.

  5. Roy Schestowitz said,

    January 18, 2009 at 4:40 pm

    Gravatar

    You can use binary/source code signatures for your programs and compilers. Assuming your digital signatures come from a good source like CERT, then you at least have some confidence.

    Over in China, I suspect the GNU/Linux distribution they force-feed has some China-only surveillance facilities strapped onto it.

DecorWhat Else is New


  1. IRC Proceedings: Friday, June 09, 2023

    IRC logs for Friday, June 09, 2023



  2. Links 10/06/2023: libei 1.0.0 and Qt Creator 11 Beta

    Links for the day



  3. Jim Zemlin Boasting in 2022: Linux Foundation Has Revenue of Over 200 Million Dollars; IRS in 2022: Linux Foundation Has Revenue of 139 Million Dollars

    As noted here months ago, the Linux Foundation is run by a lying, manipulative charlatan who merely milks the brand “Linux” to enrich himself; where is that anomaly coming from?



  4. 'Linux' Foundation: Spendings on Salaries Increased More Than 20% in One Year

    As per the document just published after it had been submitted 7 months ago, salary-related expenditures rose from 49,386,990 to 59,791,694 in one year



  5. Links 09/06/2023: JDBC FDW 0.3.1 and Godot 4.1 Beta

    Links for the day



  6. Gemini Links 09/06/2023: Thoughts on Flatpak and Apple Cultists

    Links for the day



  7. Trying to 'Finish the Job' of Bully de Blanc and Deb Nicholson by Rewriting History (and Even Terms) for Microsoft

    Heather J. Meeker is trying to rewrite history and now we can see who her financial masters and hosts are (lots of Microsoft); The media portrayed her as some kind of historian for Free software a few months ago (as funding had been secured), but she already outsources everything to proprietary software controlled by Microsoft. This will be corporate revisionism; moreover, there’s employment history with Microsoft. As an associate put it: “The employment history with Microsoft is a dead give away that she will only spew lies and disinformation” (using books and such; the revisionism is well funded); the latest blog from the OSI is also sponsored by Microsoft (both the blog post and the person who wrote it)



  8. Links 09/06/2023: Tor Browser 12.0.7 and Many Linux Devices

    Links for the day



  9. Linux Foundation Demotes Mr. Linux, Linus Torvalds, to Third (in Salaries), Only Uses Him for the Name

    The Linux [sic] Foundation‘s tax filings (divulged by the Nonprofit Explorer) show that it now pays “CHRIS ANISZCZYK” and “JAMES ZEMLIN” more than it pays “LINUS TORVALDS”, sans bonuses. Torvalds fell to third place already. Mr. Zemlin pays himself over $1.2 million a year. He doesn’t even use Linux. He lacks credentials and accomplishments (except for selling out to companies like Microsoft), but he keeps pandering to power and money (Bill Gates). It should be noted that the Torvalds bonus was added only after backlash had erupted.



  10. HMRC is Just Taking Taxpayers' Money and Not Enforcing the Law (or Selectively Enforcing It for the Political Masters)

    What we've been demonstrating or highlighting so far this year is a defunct system of accountability, wherein the government officials and their associates are essentially above the law; can they endure the negative press that entails?



  11. GNU/Linux Decade in India: From 1.5% to 13.5%

    The world's largest population is quick to move away from Windows; not many adopt Apple (Indians don't care for overpriced junk), so GNU/Linux is growing fast



  12. IRC Proceedings: Thursday, June 08, 2023

    IRC logs for Thursday, June 08, 2023



  13. Links 09/06/2023: Microsoft's 'Online' ("Clown"/OneDrive) Storage Goes Down Again, Files Cannot be Reached

    Links for the day



  14. What Will Happen After All Major News Sites Die Isn't Pretty

    With webspam, chaff, sponsored puff pieces and worse things being presented as "the news" we're running out of actual purpose for the World Wide Web



  15. HMRC 3 Weeks Later: No Action, Same as 'Action Fraud' (Your Tax Money 'at Work')

    When people need police enforcement against a crime it turns out that police is “MIA” (missing in action); it might matter that Sirius worked with the British government, so there’s a reduced incentive to affirm crimes were committed and then arrest the perpetrators



  16. Links 08/06/2023: Istio 1.18 and FreeIPMI 1.6.11

    Links for the day



  17. Gemini Links 08/06/2023: Sourcehut, Gemini Identity, and BBS Comments on Cosmos

    Links for the day



  18. IRC Proceedings: Wednesday, June 07, 2023

    IRC logs for Wednesday, June 07, 2023



  19. The Need to Evolve on the Internet

    Tux Machines is one year away from its twentieth birthday and its increased focus on protocols aside from HTTP/S is paying off; Tux Machines also weaned itself off all social control media, including Mastodon and Diaspora (they're not the future, they're the past)



  20. EPO Management is Still Bullying the Staff (While Breaking the Law and Violating the European Patent Convention)

    Overloaded or overworked EPO workers are complaining about further deterioration at the workplace and their representatives say "this management style may well contribute to feelings of disengagement, depression, or even burn-out"



  21. His Majesty’s Revenue and Customs (HMRC) Not Responding After 20 Days (Well-Founded Report of Tax Fraud) and British Police Pretending Not to Exist

    The crimes of Sirius ‘Open Source’ have helped unearth a profound problem in the British law enforcement authorities; What good is a monopolistic taxman (called after the British Monarchy even in 2023) that cannot assess its own tax abuses? Or abuses connected to it via a contractor? Meanwhile, as per what I was told, the police is not responding to my MP and that’s ANOTHER scandal (police not only refusing to act against crimes, committed against many people, but moreover not responding to elected politicians)



  22. Links 08/06/2023: Cinnamon 5.8 and Leap 15.5 Release Mature

    Links for the day



  23. Gemini Links 08/06/2023: Emacs and Thoughts on Bubble

    Links for the day



  24. Links 07/06/2023: Reddit Layoffs and OpenGL 3.1 in Asahi Linux

    Links for the day



  25. Gemini Links 07/06/2023: Jukka Charting Geminispace

    Links for the day



  26. IRC Proceedings: Tuesday, June 06, 2023

    IRC logs for Tuesday, June 06, 2023



  27. NOW LIVE: Working for the Public — Universities, Software and Freedom - a Talk by Richard Stallman at Università di Pisa (Italy)

    As noted a few hours ago, Richard Stallman is delivering a talk at Università di Pisa this morning



  28. Richard Stallman's Talk is in Two Hours and There's a BigBlueButton Livestream

    Dr. Stallman is in Italy to give talks at universities this week; he will soon give a live talk, accessible in his site or directly at the source



  29. Links 06/06/2023: Angie 1.2.0, New EasyOS and EndeavourOS Released

    Links for the day



  30. Gemini Links 06/06/2023: OpenKuBSD, GrapheneOS, and More

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts