Bonum Certa Men Certa

UNIX/Linux Offer More Security Than Windows: Evidence

"Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system..."

--Dennis Fisher, August 7th, 2008



Peter Kraus and David Gerard drew attention to the following interview with an author of adaware a few days ago. It explains in simple terms why Windows is inherently lacking in terms of security as it accommodates intrusion, despite all the denialist spinning [1, 2, 3]. Here is just a portion of this interview:

Eventually, instead of writing individual executables every time a worm came out, I would just write some Scheme code, put that up on the server, and then immediately all sorts of things would go dark. It amounted to a distributed code war on a 4-10 million-node network.

S: In your professional opinion, how can people avoid adware?

M: Um, run UNIX.

S: [ laughs]

M: We did actually get the ad client working under Wine on Linux.

S: That seems like a bit of a stretch!

M: That was a pretty limited market, I’d say.



Patching



Earlier in the week we found reports of new holes in Windows.

As previously announced, Microsoft has released a security update for Windows to close a total of three holes in the SMB protocol implementation. All three holes are based on buffer overflows. Two of them can apparently be exploited to inject and execute code remotely, without previous authentication. The third buffer overflow reportedly only causes the computer to reboot.


This is a lot more serious than Microsoft wants people to realise.

Microsoft Patch Tuesday bug is scary



THE FIRST Patch Tuesday fix of 2009 put out by Microsoft addresses a dangerous security vulnerability in its Server Message Block (SMB) protocol, or so say some insecurity experts


Botnets



"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."

--Jim Allchin, Microsoft



The pace of infection is very high and one worm alone is claimed to have seized millions of Windows-run computers in just one day.

The computer worm that exploits a months-old Windows bug has infected more than a million PCs in the past 24 hours, a security company said today.


One worm alone is spreading like wildfire.

Report: 2.5 million PCs infected with Conficker worm



According to F-Secure, there are already almost 2.5 million PCs infected with the Conficker worm, also known as Downadup. Since the worm has the ability to download new versions of itself, it is expected that the infection could spread much further. The new code is downloaded from domain names generated with a complex algorithm, making it hard to predict what domains will be used to spread the worms updates.


About 300 million PCs are still primed to become zombies too because of this one flaw.

With nearly a third of all Windows systems still vulnerable, it's no surprise that the "Downadup" worm has been able to score such a success, Kandek said. "These slow [corporate] patch cycles are simply not acceptable," he said. "They lead directly to these high infection rates."


In general, it is estimated that 98% of Windows PCs are ripe for hijacking [1, 2].

Attacks



Is there room for some humour in all this?

Here's a new way to get Microsoft to pay attention to you: Slip a brief message into the malicious Trojan horse program you just wrote.

That's what an unnamed Russian hacker did recently with a variation of Win32/Zlob, a Trojan program victims are being tricked into installing on their computers.

The message is surprisingly cordial, given that Microsoft's security researchers spend their days trying to put people like Zlob's author out of business. "Just want to say 'Hello' from Russia. You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast," the hacker wrote, adding, "Happy New Year, guys, and good luck!"


E-mail



Many people remember Windows for submarines -- a fiasco that reportedly led to the departure of many angry engineers. Well, not more than a month passes by and the Royal Navy, which runs Windows, gets stung by a virus infection that causes harm. Interestingly enough, the report from The Register mentions only lost E-mail as the severe consequence, but surely there is considerably more.

The Ministry of Defence confirmed today that it has suffered virus infections which have shut down "a small number" of MoD systems, most notably including admin networks aboard Royal Navy warships.

The Navy computers infected are the NavyStar (N*) system, based on a server cabinet and cable-networked PCs on each warship and used for purposes such as storekeeping, email and similar support functions. N* ship nets connect to wider networks by shore connection when vessels are in harbour and using satcomms when at sea.


It is no surprise that the United States military gradually moves to Red Hat Linux. Crucial operations were getting stung by Windows, even in the recent past.

Along with a rise of botnets, whose masters exploit vulnerabilities in Windows, comes a lot more SPAM as well. SPAM affects everyone.

The demise late last year of four of the world's biggest spam botnets was good news for anyone with an email inbox, as spam levels were cut in half - almost overnight. But the vacuum has created opportunities for a new breed of bots, some of which could be much tougher to bring down, several security experts are warning.


This short report is based on just a few days. Nothing has improved -- security-wise -- in Microsoft's product line.

"Usually Microsoft doesn't develop products, we buy products. It's not a bad product, but bits and pieces are missing."

--Arno Edelmann, Microsoft's European business security product manager

Comments

Recent Techrights' Posts

Loss of Technical Merit(ocracy)
"buzzword diplomas"
World Wide Web: Only Criminals Would Want Real Security and Vouch for Themselves When They Use Encryption
In "modern" browsers, the podlock icon probably does not mean what users might think it means
[Meme] OSI Digging Its Very Own Grave (With Microsoft)
The very latest blog post from OSI is a hoot
Geminispace is More Trustworthy (and Private) Than the World Wide Web
Unlike the Web, Geminispace does not route the lion's share of traffic through a collective of spying companies
 
LinuxSecurity (Guardian Digital, Inc) Sloppy With Its 'Linux' Slop
This kind of stuff is killing the World Wide Web and ruins human knowledge
[Meme] Chin-dropping and Jaw-dropping (Considerable Drop in Patent Validity and Quality)
This drop is very much intentional
Gemini Links 10/10/2024: Untruth, SSH, Gopher, and More
Links for the day
Geminispace Beyond 4,100 Capsules
4,000 was less than 8 weeks ago
Links 10/10/2024: TikTok's Legal Problems, WeblogPoMo Challenges
Links for the day
[Meme] European Patent Convention and Vienna Convention Became Only Fictions (Laws and Constitutions Are Now Works of Fiction in Europe)
A political crisis and blunder
Almost a Thousand EPO Staff Protesting to EPO Member States That the Office Illegally Grants Software Patents and Other Invalid European Patents
"The outcome confirms that the concerns about the EPO’s ability to grant legally sound patents remain"
Junk Science
science is being compromised for business purposes
[Meme] Dismantling .io (Stick a Fork, the Hype is Done)
NVIDIA is an excellent new example of hype driving up fictional "value"
UNIX is 55 This Year, It is 6 Years Older Than Microsoft
It should be noted that the surviving co-creator of UNIX, Ken Thompson, 'moved' to GNU/Linux (Debian) in recent years
This Year, for the First Time Since August 2019 (Bill Gates MIT Scandal, Jeffrey Epstein Bribes), libreplanet-discuss Was Inactive an Entire Month
The MIT injustice remains and recent "libreplanet" events were held in a venue that's not MIT and far less prestigious than MIT (the "Wentworth" imitation)
[Meme] Different Ending for Jurassic Park
UNIX in old movies
Evolution of Hype
Passing fads and rebranding
Groklaw Will Hopefully Come Back
Sites should be able to run for decades with hardly any human role/interaction, but that's not where we are...
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 09, 2024
IRC logs for Wednesday, October 09, 2024
Gemini Links 09/10/2024: YouTube Woes, Post-Truth Slop
Links for the day
Nothing Will Be Secure and Robust to Failure Until Microsoft Windows is Eradicated and/or Disconnected From the Internet
Every system has limited capacity, Windows botnets push things to their limits
GNU/Linux Took Off at the BSDs' Expense (Amid Telecom Lawsuit) and the Rivalry Persists Because Microsoft is Negligible in the Server Space
UNIX or POSIX is the future
Links 09/10/2024: Samsung's Fall, Tensions Growing Near China
Links for the day
Gemini Links 09/10/2024: Retroware and gmlgcd 2.0
Links for the day
Links 09/10/2024: Microsoft's Surface Duo 2 Officially Dead, X/Twitter Shutdown in Brazil, and "OpenAI Is A Bad Business"
Links for the day
Technology: rights or responsibilities? - Part III
By Dr. Andy Farnell
[Meme] Bill Gates With a Side of "Linux"
Linux Foundation is trolling us with Bill Gates
Once Again Linux Foundation Makes It Clear It's Being 'Absorbed' by Bill Gates
Linux Foundation devotes about 2% of its budget to Linux
Links 08/10/2024: Australian Fines for Twitter (X), Fake Patent Courts Still Not Scuttled
Links for the day
World Wide Slop
If it quacks like a duck...
IBM is a Boys' Club
If IBM collapsed, the Red Hat engineers who work on GNU and Linux would simply work elsewhere (on the same projects)
The Miserable State of GAFAM
Looking for government handouts
Microsoft is Acting Like a Company That's Running Out of Money (But Still Pretends to be Wealthy in Order to Attract or Retain Shareholders)
Azure has had mass layoffs every year since 2020, yet Microsoft keeps telling shareholders that "clown computing" is growing
Dr. Andy Farnell's Article on Societal Disorganised Attachment and the Role of Social Control Media
The article is quite long and typos were still being fixed as recently as last night
Smear Alert: Linus Torvalds Asking for Better Commit Messages Makes Linus a (Grammar) Nazi
Maybe the "mainstream media" is looking for clickbait or maybe it's actively looking to make a scandal - a phony controversy with which to make the job of coordinating Linux unpleasant
Gemini Links 09/10/2024: Climate Doom and Clagrange
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 08, 2024
IRC logs for Tuesday, October 08, 2024
Dr. Andy Farnell's Article on Why Passwords Still Rock
"Seven for a secret never to be told"
[Meme] Driver Issues
Where do you want to drive today?
The Problem Isn't That New Cars Use Electricity But That They Use Too Many Bits of Electronics
"...and proprietary software wrapped in proprietary APIs and protocols all without a modicum of compartmentalisation," an associate adds
We're Turning 18 in 30 Days
30 days from now the site turns 18
GNOME Foundation Says It's Nearly Broke (Again), It's Getting Rid of More People (Only Women Get the Boot), and It Will Improve Communications and Transparency Even Though It Secretly Ousts People From the GNOME Foundation Board (for Secret Reasons)
It only talks about this months later (under strict gag orders, only public shaming of a person)
Gemini Links 08/10/2024: Guilt by Association, Workers vs Owners
Links for the day
Links 08/10/2024: War Updates, Samsung's Layoffs, and Gemini
Links for the day
Another Dose of Fake 'Articles' About Linux
Don't give visibility to the nonsense of Microsoft
Links 08/10/2024: Microsoft Deleting Office Documents Instead of Saving Them, "Threads Still Sucks"
Links for the day
gemini.techrights.org and techrights.org (Same Server, Not the Same Protocol)
We're reminding readers that everything in this site is fully accessible via gemini.techrights.org in Gemini Protocol
X Has Axed Itself. This is Great News and Further Affirmation of Everything We've Said About Social Control Media.
Don't waste any more time on social control media
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, October 07, 2024
IRC logs for Monday, October 07, 2024
Gemini Links 08/10/2024: Contingency Begets Complexity, Playing With Bezier Curves
Links for the day