Microsoft responds to Google's Windows purge

[Guest]

You will need my root password to change permissions!

I am going to build two cars. One is for profit and the other is for my personal enjoyment (and whoever else wishes to enjoy it).

Which one would you prefer?

Which car would a mechanic/repair-shop/salesman recommend?

 

[madboyv1]

Guest said:
Ever hear of pwn2own? Linux isn't included anymore because it is too difficult to compromise. At least according to past winning experts. Guess $40 000 isn't enough incentive.

The total cash prize this year was $100,000 with $40,000 for web browsers ($10,000 for each), and the other $60,000 was for mobile platforms ($15,000 each), NOT PC operating systems. After that there are two things going against Linux as an operating system in this particular example.

First is its lack of reach in the consumer market. Pwn2own is not about industrial or server equipment/implementations which are far more secure without any doubt, it is about consumer type software and products using consumer hardware. Pwn2own is naturally biased against Linux and Opera and [insert your own software here] because of this; they are not trying to offer alternatives (even if they may or may not be more secure) but to give incentive for a select few (also a major flaw of Pwn2own) to break common software.

Second is the high variability of the Linux kernel and the various distributions. While the constant updating of the kernel and the large number of options to start with before individual customization is generally considered as a good thing, it is bad when being used as a test bed for one reason or another. What will affect one configuration may not affect another, and being that Linux users generally are required to be more knowledgeable in how their own operating systems work in order to deal with their own problems, they as a user group are not generally safer, but smarter in the choices they make.

How secure a computer can be is ultimately defined by the user (and software they choose) and the choices they make (among other things, the choice to update/upgrade), this is universal regardless of operating system.

 

[Guest]

@ Guest,

Seriously dude stop while you can, it only takes time, patience and the right tools to crack your root password regardless of how well secure you've might have made the machine, besides if someone really wanted to get into your system, they would do it.

 

[Archean]

If a car does have a computer, Google has probably found a way to run their "Google Analytics" script on it.

Excellent point about Google's predatory practices Captain, which now include wireless network hijacking (a bit harsh word I admit, but frankly seems fitting to me) to get all information about people and what they do with their computers on Internet.

 

[Guest]

"Participants competed to find a way to read the contents of a file located on the user's desktop, in one of three operating systems: Mac OS X Leopard, Windows Vista SP1, and Ubuntu 7.10."
http://en.wikipedia.org/wiki/Pwn2Own

"So at the end of the last day of the contest, only the Sony VAIO laptop running Ubuntu was left standing."
http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up

"Needless to say, after day 2 titles were slight variations on the “Mac OS X Hacked First” theme, while last day the song changed into “Vista Breached, Linux Unbeaten”, casting the event into a security contest among OSes."
http://hackademix.net/2008/04/01/pwn2own-the-winner-is-noscript/

Seriously dude, linux was never beaten and the reason is not that it can't be, but that it is too hard to do so. I believe it was Charlie Miller who said he could hack linux, but why bother to take days to do something that could be done in minutes/hours elsewhere.

Seems to me Opera has the largest mobile market.
http://gs.statcounter.com/#mobile_browser-ww-monthly-200905-201006

Seriously dude, why not provide some links instead of some "opinion."

 

[jink]

It always amazes me how clingy geeks are to the operating system they use. They believe being "popular" has some kind of direct correlation to quality and justness. Al we have to do is look at "pop" music to see what nonsense this is - popular is very often highly superficial.

That Windows is most popular should ring alarm bells in those that prefer a quality experience rather than the usual childish empty ego-defending slurry of remarks that are typically sputtered at others (which unfortunately only reinforces the "popular=superficial" tendency).

Whether we like it or not, Windows has been struggling for years now to keep pace with OSX on most fronts. Trying to take the dos/win3.1/nt4 antiquated underpinnings but create a modern OSX-like experience has been very challenging. Win7 is the most mature attempt yet.

If being popular means being considerably more attractive to disease, I'll pass thanks.

 

[PanicX]

The comments here have left me daunted.
I'm guessing there's a bit of trolling going on, but wow, just wow if there isn't.

Now, I'm not an expert in security, but I'm pretty sure the basics aren't that hard or complicated for anyone here to grasp. The pedantics of which operating system is inherently more secure are too difficult to derive, as no body knows how many undiscovered vulnerabilities remain in each OS or how many will be created in the future.

If a particular OS has patched 400 vulnerabilities last year and another only patches 50 vulnerabilities, would you say the one with 50 patches is more secure? How could you know if that OS only has 50 vulnerabilities as opposed to 50,000?

Saying that my OS is better because you don't run as admin or my UAC prevents vulnerabilities or my market share is too small is naive at best. An exploit is code that uses vulnerabilities to execute code irregardless of your security design. If even 1 unpatched exploit exists for your operating system, you cannot claim your OS is secure.

The real measure of the security of an operating system is by the patch response times to vulnerabilities found and active wild exploits. The longer you're forced to remain unpatched to known vulnerabilities, the more insecure you are.

I haven't seen a vulnerability patch response time report in a few years, but the last one I came across showed ~ 4 day response time average for Linux kernel patches, ~ 45 day response time average from Microsoft, and ~ 4 month response time from Apple. (This is from memory, my apologies to fanboys if I'm off a little)

The only factor outside this that I can think of is the fact that Linux is open source and if so inclined, one could create their own patches much easier than with the other operating systems.

 

[Wagan8r]

captaincranky said:Every night I say my prayers thus, "dear God, please let the hackers write some really destructive malware for Mac. It may be selfish I know, but God, I'm sooooo sick of listening to those a**h***s".

Haha! That freakin' made my day!

 

[captaincranky]

Panic....., I Think You Misspelled "Toll".......

The comments here have left me daunted.
I'm guessing there's a bit of trolling going on, but wow, just wow if there isn't.

Nothing could be further from the truth. The whole concept of "News and Comments", is to generate opinion-editorial type comment from Techspot's membership. The whole atmosphere should be collegial, with plenty of lively forensic discussion.

Thus snickered captaincranky from beneath his bridge....... "

 

[Guest]

Well said PanicX!


So the majority run MS?

"A new survey indicates that most Americans are pretty clueless when it comes to the speed of their Internet subscription. Four out of five have absolutely no idea what it is."
http://arstechnica.com/tech-policy/news/2010/06/we-dont-know-how-fast-our-isp-is-but-we-like-it-anyway.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

I am not sure who that reflects the worse on. Americans or MSers, but it does explain a lot.

 

[Archean]

@jink
Just to refresh your memory here is a link you should have a look at. I remember posting a thread which traced path from where Steve Jobs probably 'lifted' his idea of iPad (about which I 100% agree with Captain that it sounds like a women's product).

Now, having said that, it is a fact that MS too have incorporated many ideas which were first implemented in OSX. So before you start to drumbeat superiority of OSX correct your facts, and remember OSX is used by a relatively small number of people, hence it is not yet the prime target for hacks / malware etc. but that doesn't mean there are no issues with it (just read PanicX's excellent comments above).

I have used many operating systems e.g. DOS/OS2, OSX, Windows, Linux, FreeBSD, Unix, and Windows again (in this order) over the last 20 years. But, frankly windows despite its horrendous shortcomings in the past is the one I will choose over the others, for now. Regards

 

[Guest]

"Mac OS X, and Linux are superior, security-wise."

Oh really?

http://tmrepository.com/trademarks/virusesmeanlinuxismainstream/

http://blogs.apache.org/infra/entry/apache_org_04_09_2010

http://www.zdnet.com.au/mac-os-x-hacked-under-30-minutes-139241748.htm

http://www.zdnet.com/blog/security/ubuntu-servers-hacked-to-attack-others/453

Make no mistake, doesn't matter what OS you use, in can't prevent social engineering attacks, or lack of proper security procedures and patch updates. If you think hiding behind mac is good enough, think again. Common sense and sensibility is more important than just the OS alone.

 

[madboyv1]

Guest said:
"A new survey indicates that most Americans are pretty clueless when it comes to the speed of their Internet subscription. Four out of five have absolutely no idea what it is."
http://arstechnica.com/tech-policy/...tm_source=rss&utm_medium=rss&utm_campaign=rss

I am not sure who that reflects the worse on. Americans or MSers, but it does explain a lot.

Well, as I live in the US, I can attest to the general lack of prowess involving computers with the general population, which has been dummied down to the use facebook, twitter, and other social networking software, and which half the time, if not more, it is on their phones. As long as it happens fast enough (which isn't hard for these kinds of sites regardless of what access mode they are in) they don't care. On top of that ISPs are less than forthcoming in providing service that actually matches their advertised speeds (phone companies aren't as bad, but they'll chalk it up to lack of service availability when it doesn't), and most users don't know how to or that they can benchmark that relative speed, even if there are sites to help them do that like speedtest.net.

Anyways, I'm not sure what the point of linking that was.

To the other Guest from earlier: I've decided that you aren't going to listen to other peoples opinions, regardless if 5 minutes of searching around backs up everything said, so I'm giving up on you. I never said they never used Linux in pwn2own or that Linux did not have its own merits in security, just why they don't usually use it as a testing platform. The world is run by economy of scale and adoption rates generalized through statistical data, not what may or may not be better. =p

 

[Guest]

"Mac OS X, and Linux are superior, security-wise."

well that didn't take too long to correct:

http://www.infoworld.com/t/malware/macs-under-attack-high-risk-spyware-698

(snicker)

 

[ravisunny2]

You will need my root password to change permissions!
QUOTE]

And, the root password isn't stored some where on the harddrive ?

 

[PanicX]

You will need my root password to change permissions!

And, the root password isn't stored some where on the harddrive ?

I don't know of any operating system that would store user passwords in plain text. They all use a form of an authentication algorithm to compare a computed hash of what you type in as a password against the hash stored on the drive. If you somehow obtain a password hash, it's possible to brute force attack it with something like the now defunct L0pht crack, but any password of decent length will take months to years to crack.

This however doesn't change the fact that a root password is NOT needed to change permissions if you utilize an exploit that leverages privilege escalation.