Searching \ for '[OT] Workgroup infestation' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=workgroup+infestation
Search entire site for: 'Workgroup infestation'.

Exact match. Not showing close matches.
PICList Thread
'[OT] Workgroup infestation'
2004\12\15@112426 by Mike Hord

picon face
Longish story, but I think many of you will find it of interest.

About 10 days ago, most of the PCs in my workgroup
(workgroup in the sense of all those people under my boss)
were afflicted by a strange disease.  Explorer.exe vanished,
no explorer.exe process is running and network access is
spotty at best, if not disabled completely.

These computers are mostly on Win2k, but one was an XP
and it was affected too.  All of these computers are up-to-date
on the OS and IE patches.  Two of them, belonging to the two
highest-level people in the group, had keystroke loggers on
them, but the rest only have the explorer.exe strangeness.

Only computers that were turned on and connected to the
network on a particular night were affected by this.  Those
which were turned off, or not connected, were unaffected.
Even after they were all turned on and connected the next
day, the problem DID NOT spread from one to another.  None
of the PCs which were not affected have become so.

So, here's the question.  This comes after a long battle with
the new IT manager, who has a history of extreme friction
with my boss.  We are an essentially independent research
group working within the boundries of a larger institution, so
most of the IT stuff we handle ourselves.  The root of the
conflict was that the new IT manager insisted on pushing
OS and IE updates automagically to our computers, which
for us is unacceptable because an update occuring during
a real-time data collection experiment could be disastrous.

Since this has happened, said IT manager has told anyone
who will listen "XXX learned an important lesson about
allowing updates."  I haven't found ANYTHING on the Net
which matches these symptoms, ANYWHERE, and we
are beginning to suspect foul play within the organization.

Any of you IT gurus out there have any input on this?
Would any of you like to know more?  At the moment, we
are (on the IT department's advice) reformatting and
installing XP with SP2, for the firewall, to prevent this
happening again.  Conveniently, that is also destroying
any evidence of what actually happened.

Mike H.
____________________________________________

2004\12\15@122144 by Aza D. Oberman

flavicon
face
<Mike Hord describes a problem in part>

> About 10 days ago, most of the PCs in my workgroup
> (workgroup in the sense of all those people under my boss)
> were afflicted by a strange disease.  Explorer.exe vanished,
> no explorer.exe process is running and network access is
> spotty at best, if not disabled completely.

<snip>
> Two of them, belonging to the two
> highest-level people in the group, had keystroke loggers on
> them, but the rest only have the explorer.exe strangeness.

<sound of bell ringing>
Ask if any of the high level people were looking around for travel
arrangements.

We had the same thing happen here and cleaned things up with LavaSoft's
AdAware SE (http://www.lavasoft.de).

We too had the keystroke loggers and IE's default was to some pornography
directory.

One user had just been surfing for Thanksgiving travel arrangements, all the
others were doing pretty much what they normally do.  All computers turned
off at the time work fine.  However, none had XP SP2.

The SP SP2 firewall got in the way of my .NET development environment and
some TCP/IP communications I was working on so I ditched it and, other than
saying I've not gotten anything nasty, I can't say much more.

Aza D. Oberman

____________________________________________

2004\12\15@124240 by a.j.j.rice

picon face
Quoting Mike Hord <spam_OUTmike.hordTakeThisOuTspamgmail.com>:
<snip>
> the new IT manager insisted on pushing
> OS and IE updates automagically to our computers

Firstly this is bad IT practise, what he should be doing is to load the updates
to a test box and then configure a machine inside the network to forward the
updates to everyone once they have been tested to ensure there are no unforseen
problems. This is particularly true of service packs but should really be done
for all updates.

Secondly, and more importantly, why on earth don't your machines have virus
scanners on them? Updating your virus scanner is far more important than
updating IE, and putting firewalls on all the machines inside the network is
sheer stupidity - what should happen is that the gateway computer that connects
to the internet has a firewall to preven tunwanted intrusion to the network. All
other machines inside the network are thusly protected by the firewall on the
gateway machine, by the same token it's a good idea to use a firewall with an
antivirus plugin that ensures users cannot download infected files.

My advice would to be to go to http://www.grisoft.com and get AVG which is a freeware
virus-scanner that is more effective than any comercial product I have
experienced. This should tell you what virus you got hit with, you could then
try and find what file on the machine it was attatched to and then interrogate
the web logs on the gateway machine to establish whether it was downlaoded or
whether it came in by another means. The fact that different people got
different varients might suggest an internal job and there are plenty of trojan
horse/remote control apps such as SubSeven which produces roughly the symptoms
you describe. They are typically used to take control of other peoples machines
but are detected by all antivirus programs.

I cannot stress enough that a good antivirus kept up to date every 24 hrs if
possible is the most important element in keeping your computer secure.
Firewalls are much misunderstood things and are not often important for all but
the biggest corporate users since typical home users are not targeted by
crackers, with the exception of unusual network propagated virii such as Code Red.

Regards

Alex Rice
____________________________________________

2004\12\15@142031 by Mike Hord

picon face
> Firstly this is bad IT practise, what he should be doing is to load the updates
> to a test box and then configure a machine inside the network to forward the
> updates to everyone once they have been tested to ensure there are no unforseen
> problems. This is particularly true of service packs but should really be done
> for all updates.

In our case, that's doubly so, since we have very specialized computers
running time-sensitive data acquisition.

> Secondly, and more importantly, why on earth don't your machines have virus
> scanners on them? Updating your virus scanner is far more important than
> updating IE, and putting firewalls on all the machines inside the network is
> sheer stupidity - what should happen is that the gateway computer that connects
> to the internet has a firewall to preven tunwanted intrusion to the network. All
> other machines inside the network are thusly protected by the firewall on the
> gateway machine, by the same token it's a good idea to use a firewall with an
> antivirus plugin that ensures users cannot download infected files.

We certainly do have, and keep updated, virus scanners.  That's part of the
mystery here- why, despite all of the things going wrong, did we not find
a virus as the cause?  At least four of the PCs DID find a virus that day, but
none of those viruses seem to have caused the problems we're seeing.  The
descriptions of the effects of those viruses in no way match or are even
related to the symptoms of our problem.

{Quote hidden}

I will check that out; perhaps it will spot the problem that McAfee has either
missed or ignored.

> I cannot stress enough that a good antivirus kept up to date every 24 hrs if
> possible is the most important element in keeping your computer secure.
> Firewalls are much misunderstood things and are not often important for all but
> the biggest corporate users since typical home users are not targeted by
> crackers, with the exception of unusual network propagated virii such as Code Red.

Preaching to the choir.  We are quite serious about our virus software, and it
updates (IIRC) twice a day.  Or tries to, at least.

> Regards
> Alex Rice

Thanks, Alex.

Mike H.
____________________________________________

2004\12\15@154854 by Nate Duehr

face
flavicon
face
a.j.j.rice@durham.ac.uk wrote:

>I cannot stress enough that a good antivirus kept up to date every 24 hrs if
>possible is the most important element in keeping your computer secure.
>  
>
Small correction: Good anti-virus software keeps your *Windows*
computers secure.

Those of us running alternative OS's on PC hardware tend not to have
such silly problems as sitting down to use the machine one day and
finding everything gone and bunches of people pointing fingers
everywhere but the root-cause... that the operating system software
chosen and in use on the hardware is insecure by default.

Please don't mind if we laugh our butts off at people scrambling to
install DAILY or sometimes even HOURLY patches to try to secure an
insecure OS.  LOL!  Oh even better -- PAYING for the priveledge of
running the OS and having the virus updates!  That's enough to make your
sides hurt if you get it... it's a never-ending infinite loop that gets
more expensive every day.

Insanity at its finest, and quite entertaining if it's not your job to
try to chase the holy grail of patches for people.  That IT guy has my
sympathy.

I bet there's other network design no-no's going on there for
convenience-sake... like, if the machines are used for some special data
collection and if that data collection is in-house... why do they have
full access to the Internet?  Is the risk worth the rebuild time?  
Probably not, but no one doing network design thinks this way anymore...
it's out of vogue.  It's more in-vogue to complain that the machines
should have been patched and waste time repairing them.

It's like a car dealer suggesting the owner drop their car in a lake,
watching it sink, knowing that it would, and then pulling it back out to
retrofit it with pontoons and scolding the owner for not having done
so... meanwhile everyone involved knew the car would sink.

Nate
____________________________________________

2004\12\15@161139 by Bob J

picon face
Without SP2 installed on a machine, which patches many vulnerablities
in IE6, consider the machine very vulnerable.  In many cases
anti-virus software will not catch keyloggers.  In fact I had one case
where I knew I had a keylogger installed, and the only spyware program
that caught it was spybot.  Ad-Aware and some of the others I tried
did not catch it.  Symantec Antivirus didn't catch it either.

After being a loyal IE user who has developed many web applications to
work specifically with IE, I finally had enough so I switched to using
firefox for any internet browsing.  Haven't had any spyware problems
since.

Nowadays any friends of mine who ask me for computer recommendations,
I tell them to buy a Mac if all they are looking to do is surf and
check email etc.

Regards,
Bob
____________________________________________

2004\12\15@171811 by Mike Hord

picon face
> Without SP2 installed on a machine, which patches many vulnerablities
> in IE6, consider the machine very vulnerable.  In many cases
> anti-virus software will not catch keyloggers.  In fact I had one case
> where I knew I had a keylogger installed, and the only spyware program
> that caught it was spybot.  Ad-Aware and some of the others I tried
> did not catch it.  Symantec Antivirus didn't catch it either.

I loves me my Spybot.  It's great.  I'm also developing an affinity for
HijackThis, but it's lack of automation makes it harder to use and
it is infinitely more capable of really screwing up your computer.

> After being a loyal IE user who has developed many web applications to
> work specifically with IE, I finally had enough so I switched to using
> firefox for any internet browsing.  Haven't had any spyware problems
> since.

FireFox is the item.  I love it.  Of course, I'm sure a lot of people will start
to exploit it before to long also, but it's nice for now.

> Nowadays any friends of mine who ask me for computer recommendations,
> I tell them to buy a Mac if all they are looking to do is surf and
> check email etc.

Agreed.  But most people can't make leap the conceptual hurdles required
for a switch of OS, the same way they "must" have MS Office for $200
when OpenOffice will do just as well for free.

Mike H.
____________________________________________

2004\12\15@172934 by Mike Hord

picon face
> Insanity at its finest, and quite entertaining if it's not your job to
> try to chase the holy grail of patches for people.  That IT guy has my
> sympathy.

<remaining *nix zeal snipped>

There are very specific reasons for everything in the way this network
is organized.  Some of them are operational (i.e., sharing data among
computers, this OS is required to run the hardware or software, etc.),
some of them are "political" ("That's the way we've ALWAYS done it.").

Linux (or BeOS or MacOS or OS2 or HighHorseOS or whatever you're
favorite "alternative" to Windows is) is a Good Thing, and will benefit
the market in the long run, but right now, its existence does nothing to
help me.  Changing to Linux is NOT the solution to every problem in
the PC world.

Just remember that to you, my problem looks a lot like a nail and
Linux is a big ol' hammer waiting to solve it.  To me, my problem is
decidely more complex, and in fact, if the problem is a sysadmin
with a god complex, no software or hardware solution will ever solve
it.

Mike H.
____________________________________________

2004\12\15@224942 by Nate Duehr

face
flavicon
face
Mike Hord wrote:
>>Insanity at its finest, and quite entertaining if it's not your job to
>>try to chase the holy grail of patches for people.  That IT guy has my
>>sympathy.
>
>
> <remaining *nix zeal snipped>
>
> There are very specific reasons for everything in the way this network
> is organized.  Some of them are operational (i.e., sharing data among
> computers, this OS is required to run the hardware or software, etc.),
> some of them are "political" ("That's the way we've ALWAYS done it.").

Re-Engineer it.

If your systems have an unknown vulnerability and that vulnerability
cost X today - it WILL happen again.

> Linux (or BeOS or MacOS or OS2 or HighHorseOS or whatever you're
> favorite "alternative" to Windows is) is a Good Thing, and will benefit
> the market in the long run, but right now, its existence does nothing to
> help me.  Changing to Linux is NOT the solution to every problem in
> the PC world.

I am zealous about Linux, but underneath all that I've used twenty or
thirty OS's over the years.  Windows is *rarely* the appropriate answer
in a properly engineered scientific or research environment.

Many organizations are simply dysfunctional this way.  Computers are
machines and being locked into an OS because of emotions and not solid
planning and engineering is like saying your wheat harvester has to be
red in order to work the farm properly.  We all know this, but managers
rarely ask.

> Just remember that to you, my problem looks a lot like a nail and
> Linux is a big ol' hammer waiting to solve it.  To me, my problem is
> decidely more complex, and in fact, if the problem is a sysadmin
> with a god complex, no software or hardware solution will ever solve
> it.

Does he have a God Complex or are the end-users unhappy with a poorly
engineered end-product and he's just the messenger who's JOB it is to
tell you it's not being done right and he can't quite come right out and
say in front of your bosses and his that it was done completely wrong
from the start?

Everyone assumes it's the sysadmin's fault when the system wasn't
engineered correctly in the first place, and rarely will anyone have the
courage to stand up and fix it -- it's easier to shoot the messenger.

I work on systems where (thank God) the vast majority of the people
working on them know for a fact that Real-Time OS's are required.  OS/9,
VxWorks, etc.  I shudder to think about ever going back to working on
more generic systems where people demand flexibility (Windows) without
understanding the resulting consequences of their mostly-emotional
decisions.

Nate
____________________________________________

2004\12\16@045134 by Michael Rigby-Jones

picon face


{Quote hidden}

Linux has had numerous security patches has it not?

Mike

=======================================================================
This e-mail is intended for the person it is addressed to only. The
information contained in it may be confidential and/or protected by
law. If you are not the intended recipient of this message, you must
not make any use of this information, or copy or show it to any
person. Please contact us immediately to tell us that you have
received this e-mail, and return the original to us. Any use,
forwarding, printing or copying of this message is strictly prohibited.
No part of this message can be considered a request for goods or
services.
=======================================================================

____________________________________________

2004\12\16@054713 by Russell McMahon

face
flavicon
face
>>>I cannot stress enough that a good antivirus kept up to date every 24
>>>hrs if possible is the most important element in keeping your
>>>computer secure.

...

>>Please don't mind if we laugh our butts off at people scrambling to
>>install DAILY or sometimes even HOURLY patches to try to secure an
>>insecure OS.

Hubris is often enough its own reward.

I am no apologist for W Gates fine products, and they certainly could be
better than they are. But a significant reason for Window's problems is its
role as "target of choice". When you have most of the market you become most
of the target. Linux may well be better in this respect BUT it has its
security problems, and rolling around laughing at Window's users problems is
liable to blind Linux users to the risks that they run if they also do not
take proper care.

Think of Windows security as a distributed source system. As long as you use
all of the sources you have few or no problems. I, at the risk of being
bitten by hubris within the day, have had essentially no problems with any
of the security issues that trouble many. Hardware firewall, up to date
auto-updated antivirus and various malware removers/trappers seems to work
OK - so far.



       Russell McMahon


____________________________________________

2004\12\16@060136 by Shawn Tan Ser Ngiap

flavicon
face
On Thursday 16 December 2004 09:51 am, Michael Rigby-Jones wrote:
> >Small correction: Good anti-virus software keeps your *Windows*
> >computers secure.
> >
> >Those of us running alternative OS's on PC hardware tend not to have
> >chosen and in use on the hardware is insecure by default.
>
> Linux has had numerous security patches has it not?

If you put a dumb user behind a secure *nix box, it's still going to fall prey
to malicious attacks... If you put a smart user behind an insecure Windows
box, it's still going to be safe...

When it comes to security, it's not the OS or the machine that counts, it's
the user/users..

cheers..
with metta,
shawn tan.
____________________________________________

2004\12\16@072146 by Howard Winter

face
flavicon
picon face
Mike,

On Wed, 15 Dec 2004 16:29:34 -0600, Mike Hord wrote:

> Just remember that to you, my problem looks a lot like a nail and
> Linux is a big ol' hammer waiting to solve it.  To me, my problem is
> decidely more complex, and in fact, if the problem is a sysadmin
> with a god complex, no software or hardware solution will ever solve
> it.

Indeed!  And his "everyone must auto-patch or we wash our hands of everything" is common in IT managers - they
don't know how to solve (or prevent) the problems and fall back on this as a way to shift the blame back to
the users when things go wrong.  I've seen it very many times and it's usually a smokescreen to cover
incompetance, and/or a desire for an easy life.  It's entirely possible that no virus or other software was
involved in this, but a human intervention (either on site or off) did the damage.  This would explain why
it's not spreading now (a virus, by definition, will try to spread itself).  It could be some form of spyware,
but that's usually spread by email and/or web sites - I don't suppose your machines were surfing the web
overnight when nobody was looking!

It's feasible that your IT-god was responsible, but you'll never know.  As for reinstall destroying the
evidence, there may be none!  Deleting a file doesn't usually leave an audit trail (in Windows) but it may be
worth trying one of the "undelete" programs to see if the file(s) are still there somewhere.

Good luck!


Howard Winter
St.Albans, England


____________________________________________

2004\12\16@073724 by Howard Winter

face
flavicon
picon face
Nate,

On Wed, 15 Dec 2004 20:49:38 -0700, Nate Duehr wrote:

> Everyone assumes it's the sysadmin's fault when the system wasn't
> engineered correctly in the first place, and rarely will anyone have the
> courage to stand up and fix it -- it's easier to shoot the messenger.

I'd be the last person to defend Windows (I sell OS/2!) but the problem is very often political and out of the
hands of the technical people.  With the takeover of the desktop by M$, has come the corporate IT department
that has been chatted-up by MS's salesmen, and persuaded that the One True Way is theirs, and anyone who says
otherwise is a crank.  And they may even mention that keeping tight control of what happens on all the PCs in
the firm is Good Thing for the IT manager...  What follows is corporate edicts that mean that the "engineered
correctly" decision is already mandated, and the people on the ground cannot go against it.

I don't know if you've ever worked in a firm where the IT department has the only say in what is allowed to be
installed?  I've seen it where the users are not allowed to decide anything about their machines, and aren't
allowed to install their own software (sometimes there is a "we'll test it and tell you if it's OK" option,
but more often than not there's a blanket ban on installing anything that isn't on the "approved list").  And
I'm not talking about secretaries or telesales staff as users here, but software developers!  I saw one
situation where an entire development team had two PCs on each desk - one that was on the project network that
had no links to anything else, and the other linked to the company network for email and so on.  Because they
were developing software (for clients) it obviously wasn't "approved" software, so it wasn't allowed on any
machine that was connected to the corporate network.

You mention "the sysadmin" - I'm talking about an IT support team of tens or dozens of people, most of whom
the users can't contact directly, but have to submit a problem report by email.  It's their boss who has the
god-complex!

Cheers,


Howard Winter
St.Albans, England


____________________________________________

2004\12\16@111017 by Herbert Graf

flavicon
face
On Thu, 2004-12-16 at 11:05 +0000, Shawn Tan Ser Ngiap wrote:
> If you put a dumb user behind a secure *nix box, it's still going to fall prey
> to malicious attacks...

Sorry, no. Most *nix distros get "dumb" users to run as "normal" users,
that means the worst damage they can do to a system is their own home
directory.

Windows OTOH encourages all users to run as admin all the time, that
means ANYTHING they do can bring the system down.

Beyond this, look at the kind of bugs that have been found in Windows in
recent times. Most exploits can be done with the user NOT being admin.
That's scary. While many of the recent *nix exploits have been quite
serious, few have been as dangerous.

> If you put a smart user behind an insecure Windows
> box, it's still going to be safe...

Most certainly NOT. Many of the most dangerous windows exploits don't
need the user to do ANYTHING. Personally I feel NO windows machine
should be connected to the net without a firewall in the way (and no,
software firewalls DON'T COUNT, they are USELESS when exploits involving
the kernel are involved).

> When it comes to security, it's not the OS or the machine that counts, it's
> the user/users..

Sorry no, it's definitely a combination of the two. A smart user can
still be caught by an exploit. TTYL


-----------------------------
Herbert's PIC Stuff:
http://repatch.dyndns.org:8383/pic_stuff/

____________________________________________

2004\12\16@121518 by Peter L. Peres

picon face

On Thu, 16 Dec 2004, Michael Rigby-Jones wrote:

> Linux has had numerous security patches has it not?

95% of the security patches for Linux and *Bsd are about local users
being able to gain superuser privileges in arcane ways when running
local programs (i.e. not through the network). On win* such an 'exploit'
is not considered an exploit, because there is no real insulation (well,
some with xp, if set up right and not run as admin) between user and
system space. Most Linux boxes run single-user, and servers usually do
not use the affected programs (the affected programs were usually never
audited for security).

Peter
____________________________________________

2004\12\16@121528 by Peter L. Peres

picon face

On Wed, 15 Dec 2004, Mike Hord wrote:

> Just remember that to you, my problem looks a lot like a nail and
> Linux is a big ol' hammer waiting to solve it.  To me, my problem is
> decidely more complex, and in fact, if the problem is a sysadmin
> with a god complex, no software or hardware solution will ever solve
> it.

Imho, if you think a good sysadmin is what is going to solve your
networking and IT problems on that platform, then you need to put up
recruiting posters for $DEITY.

The most important (and only) software repair option available is
'reinstall', for that platform. If you are ok with that, then fine. If
not, look at the license information for a place you can complain to (I
think that you will not find any).

And this is not advocacy for anything, it's a conclusion wrt. real life
facts.

Peter
____________________________________________

2004\12\16@121557 by Peter L. Peres

picon face


On Thu, 16 Dec 2004, Howard Winter wrote:

> Indeed!  And his "everyone must auto-patch or we wash our hands of
> everything" is common in IT managers - they don't know how to solve
> (or prevent) the problems and fall back on this as a way to shift the
> blame back to the users when things go wrong.  I've seen it very many
> times and it's usually a smokescreen to cover incompetance, and/or a
> desire for an easy life.  It's entirely possible that no virus or

How can someone become competent in a system that is secret and closed
without becoming a thief and a cracker ? Relevant courseware consists
mainly of screenshots showing where to click buttons and pages after
pages of mickeymouse name glossaries for things already 40 years old and
well known under other names.

Peter

____________________________________________

2004\12\16@164408 by Shawn Tan Ser Ngiap

flavicon
face
part 1 3612 bytes content-type:multipart/signed; (decoded 7bit)

--nextPart1391752.EeJKGCBkcu
Content-Type: text/plain;
 charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Thursday 16 December 2004 16:10, Herbert Graf wrote:
> Sorry, no. Most *nix distros get "dumb" users to run as "normal" users,
> directory.

You're assuming that the 'dumb' user knows how to run as a user when he/she=
=20
sets up Linux... Granted, most (not all) distros encourage this during the=
=20
installation process, but I personally know some users who run only as root=
=20
because they tire of having to switch to root or enter passwords or some=20
other thing while installing stuff or setting up new stuff... I try to tell=
=20
them the dangers of doing that, but they don't care.. So, there's only so=20
much a distro can enforce/do... it's still up to the user...

> Windows OTOH encourages all users to run as admin all the time, that
> means ANYTHING they do can bring the system down.

Well, I've never really used XP so I can't really comment on this but I've=
=20
heard that you can have access rights under XP... Not sure how good it is=20
though... Maybe someone else can comment on it..

> Beyond this, look at the kind of bugs that have been found in Windows in
> serious, few have been as dangerous.

Well... I agree that Windows is seriously flawed, but I'm not saying that=20
Linux flaws are any less serious... The only difference might be that Linux=
=20
flaws are usually patched before they cause any serious harm... and Windows=
=20
flaws are usually patched after they have cause many dollars in damages...=
=20
proactive vs reactive...

> > If you put a smart user behind an insecure Windows
> > box, it's still going to be safe...
> Most certainly NOT. Many of the most dangerous windows exploits don't
> the kernel are involved).

If the firewalls are up before a machine is infected, that'll help keep the=
=20
worms away from the machine.. also a good AV software will help as well..=20
That's what I advise anyone who uses windows to do.. before jacking in=20
anywhere, install firewalls and *learn* how to use them... and also AV=20
software..

As for what you think about software firewalls... it all depends on what yo=
u=20
mean by software firewalls.. There are very few real hardware firewalls out=
=20
there... simply because it's difficult to implement a TCP/IP stack in=20
hardware... much less implement the necessary hardware logic to control it.=
=2E.=20
anyone who has tried will know...

> > When it comes to security, it's not the OS or the machine that counts,
> > it's the user/users..
> Sorry no, it's definitely a combination of the two. A smart user can
> still be caught by an exploit. TTYL

Actually, you're agreeing with me... (: The weakest link in any security is=
=20
ultimately human.. it always has been and it always will be... Every hacker=
=20
in the world knows this... No amount of hardware or software is going to=20
help... Yes, even a smart user can be caught by an exploit... and no amount=
=20
of hardware/software is going to help then either...

ps.. In case you're wondering.. i've not been using windows for many years=
=20
now... (:

=2D-=20
with metta,
Shawn Tan


--nextPart1391752.EeJKGCBkcu
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBBwgK2UgUYbQRKphMRAt0nAJoDk0tcpZEq/JlQSEsNxyydv36B1wCfd+F0
11cjiYdx65QSr3uwEuKGFw4=
=wmEg
-----END PGP SIGNATURE-----

--nextPart1391752.EeJKGCBkcu--


part 2 79 bytes content-type:text/plain; charset="us-ascii"
(decoded 7bit)

____________________________________________

2004\12\16@165314 by Nate Duehr

face
flavicon
face
Michael Rigby-Jones wrote:

>>Please don't mind if we laugh our butts off at people scrambling to
>>install DAILY or sometimes even HOURLY patches to try to secure an
>>insecure OS.  
>>    
>>
>
>Linux has had numerous security patches has it not?
>  
>
Yes, but that's not the whole story.  The game in computer network
security is risk-assessment and aversion.

It's well publicized and studied that it's absolutely impossible to
fully-secure any system indefinitely.  People that have BIG secrets to
protect have known this for years.  Time and mistakes will be made.

The trick is lasting longer than than next guy.  And *nix makes that
rediculously easy!

As long as you all continue to pay for and run Windows... no one's
interested in my stuff!  It's nice that there's so many easy to break
into machines out there -- it makes the rest of us much smaller targets
and gives the kiddies something to do.

The TYPE of exploits Windows is dealing with are also about ten years
behind the learning curve...

An OS that can't protect itself from a measly web browser and a user who
clicks on things they shouldn't?  Good lord... that's not worth paying
for, and should certainly be the last thing recommended for a production
system of any type.  A script embedded in an e-mail can wipe out the
machine?  Puh-leeese...

Nate
____________________________________________

2004\12\16@181132 by James Newtons Massmind

face picon face
Yes, yes, Linux is better. Ok? We give. Now please let us get back to work
solving real problems with the existing development systems rather than
waiting for someone to port what we need to Linux.

E.g.
- ICD debug support for *nix?
- Emulator support for *nix?
- SX Key debug support (for Ubicom SX; a faster PIC clone, in case you
didn't know)
- A complete and working C compiler for PICs (SDCC has been "on the way" for
years now)
- A simulator that supports the 16C57 (gpsim has the 54 and 55 but not the
57) or the SX18/28 or full support for the 18C/F chips.

See? For now, we have to use Windows. I'd LOVE to use Linux, but I can't.

So get over it and stop burning cycles convincing us Win'ers that we should
be L'ers when that isn't even a possibility.

Not to mention that the current PICList web site is running on an NT box
after two attempts to host it on Linux (both of which were hacked into). The
current ip is 66.13.172.18, please try to hack into my server so I can find
and patch any security holes. It hasn't been done yet...

---
James.



> {Original Message removed}

2004\12\16@185647 by John J. McDonough

flavicon
face
----- Original Message -----
From: "Nate Duehr" <EraseMEnatespam_OUTspamTakeThisOuTnatetech.com>
Subject: Re: [OT] Workgroup infestation


> An OS that can't protect itself from a measly web browser and a user who
> clicks on things they shouldn't?  Good lord... that's not worth paying
> for, and should certainly be the last thing recommended for a production
> system of any type.  A script embedded in an e-mail can wipe out the
> machine?  Puh-leeese...

Just last week the news was not one, but two, browser borne Linux exploits.
I guess that's why you don't pay for it, eh?

--McD


____________________________________________

2004\12\16@235600 by William Chops Westfield

face picon face
On Dec 16, 2004, at 8:10 AM, Herbert Graf wrote:
>
> Sorry, no. Most *nix distros get "dumb" users to run as "normal" users,
> that means the worst damage they can do to a system is their own home
> directory.
>
Oh.  You have personnel to manage the "non-home" directories?  Cool.
With that much help, I could probably make a windows system secure, too.

Besides, nowadays the obnoxious things that a cracker might do with
a compromised system don't necessarily involved a need for root access.
:-(

I know several people with professional unix administration experience
and
quite a lot of brains that discovered the hard way that their
net-visible
unix system was a lot more difficult to keep secure than they expected.

(of course, it helps that a unix system sort of starts out secure and
becomes
less so as you make it do useful things, while a windows box (prior to
SP2,
anyway) starts out horribly insecure and requires expertise to MAKE
secure
to a point where you even dare to connect it to the internet...

BillW
____________________________________________

2004\12\17@000033 by Alex Harford

face picon face
On Thu, 16 Dec 2004 18:56:35 -0500, John J. McDonough wrote:
> ----- Original Message -----
> From: "Nate Duehr" <natespamspam_OUTnatetech.com>
> Subject: Re: [OT] Workgroup infestation
>
>
> Just last week the news was not one, but two, browser borne Linux exploits.
> I guess that's why you don't pay for it, eh?

John,

And this week is IE:
http://secunia.com/advisories/13482/

No software is perfect, otherwise we wouldn't have debuggers. :)


James,

it's a chicken and egg problem... no apps because there is no demand,
because there are no apps.  :)  I'm not trying to be rude, but your
Linux security problems are probably operator error combined with the
early distributions' habit of enabling a lot of services by default.
I haven't used Windows with administrative priviliedges for about 6
years now so if I put a Windows box up on the net, I'd probably get
owned too.

I have found SDCC very useable for 8051, and there are a lot of
resources out there for PICs on Linux, like http://www.gnupic.org/

I don't know why, but AVR's are very well supported in Linux, since
there is a port of GCC with all the associated tools.

Alex
____________________________________________

2004\12\17@000241 by Herbert Graf

flavicon
face
On Thu, 2004-12-16 at 20:55 -0800, William Chops Westfield wrote:
> On Dec 16, 2004, at 8:10 AM, Herbert Graf wrote:
> >
> > Sorry, no. Most *nix distros get "dumb" users to run as "normal" users,
> > that means the worst damage they can do to a system is their own home
> > directory.
> >
> Oh.  You have personnel to manage the "non-home" directories?  Cool.
> With that much help, I could probably make a windows system secure, too.

Nope. The only time a "non home" directory needs changing is if you're
either adjusting the OS for something, or for SOME software
installations. In both cases a temporary su to root is necessary. It is
very unlikely that something will happen for just the short while you're
root.

> Besides, nowadays the obnoxious things that a cracker might do with
> a compromised system don't necessarily involved a need for root access.
> :-(

We're not talking obnoxious.

> I know several people with professional unix administration experience
> and
> quite a lot of brains that discovered the hard way that their
> net-visible
> unix system was a lot more difficult to keep secure than they expected.

Without a doubt. I personally don't recommend ANY PC is directly
connected to the net, even a consumer router provides an effective
defence.

> (of course, it helps that a unix system sort of starts out secure and
> becomes
> less so as you make it do useful things, while a windows box (prior to
> SP2,
> anyway) starts out horribly insecure and requires expertise to MAKE
> secure
> to a point where you even dare to connect it to the internet...

Which is my point exactly, and why many consider windows flawed by
design. TTYL

-----------------------------
Herbert's PIC Stuff:
http://repatch.dyndns.org:8383/pic_stuff/

____________________________________________

2004\12\17@112337 by Morgan Olsson

flavicon
face
Mike Hord 20:20 2004-12-15:
>trojan horse/remote control apps

I would suggest to use a software firewall of that kind that also stops any software on your machine that is trying to communicate unless you have given permission.

This hinders any virus that got into any of yours computers to spread, and also hinders trojans.  *ANY* program communicating have to be granted access before it is let through.

I use ZoneAlarm, but there are other.  Be sure to shut dowm the half-baked firewall that comes with XP SP2 first...  ZA and other products are much more configurable to allow certain traffic and certain apps at your desire.

Then there are Ad-Aware and other software than seek certain (lots) trojan programs and such stuff.  But they would normally be found by a application aware software firewall as described anyway.

(ZoneAlarm once helped my restore customers computers computer one at a time amongst infected computers, by blocking virus from spreading, *while* other infected and uninfected computers was continously used ;)  )

About virus scanners, i have tested some: Norton AV should be avoinded (clumsy resource hungry, tedious update.  Best so far is Kaspersky: Efficient, compact and frequint updates, configurable, and have won tests from reliable consumer institute Råd&Rön for example.

Best is of course to avoid security hooles.  Half of them on Windows is on MSIE.  And as it is rooted deep down in the OS it can plant malware like no other browser possibly can even if they were tailored too...
The natural choice is Firefox.
Likewise change Outlook to Thunderbird for mail.
(Or Opera for eithe ror both, can handle both browsing and mail securely.  Opera is a bit different and do no timport mail from Outlook as good as Thunderbird, but it iis really competent.
And use OpenOffice for office work.
You do not need to uninstall anything to try theese.

All thoose programs are available on Linux, Solaris and MAC too (some on BeOS, OS/2 and other) , so it is convenint then to interoperate with - or change to - any modern OS when you get more fed up with Windows.  Free they are too!
(except Opera that is commercial, gratis if you accept almost unnotable ads)

http://www.mozilla.org/products/firefox/
http://www.mozilla.org/products/thunderbird/
http://www.opera.com/
http://www.openoffice.org/

(I am myself in the OS move, using all above since a while... but still mainly an old Eudora for mail (secure too)...)

You could also download/buy a Open Source Software for MSWindows CD:
http://theopencd.org http://gnuwin.epfl.ch/index.html
http://pmw.myip.org/oss/

/Morgan
--
Morgan Olsson, Kivik, Sweden


___________________________________________

2004\12\17@135943 by Nate Duehr

face
flavicon
face
James Newtons Massmind wrote:

>Yes, yes, Linux is better. Ok? We give. Now please let us get back to work
>solving real problems with the existing development systems rather than
>waiting for someone to port what we need to Linux.
>  
>
We were talking about the original poster's corporate system that was a
data-gathering system, and how it probably didn't have proper
engineering up-front -- thus it got completely wiped out by a very silly
security problem.  Yeah, it was OT, definitely.

However this could be more interesting talking about PIC devlelopment
and more on-topic!  (Yay!)

{Quote hidden}

How much would you "love" to use it?  Would you pay for the initial
development?  Would you buy copies of all of the above at $50 a pop?  
How many people would?  The problem here's an economic one -- companies
decided to write their tools on the monopoly OS, which makes sense
economically.  Wouldn't you?  I would.

In order to "move on" someone has to fork up some money to support
development on the alternate OS's.  This doesn't happen much in the
real-world so when people try to say that Microsoft doesn't have a
monopoly I laugh at how naieve they are.  You just proved it -- you'd
move if you could -- but you can't afford to.

On one of those items above... I do think gcc will cross-compile for
PIC's now, won't it?  I know it works for AVR's.

>So get over it and stop burning cycles convincing us Win'ers that we should
>be L'ers when that isn't even a possibility.
>  
>
I'm just advocating (in my previous messages) proper Engineering for any
computer or networked computer system.  I'm not telling anyone what to
use.  I'm telling people to not be lazy in their choices and not
complain when they make bad ones.  For a small cluster of machines doing
a very specific task inside a company, loading a full copy of Windows is
not good engineering design.  It leaves too many open holes.  Then it
put the original poster and his management at odds with the
"God-complex" IT guy, who's just trying to deal with the fallout... of
the original bad engineering plan.  And people don't see that.  They
want a subservient, stupid, happy, "here I'll reload your machines for
you every time you screw up your design and leave network security out
of it" IT person to come running, happy to assist, every time they don't
do their original engineering design correctly.

In other words, computers are just machines -- the whole industry needs
to get over some really large emotional and political hurdles and get
back to properly engineering the use of those machines.  Like a hammer
(to use one example someone used) or a farm tractor, or whatever...
using the machine improperly leads to problems.  I contend very
NON-emotionally that using Windows in 80% of the applications out there
is simply bad engineering.  It's not that the person MEANT to do a bad
job, but they did.  And EVERYONE pays for it when the machines are part
of a worldwide network.  (None of my Unix machines are sending people
spam, as probably the worst-case example, but hundreds of thousands of
zombied Windows machines sitting in other countries are!)

>Not to mention that the current PICList web site is running on an NT box
>after two attempts to host it on Linux (both of which were hacked into). The
>current ip is 66.13.172.18, please try to hack into my server so I can find
>and patch any security holes. It hasn't been done yet...
>  
>
Moving away from PICs....

You bring this up a lot, but it only serves to prove you didn't know
what you were doing on Linux.  If you'd have asked for help, people
would have.  I know that's not a nice thing to say, and I don't mean to
evoke emotions from you on it, but your argument is illogical -- "Linux
is bad because I don't know how to use it" doesn't fly.

AND... I'd be in the same boat if I installed an IIS server today --
it'd be hacked.  So if I had to do it, I wouldn't do it without help
from someone who's done IIS for years.

To paraphrase Dennis Leary -- running machines on the Internet is hard.  
Get a helmet.

Google, Amazon, and sites that take millions of hits a minute don't run
on Windows boxes.  Even Microsoft themselves struggled for two years to
move HotMail from FreeBSD to Windows, and they've never published
exactly how they pulled it off, that I've seen.  People generally
believe that the internal mail spools are still *nix-based, but hidden.  
It sure as hell isn't running on Exchange!!!

Usually with IIS today it's not so much a problem of being hacked into,
it's a server load issue.  From the one location I have a DS3 available
from I could probably overload IIS on that box and kill it, and probably
pretty easily.  But I don't do those sorts of things, as they're not
worth the effort outside of a controlled lab environment.

Apache on the same NT installation would probably fare better, and
Apache on any *nix would simply shrug it off if there's not too much
database activity from hitting the front page.

Perhaps I'm reading too much into the warnings, but you have all sorts
of warnings about "Don't Rip!" all over the site -- if it were tuned
properly and running on a box that wouldn't die under the load of people
"ripping" (isn't that what a webserver is SUPPOSED to do... serve up
whatever data requested of it as fast as it can under varying loads and
numbers of users?) -- you wouldn't need those at all.

(Unless there's an outside economic force, like a bandwidth cap.  You
don't say in the warnings.)

Since I moved away from running Windows webservers in 1995 or so, I
haven't kept up on the latest tools and techniques used by IIS and
such.  I am curious though -- how often do you need to reboot the
server?  We had some IIS/ASP stuff that memory-leaked badly and had to
be rebooted weekly at a pretty busy site around 1999 (run by a different
group of admins than my group... I handled the *nix side of things by
myself with two part-time developers for Perl stuff, a group of ten
developers and three admins handled the Windows stuff... we had similar
loads and similar "work" to do - no one ever looked at the bottom line
and realized that).  It also regularly lost database connections and had
to be manually bounced (the network was fine) until MS Transaction
Server came out and was stable enough to use in production environments.

Anyway this is morphing away from PIC stuff again (sorry -- I'm
passionate about what I do for a living... I wish more people were in
the server-admin "industry"!) but I am curious about the "Don't Rip"
thing... ultimately I know you can say that if you simply want to and
not have a techincal reason and I may be reading into that message too
much.  Is it because the server would keel over dead?  'Cause we can
definitely fix that!!!!  I know from our discussions that you are
passionate about PICList!!!  (Yay!)

There's a number of super-easy fixes for that "rip" problem.  (Mirror
sites, for example... one machine ALLOWED to "rip" and then rsync
mirrors to other places with high speed donated bandwidth... just as one
example.)

By the way, that reminds me... Everyone DONATE to PICList!!!  Keep James
in bandwidth and toys!!!  (GRIN)

Nate
____________________________________________

2004\12\17@144603 by Nate Duehr

face
flavicon
face
John J. McDonough wrote:

>----- Original Message -----
>From: "Nate Duehr" <@spam@nateKILLspamspamnatetech.com>
>Subject: Re: [OT] Workgroup infestation
>
>
>  
>
>>An OS that can't protect itself from a measly web browser and a user who
>>clicks on things they shouldn't?  Good lord... that's not worth paying
>>for, and should certainly be the last thing recommended for a production
>>system of any type.  A script embedded in an e-mail can wipe out the
>>machine?  Puh-leeese...
>>    
>>
>
>Just last week the news was not one, but two, browser borne Linux exploits.
>I guess that's why you don't pay for it, eh?
>
Would you like to be more specific about the exploits?  I'm willing to
discuss it very logically and civily if you're truly interested in the
discussion and not a "drive-by" that's mostly emotional and not grounded
in engineering fact.  Few people are.

You didn't read my message very carefully -- I said the OS should
protect itself and its data from such events, which are bound to
happen.  I'm pretty sure from my reading of those exploits that I would
both have been generally protected from any ill side effects by the OS,
and grateful that I have at least six browsers available to me other
than the exploited one on my Linux desktop machine.  The OS was smart,
and I had the option to be smart.  Both excellent options.

If you can give a single concrete example of one of those Linux browser
exploits above completely compromising the machine to the point where it
has undetected spyware running on it or has turned the machine into a
standard "zombie" capable of doing damage to other machines on the
network, or in massive loss of the user's data, I'd be interested in
reading them.  I can find thousands of examples of this on Windows systems.

Exploits (essentially mistakes in software development, root-cause)
happen.  That's a given.  The question is how does the underlying OS
handle such events and protect the end-user?

Most people do what you just did when attempting to compare complex
technology - gloss over the facts and only focus on one measurement.  Do
both systems have exploits?  Yes.  Thus, both systems are equally
good/bad.  Bad logic.

I much prefer discussions similar to the in-depth ones on this list in
the past that truly and uniquely compare things like PIC vs. AVR.  Those
are enlightening and smart discussions.  Sure, some people get
emotional, but at least four or five people on the list really have
looked at the differences.  In the OS world, that's very rare.  RARELY
does one find such discussion at that level of detail about OS's, and I
contend that if engineering and technical folks avoid those discussions,
end-users certainly will.

As one person pointed out, many corporate "leaders" pre-empt and ban
such discussion within their organizations by demanding employees use
one techology over the other.

Whether the system was paid for or not is irrelevant to the security
discussion.

I really only advocate (in lots of words) these things to all PC-style
computer users:
1. Get it out of your head that there's only one choice in operating
systems.
2. Engineer your tasks to match the strengths and weaknesses of the OS
you choose.
3. Be professional enough to be willing to do this, even when it's
unpopular and/or taboo in your company to do so.

Emotional responses to engineering/technical problems are bunk.  We all
know this from our experience with electronics... there's usually more
than one way to accomplish certain tasks with hardware, and there most
definitely are reasons one is better than another.  But the "best" ways
are generally well-known, and hardware engineers state clearly why they
don't use a particular approach if they choose one that's got caveats.  
Personal computing has never gone there.  It should.

Network and OS engineers RARELY document all the caveats (a pro/con list
even) when they choose an OS for a particular project for their
management, and many managers don't ask for such a thing because they
believe that "an OS is an OS".

This is one of the the attitudes that ultimately needs to stop to put
the ingenuity and thoughtfulness back into computer engineering at the
desktop level.

Nate
____________________________________________

2004\12\17@145547 by Bob J

picon face
> Since I moved away from running Windows webservers in 1995 or so, I
> haven't kept up on the latest tools and techniques used by IIS and
> such.  I am curious though -- how often do you need to reboot the
> server?  We had some IIS/ASP stuff that memory-leaked badly and had to

My current .net web apps I've written are supporting several hundred
call-center users, roughly 20 hits/sec.  The pages aren't simple
asp.net pages, they are complex pages which call into a complex c#.net
transactional middle tier and from there into sql server and  other
data sources.  Its been months since we've had to give anything the
three-fingered salute in the production environment.

Generally speaking my applications have been rock solid on IIS.  I
think stability has more to do with the developers and how the system
as a whole is administered and maintained, no matter what the platform
is.  Its too easy for someone who doesn't know what they're doing to
screw up any server platform.  Its easy to blame the OS...

Regards,
Bob
____________________________________________

2004\12\17@145722 by Nate Duehr

face
flavicon
face
William Chops Westfield wrote:

> On Dec 16, 2004, at 8:10 AM, Herbert Graf wrote:
>
>>
>> Sorry, no. Most *nix distros get "dumb" users to run as "normal" users,
>> that means the worst damage they can do to a system is their own home
>> directory.
>>
> Oh.  You have personnel to manage the "non-home" directories?  Cool.
> With that much help, I could probably make a windows system secure, too.

Actually the most successful commercial Linux distros automate this
part.  Other commercial *nix's are horribly lacking here, perhaps AIX
being an exception.

> Besides, nowadays the obnoxious things that a cracker might do with
> a compromised system don't necessarily involved a need for root
> access. :-(

There's two threads here: What can someone do once they're "in" and what
can they do to other machines on the Net.

On the first, I contend that they can do less to a compromised *nix
system if they compromised it as a non-root user.
On the second, I contend that they can do whatever they want from either
system.

Thus giving *nix a slight edge.

> I know several people with professional unix administration experience
> and
> quite a lot of brains that discovered the hard way that their net-visible
> unix system was a lot more difficult to keep secure than they expected.

See automation comment above.  Many admins are too lazy to implement it,
however... and they get the fruits of their laziness.  XP finally
built-in tools for such patch automation from the vendor about two years
ago, which made me super-happy to see them do it.

> (of course, it helps that a unix system sort of starts out secure and
> becomes
> less so as you make it do useful things, while a windows box (prior to
> SP2,
> anyway) starts out horribly insecure and requires expertise to MAKE
> secure
> to a point where you even dare to connect it to the internet...

Very enlightened comment, Bill.

Now answer me this one... because I think it's an excellent example of
what I am asking people regularly.

If someone is pressed for time and needs to engineer a proper solution
for any common computing problem.  From a purely-engineering and
risk-assessment standpoint...

Which type of system should they start with?  The secured one that they
have to make conscious decisions to make less secure, or the unsecured
one they have to lock down?  Which is more likely to have mistakes?

I think James' experiences with Linux may have been with a Linux distro
that "broke ranks" and switched their security model around to match the
"everything's running, you turn it all off" model when he tried to
migrate PICList to Linux.

Nate
____________________________________________

2004\12\17@150952 by Shawn Tan Ser Ngiap

flavicon
face
On Thursday 16 December 2004 23:11, James Newtons Massmind wrote:
> E.g.
> - ICD debug support for *nix?
> - Emulator support for *nix?
> - SX Key debug support (for Ubicom SX; a faster PIC clone, in case you
> didn't know)
> - A complete and working C compiler for PICs (SDCC has been "on the way"
> for years now)
> - A simulator that supports the 16C57 (gpsim has the 54 and 55 but not the
> 57) or the SX18/28 or full support for the 18C/F chips.
> See? For now, we have to use Windows. I'd LOVE to use Linux, but I can't.

What're you're talking about here isn't OS related.. it's Open Source Software
vs Proprietary... and I'm quite sure that you can run those software with
WINE if you wanted to...

Errr... in the OSS world.. you are free to add those support into the
products.. So, if you were to add in the C57 support, and release it,
everyone would have it now wouldn't they.. In the proprietary world, you
can't add stuff even if you want to... that's the standard argument...

GCC support is only available for dsPICS as far as I know (using the Microchip
source... anyone managed to compile this yet??)... There are other OSS
projects that provide HLL compilers, just not in C... gpal, pascal, basic,
jal... why isn't there a C one since it's obviously not impossible to write a
C compiler for the PIC?? I don't really know..

> So get over it and stop burning cycles convincing us Win'ers that we should
> be L'ers when that isn't even a possibility.

To each his/her own... L'ers aren't really interested in converting W'ers.. To
be honest, I don't think that we really care if someone else isn't using
Linux, at least I don't...

> Not to mention that the current PICList web site is running on an NT box
> after two attempts to host it on Linux (both of which were hacked into).
> The current ip is 66.13.172.18, please try to hack into my server so I can
> find and patch any security holes. It hasn't been done yet...

Funny.. doesn't seem to say it's running NT.. it seems to report that the
machine running at that IP is linux... Can anyone else explain this?? I'd be
interested to know what's happening... maybe there's a linux firewall at the
isp/host?? supposedly running Slackware... or maybe i'm misinterpreting the
results..

--
with metta,
Shawn Tan

____________________________________________

2004\12\17@160458 by Peter L. Peres

picon face

> Well... I agree that Windows is seriously flawed, but I'm not saying that
> Linux flaws are any less serious... The only difference might be that Linux
> flaws are usually patched before they cause any serious harm... and Windows
> flaws are usually patched after they have cause many dollars in damages...
> proactive vs reactive...

I don't think either OS is flawed. Each is good in its own way. Windows
was designed as a gui OS, user-friendly, with a limited tunability. As
such, it does not have the systems 'under the hood', which are required
to face an ever-changing hostile networking and programming (system
programming and hardware development f.ex.) environment. All attempts to
patch the holes have failed so far because they are patches. Linux and
*nix systems have a solid networking, security (as in permissions) and
timesharing system on which a GUI just so happens to be available.
Sometimes it is slower than the Windows GUI on the same hardware for
this reason. But the solid things 'under the hood' make it survive
better and be more configurable in the hostile internet environment. And
it makes it a much better server platform choice imho. Apple probably
knew this well when they opted to build OS X on top of *bsd unix. The
internet was essentially born and is being carried on *nix machines.
Windows will always be an outsider struggling to cope on it imho.

Peter
____________________________________________

2004\12\17@161115 by Peter L. Peres

picon face


On Thu, 16 Dec 2004, James Newtons Massmind wrote:

> Not to mention that the current PICList web site is running on an NT box
> after two attempts to host it on Linux (both of which were hacked into). The
> current ip is 66.13.172.18, please try to hack into my server so I can find
> and patch any security holes. It hasn't been done yet...

I am not a hacker, I use Linux as a platform, having switched to
it in WfWG3.11/W95 days, that's all. And you should not ask things like
that. Your wish might be granted.

Peter
____________________________________________

2004\12\17@161546 by Peter L. Peres

picon face

> Just last week the news was not one, but two, browser borne Linux exploits.
> I guess that's why you don't pay for it, eh?

Having been subscribed to the SecurityFocus mailing list for more than a
year afair, I'd like to see ONE issue of that newsletter NOT mentioning
an exploit in Explorer or Exchange.

Peter
____________________________________________

2004\12\17@163243 by Nate Duehr

face
flavicon
face
Bob J wrote:

>>Since I moved away from running Windows webservers in 1995 or so, I
>>haven't kept up on the latest tools and techniques used by IIS and
>>such.  I am curious though -- how often do you need to reboot the
>>server?  We had some IIS/ASP stuff that memory-leaked badly and had to
>>    
>>
>
>My current .net web apps I've written are supporting several hundred
>call-center users, roughly 20 hits/sec.  The pages aren't simple
>asp.net pages, they are complex pages which call into a complex c#.net
>transactional middle tier and from there into sql server and  other
>data sources.  Its been months since we've had to give anything the
>three-fingered salute in the production environment.
>  
>
I've also heard good things about .net - that's a good sign.  Things are
getting better.

>Generally speaking my applications have been rock solid on IIS.  I
>think stability has more to do with the developers and how the system
>as a whole is administered and maintained, no matter what the platform
>is.  Its too easy for someone who doesn't know what they're doing to
>screw up any server platform.  Its easy to blame the OS...
>  
>
Agreed, but it's also hard to differentiate the OS from the applications
on Windows machines.  ;-)

Nate
____________________________________________

2004\12\17@174013 by James Newtons Massmind

face picon face
Nate says:

>
> You bring this up a lot, but it only serves to prove you
> didn't know what you were doing on Linux.  If you'd have
> asked for help, people would have.  I know that's not a nice
> thing to say, and I don't mean to evoke emotions from you on
> it, but your argument is illogical -- "Linux is bad because I
> don't know how to use it" doesn't fly.

Bzzzzzzt! WRONG. Thanks for playing. I'm not upset about your statement, but
I beg to disagree.

I'll admit I didn't know what I was doing, but I had the books and I did
read them.

AND:

I DID ask for help. At one point I had 5 members of a local Linux club at my
house trying to get RedHat up and running (let alone secure) on a box that
IIS under NT had been running just fine on. Months later we discovered that
Linux wasn't clearing an ARP cache... Or some such thing.... Anyway.

The SECOND *nix box, Solaris/Sun was admined (remotely) by a PROFESSIONAL
*nix jockey (who herded a large group of *nix boxes for a major stock
broker) and he screwed up and it got hacked AS WELL. And it was even behind
a firewall.


> AND... I'd be in the same boat if I installed an IIS server
> today -- it'd be hacked.  So if I had to do it, I wouldn't do
> it without help from someone who's done IIS for years.

Nope, not if you just followed the easy, one, two, three steps for harding
an IIS server as specified by Microsoft. Installing URLScan and running IIS
Lockdown, etc...  I've done a few other trick things of my own, that I had
time to think of and implement because I wasn't buried under trying to learn
how to compile an entire OS.


{Quote hidden}

The difference is those large companies can afford to hire a few *nix gurus
to take care of the large number of machines they run. If they had to pay
M$, it would cost them more. With M$ you pay for the software, with *nix you
pay for the people.

{Quote hidden}

The RIPPING warnings are about BANDWIDTH not Server load. I get charged for
excessive bandwidth usage. Site rippers don't understand how big the site
is. (two full CDs at this point)

> (Unless there's an outside economic force, like a bandwidth
> cap.  You don't say in the warnings.)

In the page the warning link to, that is explained.

{Quote hidden}

I reboot the server automatically every night. So what? It takes less than a
minute. I've run it for long periods of time in the past, but I like being
safe.

{Quote hidden}

No, the only thing that does seem to slow the box down is the search engine.
When you consider how large a corpus it is searching, it shouldn't surprise
anyone that it burns some cycles. What does bother me and yes, it seems to
be a bug in IIS, is that if you get too many concurrent searches, the
machine gets locked up in some sort of infinite loop and never recovers.

> There's a number of super-easy fixes for that "rip" problem.  
> (Mirror sites, for example... one machine ALLOWED to "rip"
> and then rsync mirrors to other places with high speed
> donated bandwidth... just as one
> example.)

I'd love to do that, and I did have an offer from a guy at one point, but I
didn't get rsync setup... I should try again.

> By the way, that reminds me... Everyone DONATE to PICList!!!  
> Keep James in bandwidth and toys!!!  (GRIN)

Thanks! If you don't have $$$ donate time by becoming a page editor,
adopting a page and editing it. See the links on the page bottom (below the
first HR) AFTER you log in.


>
> Nate
> ______________________________________________

2004\12\17@192210 by Nate Duehr

face
flavicon
face
James Newtons Massmind wrote:

>Nate says:
>
>  
>
>>You bring this up a lot, but it only serves to prove you
>>didn't know what you were doing on Linux.  If you'd have
>>asked for help, people would have.  I know that's not a nice
>>thing to say, and I don't mean to evoke emotions from you on
>>it, but your argument is illogical -- "Linux is bad because I
>>don't know how to use it" doesn't fly.
>>    
>>
>
>Bzzzzzzt! WRONG. Thanks for playing. I'm not upset about your statement, but
>I beg to disagree.
>  
>
Cool!  ;-)  (Cool both that you're not mad and that you disagree!  I
learn things from people that disagree with me.  I learn nothing from
people that don't.)

{Quote hidden}

RedHat is crap but that comment is a whole different thread for a whole
different crowd.

Depending on where you jumped into RedHat on their timeline, there was a
time when they were really really bad software (but popular).  RedHat
has always been one of the Linux's that traded useability for security
and stability, IMHO.  I avoid using RedHat on servers.  I know that'll
make someone grumpy but there are better options.

This is kinda weird... An ARP cache wouldn't have anything to do with
hardware... well, I understand... something confusing happened.

This kinda stuff makes me wish I were closer -- I'd drive over, we'd
have coffee and as my friend from Austrailia says "We'd have a play with
it."  Oh well...

>The SECOND *nix box, Solaris/Sun was admined (remotely) by a PROFESSIONAL
>*nix jockey (who herded a large group of *nix boxes for a major stock
>broker) and he screwed up and it got hacked AS WELL. And it was even behind
>a firewall.
>  
>
I've met lots of admins I wouldn't trust with servers running on the
public side of the network that can admin hundreds of boxes on a
relatively secure internal network.  ;-)  No offense meant to your
friend, though.  Running public servers is a speciality on both *nix and
Windows.  By the way, I have a friend at a "major financial
organization" too, and the structure there is ridgid and very hard to
teach people to change their ways.  An example... they pay three people
to do manual port-scans of their public systems, even though that
activity screams for automation.  Anyone that admins systems that touch
money is going to be very good at NOT patching or doing anything
"non-standard".  ;-)  Similar to my industry (telecommunications)...
almost everyone's using Solaris 8 for core services, and there's almost
no talk of upgrading to 9 or even 10... because "it works.. leave it
alone".  That mentality doesn't work in the public server arena,
unfortunately.

{Quote hidden}

Those "one two three" steps didn't exist when we used IIS.  I watched
one poor friend spend two nights straight coming up with a 35 page
document on how to do it back then.  ;-)  This would have been early
Win2K days.  His document was awesome, but he had a two day deadline.  
Poor guy.

{Quote hidden}

Heh, I'm not so sure that is very true anymore. Prices for techies of
all kinds are pretty depressed across the board.  I also think you pay
dearly for experts (true experts) on either side of that equation, but
rarely do management have any good measuring sticks to find out who's an
expert and who's faking it.

{Quote hidden}

Ahh ok!

>>(Unless there's an outside economic force, like a bandwidth
>>cap.  You don't say in the warnings.)
>>    
>>
>
>In the page the warning link to, that is explained.
>  
>
Missed it.  Oops!

{Quote hidden}

This I just don't understand.  If it can't run forever (barring the need
to reboot for kernel patches or shared libraries that are in use and
can't be unloaded), it's broken.

Trying to explain how this comment makes me fidget and fret, I'd say
it'd be like someone posting that they put a reset button on every PIC
device they build not for the times when things have truly gone wrong,
but because they feel "safe" if they reset their lawn sprinkler system
at least once a day, 'cause it's just going to crash anyway.  
Something's wrong with that code.  The bummer is, with Windows you have
zero chance of finding and fixing it.  (You don't have the source.)

{Quote hidden}

Sigh... search engines are a pain on any OS.  No argument or
disagreement there!  ;-)  Although the lockup part I don't get.  It
sounds generically like a file lock/resource-contention problem with a
bad race condition coded into it.

{Quote hidden}

I have access to a box on a 100Mb/s pipe that could be used (maybe) with
permission from the appropriate folks.  We could talk off-list about it
if you're interested.  You're probably as busy as I am and it hasn't
bubbled to the surface of priorities... I know how that goes!

>>By the way, that reminds me... Everyone DONATE to PICList!!!  
>>Keep James in bandwidth and toys!!!  (GRIN)
>>    
>>
>
>Thanks! If you don't have $$$ donate time by becoming a page editor,
>adopting a page and editing it. See the links on the page bottom (below the
>first HR) AFTER you log in.
>  
>
Always willing to say "DONATE DONATE DONATE" to anyone.  Rarely works,
but hey... I'll say it!  :-)  People like James who are willing to
donate freely of their time/knowledge to provide EXCELLENT public
resources like PICList are the best people out there!

Speaking of excellent resources, James... your post the other day about
the SX's reminded me that I have a small box full of the silly things in
the garage and still haven't had "play with SX's" bubble to the top of
my list.  I really should do that.  They're neat.  Your information you
provided in passing to another message really got me thinking about
applications for them again.  Fast little beasties!

Nate
____________________________________________

2004\12\17@193954 by Howard Winter

face
flavicon
picon face
Morgan,

On Fri, 17 Dec 2004 17:23:18 +0100, Morgan Olsson wrote:

>...<
> About virus scanners, i have tested some: Norton AV should be avoinded (clumsy resource hungry, tedious update.  
Indeed - I've seen several people who have paid for their annual renewal, and then not got their Norton software to accept that they've paid for it, and then have to go through all sorts of hassle, emails, phone calls and so on, to try to persuade the support people to give them what they've paid for!  And if you've lost the installed software due to a disk failure, it's even harder to get it onto the new disk.  Finally, a friend has a Norton installation that has (so far twice) come up with something like: "This software has become corrupted - please uninstall and reinstall it"... and restoring from a backup doesn't work!

> Best so far is Kaspersky: Efficient, compact and frequint updates, configurable, and have won tests from reliable consumer institute Råd&Rön for example.

I recommend a product from your neighbours to the West - Norman Virus Control (and other products) have always performed flawlessly for me, updates are regular and responsive.  I got two updates within a day once due to the rapid development of new versions of viruses, and about two hours later I received a spam email that had the very latest virus that they'd just added!  Sometimes weekly updates are just nowhere near often enough...  You can download and try NVC for a month, and if you like it you can pay for it at the end, for 1, 2 or 3 years' updates.  I have "converted" a number of friends, family (and clients) and none have had any problems.  They now have a tie-in with Ad-Aware, whereby you can buy packages which include the paid version of Ad-Aware (that includes Ad-Watch that stops the spyware getting there in the first place).

http://www.norman.com  I have no connection with them except as a satisfied customer.

> Best is of course to avoid security hooles.  Half of them on Windows is on MSIE.  And as it is rooted deep down in the OS it can plant malware like no other browser possibly can even if they were tailored too...
>
> The natural choice is Firefox.
> Likewise change Outlook to Thunderbird for mail.

I agree completely - or the full Mozilla with all of the Browser / eMail / News and so on in one package.

Cheers,




___________________________________________

2004\12\17@203731 by John J. McDonough

flavicon
face
----- Original Message -----
From: "Peter L. Peres" <KILLspamplpKILLspamspamactcom.co.il>
Subject: Re: [OT] Workgroup infestation


> Having been subscribed to the SecurityFocus mailing list for more than a
> year afair, I'd like to see ONE issue of that newsletter NOT mentioning
> an exploit in Explorer or Exchange.

I never claimed winblows was somehow better, it just annoys me that all
these Unix/Linux/BSD zealots like to pretend that they are invulnerable.
They forget that the worst worm ever, the one that basically shut down the
entire Internet, was a Unix based, email worm that exploited a text-only
mail client.

Windoze has improved greatly, and I suspect that XP/SP2 is pretty close to
as secure, as an operating system, as most of the Linuxes.  But, there are 3
big differences.  In order:

1) There are a hell of a lot of Windoze boxes out there to exploit.  Partly
because of that, there are an awful lot of out of date Windows systems.
Heck, there are probably more Win95 boxes out there than Linux boxes of all
flavors.  There are still an astonishing number of 3.1 systems.  How many
people are out there running 15 year old Linux distros?

2) People running Linux/Unix/FreeBSD generally have a clue.  People running
Windows, by and large, do not.

3) Probably because of #2, Linux people hardly ever surf or email from an
account with privileges.  I suspect using an unprivileged account for
anything on Windows is rare.

There is a huge danger to pretending that all is well.  Look at the Java
exploit.  That thing was known for six months, and patched for four, before
Sun even admitted it.  Even now you have to hunt to find anything on Sun's
site warning you of the danger of JVM's prior to 1.4.2_06.  Today, finally,
MONTHS after the update was available, one of my Windows system with Sun's
JVM finally popped up and said it needed to be updated.  Fortunately, one of
the boxes I mostly use for surfing has the M$ JVM which doesn't share the
hole.  The other doesn't have a JVM installed at all.

So this week we have SANS reporting a php exploit today, a Samba
vulnerability yesterday, kernel 2.4 and 2.6 exploits the day before ... all
is not perfect.  Don't lets pretend it is.

--McD


____________________________________________

2004\12\17@203747 by John J. McDonough

flavicon
face
----- Original Message -----
From: "Shawn Tan Ser Ngiap" <RemoveMEshawn.tanTakeThisOuTspamaeste.net>
Subject: Re: [OT] Workgroup infestation


> GCC support is only available for dsPICS as far as I know (using the
Microchip
> source... anyone managed to compile this yet??).

I'm curious, too.  Made a shot, no joy here!

--McD



____________________________________________

2004\12\17@211635 by William Chops Westfield

face picon face

On Dec 17, 2004, at 11:56 AM, Nate Duehr wrote:

> I contend that they can do less to a compromised *nix system if
> they compromised it as a non-root user.


But wasn't someone else talking about that "other" class of unix crack,
not found for windows - getting root access once you've compromised a
non-root user?  While this is theoretically more difficult than tricking
the non-priv'ed users, the number of possibly suspect buggy applications
goes way up too...

> Which type of system should they start with?  The secured one that they
> have to make conscious decisions to make less secure, or the unsecured
> one they have to lock down?

"SHOULD"?!  They should start with the system that provides the
applications,
tools, and network environment that they're required to use.  "Security"
should NOT be a major decision point at the USER level.  At the
corporate
IT decision-making level, other criteria apply - THEY'RE the ones who
should
make the security decisions, and they should be distributing the secured
versions of the OS and tools in question.  But there are yet more
decisions
made at that level that are rarely noticed by a single user, and you
risk
running into the situation we have here - nice IT-supported systems seem
to work pretty well, as long as you don't mind them occasionally
reducing
the system to a crawl in the middle of your workday while they run
viruscan
and such.  But god help you if you've bought some sort of instrument
(scope,
device programmer, etc) that happens to use windows as its OS - that'll
be
infected within minutes if it's not up to date.  And also look out if
you
happen to prefer a different OS/platform; "Gee, I'm sorry, but your
Mac/freeBSD
won't be allowed to connect to our wireless network because it doesn't
support
the latest semi-proprietary authentication and encryption schemes..."

Sigh.
BillW
____________________________________________

2004\12\17@212414 by William Chops Westfield

face picon face
On Dec 17, 2004, at 1:05 PM, Peter L. Peres wrote:

> Windows was designed as a gui OS, user-friendly, with a limited
> tunability.

You don't do it enough credit.  It was also designed to run on a
stunning
variety of hardware, and to easily attach an even more stunning variety
of
HW and SW "extensions" without having the users or owners need to
understand
much about anything.  To a fairly significant extent, it is this
"vendor and
manufacturer friendliness" that stands between windows and security,
rather
than mere "user friendliness."

I remember the first time I installed FreeBSD on a wintel platform, and
tried
to configure X.  Had to dig up a list of the horizontal and vertical
refresh
frequencies that the monitor happened to suppoort, and then DISCARD
most of
them so that X didn't make bad decisions about which ones it should use.
Windows, in contrast, read the PnP codes and got all the relevant info
from
the vendors disk, and "did the right thing."  A real eye-opener...

BillW

____________________________________________

2004\12\17@220856 by Bob Axtell

face picon face
I have been VERY satisfied with Frisk. I have their service, and I get almost daily updates. Not a single hit since installing their AV,
and it's easy to use. They are from Iceland, I think. Has them for two years now.

--Bob

Howard Winter wrote:

{Quote hidden}

>____________________________________________

2004\12\17@233140 by Herbert Graf

flavicon
face
On Fri, 2004-12-17 at 18:24 -0800, William Chops Westfield wrote:
> I remember the first time I installed FreeBSD on a wintel platform, and
> tried
> to configure X.  Had to dig up a list of the horizontal and vertical
> refresh
> frequencies that the monitor happened to suppoort, and then DISCARD
> most of
> them so that X didn't make bad decisions about which ones it should use.
> Windows, in contrast, read the PnP codes and got all the relevant info
> from
> the vendors disk, and "did the right thing."  A real eye-opener...

Of course, you're comparing a case of an OS COMPLETELY supported by the
hardware manufacturer to one where the hardware manufacturer provides NO
support. NOT a fair comparison, and in fact apples to oranges in my
mine.

Remember, almost ALL of the linux hardware drivers out there were built
without ANY help from the hardware manufactures. It is only recently
that they have started to actually CONSIDER supporting linux, most
don't, but some have at least started. Intel (with their support of
centrino drivers for Linux) and nVidia are stellar examples. More will
follow.

TTYL

-----------------------------
Herbert's PIC Stuff:
http://repatch.dyndns.org:8383/pic_stuff/

____________________________________________

2004\12\17@233634 by Herbert Graf

flavicon
face
On Fri, 2004-12-17 at 14:40 -0800, James Newtons Massmind wrote:
> I DID ask for help. At one point I had 5 members of a local Linux club at my
> house trying to get RedHat up and running (let alone secure) on a box that
> IIS under NT had been running just fine on. Months later we discovered that
> Linux wasn't clearing an ARP cache... Or some such thing.... Anyway.

You know, I was going to guess the distro you tried was Redhat, I guess
I would have been right.

Redhat, for a time, made some very "interesting" decisions in their
distros that IMHO made them FAR too insecure for anything live on the
net. They followed the mickeysoft way of enabling everything, along with
some other bad ideas, from a security point of view.

Unfortunately you were exposed to that, and it's the reason you have the
opinion of Linux you do. FWIW Redhat has gotten MUCH better. Many would
still steer people away from Redhat for servers, but I've had great
luck. Their Fedora line has been quite promising, and I actually run two
servers with Redhat, one 9.0 and the other Fedora Core 3.

The one thing people really dislike about Redhat is they seem to do
everything a little differently from everyone else, especially when it
comes to the locations of config files. Since I've used Redhat for so
long I know where to look, but I can see how someone new to Linux may
get confused (since most of the docs describe distro's that put things
in the "normal" places.

TTYL

-----------------------------
Herbert's PIC Stuff:
http://repatch.dyndns.org:8383/pic_stuff/

____________________________________________

2004\12\18@052043 by William Chops Westfield

face picon face

On Dec 17, 2004, at 8:31 PM, Herbert Graf wrote:

> Of course, you're comparing a case of an OS COMPLETELY supported by the
> hardware manufacturer to one where the hardware manufacturer provides
> NO
> support. NOT a fair comparison...

Um.  Wasn't everyone complaining about the poor support microsoft
offered
compared to "the unix community"?  Either microsoft's support is better,
or it's worse, right?  (no, of course it's NOT right.  Support in
different
areas is ... different.)

But y'all are painting things with broad brushes.  "Microsoft sucks."
"Use linux.  Oh.  Not THAT Linux, of course."  etc.

BillW
____________________________________________

2004\12\18@084312 by Gerhard Fiedler

picon face
> Trying to explain how this comment makes me fidget and fret, I'd say
> it'd be like someone posting that they put a reset button on every PIC
> device they build not for the times when things have truly gone wrong,
> but because they feel "safe" if they reset their lawn sprinkler system
> at least once a day, 'cause it's just going to crash anyway.  

I think especially with small devices, the regular reboot is more common
than not. People here have even suggested PIC code architectures that are
based on constantly rebooting. Not what I do, but still not a bad idea,
IIRC.

Gerhard
____________________________________________

2004\12\18@085424 by Gerhard Fiedler

picon face
John J. McDonough wrote:

> 2) People running Linux/Unix/FreeBSD generally have a clue.  People running
> Windows, by and large, do not.

And, no matter what system, if you connect it to the internet, you should
go through a hardware router with firewall -- unless you are willing to
spend the time involved to make your system secure enough. Most are not
willing to do that, not even most engineers (unless of course they are
network engineers :)

I think this goes for *nix based systems just as it goes for Windows
systems. And Nate of course doesn't count as an example, because he's not
an average user without network knowledge :)

Gerhard
____________________________________________

2004\12\18@115028 by Morgan Olsson

flavicon
face
Bob Axtell 04:08 2004-12-18:
>I have been VERY satisfied with Frisk. I have their service, and I get almost daily updates. Not a single hit since installing their AV,
>and it's easy to use. They are from Iceland, I think.

Nice name; "frisk" menas "healty" (opposite of ill) (at least in swedish.) :)

OK, so "PICLIST favourite antivurus list" so far is:
http://www.f-prot.com/
http://www.norman.com/
http://www.kaspersky.com

...And on the avoid list:
Symantec Norton Antivirus

--
Morgan Olsson, Kivik, Sweden

____________________________________________

2004\12\18@155436 by Herbert Graf

flavicon
face
On Sat, 2004-12-18 at 02:20 -0800, William Chops Westfield wrote:
> On Dec 17, 2004, at 8:31 PM, Herbert Graf wrote:
>
> > Of course, you're comparing a case of an OS COMPLETELY supported by the
> > hardware manufacturer to one where the hardware manufacturer provides
> > NO
> > support. NOT a fair comparison...
>
> Um.  Wasn't everyone complaining about the poor support microsoft
> offered
> compared to "the unix community"?  Either microsoft's support is better,
> or it's worse, right?  (no, of course it's NOT right.  Support in
> different
> areas is ... different.)

We're NOT talking about the OS maker's support, if you had read my
message you would have realized I was talking about HARDWARE maker's
support. Hardware makers have made windows drivers for YEARS. For linux,
nearly nothing (in fact they didn't only refuse to make drivers, most
refused to release ANY info on how their hardware worked, causing a huge
amount of reverse engineering having to take place. Fortunately that is
changing, slowly).

So a blanket OS comparison just isn't valid since alot of the "problems"
people have had with Linux relate to hardware drivers (not all, but
alot).

> But y'all are painting things with broad brushes.  "Microsoft sucks."
> "Use linux.  Oh.  Not THAT Linux, of course."  etc.

Would you recommend WinME? Most wouldn't. As a similar token, many would
not recommend Redhat in certain versions, for similar reasons. What's
wrong with that? Nobody says Linux is perfect, it has had it's bad
moments, no denying it.

Broad brush? You bet. No reason to get irrational about it.

-----------------------------
Herbert's PIC Stuff:
http://repatch.dyndns.org:8383/pic_stuff/

____________________________________________

2004\12\19@202459 by James Newtons Massmind

face picon face

Nate Duehr said

> James said:
> >I DID ask for help. At one point I had 5 members of a local
> Linux club
> >at my house trying to get RedHat up and running (let alone
> secure) on a
> >box that IIS under NT had been running just fine on. Months later we
> >discovered that Linux wasn't clearing an ARP cache... Or
> some such thing.... Anyway.
> >  
> >

<SNIP>

> This is kinda weird... An ARP cache wouldn't have anything to
> do with hardware... well, I understand... something confusing
> happened.

It was also related to the cable modem... But I still don't remember
exactly. It was in the "no hardware mfgr support for the OS" category of
"why *nix is a pain."

> This kinda stuff makes me wish I were closer -- I'd drive
> over, we'd have coffee and as my friend from Austrailia says
> "We'd have a play with it."  Oh well...

Welcome anytime.


{Quote hidden}

That is very true... I've had to really dig for some of the things that have
bothered me on my IIS / NT server and they were not documented anywhere. Not
by MS or anyone else that I could find. Hosting is a 'hole nother world'


{Quote hidden}

I know IIS has gotten better over time, and it leads me to believe that some
flavor of *nix / Apache is also probably better than what I tried. But this
is dangerously close to the "why, when I was a kid... Uphill both ways...
And we didn't have any cozy little automated testing scripts either"


<SNIP>

{Quote hidden}

I do still hold that one person, running a server, will have more cycles to
actually do fun things with an NT / IIS setup where the guy on the *nix box
will burn all his cycles messing with the OS.

<SNIP>

{Quote hidden}

A) With windows, the problem will fix itself in the next update.
B) You don't see the point in having a watch dog timer in a PIC either, I
suppose?
C) The low cost defrag program I could afford only does page file
defragmentation on reboot.

<SNIP>

> >>I know from our discussions that you are
> >>passionate about PICList!!!  (Yay!)

That is actually a subset of my real passion: Saving something valuable from
each person before they die. See
http://www.massmind.org

{Quote hidden}

It does have the advantage that the file system immediately lets the index
engine know if a file has been changed. The index is NEVER out of date and
the files don't have to be scanned for changes. With a little homemade "load
limiter" it works great.

<SNIP>

{Quote hidden}

One very kind soul donated $100 and said in the comment that it was a direct
result of your reminding him.

<snif> it almost restores your faith in humanity.


> Speaking of excellent resources, James... your post the other
> day about the SX's reminded me that I have a small box full
> of the silly things in the garage and still haven't had "play
> with SX's" bubble to the top of my list.  I really should do
> that.  They're neat.  Your information you provided in
> passing to another message really got me thinking about
> applications for them again.  Fast little beasties!


http://www.sxlist.com has it all. And runs on that same server...

---
James.



____________________________________________

2004\12\19@202748 by James Newtons Massmind

face picon face
I second that. User interface could be a bit better, but for the $$$ it's
the best I've seen.

---
James.



> {Original Message removed}

2004\12\19@203641 by James Newtons Massmind

face picon face
>
> But y'all are painting things with broad brushes.  "Microsoft sucks."
> "Use linux.  Oh.  Not THAT Linux, of course."  etc.
>
> BillW


I about busted a gut laughing... Yep, that is exactly the story of my life
with *nix. "Use Linux... Oh, Not THAT Linux" Damn that's funny.

---
James.



____________________________________________

2004\12\20@032343 by Nate Duehr

face
flavicon
face
John J. McDonough wrote:
> ----- Original Message -----
> From: "Peter L. Peres" <spamBeGoneplpspamBeGonespamactcom.co.il>
> Subject: Re: [OT] Workgroup infestation
>
>>Having been subscribed to the SecurityFocus mailing list for more than a
>>year afair, I'd like to see ONE issue of that newsletter NOT mentioning
>>an exploit in Explorer or Exchange.
>

I think I understand that your argument below is just saying that all
systems have exploits, but I think we all already know that.  Meanwhile
there were a few points I thought deserved a short response.

> I never claimed winblows was somehow better, it just annoys me that all
> these Unix/Linux/BSD zealots like to pretend that they are invulnerable.
> They forget that the worst worm ever, the one that basically shut down the
> entire Internet, was a Unix based, email worm that exploited a text-only
> mail client.

You're as zealous as the ones you condemn, by the way.

The Morris worm you mention was released onto ARPANet and the early
Internet in 1988.  Robert Morris caused an estimated $53,000 in damage
and was sentenced to three years probation, 400 hours of community
service and a fine of $10,500.  His appeal was denied in 1990.

Considering that Morris' worm was the first one EVER, you might cut the
world some slack when claiming that *nix had this horrible terrible worm
that took out the WHOLE Internet.  (Gasp.  Big drama.  Oh no, the
Internet was down in 1988!)

Morris' stunt was a cultural shift that shocked people who had always
allowed remote logins from anywhere.  Even Morris himself sent the
copies of the worm from an MIT machine he had access to, instead of
using his Cornell machines as he didn't want it traced back to him.

To keep this time-line in perspective, Microsoft didn't even have a
viable TCP/IP stack at this time.  And 1200 baud modems were in their
heyday.

Microsoft eventually copied their IP stack from BSD to catch up when
they realized that NetBEUI wasn't going to work very well and had severe
scalability problems.  And thank the stars that Novell created a cheap
Ethernet network card and "clones" were hitting the streets, Microsoft
was barely smart enough to grab both.  They also copied Netscape's new
"Web Browser" shortly thereafter.

Microsoft-based worms started coming out soon after, and these were as
simple to exploit as Morris' little script.

Even though they'd been around since the time of Morris, Microsoft
pretended they didn't have a clue.  None.

Thousands of computer professionals complained bitterly that many of the
"features" Microsoft was releasing (ActiveX, as an early example) broke
all of the security rules ALREADY KNOWN in the *nix world from lessons
learned all the way back to Morris' little stunt.  And no one listened.

This was a decade after computer scientists (a field that was barely
poking a nose into the microcomputer age when Morris released his worm)
started looking for bad programming and network security holes and even
suggesting ways to keep online systems secure.

Melissa, NetSky, CodeRed, Nimbda and countless others are the result
today.  These things are so common that they are considered "normal" now
by millions.

Today, damage from worms is just a fact of life.  The damage caused by
these worms is now estimated into the hundreds of millions of dollars,
worldwide.

Which is worse?  Morris or Melissa?  I think you have blinders on and
don't take the historical timeframe or what was at stake into account.

Microsoft saw the damage Morris created in 1988.  They had the choice to
create something better and did not.  The reason?  If you weren't
worried about computer/network security, neither were they.  If you
wanted open security holes like ActiveX because you were too lazy to
write good client/server code, you got it!  Hot grits, coming up!

The information about how to avoid such worms started being disseminated
the day after Morris' stunt, and Microsoft had almost a decade to
consider their options.

They decided undiciplined people would not care and would apologize for
them.  They were right.  You're doing it.

SANS reported tonight that WINS and DHCP both have SYSTEM user level
exploits on all Windows machines from NT through Server 2003.  The WINS
exploit allows the attacker to take over an entire Windows Domain
Controller, which controls the security of all machines using it.

All SANS Council sites are reporting that they're immediately patching.

But what you don't see is an uproar of their CIO's and CTO's asking,
"Why are we still putting up with this?"  Why not?

U.S. Corporations continue to mandate Windows complete with insanely
high operating costs, Eurorpeans are moving to Linux and other
alternatives.

The Linux magazines from the UK are easily twice as informative and good
as their U.S. counterparts, whole cities in EU countries are starting to
lean toward demanding that open-source code be used to run their
business, and in general...

U.S. companies are weighed down by an anchor-chain around their necks
called Microsoft.

Nate
____________________________________________

2004\12\20@053116 by Peter L. Peres

picon face

On Sat, 18 Dec 2004, Gerhard Fiedler wrote:

>> Trying to explain how this comment makes me fidget and fret, I'd say
>> it'd be like someone posting that they put a reset button on every PIC
>> device they build not for the times when things have truly gone wrong,
>> but because they feel "safe" if they reset their lawn sprinkler system
>> at least once a day, 'cause it's just going to crash anyway.
>
> I think especially with small devices, the regular reboot is more common
> than not. People here have even suggested PIC code architectures that are
> based on constantly rebooting. Not what I do, but still not a bad idea,
> IIRC.

I think that from the point of view of reliability it is almost
mandatory to schedule reboots for systems that run continuously. I also
wrote about the pic code that has wdt enabled and does *not* clear it
except when doing a time critical task, thus resetting every 2 seconds
or so.

Peter
____________________________________________

2004\12\20@063034 by Russell McMahon

face
flavicon
face
>And thank the stars that Novell created a cheap Ethernet network card

Only about $500 when it first came out :-)

> Microsoft ... also copied Netscape's new "Web Browser" shortly thereafter.

Copied is in the broadst sense there - as in, 'made something with broadly
similar functionality'. Unusually, for Microsoft, you'll find the true
parentage of Internet Explorer still openly proclaimed in the Help About
screen of IE6. viz "Based in NCSA Mosaic. ... ".




           RM



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.0 - Release Date: 17/12/2004

____________________________________________

2004\12\20@135614 by Nate Duehr

face
flavicon
face
William Chops Westfield wrote:

> I remember the first time I installed FreeBSD on a wintel platform, and
> tried
> to configure X.  Had to dig up a list of the horizontal and vertical
> refresh
> frequencies that the monitor happened to suppoort, and then DISCARD most of
> them so that X didn't make bad decisions about which ones it should use.
> Windows, in contrast, read the PnP codes and got all the relevant info from
> the vendors disk, and "did the right thing."  A real eye-opener...

(PnP being one of those "standards that really aren't" that vendors make
damn sure Microsoft knows how to read their hardware output, but rarely
do those same manufacturer's share with the rest of the world, who has
to reverse-engineer by buying said hardware.)

(FreeBSD being an OS that probably used XFree86 at the time, so pretty
much any *nix-like OS used the same X system at that time.)

You actually think the monitor manufacturer's go out of their way to
inform the XFree and XOrg folks of the proper settings for their
hardware?  They don't.  Those folks have to wait for people to buy the
new hardware and test it.

It has absolutely nothing to do with how "good" Windows is, it has more
to do with what OS the hardware folks provided configuration information
for.

I don't blame them, it's only normal for them to service their largest
"customer".  But your logic is flawed in your argument.  Windows "did
the right thing" because they had information about the hardware the
other developers did not.

If the "Manufacturer's disk" came with XFree and XOrg settings, would
your assertion hold up?  Nope.

Nate
____________________________________________

2004\12\20@154223 by Nate Duehr

face
flavicon
face
Russell McMahon wrote:
>> And thank the stars that Novell created a cheap Ethernet network card
>
>
> Only about $500 when it first came out :-)
>
>> Microsoft ... also copied Netscape's new "Web Browser" shortly
>> thereafter.
>
>
> Copied is in the broadst sense there - as in, 'made something with
> broadly similar functionality'. Unusually, for Microsoft, you'll find
> the true parentage of Internet Explorer still openly proclaimed in the
> Help About screen of IE6. viz "Based in NCSA Mosaic. ... ".

Of course, CERN created the very first browser... text-based.

But, NCSA Mosaic was the original Netscape browser.

Marc Andressen was at NCSA when he and his team created Mosaic and then
left to start Netscape as a commercial venture.

All graphical browsers are ultimately the result of their original work.

Shortly after Netscape was founded, Microsoft incorporated MSIE (based
off of Andressen's code) deeply into their OS.  (Win95)

This lead to their anti-trust trial and ultimate settling out of court
with the DoJ and States to avoid further litigation.

Nate
____________________________________________

2004\12\21@051351 by Morgan Olsson

flavicon
face
James Newtons Massmind 02:36 2004-12-20:
>I about busted a gut laughing... Yep, that is exactly the story of my life
>with *nix. "Use Linux... Oh, Not THAT Linux" Damn that's funny.

I feel about the same.  Probably because the Linux is not one company, but several competing and cooperating organizations and companies.  So one chap recommends X because it is best on that, another Y because it is best on this, etc...  And the variance is too big to know in depth.  Som distros are for desktop, some for servers, some to compile ioptimally on your target, some to be bootable on CD directly, some minimalistic for certain purposes, some...
http://www.linuxiso.org/ , http://www.linux.org/dist/index.html

Not competing in a bad way though, but scientifically and economically healthy.
But the different distributions as they are called are targeted to different tasks.
(To be correct on wording: "Linux" is the kernel, "Distribution" is the Whole package on th einstall cd:s/DVD: linux, drivers and all other OS parts, installer, plus usually a BIG load of applications; usually like installing MS windows, MSOffice, acobat reader and more in just a fraction of the time and hassle.)  Alos note that while being different, most distros follow a standardized orgnization of file system structure, so it is not hard to shift distro.  Also it is much more logical than the MS style; everything is in a large tree, and you can (re)mount partitions and whatever where you like it.  No drive letters jumping around.)

I recently installed Mandrake on my laptop, and it really suprised me in installation ease (including parttioning), if found all hardware including sound and wireless, etc, and in one hour just *everything* worked and i also had Office, pdf-reader, browser, mail, help system, etc...  I just decided to use Mandrake, when my brother recommended me to try Debian, so now i download thoose isos for cristmas toy ;)

If yuo have a spare HD, wideband for downloading ISO:s and a free evening, trying a linux distro is a nice experince, compared to the frustration of trying getting Windows updated.

On the same Laptop with MSWinXP originally installed i spent two full days to update the to SP2, first flashing BIOS for compatibility, and struggeled with Norton AV (originally installed crap :( ) and nonworking IBM driver update, that insisted on downloading and installing the wrong wireless driver!  AAAAAAH.  

On this desktop Win2kSP4 i tried updating my Epson printer driver, as the former could not be used by a XP machine on the LAN (printing hang).  It ended up i could not install *any* version of the printer driver on this machine anymore and while trying i mistakenly hurt the system, taking me a half day to repair...  So now that printer is on the other machine and i can not print from here.  Don not tell me Windows (and related drivers) is user friendly!!

/Morgan  -gotta work now...
--
Morgan Olsson, Kivik, Sweden

____________________________________________

2004\12\21@122308 by Eisermann, Phil [Ridg/CO]

flavicon
face
piclist-bounces@mit.edu wrote:
> and
> nonworking IBM driver update, that insisted on downloading and
> installing the wrong wireless driver!  AAAAAAH.    
>
> On this desktop Win2kSP4 i tried updating my Epson printer driver, as
> the former could not be used by a XP machine on the LAN (printing
> hang).  It ended up i could not install *any* version of the printer
> driver on this machine anymore and while trying i mistakenly hurt the
> system, taking me a half day to repair...  So now that printer is on
> the other machine and i can not print from here.  Don not tell me
> Windows (and related drivers) is user friendly!!      

Hehe. I recently installed a 2nd hard-drive. Im still running WIN98,
so it needed some driver or other to make the OS recognize the drive.

It ended up conflicting with my sound card. Tried to re-install the
driver. Windows insisted its now 98SE, and prompted me to insert the
98SE disk. Same result with the sound card installation files. So
I have to upgrade Windows to install a hard drive!? What a load of
<insert explitive>
____________________________________________

2004\12\21@124525 by John J. McDonough

flavicon
face
----- Original Message -----
From: "Eisermann, Phil [Ridg/CO]" <TakeThisOuTpeisermaEraseMEspamspam_OUTridgid.com>
Subject: RE: [OT] Workgroup infestation


> 98SE disk. Same result with the sound card installation files. So
> I have to upgrade Windows to install a hard drive!? What a load of
> <insert explitive>

No, you don't have to upgrade Windows to install a hard drive.  Nor do you
need to install a driver.  Installing the driver was apparently the issue
that wanted SE.

LOTS of the time, when Win98 wants you to put in the CD you can just tell it
to go on.  Not all the time, and it sounds as if the sound card, or perhaps
some earlier device, precipitated the problem.

Probably the best solution would be to restore the backup from just before
the PREVIOUS device you installed.  Then pay careful attention to that
device's install.  After you get all the hardware squared away then go ahead
and restore your data from newer backups.

But unless you are doing something like a USB hard drive (which isn't fully
supported on Win98 OE), you do not need a driver for a second hard drive.

If you do not have a good history of backups, during the coming weeks as you
try to recover, consider the importance of a good backup discipline.

--McD


____________________________________________

2004\12\21@134604 by Eisermann, Phil [Ridg/CO]

flavicon
face
piclist-bounces@mit.edu wrote:
> Probably the best solution would be to restore the backup from just
> before the PREVIOUS device you installed.  Then pay careful attention
> to that device's install.  After you get all the hardware squared
> away then go ahead and restore your data from newer backups.

The issue was the size - 160MB, which isn't supported by Win98. Using
the driver allowed 137MB to be recognized. I knew about this problem,
but smaller drives were hard to find, and cost about the same.

> If you do not have a good history of backups, during the coming weeks
> as you try to recover, consider the importance of a good backup
> discipline.

I appreciate you taking the time to help. Thank you!

I will end up doing one of two things. Either I remove driver and use
even less of the drive (which offends my sensibilities), or see if I can
get a legal copy of a later version of windows through our IT department
(we have some sort of extended licensing scheme  where employees can
install certain windows software at home)

I would hardly have expected that adding a hard drive breaks the sound
card. The point was that I and Morgan Olsson were commenting on the
'user friendliness' of windows and its drivers. Really, what kind of
OS breaks the sound card when installing a driver? Shouldn't have I
gotten some sort of warning during the install about a conflict? I
have no control over what windows does during the install, and
afterwards it's too late and I have to restore?

The issue for me isn't data backup. I archived all the data I wanted
to keep on CDR. What irks me is having to re-install all those programs.
And of course, I have to reboot once for each program that needs to be
re-installed. Honestly, if the software I needed were available under
*nix, then I wouldn't bother with windows. I don't recall having to reboot
my linux machine (this was many years ago) when I installed new software.
I don't think I had to reboot even when we remote-mounted a hard-drive
between UC and Penn State.

I don't want to get into an OS-bashing session, each has its pros and
cons. I was unable to get Mandrake to work on that machine, either.
But that was due to Mandrake not supporting my video card at that time.
I actually pre-ordered it, literally hot off the press. I had intended
to ditch windows ~6 years ago but couldn't due to lack of hardware
support.

Again, thanks for your help and advice. I really do appreciate it.
This thread seems to have wandered far afield....

____________________________________________

2004\12\22@033410 by Nate Duehr
face
flavicon
face
Eisermann, Phil [Ridg/CO] wrote:

What is a [Ridg/CO] just out of curiosity?

> I don't want to get into an OS-bashing session, each has its pros and
> cons. I was unable to get Mandrake to work on that machine, either.
> But that was due to Mandrake not supporting my video card at that time.
> I actually pre-ordered it, literally hot off the press. I had intended
> to ditch windows ~6 years ago but couldn't due to lack of hardware
> support.

Also out of curiosity, what kind of card?  Video cards have been
problematic for Linux for a long time due to no information from various
manufacturers.  Nvidia *REALLY* got on the bandwagon recently and does
an excellent job of supporting not-only their cards, but the advanced
speed features of their cards now via custom kernel module packages and
a decent installer script that just requires you have the kernel source
(headers, actually) installed for your distro of choice.  Matrox are
generically well-supported now also, and ATI lags behind.

Would be happy to help you figure out if it works now.  Mandrake 10.1 is
out, and it's getting good reviews.  I'm more partial to SuSE for
"simple" desktop installations these days, Debian (as always, even
though it's harder to install) for servers, and Gentoo for my serious
hacking boxes.  Gentoo would be a giant pain for newbies, though...
definitely.

> Again, thanks for your help and advice. I really do appreciate it.
> This thread seems to have wandered far afield....

We're good at that.  ;-)

Apologies if I've been less than helpful of your actual problem.  I'm
very happy with Linux and use it a lot... always happy to help out if
you run into problems.  (I wouldn't have gotten into Linux at all if it
weren't for a friend's foray into early Slackware and many hours of
cursing at X trying to get it to even start on 486's!)

Nate
____________________________________________

2004\12\27@085852 by Eisermann, Phil [Ridg/CO]

flavicon
face
piclist-bounces@mit.edu wrote:
> Eisermann, Phil [Ridg/CO] wrote:
>
> What is a [Ridg/CO] just out of curiosity?
>

That's the company name/location. We are part of Emerson's global
network. "Ridg" is short for "Ridgid" our brand name. "CO" stands
for Corporate Office, I think. There's Ridg/BE (Belgium), Ridg/FR
(France), Ridg/DE (Germany), etc

> Also out of curiosity, what kind of card?

It's a Diamond Viper V770, based on Nvidia's TNT2 chip. It's old
now, but was top-of-the-line when I bought it. That was '98 or '99

> Would be happy to help you figure out if it works now.  Mandrake 10.1
> is out, and it's getting good reviews.  I'm more partial to SuSE for
> "simple" desktop installations these days, Debian (as always, even
> though it's harder to install) for servers, and Gentoo for my serious
> hacking boxes.  Gentoo would be a giant pain for newbies, though...
> definitely.

I plan on trying again in a few months while I assemble a second system.
Am expecting a hand-me-down MB and shopping for cost-effective
components. No sense buying if I can get serviceable parts for free...

> Apologies if I've been less than helpful of your actual problem.  I'm
> very happy with Linux and use it a lot... always happy to help out if
> you run into problems.

Me, too. My first experience was with Slackware back in 1991. I went
to a dual-boot system for a while so I could work at home.

Thanks for the comments on new releases and video-card support. Will
keep those in mind. This system will be based on components that have
been out for a year or more, so hardware support will be less of an
issue this time around, I hope.

More... (looser matching)
- Last day of these posts
- In 2004 , 2005 only
- Today
- New search...