J. Oquendo wrote:
KJKHyperion wrote:
why, Windows machines of course, I'm an attacker, not a fool! If you
were a terrorist, what would you rather do?
Crash the Twin Towers
Crash the dollar
There is no such thing as an "attacker". All actions, even such an
individual's, are driven by economical considerations.
With this said, if I were an attacker with economics in mind
why would I want to target a machine which has X amount of
vendors sifting through the much of malware and viruses when
I could spawn off an semi undetectable program and KEEP IT
THERE without having to wait for the next best thing.
So many misconceptions, so little time.
First of all, I meant economical in not just a monetary sense, but the
wider sense of balancing conflict in everyone's interest. And well, I
got the impression you were thinking of outlandish lose-lose (hence
anti-economical) scenarios where some loose cannon shuts down the whole
internet, but on second thought I might have been wrong on that account.
The idea was that, as effective an enemy-killer crashing the dollar
would be, it would prove counterproductive, damaging irreparably the
very currency that puts bread on your table and AK-47 on your shoulder.
So a purely economical evaluation will bring you to choose, instead, the
option causing the lesser evil (i.e. the virtual death of the airline
terrorism market).
Second, don't kid yourself, the market of security suites for Windows
is, at best, an open-air fish marketplace (a terrible stink, a lot of
yelling and products with an inherently short freshness timespan the
first similarities that come to mind, but I'm sure the mental picture
will evoke you many others).
I have written Windows attack software for a living, and there's one
thing I can write down and undersign in my own blood: Windows cannot be
secured. Which is very bad news for the whole industry, Windows being
the system with the highest security/feature richness ratio, or in other
words the culmination of the state of the art of software engineering as
we know it. We lack the semantic tools to even express *what* Windows
does, much less how, much less to tell right from wrong
[The feeble-minded, confronted with this, retreat in the virtualization
hugbox, forgetting the historic lesson that the Titanic sank because the
flooding bypassed the (insufficiently fine-grained, at that) waterproof
compartments by reaching *over* them -- and let's leave it at that,
before runaway metaphorization makes me say something about how Leonardo
Di Caprio fits that I will regret]
There is nothing, absolutely nothing you can do to isolate applications,
or tell malicious from normal behavior. Hell, you can hardly tell apart
applications from each other. An application is often just an EXE, but
sometimes it's an EXE and a bunch of DLLs, and sometimes one of the DLLs
is loaded in all active processes, and sometimes the EXEs are two or
more, and sometimes a driver is thrown in the mix, and yet sometimes all
you have is a single DLL, a DLL that, sometimes, must *necessarily* be
loaded at random times in an arbitrary process (see: IMEs).
Not that it matters at all, since the biggest names in security suites
fail even the most basic, trivial tests (god is my witness in how often
I overengineered some protection routine, only to discover that
expensive security suites that shall go unnamed didn't notice the whole
trojan in the first place), but it's kind of comforting to know that the
problem is unsolvable in principle, now isn't it?
So stop shelling out money to the snake oil salesmen or even giving them
any credit. When humanity's flagship software product is in such a sorry
state, you know there is nothing a random moron like you can do. Let the
scientists discover the obvious, let the engineers put it in practice,
and until then, for the love of god and all that is holy, _just_ _don't_
_swallow_.
[Microsoft being Microsoft, the most important software engineering
proof-of-concept, ever, they have developed will probably become a
product in ten years from now, if ever, be a huge flop at it and be
forgotten soon. It's called Singularity, it's an operating system
99.999% based on .NET, it will make your CPU simpler and faster and your
software safer, it's sort of like what Inferno would be if it was
actually meant to be used by human beings, *and* if your irrational
racist hate of .NET or other kind of short-sightedness makes it seem any
less than the... singularity that will take the world by storm and
change it forever I see it as, *then* to me you are dead from the
inside; <http://research.microsoft.com/os/singularity/> for more
information]
And if you think for a second that "Boohoo Linux users are more inclined
to be security conscious" then you are the fool here.
Haha, yes they are, according to their self-assessment. As for delusions
of security consciousness, though, my favorite have to be the MacOSX
users. They are just completely detached from reality. I have seen
people I considered computer security gods sit in front of a Mac and
turn into trusting, carefree idiots on the spot. They download warez
from Limewire, crack it, share it with their Mac-using buddies, they
will double-click on random auto-run DMGs without batting an eye, and
they will know absolutely nothing about the system and still be proud of
every shining new shareware widget like they made it themselves.
[random hint: MacOSX is not based on UNIX, it's based on Mach which has
a lot more in common with Windows than any UNIX, ever; the upper layers
come from NextStep, again not an UNIX by any stretch of imagination; the
UNIX subsystem has only ever caused security issues and will keep
causing them, because it's a poorly integrated add-on with almost purely
advisory vetoing powers]
They use, again very proudly, an alternate "desktop" they download
Javascript "widgets" to, and a screen saver that shows the latest
headlines from their "feeds" of choice [alternate keywords: "active
etc.", "items", "channels"]. They are, in other words, living in 1998,
plus special effects. I could poison Limewire with backdoored Office
2004 DMGs and own a planetful of these clueless, poor, trusting
bastards. They'd be wearing their best shit-eating grin the whole time
(built-in webcam if you need proof!), and you can hardly beat _that_,
sheer numbers be damned.
Of the couple of thousand of brute force bots I see, none are on
Windows.
Of course, where would we run our millions of phishing bots otherwise?
Whatever though, to each their own mechanisms of thought.
If you truly believe its all fine and dandy and things
won't get progressively worse by giving Linux to
inexperienced users, you are in for a rude awakening.
You _can_ sleep?
If you haven't stopped to read the facts that malware, *ware creators
are getting more savvy, then you seem to be stuck somewhere in a
world of fantasy.
You seem to assume nobody that programs on Windows could possibly get
"savvy". I assume you are choosing to ignore that Windows hackers have
completely hijacked the UNIX-born concept of "rootkit", bringing it to
heights that probably give nosebleeds to most UNIX-heads. Despite this,
and despite scaremongers the likes of Joanna Rutkowski, there has been
no technological escalation in attacks because it's unnecessary -hence-
antieconomical (could also be because kernel-mode rootkits suck? I'm a
firm believer of user-mode rootkits. Vanaglorious boasters will lead you
to believe you can do more in kernel mode, but experience soon shows you
that you can actually do *less*, at a higher cost)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
