Re: Security Alert: Some PCs download and install software bythemselves

From: Eugene Leitl (Eugene.Leitl@lrz.uni-muenchen.de)
Date: Tue Jul 17 2001 - 09:15:41 MDT


On Tue, 17 Jul 2001, Alex F. Bokov wrote:

> Windows 98 is very secure, because its code is closed and hackers
> can't find out about its vulnerabilities. They can't even use the

<LFP>
Security by obscurity isn't. Imagine what will happen when code will start
finding exploits instead of using documented exploit libraries. As to
closed source, have you heard about XP sources being leaked on h4x0r
sites? I haven't bothered to validate the rumor, but sooner or later it
will happen anyway.

Suddenly, security by obscurity is revealed as a house of cards in a gale
that it is. Whereas the Open Source warez receive a thorough banging by
h4x0rs (amplified by kitties), and a turf of code review waves after
another (if NSA is going to use it internally, you can assume they're
going to keep at least the 'l33t d00dz out).

> hacker tactic of posing as developers, because Microsoft *doesn't*
> *even* *document* many of the system calls, or documents them so
> obscurely that you really have to know what you're doing to understand
> it. Microsoft has structured its products such that they can only be

There are debuggers, with hardware assist included. Code which writes code
will find holes by blind probing alone.

> used for a few legitimate purposes by a few legitimate businesses. You
> can bet that the software Phoenix PCs install is useful, like a patch
> or a new driver or a small advertising banner that helps you, the
> customer, save money. Not Back Orifice and PGP like Linux users would
> install on your machine if they had the chance.

Actually, I'm interested in keeping a fair fraction mainstream systems
insecure. Consider a somewhat guerilla tactic of writing a truly viral
MojoNation package, which silently infects anything infectable (Win* is
very widespread in the Far East due to all the pirates), and then just
sits in the background, with adaptable resource throttling (stealing
resources from users without their consent is obviously not ok). </LFP>

> So hackers have no other recourse than going to public domain software
> and trying to convince the rest of you to follow. Just another example
> of how software has to be proprietary to be any good. I mean, come on!
> Linux software was written by teenage hackers and communists who

To the keyboards, comrades! Digital communism shall prevail!

> wanted to get something for nothing, while Windows was written by
> seasoned developers (probably all with MCSEs at the very least) and

seasoned, very so. Vintage. Can't you just smell the quality?

> state of the art tools like Visual Studio. So which kernel would you

Visual? I've seen it (while keeping a few meters safety distance). Very
fine product, typical for Microsoft.

> prefer running your mission-critical floppy drive? Leave the code to
> the specialists, I say. Thousands of Fortune 500 companies, leading
> educational institutions, and the Federal Government can't be wrong.

You have me convinced, now. As soon as I get back home some radical
reinstallation is in order.

> PS: Who's Redmond? Win98 was written by Bill Gates last time I
> checked. Get your facts straight.

Billge is not evil enough by far, Ballmer was just using him as a front.

-- Eugen* Leitl leitl
______________________________________________________________
ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:08:50 MST