Unsafe At Any Runlevel 106
joestump98 writes: "In an effort much like Ralph Nader's effort to increase safety standards for the car industry, The Center for Internet Security plans to pressure software vendors into shipping products with the 'highest security settings available, making them less vulnerable to viruses and hacking ...' Some of its members include Intel and Stanford. The best part is they will be releasing testing tools for all of the major operating systems, including Linux."
The Politics Of Exposure. (Score:2)
Re:Oh, Joy... (Score:1)
In an effort, much like Ralph Nader's effort (...)
Nader's got nothing to do with this, so take your Nader-bashing trollage elsewhere, please.
Re:I like this quote... (Score:2)
J. Random Loser will nover stand for it (Score:2)
While I applaud the idea, and champion it myself, users and marketeers will resist this to the end.
You see, security isn't user friendly.
<sight>
When I've tried to push a "secure by default" position in the past, the response I usually get is: "But that would be a pain for the user! Let's make the secure configuration an option. The user that really needs security can just turn it on".
The rub is, the ones who really need it don't now enough to turn it on.
Re:A good thing AND a bad thing (Score:1)
However making security transparent to the user is also pretty bad: in most Windows software they do this by just getting everything running at system privilege (I haven't really come across anything that does otherwise - usually you run the setup program, at the end you reboot and next time the software is up and running automatically as system). Of course you can have installers that create user/groups but then the issue is how can you be sure those newly created accounts won't be used, and when the use have no knowledge of how many accounts there are in the system the situation isn't all the pretty either.
I'm always of the opinion that OS X is going to end up one of the most cracked OS of all times, simply because the target users won't have the slightest clue what is happening to their computer. The same thing can be said for Windows XP. And if MS keep bundling HTTP/FTP/SMTP servers up and running by default just like Windows 2000 a lot of people will have plenty of fun.
Actually perhaps the thing to do is to encourage all the script kiddies to hack all the Windows machine they can find, not just defacing web pages, but doing some serious damage like copying the SQL database info and send it off to the victim's competitors, then alter the data just enough to do damage but not bad enough to be noticed immediately - and after that data has been used for another few months..... well..
And after enough businesses are ruined because of all the user-friendly features of Windows perhaps people will start thinking of a more secure OS.
Last rant: idea for a nice virus: after infecting an NT box, watch of access of
Guerilla moderation (or meta-mod, not sure which) (Score:2)
by GriffX (DONTjlgriffithsSPAM@MEearthlinkPLEASE.net) on 06:23 PM July 21st, 2001 EDT (#25)
(User #130554 Info) http://www.griffx.com
Will the leader of the Center for Internet Security be running for President in twenty years as a spoiler, handing the election to oh, say, George P. Bush that time around?
These comments and opinions are mine and mine alone, although they shouldn't be."
Dear moderator: A joke about Ralph Nader isn't necessarily a flame, especially since Nader was mentioned right off the bat in the story post.
Guerilla mod, part II (Score:2)
by SumDeusExMachina (god_from_the_machine@*REMOVETHIS*hotmail.com) on 06:37 PM July 21st, 2001 EDT (#36)
(User #318037 Info)
making them less vulnerable to viruses and hacking
Well, you can just forget about Linux getting included in this initiative. After all, it is the most hacked-on operating system. Just ask Alan Cox or Linus.
"Everybody knows what's best for you" - Bad Religion"
have karma, will burn
Re:I like this quote... (Score:3)
Most people who administrate networks, are not full-time professional network administrators. It's only 5% of their job, and the other 95% of their job is something else.
---
Re:A good thing AND a bad thing (Score:4)
Yes, but if they disable Javascript, then they don't get the aforementioned popups. Then, as far as the user knows, everything works just fine.
---
Re:car metaphores (Score:2)
--
Re:car metaphores (Score:5)
--
Re:The solution to all MS related security issues (Score:1)
Re:You know what would be good? (Score:1)
Tom7 says:
Yes, though this is typically only done in interpreted languages, like perl. Compiled languages (Java, O'Caml) are more likely to use execv-like system calls
I'm not sure that that would be the case. There is a ton of code out there that uses system(3) to invoke sub-processes, despite the fact that system(3) is known to be a problematic interface from a security point of view.
Tom7 says:
Yeah, this is a good point. In fact, I bet my ftpd is more vulnerable to DOS attacks than wu_ftpd. (I think the user would have to commit as many resources sending data as I commit to receiving it, though.)
Not necessarily. It is easy enough for the attacker to spoof the initial handshake of a TCP connection just by creating raw packets and writing them over a raw socket. Your server gets hit for a file descriptor per connection while the attacker gets hit for the cost of writing some packets. You'll definitely run out of file descriptors before they run out of anything unless you go to the trouble of culling old descriptors.
Nah ah !!! (Score:2)
I guess they are talking about all those other operating systems without FreeBSD secure levels's.
Read here [freebsd.org]
Great! (Score:1)
(if you want a secure computer,
"much like..safety standards for the car industry" (Score:4)
Re:Very Bad idea. (Score:1)
First, "force" does not mean only physical forces; you appear to be a fan of free markets, so I'm sure you're familiar with the term "market forces"?
Second, as a legal fiction created by the state, Microsoft isn't subject to physical force. We could use force against Bill Gates, the Board of Directors, and/or the various shareholders and employees; we could remove property from the control of this legal fiction; we could even evoke its corporate charter (and any or all of these may be good ideas); but we cannot use physical force against a corporation.
Third, the sophomoric "no initiaion of force" rule fails so badly that its apologists have to come up with some very creative defintions of "force". A simple example - if you sit down on my front lawn and decline to leave, you aren't using force against me.
(You also have negelected to account for fraud, but most libertarian capitalists will amend the rule to "force or fraud".)
Tom Swiss | the infamous tms | http://www.infamous.net/
A very good thing (Score:2)
Micro~1.oft is the worst offender, because they strive for the easiest to use systems possible. They also know that 99% of their user base have no clue about computers beyond point-and-click of the few icons scattered on the desktop. Other
Sun is also pretty bad, they've been shipping thier OSen with tons of unnecessary services enabled by default. Every solaris install has sendmail, FTP, telnet and dozens of RPC services running, and quite often the stable version of those services are old and have scripted exploits.
Many other OS developers are in the same boat. Default passwords for unused accounts, obscure services that only 1% of the users ever even know about, and wide open services are the norm HP, IBM, Oracle, etc.
Apple is one of the few shining examples of good systems, but that is probably less for altruistic reasons than for their user oriented paradigm. They concentrate on the desktop and user, and not on network facing services. OSX is nice, because even though the system is loaded with BSD utilities, none are enabled originally, and require user intervention to turn them on. The way all systems should be.
This pressure group has been needed for more than a decade, because companies like Sun have blithely ignored all calls to tighten up their system from security experts and groups like Usenix and NANOG. Before, there were many voices saying the same thing, but never really united. It will be good to see name-and-shame lists maintained by a central group, then I can spend less time maintaining my own lists of evil services to destroy^Wcomment out immediately after an install.
the AC
Re:That IS the DMCA. Bugtraq will be sued. (Score:1)
HAH! KDE is much slower than WindowMaker and fvwm!
------
Re:The Politics Of Exposure. (Score:2)
I think if the only daemons that ran as root were wrappers that setuid()'d to other users, we'd be rid of many 'nix security problems.
------
Society and morals. (Score:2)
(Maybe where YOU live... B-) )
Actually, most people are "good" or try to be. About one in 100 (between 1-in-50 and 1-in-200) are psychopaths (apparently a brain defect that corresponds to having no concience). They generally won't be "good" unless they learn a set of rules that tells them how and find a reason that it's in their best interest to follow the rules, at least to the extent of not hurting others. Many of them do, but some don't. Another small chunk learns to be "bad" despite not having the problem.
But these few "bad guys" can cause enormous havoc. So they have high visibility. So sometimes it seems like most of the people are "bad guys".
And when they DO mention it's Microsoft specific.. (Score:5)
Yep.
And when they DO report that a particular virus or attack only hits Microsoft software they make it sound like that's because the bad guy was out to get Microsoft, completely missing that Microsoft is both the biggest and the most insecure target.
Re:It will Never Happen (Score:1)
least privilege (Score:2)
Re:You know what would be good? (Score:2)
Re:A good thing AND a bad thing (Score:3)
Not only do things stop working, but IE continuously reminds you that you've made them stop working. All I did was disable ActiveX, and every time I visit a page with Flash, I get a window-modal dialog saying "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."
Oh No! (Score:1)
PEBKAC (Score:5)
No amount of pressuring of software vendors will make a difference. Did you look at the members [cisecurity.org] lists?!? No Microsoft, No Oracle, No SAP, No Computer Associates, No Adobe, No Red Hat...hmm, pretty weak IMHO. If the vendors really cared, they would already be members in the CIS and not have to be "pressured".
Back to my inital acronym, PEBKAC. It's the weakest point in the chain of security. How many people do we know write their passwords in easily located places? How many people do we know download anything (directx updates, flash, Comet Cursor!)? How many people do we know still give out AOL passwords, even though the Instant Messange windows have warnings not to give out passwords? Even if software security settings are the highest, social engineering will always be able to bypass wetware security settings. I'm not even going to mention exploits in software, just read BugTraq.
Lastly, the car analogy doesn't hold up. You don't tell car manufacturers to build tanks because people are speeding and/or driving drunk. You educate them and if necessary, punish them. True, anti-lock brakes and airbags are standard in almost every modern car available today, but automakers only put them there because of pressure from the insurance industry. But do people will die from automobile accidents? Unfortunately, yes...again, PEBSWAC (Problem Exists Between Steering Wheel and Chair).
redking
Intel doesn't write software?!? (Score:2)
Re:Forget it... (Score:1)
McVeigh killed loads of secretaries, kids, and low-level grunts, but as far as I know he failed to get even one policymaker. So if you want to rid America of secretaries, kids, and cleaning staff, by all means do what McVeigh did.
-Legion
Re:Very good idea... (Score:1)
Oh, come on! Not even bad press made them do that, what makes you think a mere law would make them change their ways?
Stefan.
Re:A good thing AND a bad thing (Score:2)
Until software vendors can provide the user with a computing experience that is at least as trouble-free as the current situation, tying the user's hands with more secure software won't do anything other than piss him off.
And, after the third time trying to find, which security feature has to be turned off so he can do what he wants (each time having turned off several features before finding the right one, though he leaves the others turned off just to be sure it keeps working), Joe Average Enduser turns off ALL security in one fell swoop, so as to never be hindered by them ever again. J.A. Enduser hassn't an inkling what each feature is about, and "frankly, my dear, I don't give a damn."
Net result: less security than even the little now achieved.
Oh, wait, let me guess: this idea comes from Gates, who has realised, that as long as there's an internet, he can never beat the free software people. So step 1: Make sure the default setting on any computer by law makes internet a dud, step 2: J.A. Enduser opens up his computer so wide the crackers will destroy the internet, and this time M$ doens't get the blame. Brilliant!
The end of the 'net: Film at 11.
Stefan.
Re:DMCA violations? (Score:1)
This is different, though it might also be illegal due to some other silly computer crime law.
Re:How will anyone... (Score:1)
Try installing a fresh 98 box on the internet (with nobody using it), and a fresh redhat box on the internet (also with nobody using it) and see which one gets hacked first!
Re:That IS the DMCA. Bugtraq will be sued. (Score:1)
I think this is bullshit. The DMCA is a bad law, but judges aren't stupid enough to fall for that. Next, would you argue that they outlaw crowbars because it is a tool that can be used to break into a bookstore, where copyrighted works are held?
The DMCA is about digital copy protections like CSS and PDF encryption. It is not about reverse-engineering in general, though it dores restrict certain kinds of reverse-engineering.
Let's make sure we're realistic about what this law covers, and fight it on those fronts. It IS a bad law.
Re:You know what would be good? (Score:1)
> It's not hard to do in C, either; you use strncpy() instead of strcpy() and 90% of overflows go away.
I hear this a lot. If it is true, then why do we still have so many overflows in new programs?
Re:You know what would be good? (Score:1)
I don't think that's true, since it takes some deliberate work to give remote users control of your system in safe languages. In languages like O'Caml and Java, for instance, it is just impossible to run machine code that is part of the user's input. This is a property of the languages. In C it is easy.
The kind of bug which gives a remote user the ability to execute arbitrary code is the worst kind. Those are predominantly buffer overflows and format string bugs.
If you can show me a "natural" O'Caml program with a security hole of buffer-overflow magnitude in it (one that is "new" to O'Caml; it wasn't just as natural in C), I will believe you. Speculating that such bugs would exist is not quite convincing enough...
Re:You know what would be good? (Score:1)
The authors of bind, wu_ftpd, IIS 5, rpc.statd, netscape, etc. are all lazy and careless? I don't think I believe that. What programs weren't written by lazy careless people?
I think it is more because C makes it easy to make this kind of mistake.
Moving to a safe language automatically gets rid of buffer overflows and format strings (not to mention other non-security related bugs). Then we don't need to expend the care to avoid them; we can spend our time on other security issues. That is what I'm saying.
Re:You know what would be good? (Score:1)
I'm not sure that that would be the case. There is a ton of code out there that uses system(3) to invoke sub-processes, despite the fact that system(3) is known to be a problematic interface from a security point of view.
Well, true or not, it doesn't change the fact that we can eradicate a more common and more difficult-to-detect security problem by switching to safe languages. Certainly we don't introduce any more in this system(3) class by switching from C to O'Caml, for instance.
Not necessarily. It is easy enough for the attacker to spoof the initial handshake of a TCP connection just by creating raw packets and writing them over a raw socket.
It is the operating system's responsibility to be hardened against syn-flooding, since it is what implements TCP. This is a language-independent issue.
Re:You know what would be good? (Score:2)
I agree, but buffer overflows and format strings are the most common ones, and the ones which most easily lead to exploits.
Calling shells with untested user-provided parameters (e.g. 'filename; rm -rf /').
Yes, though this is typically only done in interpreted languages, like perl. Compiled languages (Java, O'Caml) are more likely to
use execv-like system calls.
Constructing filenames out of untested user-provided parameters (e.g. ' ../etc/passwd' - there should be more of '../' but Slashdot does not like that).
True. This one usually doesn't lead to a direct compromise of the host, though.
Not limiting resources (=> DoS Attacks); note that 'secure' languages are much more prone to that error because programmers usually don't care sbout size...
Yeah, this is a good point. In fact, I bet my ftpd is more vulnerable to DOS attacks than wu_ftpd. (I think the user would have to commit as many resources sending data as I commit to receiving it, though.) However, DOS attacks are much less serious than compromises of the host.
Trigger bugs in the environment (interpreter, compiler's RTL).
Scripting languages: Constructing programme code including user-provided data (e.g. with perl's eval statement).
Yes.. for this reason and the first one, I think scripting languages are also inappropriate (though not as inappropriate as C) for network applications and security-critical work.
My overall point is -- if we can *automatically* get rid of the biggest class of security problems, why aren't we doing it? We can use the time we save checking for those bugs (and patching them) securing the programs in other ways, or perhaps optimizing them so that we get the speed some claim is necessary.
You know what would be good? (Score:5)
Awright, soapbox time!
Redhat, or someone who makes a user-oriented linux distribution, should put together standard internet services which are written in a higher-level language than C. Perhaps they will not be super high-performance, or perhaps they will not have the advanced features of sendmail or bind that most users don't use. But if they're written in a safe language like Java or O'Caml (or, to a lesser extent, scripting languages like Python) we will see the largest class of security holes vanish overnight -- buffer overflows. (Also, format-style bugs, too!)
Though I don't necessarily think this would slow them down [bagley.org] -- even if it did, I am guessing that most people would take security over speed any day. I certainly would; hardware is cheap but my time patching and responding to incidents isn't!
I know that C is highly regarded as a systems programming language; it has many useful features in this respect. But it happens to encourage some idioms which are entirely inappropriate for network or security-critical applications. It's really not that hard to do systems programming in other languages. I kept saying this and people kept arguing with me, so I rewrote ftpd in SML [standardml.org] . It only took me a few days; maybe a bigger team or better programmers could crank these out even faster. Here is the source code [sourceforge.net] . (Also identd [sourceforge.net] and fingerd [sourceforge.net] ). These are not as featureful as their standard counterparts, but they are much much shorter, and buffer-overflow free.
If they can't do that because it seems like too much work (I believe moving to a more modern language would be worth it anyway), why aren't they at least compiling their default installs with stackguard [immunix.org] ? This is so easy to use, and makes exploiting buffer overflows so much more difficult. The speed loss is imperceptible and existing code carries over.
Let's leave the last 30 years of the last century behind us and move to a world without buffer overflows! If we do this, we can perhaps spend less time worrying about security (our current practices are NOT WORKING, by the way) and start worrying about more important things!
(Yes, it's true that the sshd problem is just dumb coding and is not C's fault. However, most of the rest of this year's, and last year's big security holes come from buffer overflows. Viz: Code Red worm, BIND exploits, wu_ftpd exploits, etc...)
Re:A good thing AND a bad thing (Score:1)
Knowing Microsoft, bugs will remain to exist in their software, ie Outlook, that nice newly discovered bug [theregister.co.uk] in Office XP, and so on. Presumably the same will be true of approved third party software. SOAP [develop.com] would appear to involve passing XML through port 80 ie as an HTTP request (not so bizarre in a sense)... which when you come to think about it means that a sysadmin (or any firewall software user) can no longer rely on blocking ports to secure a computer.
Meaning that firewall software is going to have to make more of a point of scanning for content, just, but it's strange how Microsoft manage to add 'security' by constraint whilst simultaneously messing up in the other direction. It's not going to be enough to lay down the law to software vendors about 'the highest security levels' without going into 'why we use standards and don't go off doing whatever the hell we feel like just to confuse sysadmins and break firewalls'. (This might be why Schneier seems so dubious about the measure...) Having said that, congratulations to all 170 members of the Center for Internet Security for trying - at least it gives them legitimate grounds to gripe when Microsoft open new and innovative ways to destroy PCs and deliver viruses via HTTP and email...
Re:Very Bad idea. (Score:2)
At the very least, what you need to do is make it so that the highest security level is clearly available for the default install. Much like the RedHat Firewall stuff in 7.1, that brings a pop-up that gives high-security as an option... (though a not terribly workable option if you actually want your machine to talk to the world much).
There's the old adage that the only fully secure system is encased in cement (unplugged) and sitting at the bottom of a lake -- and that presumes you can control physical access to the lake.
One of the fights for secure systems is to balance usability with risk. The most usable systems have little or no security. The most secure systems tend to have their usability curtailed.
Then there's Windows, which is neither very secure nor very usable -- and the two may be related.
--
Re:car metaphores (Score:1)
That was unexpected
More good than bad (Score:1)
That would be a good thing, no?
The Liscense is Liscensed! (Score:1)
Logical solution (Score:2)
That IS the DMCA. Bugtraq will be sued. (Score:1)
The DMCA is about tools for defeating protection schemes to gain access to a copy-protected work.
Say we have a protection scheme. Call it a "share." There are copyrighted (but legitimately licensed) works on this share, but the system requires an authentication step to access the works. Now, if a fellow figures out how to get into a share without the information necessary to authenticate, he has violated the letter of the DMCA.
It is highly likely that at the next report of a hole in Windows shares, Bugtraq will be sued for disseminating information on how to get w4r3z from an unsuspecting user who has shared the C: drive.
Question... (Score:1)
Re:A good thing AND a bad thing (Score:1)
Re:The Politics Of Exposure. (Score:1)
Re:The Politics Of Exposure. (Score:1)
Re:You know what would be good? (Score:1)
This is exactly backward. Those particular exploits are the most common because there are so many system programs written in languages where they're the exploits of choice, and because exploit writers have lots of practice taking advantage of them. If you switched to a different language with a different set of pitfalls, you'd find that the exploits would be different but not necessarily any less damaging or less common. There might be something of a reprieve while the exploit writers got used to the taking advantage of a new set of problems, but there might very well be more errors to find because software authors were less used to the new pitfalls they're facing.
Re:A good thing AND a bad thing (Score:2)
That may be somewhat true, but it doesn't mean that there's necessarily a linear tradeoff between security and usability. For instance, turning off by default services that only advanced users will want to have available is a pretty good idea. Ordinary users aren't going to notice that they're missing anything, while the advanced users will be smart enough to know which things to turn on to get the services they want. The tradeoff there is a tiny bit of usability for a lot of increased security, which is a good deal.
Similarly, switching from a well designed single-user to a well-designed multi-user system should increase security quite a bit without excessive difficulty for the users. Users will still be able to do the kinds of things that they want without risk of their files being read/clobbered by another user. When they try to shoot themselves in the foot, though, the system kindly steps in and tells them that they need help from a sysadmin to do that. I find that this is nice even on my personal system that I don't share with anyone else; I've probably saved myself more grief by having a safety mechanism there to prevent stupid errors than the time wasted by suing to root.
Re:You know what would be good? (Score:1)
You can even install some premade Immunix packages on top of Mandrake or Redhat. I'm successfully running apache, bind, pidentd, and openssh from Immunix conveniently on top of my good old Mandrake 7.2. I got it from the nice mirror at ibiblio [ibiblio.org] and just installed them like any other package.
There is minor overlap in functionality between the two kernel-based and glibc-based subsystems, but it seems to me that the rest of these methods are all complementary. Do any of you know of a comparison between them or any analysis of them together?
Relevant criteria would include the development methods, objectives, and priorities such as the fact that as far as I know, LIDS and everything from Immunix only run on IA32. :( Then there may be technical superiority or optimization. They're all open source compatible so we're covered that way. Any other criteria?
To recap:
===
Like Ralph Nader? (Score:1)
But, as seat belt laws were enacted, usage increased dramatically. And, when they are made primary offenses (enough to be stopped by the police without any other reason), usage goes up even more to near 80%.
My point is, people need to know how and why to protect themselves. If we simply rely on technology and settings that come from the factory, security problems will only increase. Like airbags, good security settings are important. But they are only going to be effective when people view security as something that a proactive and responsible person concerns themselves with.
It will Never Happen (Score:1)
Re:The Politics Of Exposure. (Score:1)
DMCA violations? (Score:2)
Re:good in theory (Score:2)
See their Charter's section on Participants in the Process [cisecurity.org], there are a few government agencies involved, but they are there in capacities which can only be filled by them. The FBI is the best to ask about how to collect data which can be used in a court of law, and one aspect of security is "get the bad guy" after he's done his deed. So why not ask the FBI how you can best support their efforts to find the guy who screwed you? Then there are the various secret-type agencies who are rather good at testing and classifying systems based upon security, so they might be good to talk to when establishing benchmarks.
In other news ... (Score:2)
Head of the Automotive Licensing League, Bob Smith, "These agreements allow A.L.L., as providers of world-class transportation devices, to offer our customers a quality product, at a reduced price. Most of our Drivers will not notice any change in their Driving Experience (TM), only a decrease in the price they pay for our top-tier products. We manage this amazing feat by removing only one feature, a feature which almost no one uses, and which costs exhorbitant amounts of money. With this near-useless 'feature' removed, we can produce our world-famous transportation solutions at a reduced cost, and pass the savings on to you, our valued Drivers."
Opponents of the new EDAs claim that people who purchase a car and sign an EDA forfeit any and all rights to sue the car manufacturer. These opponents further claim that if EDAs were in wide-spread use, car manufacturers could all reduce the amount of money they spend on safety features and safety research, and victims of the resulting accidents would have no legal recourse. The A.L.L. spokesman denied these allegations, and that's good enough for this reporter.
So stop complaining and sign the Agreement.
Re:The metaphore is the automobile industry ..... (Score:1)
Which would be an excellent point if we were making an analogy , but we aren't
Cheers!
Zero__Kelvin, who is not to be confused with Zero_Kelvin!
Re:How about some liability as well... (Score:1)
Which licensing agreement?
Oh, you mean the text THEY refer to as "licensing agreement" when in fact it has no legally binding effect at all (modulo some contries/states with a screwed legal system)...
Re:You know what would be good? (Score:1)
There are a lot of another security problems than buffer overflows and format-string bugs:
Now if these programmes even run as root because 'they are secure anyway'...
The real solutions have to be different:
And finally:
For example, look at qmail [qmail.org]'s secutiry scheme.
Re:How about some liability as well... (Score:1)
Thats true, and you're probably completely right. But there is also one important difference when dealing with software security. There is always a third person involved. They can say, "Hey, dont blame us. It would have worked if it weren't for those pesky hackers!"
Many people will just accept that.
Re:How will anyone... (Score:2)
Also, check out setting a custom security level. It gives you a list of features to enable or disable. Apparantly, increasing the security in their security bar is the exact same thing as removing functionality.
Think of Microsoft's solution to Outlook to protect against those 'viruses' like the "I Love You". They came out with a patch to disable receiving files with certains extentions. Like not being able to receive *.exe, *.vbs. It was a long list, but it really shows how Microsoft views security, and what they would do if they shipped their products at their 'highest security level'.
Re:How will anyone... (Score:3)
The root level problem is there's nothing you can do if the user insists on executing things they find in their inbox. There's a hundred ways to send mail that don't involve Outlook APIs. So, solve the root problem and get rid of executables in mail. Smart shops are probably already doing this on the server level. (And yes, it does suck that you can't turn it off.)
Re:car metaphores (Score:1)
No-one expects the SpanishInquisition flame!
Re:car metaphores (Score:1)
I'll go to bed now...
Re:I like this quote... (Score:1)
This is, unfortunately, true.
I would like nothing better than to be a full-time network administrator. However, until recently, this was a solo shop with an insane number of computers and system, with vendors who refused to play nice with one another, and a management who had (has) unrealistic expectations of one human MIS person. So I was netad, sysad, helpdesk, tech liason... in other words, 'the comuter guy.' I would almost scream when someone called me 'the computer expert.'
Fortunately, I now have someone here to help me, but I keep hearing that management here is trying to cut corners again, and may want to get rid of him.
It was this job which is the nail in my IT coffin, after only eight months of greymatta flambe, and it will be my last job doing IT work professionally and full-time.
---
Chief Technician, Helpdesk at the End of the World
car metaphores (Score:5)
Re:You know what would be good? (Score:1)
Red Hat's "right thing" (Score:1)
But that's Red Hat's big problem, really...even the "custom" installs put junk on your system you don't need (example: I use Enlightenemnt, and mostly GNOME-based apps. I leave Qt and some other assorted libs around, but don't need KDE. What did it do? Installed a bunch of KDE packages, despite my having conspicuously not checked the box for "KDE" on the menu...first thing I do after an install is run GNOME-RPM and start uninstalling stuff).
Re:A good thing AND a bad thing (Score:1)
Disable JavaScript and you'll find that many websites use it for stupid reasons -- things that could be easily done without it. Though this isn't an OS specific issue, it would still cause problems if a browser were shipped with JS disabled by default.
Back on topic though, I don't think security should be a requirement. I just think that people will make one of three choices:
1) Ignore security, use the "normal" OS, and reinstall every 30 days or so;
2) Educate themselves on security (perhaps the hard way), and lock down their systems;
3) Switch to an OS that is already more secure out of the box.
Unfortunately, most users fall into #1... But this is the choice the user makes, and that's the important thing: the user makes the choice, not a software corporation, and not any regulations imposed on the software corporations. Things will only get better when users get smarter.
- Jman
good in theory (Score:2)
The primary reason people don't steal things randomly is because they don't want to get arrested. Yes, some people have morals, most of society -doesn't-. (Yes, I look down on my fellow man.)
As soon as it becomes commonplace (as if it hasn't) to censor any "subversive" behavior, any intelligent thinking, and any questioning of various standards (ie: PDF security), even for truly and purely intellectual reasons,
Don't get me wrong, I am not saying we should stop fighting. But trying to make a law to demand security won't work, because many people still believe in "security through obfuscation", and in that case it becomes a matter of either perspective or time. (The Vigenier cipher was considered unbreakable in its time, now..well it'll take a few moments).
We should push this, but more importantly continue fighting (and more aggresively) for the repealment of the DMCA. If the DMCA stands, a pressure for security will have absolutely no effect.
My penny's worth....
Re:weird slashdot errors (Score:1)
Re:How about some liability as well... (Score:1)
How about some liability as well... (Score:2)
Re:A good thing AND a bad thing (Score:2)
Agreed. Security and usability are at the opposite ends of the computing spectrum. The average computer user has enough trouble maintaining and using a computer running Windows (or a Mac) as it is. Passing the burden of security along to the user is, IMO, a bad idea that will only lead to frustration.
Security issues should be addressed by software vendors in such a way that it is transparent to the user. While this is difficult, it can be done (e.g. Mac OS X hiding root from the user while still providing multi-user UNIX security).
Until software vendors can provide the user with a computing experience that is at least as trouble-free as the current situation, tying the user's hands with more secure software won't do anything other than piss him off.
Re:car metaphores (Score:1)
Re:It will Never Happen (Score:1)
Very good idea... (Score:1)
I like this quote... (Score:2)
Many network administrators don't know how to change security settings on desktop machines (which are usually some flavor of windows)??? How do they keep their jobs if they can't change a desktop computer's security settings?
The scary thing is, it's probably true. I thought back to my college days and all my fellow CIS majors (computer info. systems). A lot of them couldn't use windows, understand "for" loops or update a printer driver, yet they got their degrees. And they are the ones who use Windows NT and IIS and Outlook because it's so damn easy to install and everything has a pretty icon for it ("ooh! a picture of a person means this icon lets me add people to the PDC... what does PDC mean?"). Not to mention they probably believed Microsoft got to the top because they made the best product, and unix is old so it must be bad.
So considering that the quote above probably has some scary truth to it, maybe we should focus more on idiot-proofing the Network Administration population, and less on idiot-proofing servers with more security installed by default. Remember, if it's installed by default, it will always be the same solution- and that's easier to hack than a security setting that set by each individual sysadmin. Example - If a particular Linux distro by default installed the very strong root password of H8&^h3{ew and a user called user1 with password D4s^Je0* on every machine, wouldn't some less intelligent sysadmins keep those on there, figuring it was pretty strong? Then some beginner hackers could search the web for that flavor's default apache page, telnet the IP and root the machine! Just an example, but meant to point out that installing high security by default could backfire, and usually a better solution is less idiots, not more idiot-proof machines.
A good thing AND a bad thing (Score:5)
OK - Now that I've calmed down....
While I think this is a great idea, I worry that this will cause problems for average users AND I doubt vendos like Microsoft will bother. Ever tried to browse the web with IE set to the max security level? Lots of stuff stops working! RedHat did the right thing w 7.x by locking down most services so you had to open them up if you needed ftp, telnet, etc. But when it comes to Java, web browsing and other stuff, locking it down will only frustrate users who are used to browsers just 'working' - Imagine if they get hammered with popups about enabling cookies, Javascript, Java, etc.
I'm not saying that this is a bad cause, it's a noble one, but it seems that much more work needs to be done on the underlying security risks of certain platforms vs. just running them at a 'secure' level
Re:You know what would be good? (Score:1)
Re:A good thing AND a bad thing (Score:1)
Much better then having tens of daemons running just after a fresh install.
And this is not even advanced security features. It's plain basic: don't leave anything running that you don't need to.
---
Re:A good thing AND a bad thing (Score:1)
Re:I like this quote... (Score:1)
Re:Oh, Joy... (Score:1)
Nader has nothing to do with this. And did Dubya ever have a real job?
Re:The metaphore is the automobile industry ..... (Score:1)
Re:The metaphore is the automobile industry ..... (Score:1)
Whoops, disqualification! (Score:1)
Well, you can just forget about Linux getting included in this initiative. After all, it is the most hacked-on operating system. Just ask Alan Cox or Linus.
Re:Forget it... (Score:1)
Re:Forget it... (Score:1)
Very Bad idea. (Score:1)
force is no way to deal with ANYONE. any civilized society has to agree that no one may initiate the use of physical force against anyone. If Microsoft wants to release unsafe, crappy software, they should be able to release it under their terms. force is not an option.
Persuade microsoft. Use your wallet. Publish articles. Write better software. do everything, but do not demand, by physical force, that microsoft must produce under your conditions, or anyone elses.
Re:Very Bad idea. (Score:1)
The alternative is force. Either force or persuasion, your choice. Force is the antithesis of life. You and I may agree that security in some software applications, and the OS'es they run on, is horrible. But consensus among two (or two billion) individuals does not give right to those individuals to force a third to believe it. Nor does it give us or anyone the right to dictate how businesses must be run. businesses are methods of survival (since it is not automatic) for many people. To tell those people that instead of making choices they deem right about their company, that they must follow your order, is wrong. It tells people that their survival hinges on your force against them.
Individuals should deal with each other as traders, not as ruffians who use force.
By the way, what is greed? You didn't define it. If greed is seeking better and still better ways to make products, survive, thrive, seek individual happiness, be innovative, etc, then I think it's a pretty damn good concept. The desire for money is a desire for survival, and then an increased level of comfort and enjoyment. Since money can't be forced from people, and has to be taken by trade, it's as moral an existence as you could hope for. Your choice: dollars or guns.
Could this be the end for Milhouse? (Score:2)
Hmm....spooky. l wonder what a good way to stop "virus-infected pirated software" will be...
Sample 'Pressuring' (Score:2)
Re:PEBKAC (Score:3)
Oh, fnord joy... (Score:2)
Were you going for an ad hominem attack here? Consider this: Is CEO a "real" job? Nader and other consumer advocates are at least responsible enough to do for consumers what consumers should be doing for themselves.
He's not trying to tell them how to design their products. He is making our government aware that there is a minimum acceptable level of safety for any and all consumer products. We all have become too complacent after years and years of buying and using defective commercial software. If you read slashdot at all, you will know how just how defective these products are and the havoc that they can wreak [slashdot.org].