Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Closed Thread
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old June 5, 2010, 02:04 PM
chrisk's Avatar
Folding Captain
 
Join Date: Jul 2008
Location: GTA, Ontario
Posts: 7,401

My System Specs

Default

Quote:
Originally Posted by DCCV44.2223 View Post
Don't want to start an OS war but in this case where it's a case of state sponsored cracking (allegedly... ), it doesn't really matter what OS is used. Even if the OS is "secure" you'll still have to worry about all the apps, no software has ever been totally bug free, the only real advantage Linux has over Windows 7 is that it defaults to a restricted user account.

Here's one view on the state of things from a CansecWest participant:

Pwn2Own 2010: interview with Charlie Miller |oneITsecurity
Yep; in a fair contest where all the OSes are an equal target, Apple's software is cracked before Microsoft's:
Quote:
Windows 7 or Snow Leopard, which of these two commercial OS will be harder to hack and why?
Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows.
__________________
Fold for team #54196
  #12 (permalink)  
Old June 5, 2010, 11:36 PM
m1dget's Avatar
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

Quote:
Originally Posted by DCCV44.2223 View Post
Don't want to start an OS war but in this case where it's a case of state sponsored cracking (allegedly... ), it doesn't really matter what OS is used. Even if the OS is "secure" you'll still have to worry about all the apps, no software has ever been totally bug free, the only real advantage Linux has over Windows 7 is that it defaults to a restricted user account.

Here's one view on the state of things from a CansecWest participant:

Pwn2Own 2010: interview with Charlie Miller |oneITsecurity
Read a bit about Miller's background before putting him as a proof that OSX security is deficient.
If you knew anything about that guy you would never have put up his name near this thread.

I'm not explaining that one. Google and search for his biography, blog, quotes and interviews.

If you want too, search for Dai Zovi also. Those guys are geniuses at what they do and there's a specific reason why they target more a UNIX/BSD platform than anything else.

And if you want to go in a useless superficial argument thread, well just search for what those guys have to say on Windows data execution prevention mechanism, buffer ovelflow prevention thechniques, binairies obfuscation methods, overall network protection and remote execution prevention technique.

Those guys are laughing their butts off at MS relentless incompetentce.

Quote:
Originally Posted by Perineum View Post
It's well known that Apple's security is a joke, so I don't know why this thread is so "hilarious"
Read the above. Pointless post.


Quote:
Originally Posted by jdrom17 View Post
I think this: Fudzilla sums up my thoughts.

Windows is merely targeted because its the most widely used OS worldwide. However at the same time, MS is pretty quick at fixing security problems and security software for Windows is pretty darn good.

Linux and Mac don't really have any security software, and the ones that do exist are still in their infancy. As such the protection offered, doesn't match the Windows counterparts.

Assuming Windows is properly configured and there isn't some daft user in front of the machine, I'd say Windows is pretty darn secure. For the acronym lovers, PEBKAC.
That was more than entertaining. I love those "bloggers" who have neverending knowledge about everything and frankly don't know jack squat about anything they write about. Those guys are the stereotypes drawn in theoatmeal's cartoon.

Linux and Mac protection unfancy? May I beg your pardon? You sir should really go read a bit about kernel programming and all the security features offered in low level or even higher level of linux 2.6 and FreeBSD/OpenBSD. If you want to know exactly why you are wrong I recommend you reading:

-"Understanding the Linux Kernel"
-"SELinux: NSA's Open Source Security Enhanced Linux"
-"Security Warrior"
-"Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort"
-"Absolute FreeBSD"
-"Mastering FreeBSD and OpenBSD security"
-"Network Security Hacks: Tips & Tools for Protecting Your Privacy"
-"Designing BSD rootkits"
-"Mac OSX Internals".
(optional "starter's" books but good to understand a few of my points above)
-"Hacking: The Art of Exploitation"
-"Reversing: Secrets of Reverse Engineering"

Read this and come after arguing about Linux and OSX not being secure because everything depicted in the article makes no sense from a technical point of view.


Quote:
Originally Posted by ilya View Post
Don't you remember how bad XP was? It took them 2 service packs and years to get the security loopholes fixed, even the most competent user couldn't run w/o security software if they didn't want non stop popups. Don't even get started on Vista. But in light of that 7 hasn't been as ridiculously slow in terms of obvious security fixes.
Exactly, the number of holes in that was overwhelming and didn't get fixed right away, it took months or years to fix the majority of critical security bugs.


Quote:
Originally Posted by jdrom17 View Post
I never had any virus/malware problems with XP...

I stand by the fact that it's entirely up to the person using the PC.
Pointless argument. You perfectly know that everybody gets them and have -knowledge of it- except people who are paranoid and have an anti-virus or simply don't have an anti-virus and don't get warned when they got one.


Quote:
Originally Posted by chriskwarren View Post
Yep; in a fair contest where all the OSes are an equal target, Apple's software is cracked before Microsoft's:
Chris read the top of my post.

And also for your Miller's quote did you ask yourself why he said "harder" but not impossible?

(answer: MS security implementation are simply deficient)
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG
  #13 (permalink)  
Old June 6, 2010, 06:32 AM
AkG's Avatar
AkG AkG is offline
Hardware Canucks Reviewer
 
Join Date: Oct 2007
Posts: 4,325
Default

Very, few modern hacks are carried out by pure vulnerabilities in the OS. Rather they use social engineering attach vectors. It doesnt matter what OS the avg joe uses...IF he says "OK" to install it...even if that means an extra sudo step...s/he will. This is where your argument on the "strength" of the kernel breaks down. More "secure" (not perfect mind you just theoretically more secure) or not, people change the equation. You can harden the os all you want but if the person really wants to install it he will. You simply can not in a home enviro disallow people to install what they want....thus what is "more secure" on paper is crap in the real world. I say its crap because I come across people all the time who naively think that because they run nix or apple os x they are safe and need not worry about such "ms problems". right now apple and unix are just lucky as they have security through obscurity working for them as they out and out suck at finding and implementing patches. MS is actually very active in plugging leaks.

Anything man made can and is hacked. If unbuntu (for example) or even apple ever got a major share of the market....they would be just as bad if not worse then MS. Patches take time, money and resources something that only MS has allocated said resources towards. Apple does it because they are too cheap to fix their problems and rather spend the money on brainwashing adverts. Nix does it because....and wait for it....they have no freaking money. A free as in beer business model...isnt viable. If you dont have the resources to fix it...you are SOL. The only reasons ubuntu (for example) are doing as good as they are is because of a sugar daddy wasting his money. Dont get me wrong, I LIKE free, but in an apples to apples "fight" that is why they always will be inferior to a paid OS. They come from a stronger starting point, but its foolish to think that because they start out stronger the end result is better. That is why they are not ready for prime time in the home enviro...and why they are not taken seriously in the business world.

If you want to think that its all a con job that apple's OS is always the first to be broken at those competitions (pwn2own, etc) then thats your right. Its foolish and shows ignorance on the topic but that is your right.
__________________
"If you ever start taking things too seriously, just remember that we are talking monkeys on an organic spaceship flying through the universe." -JR

“if your opponent has a conscience, then follow Gandhi. But if you enemy has no conscience, like Hitler, then follow Bonhoeffer.” - Dr. MLK jr
  #14 (permalink)  
Old June 6, 2010, 07:06 AM
m1dget's Avatar
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

Quote:
Originally Posted by AkG View Post
Very, few modern hacks are carried out by pure vulnerabilities in the OS. Rather they use social engineering attach vectors. It doesnt matter what OS the avg joe uses...IF he says "OK" to install it...even if that means an extra sudo step...s/he will. This is where your argument on the "strength" of the kernel breaks down.
The user's stupidity factor is good for all platform, this is obvious.

Quote:
Originally Posted by AkG View Post
More "secure" (not perfect mind you just theoretically more secure) or not, people change the equation.
More secure does not exist. It's secure or it's not. Though I understand what you mean.

Quote:
Originally Posted by AkG View Post
You can harden the os all you want but if the person really wants to install it he will. You simply can not in a home enviro disallow people to install what they want....thus what is "more secure" on paper is crap in the real world.
Theorically Windows is one of the most secure OS on paper. Real world? It's simply deficient (to avoid saying it's crap).


Quote:
Originally Posted by AkG View Post
I say its crap because I come across people all the time who naively think that because they run nix or apple os x they are safe and need not worry about such "ms problems". right now apple and unix are just lucky as they have security through obscurity working for them as they out and out suck at finding and implementing patches. MS is actually very active in plugging leaks.
Wait what? You are serious by saying that *nix == security by obscurity? Really?!?
I think that you can't be more wrong than this my friend. -Wow-

Suck at find and applying patch? Dude, wtf are you talking about? Seriously?
I fear that part of the post is a complete joke.

For my and other people's entertainement, you absolutely need to explain or link me to some other article that even remotely attempts to explain your point in technical details.


Quote:
Originally Posted by AkG View Post
Anything man made can and is hacked. If unbuntu (for example) or even apple ever got a major share of the market....they would be just as bad if not worse then MS.
One word: No. Why? Simply because of the approach that Apple's take towards their customers. They show them how to use the computer and after having educated them enough on what -not- to do they let them go away. Sure it's not the case for anyone, as the stupidity factor wouldn't exist, but that should make some damage control in the long run.

Since that is not enough, well there's some other methods of protecting OSX user's butts from the hostile internet.
For one there's the nice signed binairies checking at kernel level that would simply allow virus not to run on the host machine if they were ever flagged as a virus or rootkit.

For the others well there's already all the security features of a normal FreeBSD derived system and of course on top a system of secure policies enforcing the overall machine security.

And at last there's always the good old fashioned anti-virus.

Quote:
Originally Posted by AkG View Post
Patches take time, money and resources something that only MS has allocated said resources towards. Apple does it because they are too cheap to fix their problems and rather spend the money on brainwashing adverts.
You are kidding right? Are you sincerely underestimating a fine running machine like Apple? If they see tomorow that somehow they need to put more ressources into something (virus for example), they will put it.

Quote:
Originally Posted by AkG View Post
Nix does it because....and wait for it....they have no freaking money. A free as in beer business model...isnt viable. If you dont have the resources to fix it...you are SOL.
OpenBSD

I think they are laughing at you for saying that. ;)

Quote:
Originally Posted by AkG View Post
The only reasons ubuntu (for example) are doing as good as they are is because of a sugar daddy wasting his money. Dont get me wrong, I LIKE free, but in an apples to apples "fight" that is why they always will be inferior to a paid OS. They come from a stronger starting point, but its foolish to think that because they start out stronger the end result is better. That is why they are not ready for prime time in the home enviro...and why they are not taken seriously in the business world.
All the computers and servers in my company disagree with you right now. Also I think the fellows at Red Hat feel that you forgot to add them in your train of thought before writing that.

Quote:
Originally Posted by AkG View Post
If you want to think that its all a con job that apple's OS is always the first to be broken at those competitions (pwn2own, etc) then thats your right. Its foolish and shows ignorance on the topic but that is your right.
Instead of writing something pointless like this, make a bit of search to know why they are the first to fall and the target of choice for most security experts.

(hint: 25 years of experience with unix systems + target is opensource)

PS: I need a beer after all this
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG
  #15 (permalink)  
Old June 6, 2010, 01:16 PM
SneakySnake's Avatar
MVP
F@H
 
Join Date: Mar 2009
Location: Waterloo
Posts: 296

My System Specs

Default

Quote:
Originally Posted by m1dget View Post
More secure does not exist. It's secure or it's not. Though I understand what you mean.
More secure does exist. Hypothetical situation: I have to two bodyguards when I go shopping. You only have one. I am more secure.

definition of more: 'a quantifier meaning greater in size or amount or extent or degree'
  #16 (permalink)  
Old June 6, 2010, 01:31 PM
m1dget's Avatar
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

Quote:
Originally Posted by SneakySnake View Post
More secure does exist. Hypothetical situation: I have to two bodyguards when I go shopping. You only have one. I am more secure.

definition of more: 'a quantifier meaning greater in size or amount or extent or degree'
Computer security 101: It's secure or it's not. There's no middle... it's 0 or 1.
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG
  #17 (permalink)  
Old June 6, 2010, 01:35 PM
SneakySnake's Avatar
MVP
F@H
 
Join Date: Mar 2009
Location: Waterloo
Posts: 296

My System Specs

Default

Quote:
Originally Posted by m1dget View Post
Computer security 101: It's secure or it's not. There's no middle... it's 0 or 1.
But there's still secure and more secure. Think about WEP vs WPA protection for your WiFi. One of them offers better (more) security.
  #18 (permalink)  
Old June 6, 2010, 01:38 PM
Hall Of Fame
F@H
 
Join Date: Oct 2008
Location: Ottawa
Posts: 2,026
Default

Quote:
Originally Posted by SneakySnake View Post
But there's still secure and more secure. Think about WEP vs WPA protection for your WiFi. One of them offers better (more) security.
Very good point. It's like locking your windows and doors keeps your house safe but if you have a security system also then that's a step up.
__________________
"What is the colour when black is burnt ?" - Neil Young
  #19 (permalink)  
Old June 6, 2010, 01:42 PM
m1dget's Avatar
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

Quote:
Originally Posted by SneakySnake View Post
But there's still secure and more secure. Think about WEP vs WPA protection for your WiFi. One of them offers better (more) security.
None of them are secure.

Though one is harder to crack than the other. Little difference here.
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG
  #20 (permalink)  
Old June 6, 2010, 01:45 PM
chrisk's Avatar
Folding Captain
 
Join Date: Jul 2008
Location: GTA, Ontario
Posts: 7,401

My System Specs

Default

Quote:
Originally Posted by m1dget View Post
Computer security 101: It's secure or it's not. There's no middle... it's 0 or 1.
Quote:
Originally Posted by SneakySnake View Post
But there's still secure and more secure. Think about WEP vs WPA protection for your WiFi. One of them offers better (more) security.
Quote:
Originally Posted by crazyhorsejohnny View Post
Very good point. It's like locking your windows and doors keeps your house safe but if you have a security system also then that's a step up.
If you argue that its secure or not, then you could easily argue that there is no security at all for any OS, as all of them have been compromised.

Security is more of a 'discouragement.' The more security you have, the harder it is to be hacked, but it is never possible to be secure if you only have two choices like you suggest M1dget. The world is not that simple thankfully.
__________________
Fold for team #54196
Closed Thread


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hehe... m1dget Mac 77 May 2, 2010 04:14 PM