Florian Cramer on Sat, 13 Sep 2003 20:15:32 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> SPAMandVIRIImakeITdie-digest [Chris Welsh, Morlock Elloi]


Am Samstag, 13. September 2003 um 06:37:08 Uhr (-0400) schrieb Nettime:
 
> There is no solution for the unwashed masses. That is the price of
> monoculture.  If you want millions that have no real clue what
> computers are to have a single "user friednly" OS of choice, than that
> one becomes the target. That will not change.

Right, and the actual problem with Windows is a userbase which 
largely doesn't even know (a) how to work under an account
without superuser/administator priviledges (under WinNT/2000/XP) and (b)
to use different E-Mail clients than Outlook Express. None of the recent
viruses would have done any harm if the above two conditions were
met.

Both MacOS X and GNU/Linux have security holes in their userland
announced every week, many of which are remotely exploitable and give an
attacker superuser priviledges on a cracked computer. MacOS X may be
potentially more vulnerable because, by the nature of its distribution,
its installations are much less diverse and contain much more
software/services by default than the countless distributions and
individual setups of GNU/Linux and the free BSDs. (For example, an RPC
hole in GNU/Linux or NetBSD would affect only a minority of systems
running NFS services.)  Still, the default factory setup of both MacOS X
and free Unix-like operating systems is more secure than Windows,
and it helps that users of minority platforms are typically better
skilled and apply the necessary software updates.

If the mainstream of Windows users would run broken and unmaintained
MacOS X or GNU/Linux systems, the exploits could be even worse than in
Windows because both systems offer better remote administration through
the commandline. One could be almost thankful for Microsoft that its OS
creates a honeypot for the computer illiterate.

Microsoft can be blamed, however, for setting up the default
installations of Windows in a blatantly insecure way: with various open
network ports/services, default user accounts with administrator
priviledges, with Internet clients (IE/Outlook Express) that are
insecure by design through their integration into the OS and its
scripting/programming interfaces, by allowing - by default - the
execution of remote binary Windows code (a.k.a. "ActiveX") without any
security measures (like sandboxing in a virtual machine), and by closely
integrating network services with the internal component/object model of
Windows so that disabling all network services leaves a Windows system
unusable to the point that even copy/paste or the file find dialog don't
work any more.*


-F


* In contrast, GNU/Linux and *BSD can be set up so that they
don't open network ports at all, even without firewalling, by commenting
out all lines in /etc/inetd.conf, replacing printer spoolers like
lpr/cups with pdq and MTA like sendmail/exim/postfix/qmail with
nullmailer or ssmtp.

-- 
http://userpage.fu-berlin.de/~cantsin/homepage/
http://www.complit.fu-berlin.de/institut/lehrpersonal/cramer.html
GnuPG/PGP public key ID 3200C7BA, finger cantsin@mail.zedat.fu-berlin.de

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net