full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Linux big bang theory.

Re: [Full-disclosure] Linux big bang theory....

From: Kradorex Xeron <admin_at_nospam>
Date: Fri May 11 2007 - 22:05:37 GMT
To: full-disclosure@lists.grok.org.uk


On Thursday 10 May 2007 19:43, KJKHyperion wrote:
> J. Oquendo wrote:
> > KJKHyperion wrote:
> >> why, Windows machines of course, I'm an attacker, not a fool! If you
> >> were a terrorist, what would you rather do?
> >>
> >> Crash the Twin Towers
> >> Crash the dollar
> >>
> >> There is no such thing as an "attacker". All actions, even such an
> >> individual's, are driven by economical considerations.
> >
> > With this said, if I were an attacker with economics in mind
> > why would I want to target a machine which has X amount of
> > vendors sifting through the much of malware and viruses when
> > I could spawn off an semi undetectable program and KEEP IT
> > THERE without having to wait for the next best thing.
>
> So many misconceptions, so little time.
>
> First of all, I meant economical in not just a monetary sense, but the
> wider sense of balancing conflict in everyone's interest. And well, I
> got the impression you were thinking of outlandish lose-lose (hence
> anti-economical) scenarios where some loose cannon shuts down the whole
> internet, but on second thought I might have been wrong on that account.
> The idea was that, as effective an enemy-killer crashing the dollar
> would be, it would prove counterproductive, damaging irreparably the
> very currency that puts bread on your table and AK-47 on your shoulder.
> So a purely economical evaluation will bring you to choose, instead, the
> option causing the lesser evil (i.e. the virtual death of the airline
> terrorism market).
>
> Second, don't kid yourself, the market of security suites for Windows
> is, at best, an open-air fish marketplace (a terrible stink, a lot of
> yelling and products with an inherently short freshness timespan the
> first similarities that come to mind, but I'm sure the mental picture
> will evoke you many others).
>
> I have written Windows attack software for a living, and there's one
> thing I can write down and undersign in my own blood: Windows cannot be
> secured. Which is very bad news for the whole industry, Windows being
> the system with the highest security/feature richness ratio, or in other
> words the culmination of the state of the art of software engineering as
> we know it. We lack the semantic tools to even express *what* Windows
> does, much less how, much less to tell right from wrong
>
> [The feeble-minded, confronted with this, retreat in the virtualization
> hugbox, forgetting the historic lesson that the Titanic sank because the
> flooding bypassed the (insufficiently fine-grained, at that) waterproof
> compartments by reaching *over* them -- and let's leave it at that,
> before runaway metaphorization makes me say something about how Leonardo
> Di Caprio fits that I will regret]
>
> There is nothing, absolutely nothing you can do to isolate applications,
> or tell malicious from normal behavior. Hell, you can hardly tell apart
> applications from each other. An application is often just an EXE, but
> sometimes it's an EXE and a bunch of DLLs, and sometimes one of the DLLs
> is loaded in all active processes, and sometimes the EXEs are two or
> more, and sometimes a driver is thrown in the mix, and yet sometimes all
> you have is a single DLL, a DLL that, sometimes, must *necessarily* be
> loaded at random times in an arbitrary process (see: IMEs).
>
> Not that it matters at all, since the biggest names in security suites
> fail even the most basic, trivial tests (god is my witness in how often
> I overengineered some protection routine, only to discover that
> expensive security suites that shall go unnamed didn't notice the whole
> trojan in the first place), but it's kind of comforting to know that the
> problem is unsolvable in principle, now isn't it?
>
> So stop shelling out money to the snake oil salesmen or even giving them
> any credit. When humanity's flagship software product is in such a sorry
> state, you know there is nothing a random moron like you can do. Let the
> scientists discover the obvious, let the engineers put it in practice,
> and until then, for the love of god and all that is holy, _just_ _don't_
> _swallow_.
>
> [Microsoft being Microsoft, the most important software engineering
> proof-of-concept, ever, they have developed will probably become a
> product in ten years from now, if ever, be a huge flop at it and be
> forgotten soon. It's called Singularity, it's an operating system
> 99.999% based on .NET, it will make your CPU simpler and faster and your
> software safer, it's sort of like what Inferno would be if it was
> actually meant to be used by human beings, *and* if your irrational
> racist hate of .NET or other kind of short-sightedness makes it seem any
> less than the... singularity that will take the world by storm and
> change it forever I see it as, *then* to me you are dead from the
> inside; <http://research.microsoft.com/os/singularity/> for more
> information]
>
> > And if you think for a second that "Boohoo Linux users are more inclined
> >
> > to be security conscious" then you are the fool here.
>
> Haha, yes they are, according to their self-assessment. As for delusions
> of security consciousness, though, my favorite have to be the MacOSX
> users. They are just completely detached from reality. I have seen
> people I considered computer security gods sit in front of a Mac and
> turn into trusting, carefree idiots on the spot. They download warez
> from Limewire, crack it, share it with their Mac-using buddies, they
> will double-click on random auto-run DMGs without batting an eye, and
> they will know absolutely nothing about the system and still be proud of
> every shining new shareware widget like they made it themselves.
>
> [random hint: MacOSX is not based on UNIX, it's based on Mach which has
> a lot more in common with Windows than any UNIX, ever; the upper layers
> come from NextStep, again not an UNIX by any stretch of imagination; the
> UNIX subsystem has only ever caused security issues and will keep
> causing them, because it's a poorly integrated add-on with almost purely
> advisory vetoing powers]
>
> They use, again very proudly, an alternate "desktop" they download
> Javascript "widgets" to, and a screen saver that shows the latest
> headlines from their "feeds" of choice [alternate keywords: "active
> etc.", "items", "channels"]. They are, in other words, living in 1998,
> plus special effects. I could poison Limewire with backdoored Office
> 2004 DMGs and own a planetful of these clueless, poor, trusting
> bastards. They'd be wearing their best shit-eating grin the whole time
> (built-in webcam if you need proof!), and you can hardly beat _that_,
> sheer numbers be damned.
>
> > Of the couple of thousand of brute force bots I see, none are on
> > Windows.
>
> Of course, where would we run our millions of phishing bots otherwise?
>
> > Whatever though, to each their own mechanisms of thought.
> > If you truly believe its all fine and dandy and things
> > won't get progressively worse by giving Linux to
> > inexperienced users, you are in for a rude awakening.
>
> You _can_ sleep?
>
> > If you haven't stopped to read the facts that malware, *ware creators
> >
> > are getting more savvy, then you seem to be stuck somewhere in a
> > world of fantasy.
>
> You seem to assume nobody that programs on Windows could possibly get
> "savvy". I assume you are choosing to ignore that Windows hackers have
> completely hijacked the UNIX-born concept of "rootkit", bringing it to
> heights that probably give nosebleeds to most UNIX-heads. Despite this,
> and despite scaremongers the likes of Joanna Rutkowski, there has been
> no technological escalation in attacks because it's unnecessary -hence-
> antieconomical (could also be because kernel-mode rootkits suck? I'm a
> firm believer of user-mode rootkits. Vanaglorious boasters will lead you
> to believe you can do more in kernel mode, but experience soon shows you
> that you can actually do *less*, at a higher cost)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Amen.

And to add to this most security software is becoming more and more chunky, more flashy and less efficient and less effective,

Personally it seems like they spend more time on the UI/marketing then they do the engine, and companies like Symantec purposefully expect users to be strangled into buying new versions every year or so with "Licence renewal". If these companies were dedicated to security like they say they are, they'd stop the marketing bs and develop the software properly (no mandated licence renewal).

Furtheremore, most users depend too heavily on this so-called "security software" and think they are imune to everything with it. Security software companies should be made to stop this false advertizing that it "Will protect you from malware" and stop this additude that 'you can click on anything and the software will protect you' Because the advertizing is effectively causing this additude among users, thus causing MORE infections than if users were under the caution of malware infection.

Then you get the bunch who say "I know what I'm doing, I know how to protect my computer" then they go off and end up getting infected and have a hard time and end up having to wipe their machines when their antivirus/antispyware is unable to remove something.

You can scan with antivirus/antispyware to death and you may or may not be clean. Not even the combined engines of all antimalware can you be sure that your computer is clean. Call me paranoid but how can anyone be sure that the said systems are 100% clean? it's a risk you have to take every time you load new data onto your system.

The marketing is making users blind, it's giving them a false sense of security, especially in the Mac community. And frankly, I am SICK of it.

-Krad Xeron



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/