dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer

Search Topic:
uniqs
16
share rss forum feed

scross

join:2002-09-13
Cordova, TN

1 edit

2 recommendations

reply to 47717768

Re: Are you using security protection

I'm an IT pro, also. I run multiple layers of protection on each of my Windows boxes. They almost always scan clean, too, except for the occasional false positive - and sometimes when one anti-malware tool calls out another anti-malware tool as a potential problem, which is fun. (Usually these folks respect each other and play well together, but not always.)

But ...

This is Windows, after all, meaning that the entire ecosystem is shot full of potential security holes, down at the most basic and fundamental level. I try to keep everything patched within 24-48 hours of patch availability, and I keep all of my anti-malware up to date within reasonable limits (almost all of it auto-updates, anyway). But I have absolutely no confidence that I won't get burned again someday, as I have been in the past - although it has been a while now.

Sad to say, but Windows itself and the software that runs on top of it sometimes runs so poorly and is so unstable that it doesn't really matter much whether you are infected or not. The end result is the same - a flaky, unstable box.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
That is the best analysis I have heard in a long time..great post !
BTW..Thanks for the tip on Merit.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:6
reply to scross
said by scross:

This is Windows, after all, meaning that the entire ecosystem is shot full of potential security holes, down the most basic and fundamental level. I try to keep everything patched within 24-48 hours of patch availability, and I keep all of my anti-malware up to date within reasonable limits (almost all of it auto-updates, anyway). But I have absolutely no confidence that I won't get burned again someday, as I have been in the past - although it has been a while now.

Sad to say, but Windows itself and the software that runs on top of it sometimes runs so poorly and is so unstable that it doesn't really matter much whether you are infected or not. The end result is the same - a flaky, unstable box.

I don't agree. I run XP Pro SP2 on my host machine and on a guest machine running on VMWare Workstation 7. Neither have been patched since Microsoft cut off SP2 two years ago. I actually go out of my way to get infected on the virtual machine...but haven't. I don't use IE though (except was using it for speed tests because I only installed Flash on IE on the host machine) and I have been using the proxomitron since 2002 and ProcessGuard since 2004.

I don't think Windows is unstable. I have only had 4 BSODs on this machine since Aug 2008 (when I got Everest Ultimate - I am going by its statistics) and probably about that same number between Feb 1, 2006 when I got the machine and August 2008 as I recall a couple that were connected to Kaspersky 6 and chkdsk fiasco and probably had one or two others. That's an average of slightly over one a year and this is XP not Win 7. Currently, the last boot/reboot was 51 days ago. I agree though that some Windows software is very problematic (Flash and Java) and Firefox has become unstable since 1.5 (releases are too rapid these days and the same with Opera since 10.0). I use Avira 8 (old version) since Jan 2007.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


47717768
Premium
join:2003-12-08
Birmingham, AL
kudos:2

1 recommendation

I agree. I never have had any problems with any OS. It's all depends on the user. OK maybe 3 BSODs in the life time of OS.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
Well if you are finally admitting to stuff..then I will confess I had a Red Screech of Death when I had the windows rolled up and was attacked by a painful "blue flamer". I survived of course..but the writing was on the wall and time to get a new Internet Ride.


Kyrakova

@reserver.ru
Windows is pathetic. I wish game developers would collectively agree to start developing for linux gui's so we can be done with windows for good. Fails OS


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to 47717768
Now, earlier that day I had me a big ole plate of boiled turnip greens, webroot, and parsnips. Looking back I can say they don't mix to well in a CLOUD ..and all of the sudden..thunder road...... and I could not crank the windows down fast enough .... my Master File Tables started shaking something fierce...and this guy came to me like in a dream and told me my free seat had expired and it was time to update or move on.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to Kyrakova
I think they all have their problems..but the most vulnerable is the user in any game.

»hosted.ap.org/dynamic/stories/U/ ··· 16-47-23

scross

join:2002-09-13
Cordova, TN

2 edits
reply to Mele20
It's not just the BSODs that we're talking about here, folks - although I still get that or something similar on occasion. It's also the endless security patches (and these really will NEVER END) - 10 or so patches just yesterday, for example, plus the emergency patches a week or two before that, plus another dozen or so patches a week or two before that. Plus the infamous "Not responding" messages, and repeated registry problems (the registry was a terrible idea - or at least it's a terrible implementation), and the memory management issues, and so on and so forth - ad infinitum, ad nauseum. (I've lost count now of the number of fundamental flaws out there.) And Microsoft's promises that their next OS release WILL BE SO MUCH BETTER - only it never is, or is only just marginally so.

In my opinion - and in my experience, of over 30 years now - the only people who believe Microsoft systems are of any appreciable quality are those who have simply never worked with anything else, or at least haven't worked with anything else of truly high quality (these tend to cost real $$$). I'm not saying that there aren't "good enough" Microsoft systems for at least limited uses, but these are certainly not to be held up as examples of high quality. "Cheap enough to get us by for now, if we close our eyes and keep our fingers crossed" - maybe.

The entire Microsoft ecosystem is corrupt. There are certain segments of the IT industry who have realized that it's time to move on, and who are becoming quite vocal about it. Microsoft, of course, keeps making promises, but by the time they actually deliver on these promises (if ever), there may not be anyone left around waiting to benefit from them.

PS: And for those of you who say that you've never been hit with malware - the question has already been asked: "How do you know if you've haven't run a deep scan for this?" (Actually, multiple scans using multiple products are usually necessary for full disclosure.) Also, YOU may not be the ultimate target here; you may just be the man-in-the-middle, or the endpoint machine in a botnet, or whatever. Or you may be seeing ads or pop-ups or other things on your machine that are the result of tampering, and you just don't realize it. Or you may have been the victim or a hit-and-run, where the perpetrator (human or machine) scanned your system and decided there was nothing of immediate value there, so they moved on - possibly covering their tracks when they left. Or they have may hacked certain web pages that do their dirty-work only while they are loaded up in your browser, and then they disappear after that. The possibilities here are almost endless.


Raphion

join:2000-10-14
Samsara
Reviews:
·Verizon FiOS
reply to Mele20
said by Mele20 :
Currently, the last boot/reboot was 51 days ago.
51 days up is smalltime, I just ran my XP sp3 machine for 248 days straight before deciding it was really probably about time to let windows update do it's thing. I was tempted to just let it go a full year though, just because I know I could.

Have not had a BSOD or hard freeze in several years. Windows can indeed be stable if you weed out all bad drivers/hardware.

scross

join:2002-09-13
Cordova, TN
said by Raphion:

said by Mele20 :
Currently, the last boot/reboot was 51 days ago.
51 days up is smalltime, I just ran my XP sp3 machine for 248 days straight before deciding it was really probably about time to let windows update do it's thing. I was tempted to just let it go a full year though, just because I know I could.

Have not had a BSOD or hard freeze in several years. Windows can indeed be stable if you weed out all bad drivers/hardware.

Truly high-quality systems will run thousands or tens of thousands or more of concurrent, disparate processes (jobs), full-out, 24/7, for months or even years on end with no unscheduled outages. No Windows system will ever come even close to that - both by nature and by design. Although today you might be able to fake some of this by deploying large numbers of VM instances on sufficiently robust hardware.

Tuulilapsi
Kenosis

join:2002-07-29
Finland
reply to scross
Am I using some kind of anti-virus scanner type protection? Nope, quit doing that a looong time ago, although such scanners still have their places for John Q. Public type users who are more likely to meet even the kind of malware that such scanners can reliably detect, and who are unlikely to be able to detect those infections in other ways, such as Mk I Eyeball.

But sure, everyone who's reasonable is likely to be using some kind of security protection, be that operating system security features, or something else. Me too. I run firewalls on the perimeter, set up the operating systems and other software as tight as feels comfortable, and most importantly, rely on my enormous ( ) brain to keep things secure around here. Physical security is provided by mean old geezer with lots of weapons and skill to use them.

said by scross:

PS: And for those of you who say that you've never been hit with malware - the question has already been asked: "How do you know if you've haven't run a deep scan for this?" (Actually, multiple scans using multiple products are usually necessary for full disclosure.)

Without getting into the regularly scheduled and always as tedious "Windows suxx0rz or oh noes it doesn'ts" debate...

For those who ask the question "How do you know you haven't been infected with malware if you haven't run scans with anti-malware products?", I have a few things to say.

"How do you know" is wrong. They don't know, and neither do you. In many cases, even most, you can know when you are definitely infected: maybe one of those wonderfully effective (when they don't miss malware that have been ITW for several months and even years, such as Flame and Stuxnet or Induc and many others) anti-malware scanners beeps and tells you (and then you put in the required elbow grease to make sure it wasn't yet another false positive), or maybe you detect some things that shouldn't be happening, like processes that shouldn't be running. But, you can't really know you're not infected, although with decent precautions you can be pretty confident that the chances of being infected are rather small. That confidence has to be enough for even the more paranoid security professional types, because getting perfect certainty of being clean is just not gonna happen. That would require things that no one can have: perfectly designed software on perfectly designed hardware, all completely safe from tampering, used only by people who can't possibly ever make a decision that could lead to running malicious code.

Anyone who actually believes that running scans with anti-malware products, even dozens of them, can ever prove that there isn't any malware on the system is simply wrong. The only things running scans proves is that you know how to run scans, and if they come up negative, that you don't have any malware so outrageously common and well-known that even anti-malware scanners detect it easily. It's a little like going to a doctor and getting some imaginary test for influenza viruses infection. When it comes up negative, you will know you likely don't have a flu, but it doesn't mean you're healthy - you could still have, say, ebola or HIV, or terminal brain cancer.

--
Limited User Accounts.
Software Restriction Policies.


Steve Smith

@webnx.com
I can see not using protection on a non-windows OS, entirely feasible. But Windows? You are asking for trouble, even with a heavily locked down system infections are common, and some of the threats are beyond the capability of the vast majority of people to detect. For example a replacement of services.exe would go undetected and ultimately result in a full system compromise without realization of such. I've seen it, and I have seen it go undetected around several very good techs.

I'm pretty confident in Webroot these days because it picks up enormous numbers of unknown threats with it's heuristics and deep cloud analysis. For example on one of our machines it snagged two fresh ITW a couple days ago that only 1 other AV/AT/AS product on the planet detected these. These threats would be installed and go unnoticed by 99% of everyone. NOD32 was the only other one to pick it up out of the 40ish AV engines tested, and it only got 1 out of the 2 threats. Webroot got them both.

»www.virustotal.com/file/871cb25c ··· 9886598/

Tuulilapsi
Kenosis

join:2002-07-29
Finland
said by Steve Smith :

I can see not using protection on a non-windows OS, entirely feasible. But Windows? You are asking for trouble, even with a heavily locked down system infections are common, and some of the threats are beyond the capability of the vast majority of people to detect. For example a replacement of services.exe would go undetected and ultimately result in a full system compromise without realization of such.

Before commenting on whether or not I could agree with that, I'd like to hear your definition of a "heavily locked down system", and what kind of infections such systems get so often as to be called "common", and how such infections occurred exactly. I get the feeling our definitions for heavy lockdown might be rather different (it can't be heavy lockdown if your users can intentionally and easily execute untrusted new software they just downloaded, as one point).

From my point of view, seeing any infection on a heavily locked down system is, slightly exaggerated, rarer than a dog who speaks Norwegian. Seeing a heavily locked down system used by smart users that has still gotten infected with something is rarer than a dog who speaks Forest Nenets. Yes, on Windows.

As for the services.exe part, I do realize I'm nitpicking here, but heavens forgive me, I can't resist: if something malicious can replace services.exe, then that there malicious thingamabob is already executing with admin privileges, and that's enough of a full system compromise right there, so I don't see how the replacement would "ultimately result in a full system compromise" when the system already has to be fully compromised for the replacement to occur in the first place.
--
Limited User Accounts.
Software Restriction Policies.


Thelma

@switchvpn.com
The thing is, having a totally locked down system doesn't make it a good system to use. You can always pull a box off the net, but what's the point? There are a lot of quality, and secure OS's out there that allow you to operate with relative impunity whilst not sacrificing operational stability, ease of use, and functionality. Windows is not one of those.

99.999% of the world won't find a heavily locked down windows box to be acceptable. Yet those same people would run other OS's and not even notice how secure they are, or any lack of functionality. Windows - frankly - probably has already peaked and is on the way out. I guarantee you when this state sponsored cyberwar starts to really ramp up, windows will be rendered virtually unusable as an all purpose OS. That day is long welcome for many of us. I had to laugh when the military used heavily locked down windows boxes, and discovered even then, they could be quite readily compromised. Just wait, there are threats already ITW that basically render windows boxes bricks, and it is getting much much worse.

I think the most viable solution at this time is to have a vanilla, hardened windows for only pure high end gaming with a dual boot of a secure, functional, and full featured OS as your primary. This is how I am seeing well over 30-40% of the boxes being setup these days from non-big box sellers (like Dell). But isn't Microsoft doing something to that Windows 8 abomination to prevent dual booting? Say goodbye to microsoft.

»ph.news.yahoo.com/windows-8-wont ··· 177.html

Tuulilapsi
Kenosis

join:2002-07-29
Finland
"Totally" locked down is, I agree, not comfortable to use. But "heavily", is, in my experience. That doesn't require disconnection from networks, even the Intertubes.

But for the sake of conversation, let's go with the thinking that Windows is not viable as malware gets meaner and nation-state cyberwar ramps up. Somebody please give me a brief technical explanation of what exactly makes non-Windows operating systems, say Linux or OS X or even OpenBSD, so much more resistant towards such malware dangers than Windows that they shall remain happily viable where Windows goes into smoky ruin of infection. A technical explanation is needed here: I'm not looking to hear "because MS just codes for ease of use over security", I want to hear something rather more like "because operating system SS is coded in an elvish variant of C that removes all vulnerabilities except ones forged in the fires of Mount Doom with considerable personal soul powah, and also takes all control away from the user so they can't stupidly execute malware". Because, I keep hearing that Windows can't survive the increasingly nasty malware ecosystem, but what I don't hear is what exactly makes other operating systems immune or even much better protected. Let's say Windows dies next year, and by 2015, everyone who runs Windows today is running, say, Ubuntu (I have the feeling that OpenBSD isn't gonna get popular any day soon). Now what is the tech that makes those formerly Windows but now bravely Linux boxes and their mostly computer-ignorant users all that much safer from malware and even that cyberwar threat? Anybody have that technical explanation?

Because the day that something else usurps Windows' place as most popular desktop OS, the evil folks are going to be on it like white on rice, they're going to find vulns to exploit and get their code running - sometimes as just a luser, more rarely escalating to root - and they're going to find easy ways to socially engineer the human users to run evil code. And guess what? Readily compromised, unusable OS, here we come!
--
Limited User Accounts.
Software Restriction Policies.

scross

join:2002-09-13
Cordova, TN

3 edits
The registry in a huge weak spot in Windows, for starters. What a conveniently centralized location to implement all kinds of nastiness! I had to manually clean up an ugly, registry-centered infection once - because even the most powerful anti-malware programs of the time couldn't find it, much less clean it up. (These anti-malware programs were already loaded and running on that system before the infection occurred, BTW. Some of them got replaced after this particular battle, while the remainder got upgraded - and stay upgraded - and some additional ones were added.) It took a considerable amount of investigation and work on my part, but ultimately I was successful. Most PC "experts", however, would have just given up on it pretty quickly and completely wiped the box - OS, programs, data, and all.

And even on a "clean" (assumed to be uninfected) system, the registry is often such a cluttered and nasty mess that a sane and reasonable person is usually afraid to go near it. They might occasionally run a registry scanner, though, which will almost always call out so many real and potential registry problems that it makes even the most hardened PC cynic (like me) blanch!

Now, like many things in Windows, it may be true that as of late Microsoft has attempted to address issues here (I haven't really kept up with the latest). But this type of after-the-fact remediation tends to fall into the "too little, too late" category; also generally into the "we'll promise a lot more than we will actually deliver" category, too. And until basically every Microsoft PC out there gets upgraded or replaced and reaches this level of "maturity" (a term that I use loosely here), then essentially the entire ecosystem still remains at risk.

It's true, though, that the end user is the weakest link, and that social engineering and such will remain a huge danger point. Which is one reason why smart organizations these days are moving away from the "PC on every desktop" paradigm, and back towards a more centralized, controlled, and secure environment.

PS: I noticed a bit too late that you specifically asked about other operating systems. OK, then. I've worked on true enterprise-class systems (which were originally designed and implemented decades ago, before Windows even existed) that among other things (a) secure the individual programs in such a way that they can't really be tampered with - and if they do get tampered with, they won't even load, much less run; (b) don't generally allow you to make critical system-level software changes without direct physical access to the system - which usually requires a special password, and often a special key or key-like device, plus placing the system in a special maintenance mode (granted this can be inconvenient at times, especially for remote systems, but these types of system-level changes are relatively rare - unlike Windows updates); (c) have always had powerful, flexible, multi-level, all-but-unbreakable security built-in, from the ground-up (not as some late-to-the-game relative afterthought); (d) have never had a successful virus or other similar malware attack that I'm aware of - and although some theoretical attacks have been speculated about on paper but maybe never executed outside of a special test environment (AFAIK), the vendor went ahead and addressed these theoretical weaknesses with software updates anyway (unlike Microsoft - and too many others - who will leave known exploit vectors unpatched for months or even years).

I can't speak specifically to Linux or OS X or OpenBSD (although I know OpenBSD takes great efforts to be secure by design, and Wikipedia gives a good overview on this), the fact that they are all derived from Unix - itself a relatively enterprise-class system, with a long operational history, and generally designed and built by people who knew what they were doing - means that they started from a sounder foundation. And while none of these systems - not even then one that I described above - can be assumed to be defect-free and totally secure, their "attack surface" is generally much, much smaller than that of Windows (even in its new, "improved" versions), and they suffer less from the legacy problems that have plagued Windows from day one.


David E Cox

@wideopenwest.com
Very nice post. Essentially the entire windows ecosystem(planet) is so corrupt it needs a new foundation (great flood), and a rebuilding of a new platform.. I agree, and I see this happen so much for example FF is becoming so bloated these days they really need to sort of just start over. Essentially they have a contaminated bloodline on their hands.

Unix, and it's derivatives, I believe had a stronger foundation partly because the people doing it loved what they were doing, it really wasn't done for profit. While Microsoft has greed, corruption, and the lust of money at the core of what they do. They lack the passion, love, and drive these other OS's had when they grew up, and spawned derivatives. It's the old adage that anything done for greed is blessed by satan, anything done for love is blessed by God. Essentially Windows is a cursed system because of the greed that drove it's execution, rather than the passion that drove Linux/Unix type systems along.

It makes perfect sense, and it means MS will likely never fix it. The world needs to wake up and move away from it to let it die. The longer people buy boxes with Windows on it, the longer people wait in line for each new release spending hundreds of dollars, the longer this abomination will plague our world. I think we can all do our part by educating people about alternatives, then ensuring we help them move to them. Ubuntu or Mint are outstanding operating systems to install for general consumers! Secure, virtually problem free, easy to use, attractive, and feature rich.. So why do we keep installing windows on their machines?

I hope MS drops the ball on their next few releases, so much so, that people collectively start moving to alternatives, which will then force game developers to develop on these other boxes. It's a crime right now how developers in the game business essentially ignore the linux market, and we need to reverse this - which would then put the final nail in MS's coffin. Deny Microsoft money, any way you can, and you starve the beast.