Florian Cramer on Sat, 13 Sep 2003 20:15:32 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: <nettime> SPAMandVIRIImakeITdie-digest [Chris Welsh, Morlock Elloi] |
Am Samstag, 13. September 2003 um 06:37:08 Uhr (-0400) schrieb Nettime: > There is no solution for the unwashed masses. That is the price of > monoculture. If you want millions that have no real clue what > computers are to have a single "user friednly" OS of choice, than that > one becomes the target. That will not change. Right, and the actual problem with Windows is a userbase which largely doesn't even know (a) how to work under an account without superuser/administator priviledges (under WinNT/2000/XP) and (b) to use different E-Mail clients than Outlook Express. None of the recent viruses would have done any harm if the above two conditions were met. Both MacOS X and GNU/Linux have security holes in their userland announced every week, many of which are remotely exploitable and give an attacker superuser priviledges on a cracked computer. MacOS X may be potentially more vulnerable because, by the nature of its distribution, its installations are much less diverse and contain much more software/services by default than the countless distributions and individual setups of GNU/Linux and the free BSDs. (For example, an RPC hole in GNU/Linux or NetBSD would affect only a minority of systems running NFS services.) Still, the default factory setup of both MacOS X and free Unix-like operating systems is more secure than Windows, and it helps that users of minority platforms are typically better skilled and apply the necessary software updates. If the mainstream of Windows users would run broken and unmaintained MacOS X or GNU/Linux systems, the exploits could be even worse than in Windows because both systems offer better remote administration through the commandline. One could be almost thankful for Microsoft that its OS creates a honeypot for the computer illiterate. Microsoft can be blamed, however, for setting up the default installations of Windows in a blatantly insecure way: with various open network ports/services, default user accounts with administrator priviledges, with Internet clients (IE/Outlook Express) that are insecure by design through their integration into the OS and its scripting/programming interfaces, by allowing - by default - the execution of remote binary Windows code (a.k.a. "ActiveX") without any security measures (like sandboxing in a virtual machine), and by closely integrating network services with the internal component/object model of Windows so that disabling all network services leaves a Windows system unusable to the point that even copy/paste or the file find dialog don't work any more.* -F * In contrast, GNU/Linux and *BSD can be set up so that they don't open network ports at all, even without firewalling, by commenting out all lines in /etc/inetd.conf, replacing printer spoolers like lpr/cups with pdq and MTA like sendmail/exim/postfix/qmail with nullmailer or ssmtp. -- http://userpage.fu-berlin.de/~cantsin/homepage/ http://www.complit.fu-berlin.de/institut/lehrpersonal/cramer.html GnuPG/PGP public key ID 3200C7BA, finger [email protected] # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [email protected] and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: [email protected]