Just about had enough..

Discussion in 'malware problems & news' started by Longboard, Feb 15, 2010.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Deep breath.
    Do any of us have any lingering affection for MS??

    The recent MS "security patch" which has **insert pithy phrase here** totalled users systems at a significant level (again) has just about driven me over the edge.

    Ironically **pithy phrase** the patch may have uncovered a malware spread of significant proportions: and that's only the users who are actually conscientious enough to be updating.

    The corollary is that this has highlighted a core of presumptively proactive users who, even with what might be termed fairly proactive use of Windows, have been totally 'rooted'.
    Not only the malware, but now unbootable boxes.
    No recovery Cds. How bout dat !!
    **pithy phrase** check some of the postings.

    What a **pithy phrase** debacle.
    The emperor has no clothes.

    If any white goods or auto manufacturer, or indeed any other developer of anything, dumped a product like Windows on the market they would be run out of town, be up on charges and prosecuted.
    If your stove, BBQ, Aeroplane!!,car behaved like Windows ??
    Why does DHSec regard MS/IE as totally flawed??

    Instead we have all been **pithy phrase** hijacked by MS in one of the greatest corporate scams of all time.

    I challenge one person here to tell me that every time they reboot windows with or without 'patches' or after any install; and they don't get a BSOD or their network comes back up they don't heave a little sigh of relief. LOL. It's pathetic.

    "We" "elite" users here have set-up elaborate protocols with third party apps and routers and scans and anti-exes and sandboxes and and user levels and images ....*pithy phrase again**
    Do you really feel safe??
    Trust your teenage with your home network ??

    We have been dudded. Time and again.
    Spam, IE Exploits, banking security, spyware, rootkits, id theft, db theft, phishing, pharming, document standards...whatever you want..whatever malfeasance has been propagated against internet users : MS has been the platform.
    Disagree??

    Just for some extra frustration: one of the latest patches has broken some compatibility layer somewhere: this has been lost in the washup of the BSOD: the patch screws with some apps that may require to run in compatibility mode on XP: several thousand users ( me included ) of some older extremely effective lean DB systems that have run perfectly well for years are now **pithy phrase** finding out their essential operating tools are broken.
    Still trying to figure out which patch and why...
    Fiasco.

    I need MS to run these older DB's ... do I trust MS ...never.
    Time to migrate home and office to Apple. Thousands of $$ of time, HW and effort.
    Time to Teach kids *nix


    Be it a Microsoft update or a rootkit outbreak, the overreaching issue is the same: Windows can't be secured.
    Longish read, but worth it, just to remind us all how MS **pithy phrase** us every minute, every day, every week, every year.
    http://rixstep.com/2/20100214,00.shtml
     
    Last edited: Feb 15, 2010
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    So all-in-all, you're "***" off that Microsoft has revealed you have a bunch of systems infected with rootkits, and you would have rather spent your days obvliviously using them? Right.

    Windows can be perfectly secured, I'm not sure where you're coming from be it a network administrator environment or not, but if so, you should be specializing in proper restriction policies and professional/gateway anti virus.
     
  3. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Trouble in River City, you say?
     
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    It isn't as bad as you make it out to be. BSOD's happen, but I consider them to be by far the exception, and I have frankly come to trust MS Critical Updates more than at any time in the past. It's obviously always nice when it all boots up the way it should, but I don't fret over it nor do I think it's always going to go bad.
    Yes. About as safe as I feel walking out the door of my house and going to the grocery store or to a restaurant. It's a dangerous world, whether I am on my computer or on the street. But I'm not feeling unsafe all the time.
     
  5. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    LOL :D
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Affection may not be the proper word, but I've not had many complaints.

    It's probably because right from the start with Win95, I was in contact with people who took matters into their own hands regarding security, and the actual manipulation of the OS: utilities, tweaks. In other words, the OS by default is just a device over which the user (if she/he takes the time to investigate) becomes its master, rather than its slave. I learned from them that security begins with understanding the nature of attacks and setting user policies accordingly. One example: the I-Love-You.vbs worm that came as an email attachment.

    One description:
    My emphasis. Showing all extensions was part of our security policy (not being a slave to the default setup); and nothing more need be said about the enticing subject line.

    Should Microsoft have made those file extensions visible? Would everyone know what different file extensions do? Did everyone understand how the feature of VBS code could be misused by cybercriminals? Should Microsoft have put warnings for the user about its potential for misuse? Would everyone/anyone have heeded the warnings?

    You can apply this reactive analysis to almost every exploit against Microsoft or any other Vendor.

    You might be surprised at how many choose not to install these updates. In another thread, it was suggested that no one in a security forum wouldn't install the updates, since that just invites exploitation, so I'll say no more except to mention that "security" is a multi-faceted topic, and begins with one's state of mind; Just one thought on the matter of patches:

    security metaphysics: when is a vuln a vuln
    http://www.terminal23.net/2010/01/security_metaphysics_when_is_a.html
    For those who accept that "any line of code has the potential to be exploited" (kareldjag), you protect against the possibility for malware intrusion by remote code execution, and are not bothered by the next Adobe vulnerability, or Microsoft SMB vulnerability (there have been at least five) or the next Internet Explorer vulnerability (I've lost count!). Don't all of these vulnerabilities lead to the same type of exploit? (Shouldn't Google have been prepared for that? - more on that later...)

    Now, I'm speaking for a small group of people, I'm sure, and with the proliferation of *NIX systems and many compatible applications, certainly those who are fed up with Microsoft have the option of switching and be done with it! (more also on that later...)

    Of course!

    From the article you link:

    Rootkits Roam the World of Windows
    A big laugh against Google, actually. For a company that touts security in its applications development and can't protect against remote code execution exploits in IE6, this should be a huge laugh-- except for the fact that it's so serious.

    Why not setup a MS system just for that and never connect it to the internet? You'll never have to worry about:

    Or will you...?

    In your case (and many others), I agree!

    Nonetheless, as the number of *nix users increases, do you suspect that cybercriminals might turn more of their attention to them? Are *nix users any less susceptible to social engineering exploits than Windows users? There aren't many examples (yet), but the old notorious DNS changer exploit that targeted MAC users is proof that those users are just as gullible:

    DNS changer Trojan for Mac (!) in the wild
    http://isc.sans.org/diary.html?storyid=3595

    I notice in this week's Linux security bulletin, exploits that could have occurred on a Windows Platform:

    Linux Security Week: February 12th, 2010
    http://www.linuxsecurity.com/content/view/151673/187/
    And the infamous buffer overflow is ever present:

    It's possible that it is just a matter of time when we see more exploits targeting *nix systems. How will you teach your kids proper security measures? Would they be prepared against an email virus that could exploit their *nix system?

    Would *nix users be any less susceptible to a rootkit such as Tdss (Tidserv) should one be developed against these systems? By all accounts, these infections came via shady P2P and Torrent downloads, and from being tricked into installing a rogue antivirus. From Symantec:

    Tidserv and MS10-015
    http://www.symantec.com/connect/blogs/tidserv-and-ms10-015
    Well, back to Windows -- from the article you linked:
    In my case (and for many others), I disagree, but would restate: Users can be secure from exploits against Windows!

    Hang in there, Longboard, you'll survive! All is not lost!

    -rich
     
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Lb, you love it really :D :p
     
  8. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Microsoft has become a dominant company because of its marketing and legal tactics, not for the quality of their software.
     
  10. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    don't pithyphrase well use it then
    or make something better
    it works for me
    only bsod i've ever had was hardware related
    did you know
    most houses have a window
    that crooks could get in
    so we use security
    or brick it up :D
     
  11. FiOS Dan

    FiOS Dan Registered Member

    Joined:
    May 24, 2006
    Posts:
    86
    Location:
    Redondo Beach, CA
    Image your HD before any M$ updates and your worries are over. :)

    FWIW my wife's PC set has been set to automatically DL and install M$ updates for at least the past seven years, and she has never had a BSOD or any major problems. But then again, her rig is not loaded down with all sorts of third-party proggies. Perhaps there's a correlation there.
     
  12. theblade

    theblade Registered Member

    Joined:
    Feb 12, 2010
    Posts:
    29
    huge correlation there Dan. Also a huge correlation between Windows users who think they are advanced yet incapable of keeping a pc clean and stable when even my wife has a 6 year old laptop boots up in 30-40 sec on a 6 year old windows install, runs perfect, and never had an infection.

    Tin-foil hat users like Longboard thinking they are advanced and 'don't trust windows' even though its their main OS, LOL. They love 3rd party apps, downloading dangerous material with 100% reliance on an anti-virus program, disable UAC and run as admin so they have 'total controll!!1' so whatever gets on their program has 100% access because UAC is soo annoying linux is so much better!!!, etc etc, without realizing if they think UAC is annoying wait until you try using linux regularly, you think UAC is worthless, BSOD's are always windows fault and not the ~ Snipped as per TOS ~ with incorrect drivers, drivers incorrectly installed/uninstalled, and tons of 3rd party apps conflicting with their windows install.
     
    Last edited by a moderator: Feb 15, 2010
  13. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Don't throw out your PC's and buy expensive and needless Apple hardware.. Install Linux on the existing machines be happy.

    Rmus said:

    People have been saying "this is the year of *nix viruses" since at least the mid 1990's. Yet we have seen zilch, nada. Sure there are many Linux viruses that have been written, but they are almost never found in the wild (I've never heard of one). Let's not forget that Unix is not new -- it has been around since 1969; BSD since the 70's, SystemV since the 80's, and Linux since 1991. And let us not forget that most of the Internet, going back to ARPANet, has been ran on *nix. Most servers on the Internet today still run *nix of some form (Google included). So, this notion that "hackers just don't care" is bogus.

    You will get no argument here. However, the problem of social engineering is not something that should even be brought up when discussing OS security. It's not the job of the OS to control the user's behavior, but actually the reverse should be the goal.

    As for buffer overflows, yes they are just a fact of life in just about any code (Unix and Windows are both primarily written in C, which is a fast but very insecure language). Linux has had buffer overflow protections offered for about a decade now (PaX, ASLR, NX bit enforcement, PIC, SSP, etc). MS was about 5 years late to this game but now has ASLR/NX enforcement in Vista/7. Further, Linux has some very powerful MAC's (SElinux) so that one has very fine grained control over every file, socket, process, path, object, etc. I would say that it is harder to exploit a flaw in the code against a Linux box than a Windows box (especially if one wants to compare pre-Vista Windows), and this is especially true if the owner has locked his box down with something like SELinux.
     
    Last edited: Feb 16, 2010
  14. humble3d

    humble3d Registered Member

    Joined:
    Jan 31, 2003
    Posts:
    12

    Translation from babelfish:
    Code:
    http://babelfish.yahoo.com/translate_url?doit=done&tt=url&intl=1&fr=bf-home&trurl=http%3A%2F%2Finfo.abril.com.br%2Fnoticias%2Fseguranca%2Frootkit-e-causa-de-tela-azul-diz-symantec-17022010-9.shl&lp=pt_en&btnTrUrl=Translate
    Rootkit is cause of blue screen, says Symantec

    Security
    Rootkit is cause of blue screen, says Symantec
    7 Comentário(s)
    James Della Valle, de INFO Online Wednesday, 17 of February of 2010 - 10h39

    São Paulo - the Symantec informed that one rootkit is the responsible one for the excess of blue screens of error that are appearing in versions of Windows XP.

    The company pointed the [Tidserv]
    (
    Code:
    http://www.google.com/search?hl=en&source=hp&q=Tidserv&btnG=Google+Search&aq=f&aqi=&oq=
    )

    as responsible for if infiltrating in drivers of kernel, as atapi.sys.
    Leia também:

    o MS will make blitz against Windows 7 ´não oficial´ (11/02/2010)

    A on time to the archive, it starts if to spread for the system with a behavior similar to the one of a worm. Softwares of security, as antivirus, can fail in the detention of the threat, hiding the real nature of the problem.

    Microsoft admitted that the problems with the famous “blue screen of the death” had after increased the launching of update MS010-15. To prevent more problems, the Security Response Center of the company informs that it goes to congeal the distribution of update until the problem is decided.

    The Symantec affirms that the problem occurs because of an alteration made in the virtual addresses. The dumb update the data used for rootkit, what it makes the infectado module of kernel to call invalid addresses.

    The security company points that the best form to decide the problem is to use one backup of drivers infectados. In some cases, the users must even though consider the reinstallation of Windows XP. The Symantec says that its antiviruses can identify the threatened archives.

    Personal note from humble3d: The new atapi.sys file was 95kb and tested positive for rootkit;
    My old atapi.sys was 94kb and tested clean; so, in an abundance of caution, I replaced the new atapi.sys
    with the old one...
    so far so good...

    MORE:
    FROM:
    Code:
    http://www.symantec.com/connect/blogs/tidserv-and-ms10-015
    2. Locate the infected partition, which is normally the boot partition

    3. Replace atapi.sys in \%Windir%\system32\drivers with the clean backup copy

    4. Reboot

    Here's a list with the most common driver names infected by the rootkit, which can be used in the above process:

    atapi.sys

    iastor.sys

    idechndr.sys

    ndis.sys

    nvata.sys

    vmscsi.sys

    We are aware that the blue screens may be caused by other good or bad kernel mode applications that were relying on hard coded addresses, but Tidserv is one of the most prevalent threats that may cause this problem. Symantec detects these infected drivers on disk as Backdoor.Tidserv!inf, but recommends that the files are replaced manually, since attempting to remove the file automatically may render the system unbootable.

    MSFT DOES HAVE A FIX PAGE BELOW:

    Code:
    http://support.microsoft.com/kb/979682

    ENABLE THE FIX

    Code:
    http://go.microsoft.com/?linkid=9708887

    DISABLE THE FIX

    Code:
    http://go.microsoft.com/?linkid=9709470


     
    Last edited: Feb 18, 2010
  15. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Longboard, I really enjoyed that. :)

    No real love for Microsoft but I don't dislike them either, Windows 7 is OK. I have always been a Unix (work, mid 80's) -> Linux (home, 93) user as well as Windows (work and home). Since 2004, up until June of last year my primary use system was Windows XP Pro. I have alway either dual booted or had separate boxes with Linux or some other OS.

    Can't remember exactly what tripped the trigger, but it was a cumulation of a lot a minor things adding up to "that's it I have had it". Interestingly enough the BSOD has never been much of a problem for me. Windows has been nice to me in that department. :)

    At any rate I made the move to back to Linux as my primary use system. Windows has been relegated to a virtual machine (VM) so I can stay current enough to help friends who still use Windows. I also have some favorite database programs the run better in Windows.

    Today I was reminded why I moved back to Linux when I installed Windows Live Mail to play with in my Windows XP VM. The last time I did that I could download and install Mail. This time it wanted to install everything "Live" related. Even after un-checking everything but Mail, it installed a lot more that I expected, while some of that may have been required, I am positive not all of it was. I had absolutely no control or choice in the matter. Of course I took a snapshot first so when I am finished playing I can but it back to what it was before I started.

    In addition to Linux, I also run OS X (Mac Pro) and eCS (OS/2), no Windows except in a VM.

    Security wise, I am more comfortable with Linux (or OS X). I know how to secure Windows, but a lot of steps need to be taken to do so properly. With Linux and OS X a lot of the work is already done. Especially in what users can and cannot do. I have never really liked the out-of-the-box security of Windows, it really doesn't exist. It is getting better, Windows 7 is an improvement but still no cigar. Microsoft some times seems to cater to users convenience rather that administrators. Back in my working days, with windows I always had a list of things to do to secure a workstation, before connecting to the network.

    With *nix, it's relatively simple to keep users from running things they are not supposed to run and keep them from installing and running unauthorized applications. With Windows it's not so simple, there is a lot of work that needs to be done to set up policies and what not.

    Since it was mention above in a post by Rmus, I'd like to comment on it. I never understood is why Microsoft decided to hide extensions by default. It just does not make sense to me, especially from a security standpoint. That was one item that was quickly fixed on any new system introduced to our Windows networks. Having extensions visible never caused problems with users.

    All and all I took my deep breath and dumped Windows, aside from running in VirtualBox. I am one happy camper now. Now freezes, no program anomalies, windows weirdness, everything just works. Windows always managed to raise my blood pressure. No I'm off the meds. ;) To be honest I have no idea why it took me so long. I have not needed to use Windows since I retired in 2003.
     
  16. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Welcome to the club.
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Longboard,
    I understand where you're coming from. I find less that I like about Windows each time a new version comes out. That's the primary reason I use old versions of Windows. I don't have to be concerned about what their next update or patch might do because there aren't any. The responsibility for my PCs performance and security is completely in my hands, has been for years. I trust what I've put together to take care of itself, even with a teenager at the keyboard.
     
  18. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Linux is a classic case of too man cooks spoil the broth, add in FOSS nazis and the cocktail is vicious. By now Linux should have had much more share on the desktop but Linux is its worse enemy, not because of the myriads of choices it offers but because of big time zealot attitude of some of its developers. In the name of Open source they hide their hatred toward anything that even uses the word proprietary even it maybe free for all. Also the huge variation in package management has left hardware and software developers no choice but to stay away from Linux. Skype is a prime example, their package development for Linux lags greatly behind the Windows counterpart, sure Windows has a larger share so numbers are better for Skype but if Linux had a unified package management today, things would be far better and easier. So for any developer, hardware manufacturer etc. its far easier to develop software and driver for Windows and Mac than its for Linux. The mere mention of closed sents Linux zealots into a tizz and they banish that app for good no matter if its free for use. Just my two cents as a long time Linux user.
     
  19. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    That's nonsense. The distros do the packaging, not the upstream developers. So, packaging is not a problem at all and does not impede progress. Now, some developers do complain about a lack of a unified API for desktop apps in Linux, but that has nothing at all to do with package managers.

    And I don't hate Skype for being closed-source. Rather, I just don't trust its encryption implementation because the code is not open for peer review. Therefore, no one but Skype (and the government) will ever know if there is a backdoor in the code. There may not be, it might be perfectly safe, but there is simply no way to know for sure. Contrast this with something like Truecrypt where the entire source is open for review.
     
  20. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    'I challenge one person here to tell me that every time they reboot windows with or without 'patches' or after any install; and they don't get a BSOD or their network comes back up they don't heave a little sigh of relief.'

    Yeah...I hear that...more like a big sigh of relief! ;)
     
  21. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136

    But you would block Skype and other closed source but excellent apps like Opera and peddle second rate stuff and even force it down a Linux user's throat?

    How and why would a manufacturer package for multiple distros, do they have time or resources for that?
     
  22. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I didn't say I would block anything.

    Perhaps your reading comprehension is lacking. I said above:
    Hopefully that clears it up.
     
  23. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    one person here i've never had a problem with xp pro :thumb:
     
Loading...
Thread Status:
Not open for further replies.