Microsoft: Our Bugs Aren't The Only Problem

Discussion in 'privacy general' started by ronjor, Apr 5, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Story
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I've sent Bill Gates an email with the SiteAdvisor link. :D
     
  3. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    A sad, ridiculous attempt at distracting people from the insecurity of their products, here...
    WHAT? Are they blaming this on users or something? Are they forgetting that you can't guess what's on a site by just looking at its url? Are they forgetting that a familiar, non-malicious site could have been compromised?

    And by the way, how's that a machine being hacked through a web browser exploit never happens in OpenBSD?
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Improving the title :
    Microsoft: Our Bugs Aren't The Only Problem, We Are The Problem.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Just for the record, what are you guys using for an operating system?
     
  6. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I have machine with OpenBSD and one with Windows XP. Note that in fact, I would probably NOT use Windows if I didn't have to, but I often have to finish stuff in asp (for work) at home so I actually kind of you know, need to use a Windows machine.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Going from win2000proSP4 to winXPproSP2.
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    That seems to be the crux of the problem. Most of us use Windows. And, there is no getting around the fact that as far as security goes, Microsoft has often been behind the times.

    A fact: the Internet was not designed to be secure in it's original form. Go to Wikipedia and enter the search term: internet.

    Another fact: Windows was designed with business's in mind. Not surfing the Internet. In fact, when I first started playing around on the Internet, Microsoft had no browser. Again, their focus was on business apps.

    Along the way, I think we can all agree, they made some errors. Once again, Wikipedia is a good source of info on the "Browser wars".

    So, here we are today. Most of us use a Microsoft designed operating system. And if the truth be known, speaking personally, I've had a blast using XP. Warts and all. Even with the security shortcomings, I have been able to stay malware free.

    Knowledge is the key. No matter the operating system you use.

    I hope some of the posts made here on the forums help someone learn about their systems.
     
  9. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Can't disagree there.

    Agreed. But then again, the Windows OS has poor documentation (at least in the OS itself), closed source, and limited development tools. Compared to what one could learn in a Linux/BSD system, Windows falls quite short. Sure, not everybody has the time and will to learn Unix shell scripting, or perl, or how configure qmail. But if knowledge is power, I wouldn't say that Windows makes this power so easily accessible for everybody. Just my opinion.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    At work they use Windows, so it's easier for me to use the same OS.
    I'm not interested in other OS's, maybe at the age of 25, but that's long ago.
    I don't work with computers, I work with people and I use my PC as a sophisticated typewriter. Security is just a hobby, not my job.
    Everything I know about security, I learned at SWI and alot more at Wilders.
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Linux is getting there. It's not there yet for the masses. So, once again, we have a Microsoft or Apple designed operating system.

    The fact is, there will always be security holes in operating systems, no matter the origin. It is the nature of the beast.

    Wilders is here to sort out problems people are having with their computers and to prevent them in the future -- no matter the operating system.

    Therefore, we post.
     
  12. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Some months ago, a list of fonts sites was posted at Ten-Forward which included one with a BHO exploit. (it was soon discovered and removed from the thread). If a visitor to the site was convinced that the plugin was necessary, it installed wupdt.exe behind the scenes (unless caught by other means). Is this the user's fault, or the fault of the browser exploit?

    This site could appear in a search of fonts sites, and a user might not suspect anything is wrong.

    __________________________________
    Description:
    wupdt.exe IEPlugin is an IE Browser Helper Object that monitors site addresses,
    content entered into forms, and even local filenames browsed, and pops up advertisements
    when it sees a targeted keyword.
    __________________________________

    http://www.rsjones.net/imgs/fontmania.gif
    http://www.rsjones.net/imgs/fontmania-scan.gif
    _______________________________________________
     
  13. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    It maybe true that their bugs aren't the only problem, but their intended features are just as much to blame. Windows was never conceived as a network OS and so the obsession of MS to seamlessly integrate the web with the local PC is a terrible and misguided mistake. The PC and the rest of the universe are definitely different entities and should be kept separate. All of their clever technologies for breaking down the barriers such as active x, MS networking and so on are the key weaknesses in the OS and therefore become the key areas of attack, so the barriers should have never been broken down in the first place.

    Unix, Linux and MacOS X all have networking at their core and are therefore much more secure from the outset. The real weakness with Windows is the result of the MS "vision" which although very successful commercially has been a foolish and dangerous route to take.

    But that is the price of success. How long it will continue is up to the fickle market which MS are responding to.

    I use Windows XP, Ubuntu Linux and MacOS X, so I have a relatively wide experience in the OS arena. ;)
     
  14. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    You can't blame the user for this for the obvious reason that you can't see what's behind a link, and the blame lies with the exploit.
    But the OS, in this case windows, doesn't go free either.

    In my opinion there is a basic designflaw in the way microsoft implemented their browser into the system. It is firmly hooked into the the operating system, so once the malware is in it can go all the way because it has the whole system to play with.

    So i think they should take out IE of the system, that would help matters a great deal, it is a malware-writers dream.
    Those are the things they should be concentrating on instead of blaming users clicking on links, we are not perfect everybody can be misled by this.


    Lamehand
     
  15. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I use PC-BSD :cool: and Windows Xp(which I enjoy, but it just well, I don't know, it is vulnerable, used by many(i like to be a rebel), and I have various other reasons.)

    PC-BSD is so easy it is crazy. All you do is download a file from the internet from the .pbi website, double click it, hit next a few times and it is installed. The installer for the OS is all GUI as well, so there is a very weak excuse for saying that you don't move from windows to another os because it is too hard to install stuff.

    Alphalutra
     
Loading...
Thread Status:
Not open for further replies.