Stop Microsoft
All Things Microsoft => Microsoft Software => Topic started by: mobrien_12 on 12 February 2006, 02:20
-
http://it.slashdot.org/it/06/02/11/2259232.shtml
http://blog.washingtonpost.com/securityfix/2006/02/microsoft_antispyware_deleting_1.html
Microsoft's Anti-Spyware program is causing troubles for people who also use Symantec's Norton Anti-Virus software; apparently, a recent update to Microsoft's anti-spyware application flags Norton as a password-stealing program and prompts users to remove it
Brilliant, MS. Can you imagine how many headaches this is going to cause the windoids?
-
http://it.slashdot.org/comments.pl?sid=177101&cid=14696745
I think that comment says an awful lot. ;)
-
Notron is shit anyway ... it has tons of bugs and security holes (or it did ... somehow I don't think they really fixed them or new ones came up)
-
Norton sux
but that does not excuse
M$ for SHARKING again!
-
Firstly all anti-virus sortware is shit and I'm sick and tired of people believing the myth that it's the best way of securing thier system. No, using a limited account for the non-administrative activities offers a far greater level of protection than any bug ridden anti-virus program.
If you must use anti-virus then don't use more than one program at the same time. I strongly advise against using a memory resident scanner because it's a recource hog and also a cause of instability.
-
I used Norton once. It was a system hog and ran scans at almost random intervals. The UI was also too complicated. Oviosly I uninstalled it.
-
I wouldn't be surprised if MS is right :P
-
I don't believe that running windows under a limited priveledge account is enough to protect you from virus infections. OSX, Linux, BSD, yeah. Windows, no.
You run Windows regularly in the manner that most users do, you pretty much have to have an antivirus program, because Windows is such a piece of junk.
Yes, Antivirus software is bloated. Yes, it is a resource hog. Yes, it slows your system down. Yes, it causes problems. All reasons to use a secure operating system that doesn't need AV.
Now most windows users need anti-spyware stuff too, again as a band aid for the Windows crappy security. It's inexcusable, and pathetic, for one security band-aid to disable another.
-
Now most windows users need anti-spyware stuff too, again as a band aid for the Windows crappy security. It's inexcusable, and pathetic, for one security band-aid to disable another.
http://security.tombom.co.uk/shatter.html
This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor. Microsoft has known about these flaws for some time; when I alerted them to this attack, their response was that they do not class it as a flaw - the email can be found here. This research was sparked by comments made by Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. He mentioned Message Queueing, and immediately regretted it. However, given the quantity of research currently taking place around the world after Mr Allchin's comments, it is about time the white hat community saw what is actually possible.
This paper is a step-by-step walkthrough of how to exploit one example of this class of flaw. Several other attack methods are discussed, although examples are not given. There are many ways to exploit these flaws, and many variations on each of the stages presented. This is just one example.
Does anyone know if MS has fixed that exploit since?
-
The so called "Shatter" type of attack still works. It basically means that anything running on the same desktop can be owned. Windows isn't limited to single windowstation or single desktop, though, and I recall there's no similar vulnerability for jumping outside the desktop bounds.
There are more serious shatter-type attacks than described on the above paper, too. For example, common control header resize and size query can be used to write any data into target process memory without having VM privileges. Ouch!
So, this is an issue if you have gui applications running as admin on the user's desktop. For this reason, services nowadays run their GUI code with user privileges and communicate with the privileged code through pipes.
This issue is unfixable since the vulnerability exists by design, however it's contained to the software running in a single desktop. In multi-user windows environments different users have different desktops and even different windowstations and this isn't an issue. The secure desktop invoked through Ctrl-Alt-Del is unaffected and the gui stuff there cannot be taken over, same applies for screensavers. Except on w9x, ofcourse :)
-
http://security.tombom.co.uk/shatter.html (http://security.tombom.co.uk/shatter.html)
Does anyone know if MS has fixed that exploit since?
Great article ... :thumbup: ... I suppose the exploit is not fixable, at least from the info I'm getting.
-
Yea, it cannot be fixed as long as win32 api is being used. However, as more and more applications move onto .NET, the whole win32 subsystem might become obsolete in the future. With that, its design flaws will also vanish into oblivion.
-
Yea, it cannot be fixed as long as win32 api is being used. However, as more and more applications move onto .NET, the whole win32 subsystem might become obsolete in the future. With that, its design flaws will also vanish into oblivion.
That's going to be a long time in the future - I don't think Windows98, Windows2000, and WindowsXP are going anywhere. The marginal benefits of upgrading aren't looking good so far.
-
I don't know anyone anymore who still runs win98 for any real purpose. Well, I think my sister might still use it on one system since she has hardware that doesn't have drivers for anything else. Or perhaps even she doesn't, not sure. The point is, win98 is basically gone already.
Win3.x and ms-dos are still used in many commercial settings, especially in systems that aren't networked. However, this is done for applications. For generic use, home users and commercial workstations, the w9x line is already in the past.
Also, there's .NET framework for current windows systems, which means people can move to .NET systems without changing their OS. The point is, when enough software is on .NET the underlying OS can be completely changed. The real question is, how much everyday software is going to move to the .NET platform and how soon?
The .NET framework has still some work to do, too. It's not very mature, you'll run into problems by trying to write even the simplest of applications. However, it's being worked on and in 2-4 years we'll have stable .NET platform with sensible APIs for writing real world applications. Another 2-4 years from that and microsoft will have ported their significant applications to .NET and by then we probably have stable GNU mono around as well.
Maybe :)
-
I don't know anyone anymore who still runs win98 for any real purpose. Well, I think my sister might still use it on one system since she has hardware that doesn't have drivers for anything else. Or perhaps even she doesn't, not sure. The point is, win98 is basically gone already.
So sorry, but I believe you are quite mistaken. I know lots of people who run Windows 98. In 100% of those cases, it is because their computers couldn't handle a higher version, either because of poor processor power, or low RAM. Mostly, these people use their computers for records-keeping and WalMart-software. But they are still computer users. And the marginal cost of buying a P3 with 256MB RAM is more than the marginal benefit of increased performance. Relatively low income households, is what I am talking about here.
Admittedly, when I have to use (or more likely "fix") these people's computers, I feel all icky and wonder what the fuck they are doing with such a piece of shit. But does that mean they should be totally written off when it comes to support and protection? I don't think so.
I am uninterested in denying the technologically underpriveleged the right to information.
-
Tell 'em to switch to Linux
-
Tell 'em to switch to Linux
Yeah, right - these are people who haven't figured out Windows yet, even though they've been using it at work for the last 10 years. Linux to them would be like Linux to a dog.
-
Yeah, right - these are people who haven't figured out Windows yet, even though they've been using it at work for the last 10 years. Linux to them would be like Linux to a dog.
That is exactly why it won't matter what operating system they use at work. The typists will use anything.
-
However, the one thing they fear more than their own computers is a change of any kind in their own computers. If I were to sit down in front of a Sun workstation running SPARC or something, I could probably navigate around and get some things done, even though I've never used that OS before. A lifelong PC user from the reception pool may not know shit about Windows, but at least s/he is somewhat familiar with how a few things work. I tried to teach my dad how to navigate the Linux filesystem, and it was like trying to teach a dog how to read. He knows his way around the Windows filesystem (sorta), but only through 15 years of repitition. Point - secretaries would notice the difference, and be upset by it.
-
Point - secretaries would notice the difference, and be upset by it.
Why do secretaries need to know the filesystem for?
They only need two things: their applications and their home directory.
Hell, you can even make things easier by mounting the home directory as /home/mystuff for every workstation (instead of smb://172.16.49.9/homez/r.verdonk/filez/).
-
I reckon file browsers should automatically show a description of directories. it would INSTANTLY make it easier.
/bin - basic programs
/etc - system settings
/dev - hardware devices
/home - !!!!personal documents!!!!
/sbin - administrative programs
/usr - secondary
...
-
Microsoft Anti-Spyware is an oxymoron.
-
And the marginal cost of buying a P3 with 256MB RAM is more than the marginal benefit of increased performance. Relatively low income households, is what I am talking about here.
I've done a lot of research in this area and a modern Linux distro running KDE uses a similar amount of resources as XP.
I don't worry too much about the hardware requirements of Windows as anti-virus uses up far more memory therefore it's the biggest resource hog. Windows XP only uses between 64MB and 98MB of RAM depending on which services are enabled while a typical memory resident virus scanner and good quality firewall uses between 200MB to 300MB. This isinsane considering the supposed hardware requirements for anti-virus software are minimal.
-
I've done a lot of research in this area and a modern Linux distro running KDE uses a similar amount of resources as XP.
They might use a similar amount of RAM but Linux has much better memory management I think. Also, KDE has features that Windows XP lacks.
-
They might use a similar amount of RAM but Linux has much better memory management I think.
To be honest I haven't seen any objective evidence to support this. I've also been doing some research into the NT kernel recently and I've discovered that it kicks arse in so many ways, (Dave Cutler is a fucking genius). I don't think the kernel (hence the memory management) is the bad part of Windows, it's the shit that surrounds is that causes most of the problems and anti-virus is probably top of the list, well second to the malware it so pathetically tries to protect you against.
Also, KDE has features that Windows XP lacks.
That's true the Windows Desktop is shit, I actually prefer Xfce - it's an excellent compromise between resourse usage and features.
-
To be honest I haven't seen any objective evidence to support this. I've also been doing some research into the NT kernel recently and I've discovered that it kicks arse in so many ways, (Dave Cutler is a fucking genius). I don't think the kernel (hence the memory management) is the bad part of Windows, it's the shit that surrounds is that causes most of the problems and anti-virus is probably top of the list, well second to the malware it so pathetically tries to protect you against.
http://www.microsuck.com/forums/showpost.php?p=107975&postcount=52 (http://www.microsuck.com/forums/showpost.php?p=107975&postcount=52)
That's true the Windows Desktop is shit, I actually prefer Xfce - it's an excellent compromise between resourse usage and features.
You'd almost think with my 256MB RAM I'd be running something like XFCE, but GNOME runs brilliantly. I haven't notice any performance difference since switching from XFCE to GNOME (even though I know it's there).
-
Is the desktop shell integration in Windows the flaw that allows a "Shatter" attack to succeed? I had an ME box that I ran IERadicator on (the version that breaks the desktop shell integration). A lot of programs had to be replaced after that because they were making hard calls to IE and would no longer work.
BUT, after that the OS actually became stable and quiet, kind of like Win2000. I also deleted WinMgmt.exe and that really helped, too.
Win98SE is still useful, we have boxes at work running it. XP has so many network services that it will crash when hit by a bug, but 98 will at least function. I use Virtual 98 and TMPGEnc Plus on my eMac for video recoding. Virtual XP would be too slow.
And yeah, Norton sucks big time, it's a resource hog.
-
My computer never runs out, or even comes close to running out of ram while running Linux (Stentz with GNOME desktop). The most it ever uses is about 40% of total ram, or about 400 MB (under heavy gaming conditions) :D ... I suppose that doesn't mean much to someone with 256 MB of RAM. Hey, at least it doesn't use 700 - 800 MB like XP ! :eek:
-
I don't care about the numbers - I can do more, faster, on this computer than anyone else with 256MB RAM could dream of doing on Windows. proof (http://www.microsuck.com/forums/showpost.php?p=107739&postcount=18)
-
http://www.microsuck.com/forums/showpost.php?p=107975&postcount=52 (http://www.microsuck.com/forums/showpost.php?p=107975&postcount=52)
I don't care about the numbers - I can do more, faster, on this computer than anyone else with 256MB RAM could dream of doing on Windows. proof (http://www.microsuck.com/forums/showpost.php?p=107739&postcount=18)
That's just someone's personal experiance, I rest my case, I have yet to see an objective well-reasoned argument against Windows's memory management. Just the fact that my work's computer is still usable despite having only 256MB of RAM and a big memory resident anti-virus program running is enough proof to me that it isn't as bad as you say.
-
That's just someone's personal experiance, I rest my case, I have yet to see an objective well-reasoned argument against Windows's memory management. Just the fact that my work's computer is still usable despite having only 256MB of RAM and a big memory resident anti-virus program running is enough proof to me that it isn't as bad as you say.
But if you try what worker tried, you're fucked. Most people won't be doing that though, but some will, and the memory management will suck for them.
And er, if you're comparing memory management between Linux and NT, wouldn't it make sense to bring large things into memory?
-
Well I am not quite sure where this fits in, but on my dads laptop, it has only 256MB ram, and it runs UT2004 with 100MB aviailble ram, (ut2004 uses about 200-300MB ram)
-
But if you try what worker tried, you're fucked.
I've never had the need to so I'll probably never know but there again one day when I'm bored I might have a go. Worker wasn't even comparing Windows to Linux, he was comparing it with Mac OS which runs on PPC, which is a totally different architecture, therefore how do we know whether it's Windows being slow or it's PPC being being faster than x86?
And er, if you're comparing memory management between Linux and NT, wouldn't it make sense to bring large things into memory?
To have give Windows fair test you need to disable any memory ant-virus and use similar (preferibly the same) software and compare it with the other OS running on the same hardware.
-
I've never had the need to so I'll probably never know but there again one day when I'm bored I might have a go. Worker wasn't even comparing Windows to Linux, he was comparing it with Mac OS which runs on PPC, which is a totally different architecture, therefore how do we know whether it's Windows being slow or it's PPC being being faster than x86?
Well I guess it's a shame Windows XP won't run on PPC ;) GNU/Linux and Mac OS X run on PPC and x86.
To have give Windows fair test you need to disable any memory ant-virus and use similar (preferibly the same) software and compare it with the other OS running on the same hardware.
Yep. I might install XP here temporarily and open up some large image in the GIMP.
/me opens up the GIMP to create the largest image ever.
-
I'd also remove any malware first or even better do it on an install that's never had any malware before.
-
I'd also remove any malware first or even better do it on an install that's never had any malware before.
If I remove the malware there'd be nothing left.
Only messin. Yea I'm looking for that damn XP CD.
-
Just for kicks, I was using Illustrator the other day in Windows, and I had the system monitor open. While saving a file (EPS, 85MB), processor usage peaked at 100% for like 45 seconds, and the memory used doubled, from like 320MB to 650MB. After the 45 seconds, things very slowly went back to normal, with Illustrator using not much more than 10% of the processor, and memory levels stayed at 320MB.
So this tells me one thing. Windows I guess has okay memory management, but it is strange. It doesn't seem to be using the paging file, it just uses RAM to back itself up. Which doesn't seem sane to me, making a backup of yourself in the same place as the original. Additionally, the average PC has pretty slow RAM. My Dell is about 3 years old, and even with 1.5GB RAM, it is slow RAM, so using the base RAM for paging seems hackish - some sort of specialized fastRAM would be better for this. (note please that I'm not exactly a hardware expert, this is just how things seem to be working to me, given the information I have available)
Also, I've done a lot of fudging around with processes in Linux, you know changing priorities and whatnot, and I have never seen a process take up 100% of cpu cycles. Really intensive programs, like transcode, or surface (a mathematical modeler) will spike to 90% at times, but will never have a sustained usage of more than 80%, while everything has equal priority. Giving transcode a nice level of 4 (making it take twice as long) drops this usage to like 40% with no spikes. Interestingly, at this level, the machine doesn't seem to take any kind of performance hit. So a loss of 40% of the processor doesn't make any difference at all to the rest of the computer. While saving in Illustrator, even Freecell will freeze up for the duration.
So what we have here cannot totally be blamed on anything, really. It's a combination of things. Memory management, default processor usage, RAM speed, and etc all play a part. The key, I feel, is the sum total of all the differences. The sum total is that Windows is shit, and Linux is good. The Linux system handles things in a more reasonable and useful way. I dare say that Windows is designed for people fucking around with email and the web and Word, while Linux seems to be designed for multiple hardcore processes - like compiling C, running httpd, backing up files, and fucking around with email and the web and vi.
Again, the effects of these differences aren't apparent in normal secretary situations. But I like to push my computer, having 20 tasks going at once. Windows just can't handle it. Linux can. And my really old Mac can too.
-
You still haven't said, are you running anti-virus on Windows?
-
Normally, I do, but I had it turned off during the test outlined above, because Illustrator crashed with a memory error.
Just a few minutes ago, the processor started grumbling and causing a typing delay, even though I only have SeaMonkey and Trillian open, so I killed Norton again. Interestingly, I've never had problems like this before.