Posted on 12/06/2007 9:59:43 AM PST by driftdiver
I guess it depends upon how you look at it. I'd say that a hardened SELinux box is a completely different beast from a Unix system of 20 years ago.
I'd also say that we've had 20 more years to gain experience on the platform and make it harder in general.
I'd never say that it's impossible to root a Linux box.
I would say, however that it's orders of magnitude harder than anything that comes out of Redmond. The thing I find most hilarious though is that you have to reach back 20 years for a successful Unix worm. Not so for certain other operating systems we could name.
How many years has it been since BSD had a remotely exploitable kernel bug?
Then you are useless to me and I would never hire you. If you don't know Macs then you don't know UNIX. Mac OS X is based on the grand-daddy of all UNIXes: BSD.
Our very, very, large company is needing technical expertise to transition from old Windows/DOS command code to something a little more modern and without the Microsoft Licensing fees.
I'm looking at resumes from many backgrounds these days. Those that claim to be be Mac/UNIX has not disappointed me so far.
That is incorrect.
Try the following as a test.
echo blahblahblah > blah.bat blah.bat ren blah.bat blah.com blah.com ren blah.com blah.exe blah.exe
You will see that the system will in fact do its best to execute all three versions.
It will also demonstrate another security weakness. You might notice that in my previous example on my unix box, I had to preface each attempt to execute the command with "./". That's because on any properly configured Unix box, your current directory is not in your PATH, so you have to go out of your way to execute a program that is not in the PATH.
Hard to believe that in all this time, even that basic a security tactic is not followed by Microsoft. I'd be tempted to call it criminal negligence, but I'm sure that would pop some gaskets here.
The OS tells the user when a file being downloaded contains an executable file and asks for permission to proceed with the download. If the user gives it permission to continue, and then double clicks on the resulting icon, the OS then warns the user that he is starting a new application for the first time and asks permission to continue. If that application is an installer or attempts to modify the system files or application directory, the OS will require an Administrator's name and password to continue.
Hacking a Mac is also not as easy as they are leading you to believe.
Last summer, a conference of Canadian hackers were presented with two challenges. Two just out-of-the-box MacBook Pros were connected to the LAN at the conference with no firewall. The first person among these hacking experts who gained unauthorized user access to the Mac and added a file to a specific location would win the $2500 computer and $10,000. Anyone who could gain Root access to either computer would win the second MacBook. After 48 hours of concerted effort by experts, neither notebook had been penetrated. They contest organizers then relaxed the rules. Hackers could direct the referees to navigate to a specific website and click on a link placed there by the hacker. Ports could be opened by the native software on the MacBook such as Safari or Quicktime and the hackers could attempt to get in that way. Thirteen hours after the new relaxed rules were implemented, one of the attendees ( with the help of an outside expert ), using a flaw in both Quicktime and Java, gained user level access and won the MacBook Pro and the $10,000. No one got the second MacBook.
Last winter an Asst. Professor of IT at the University of Wisconsin put a Mac Mini on the Internet as a server with a webpage challenging anybody in the country to hack it and deface the website. Thousands of attempts were made in the thirty-six hours before the University, upset at the over use of their bandwidth, shut the challenge down. No one succeeded.
So breaking into an OSX Mac is not as easy as they claim.
Did. See post 120 :-)
Of course we have. They report nothing open.
Re: in the millions
F-Secure, the bozos who were the basis for this article, said they “found 500,000 viruses and malware last year, up fro 250,000 the previous year.”
No, like you, I am just curious as to why someone would be doing something, anyhing, in which they profess to have no interest.
How many people do you think it would take?
5 million?
10 million?
20 million?
How many would it take before the "MAC" is no longer "obscure?"
Re: the Morris worm
One if the reasons that UNIX is so secure is that it has had such things as the Morris Worm. It has undergone trial by fire for more than 40 years and has had many of the potential ( but probably not all) vulnerabilities fixed.
the Apple Mac is becoming an increasingly tempting target for malicious computer hackers"...but of course, none of them has actually come forward with one, and to be completely honest, we couldn't find anyone who claimed to be a computer hacker who would speak to us on the record, oh, what the hell, the truth is, I was paid off to write this story, and it was largely based on some talking points from an unnamed competitor of Apple..."
‘Then you are useless to me and I would never hire you.”
Thats fine as I have my own company and don’t need your job and wouldn’t work for someone with your attitude anyway.
“If you don’t know Macs then you don’t know UNIX. Mac OS X is based on the grand-daddy of all UNIXes: BSD.”
Did I say I didn’t know unix? I used to be a Unix admin. I hate mac because of their haughty advertising.
“Those that claim to be be Mac/UNIX has not disappointed me so far.”
Thats fairly common regardless of the skillset.
“No, like you, I am just curious as to why someone would be doing something, anyhing, in which they profess to have no interest.”
I’m not sure if your comprehension skills are weak, or you didn’t understand the idiom of not having a dog in the fight. It doesn’t mean a lack of interest, it means that I don’t have a stake in the outcome.
Not having a stake doesn’t always translate to lack of interest.
It tries to execute them but it fails miserably twice. Windows, and DOS, expects certain things in a .com or .exe and a batch file doesn’t have those things so it throws errors about illegal instructions. It’s looking for those opening couple of bytes that tell Windows whether it’s a DOS com file and DOS exe a Windows 16 exe or a Windows 32 exe and finding none but believing it should find one it panics.
I don’t see a problem with the current directory in the path, the only “security” added there is requiring more keystrokes to run a program. Of course you do need to remember that’s DOS and DOS was designed as a single user OS for systems not connected to any outside world machines through anything more exciting than a 360K floppy. And now officially DOS doesn’t exist, though MS developers still use it constantly so you can still get to it, but it’s not on the menu and kids coming out of college today give you a glassy look when you tell them to open a DOS prompt (I know, I’ve gotten that look).
“Unix is better designed than MS-Windows”
It is worse than that. Vista is a kludge of several failed and successful versions of the OS. Longhorn was supposed to fix all this but got so bloated and featured up (25 managers for each developer) it had to be shelved. Vista is a slap together OS needed to keep MSFT stock up.
MSFT needs to take a page out of Apple’s book and come up with layered OS. Base the kernel on Unix and then spend all that dough on a GUI (simple and clean) and apps (iLife-ish). LIke Apple it could offer a compatibility box (i.e. Classic) for a couple of years (versions) - maybe outsource this to VMWare.
There is no value in re-inventing the wheel of the lower level code. Unix device driver development is also pretty easy and very well understood.
Huh that’s funny as of Windows 2003 by default users have to go through two of those three security steps (If the user gives it permission to continue, and then double clicks on the resulting icon, the OS then warns the user that he is starting a new application for the first time and asks permission to continue. If that application is an installer or attempts to modify the system files or application directory, the OS will require an Administrator’s name and password to continue.) to do the same thing, and everybody complained that it was annoying as hell and MS was getting in the way of the user.
I think a lot of the security difference comes down to who the users are and what they do. The reality of Windows is that if you do things properly, using NTFS and file level security, not logging on as someone with administrative privileges unless you actually intend to do administrative type stuff (every install since XP tries to steer you to the non-admin account), keep up to date on your patches (which is really easy since Windows defaults to doing that for you), pay attention to the occasional warnings, you can run a Windows box for years and not get any malware. But Windows users don’t, many probably because they don’t know better, but for us old timers we just don’t want to. I’ve come up from the DOS days, I’m used to my computer considering me to be a god and I simply don’t want to put up with the hassle of being logged on as a normal user and I hate all those security warnings and turn them off. I recognize there’s a risk there, sometimes it even bites me in the butt, but I don’t care, I’m on the path of convenience.
I apologize for misunderstanding you. As a 70 year old Southerner I certainly understand "no dog in this fight" but I attributed to it more than you meant.
BSD is different.
All OSs have vulnerabilities, Windows far more than most.
The thing that makes Windows more vulnerable than most is the fact that Microsoft has it install with everything on and open. Most users have no idea they should turn off services, close ports, what firewalls are for, etc. I mean geez, Microsoft has it set up so the entire C drive is by default open for share.
Microsoft was warned before XP shipped, and they still don’t care to this day.
Have you ever read the book The Cuckoo’s Egg by Clifford Stoll ? Good read.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.