lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 16 May 2010 12:22:12 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: stuart@...erdelix.net
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows' future (reprise)

An interesting point - Unicode?

I don't think 5Mb files are infeasible, especially as time passes,
that'll be just a blip before long.

Stu


You call it a "blip" yet you are counting in infections for *everywhere* and
*anyone* so, what makes you think service providers (which have been comfy
in the last 6 years with a dialup-grade connection) to abruptly switch to
high-speed fiber-optic?

I'm just saying that your statistics are based on too little variables - it
would be like saying Earth will die of hunger just because a product is out
of stock at a local supermarket.

You yourself mentioned an error margin of ~24%. This will only *grow* by
next year.
Lastly, I stand my point: Malware cannot be taken is a combination (as you
and other certain "specialists" think of it). Reason number one being that a
software combination (hash) can vary from between "malware", "useful" or
"utterly useless"; ie, the combination of having only malware is so
undefinable that you can't put it in any equation.

Symantec's results are not wrong, it is how you/people use them that may be
wrong, such as attempting to predict anything out of them.

On Sun, May 16, 2010 at 6:32 AM, lsi <stuart@...erdelix.net> wrote:

> Hi Bill!
>
> Thanks for the tip on the DIR command, I did in fact notice that,
> however it doesn't give percentages (or total space), AFAIK, and my
> monitoring bot wants percentages.  My df also reports the computer
> name (so I can make sense of the output when the space on multiple
> machines is listed one after the other in a report, and if an alert
> is generated by the monitoring bot).
>
> The new version of my df uitil is 1951 bytes, the version on my site
> is old.
>
> I'm sorry I upset you because I mentioned .NET, is it because you
> make a living off it?  Sorry to be the bearer of bad tidings.  .NET
> is merely one case of many, I picked it as an example because I am
> currently supporting a customer with a £23,000 .NET application that
> has them utterly locked to Microsoft, and I have no hope at all of
> selling them unix anything.  Which is a shame for them (I just made a
> packet cleaning a nasty virus infection from one of their XP PCs).
>
> As for the .NET connector for PHP, yes, I made that up, and the
> problem is where?  You wanted a migration strategy, I gave you one! I
> did say off top of head.  You want me to research it?  That's
> £120/hr.
>
> I also don't see a problem posting my mail from a Windows PC.  Why do
> I need to be running unix before I can report that malware is
> mutating at 243%?  I don't, is the short answer.
>
> Why don't you criticise my arguments, instead of myself, or my job,
> or my computer, or my email program, or my personal migration
> strategy, or my software?  Is it because you can't?  I think so.
>
> Stu
>
> On 16 May 2010 at 3:06, Thor (Hammer of God) wrote:
>
> From:                   "Thor (Hammer of God)" <Thor@...merofgod.com>
> To:                     "full-disclosure@...ts.grok.org.uk" <full-
> disclosure@...ts.grok.org.uk>
> Date sent:              Sun, 16 May 2010 03:06:18 +0000
> Subject:                Re: [Full-disclosure] Windows' future (reprise)
>
> > This just gets better all the time.  I have to admit, it was fun at
> first, but now's I grow weary, mostly because this is just sad.
> >
> > For you to actually think that one can't find out how much free drive
> space in Windows would be funny it were not so ridiculous.  And it's been
> built into DIR forever.  Oh, and your .bas file is 60,000 some odd bytes,
> not 1951.  I think you are confusing the size with the last time you
> actually did research into what you are talking about.
> >
> > The main point here is for people to see how easy it is for someone who
> admits that they know nothing about .NET, nor care to learn anything about
> .NET, to honestly and publically say that people must uninstall it as if it
> were the plague.  You actually get paid to tell people to uninstall it and
> use "a .NET connector to PHP" - whatever the hell that is.  Simply amazing
> to me.
> >
> > And yet, it's fine for YOU to continue to use a "closed source" operating
> system to run your "dear Peg" closed source email program because you don't
> feel like practicing what you preach.   To think that you consider insight
> into moving a couple of computers over to *nix as the basis to make sweeping
> generalized statements of how migrating is a one-off cost staggers the
> imagination.  But, everyone is entitled to their opinion, so good luck with
> yours dude.   But what you are doing to the poor people who not only trust
> you but also pay you seems to be quite a disservice indeed.  But that's
> between you and whatever your ethic is.
> >
> > So in a nutshell (and I'll drop off after this as I think this has played
> itself out) you hate closed source and .NET and get paid to tell other
> people to migrate to non-existent ".NET connector's to PHP" after switching
> from Windows to BSD, but compose the very email that you so vehemently
> condemn them on a closed source operating system with a closed source
> program because you don't have "time to figure out how to use your computer
> at the same time." (direct quote).  I think I got it.  Thanks for sharing.
> >
> > Oh, one last thing - your "dear Pegasus" 4.51 Windows-based program that
> you hypocritically hold on to while demonizing Windows and .NET was...
> wait for it....   wait for it....   written with Visual Studio 2008 C++  - a
> proud Microsoft .NET Framework development platform!
> >
> > Ladies and Gentlemen, Goodnight!
> >
> > t
> >
> > -----Original Message-----
> > From: full-disclosure-bounces@...ts.grok.org.uk [mailto:
> full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of lsi
> > Sent: Saturday, May 15, 2010 7:15 PM
> > To: full-disclosure@...ts.grok.org.uk
> > Subject: Re: [Full-disclosure] Windows' future (reprise)
> >
> > On 16 May 2010 at 0:09, Thor (Hammer of God) wrote:
> >
> > > Just as I expected.   A wishy washy response, nothing concrete or even
> > > vaguely resembling substantive material, backtracking on an exact
> > > quote, the obligatory reference to your formula ala Craig Wright, with
> > > the final "oh, I'm sure you would like to know, but I'll have to
> > > charge you in order to tell you."
> >
> > Well spotted, I am a consultant... I get paid to behave that way!
> >
> > It was your misquote I corrected, if you call that a backtrack, suit
> yourself!  I was giving you my working so you could reproduce my numbers...
> never mind.
> >
> > > I was wrong to assume that you would try to educate yourself about
> > > .NET
> >
> > Other than how to uninstall it, I have no desire to know anything about
> it.
> >
> > > The "amount of free disk space on a drive" utility you wrote
> >
> > Yeah, how crap, it's called df in unix, everyone hates it enormously!
> > A truly useless tool.  That must be why a df command appeared in Version
> 1 of AT&T UNIX.  Windows doesn't have something like that, so I made one
> myself.  You should see the new version, writes to STDOUT, supports multiple
> drives on one commandline, 1951 bytes of source, 154k uncompressed EXE, beat
> it if you can....
> >
> > > P.S.  The headers on your email show that you are using Pegasus Mail
> > > for Windows (4.51).  I know a guy who can help you switch to Linux if
> > > you want.  I think he charges about £120/hr.
> >
> > Amusing, however Pegasus is a perfect example of the difficulty users
> face when migrating.  As my dear Peg isn't open source, it's one of the
> reasons this machine still runs Windows (along with Quake, and the tools I
> have created over years to help me work, and their PowerBasic compiler).  I
> don't want to be on the phone to a customer and trying to figure out how to
> use my computer at the same time, so I decided to go slow for now.  I think
> this is a fair decision.  My servers run unix, it's just this desktop that
> is left.  I'm not in a big hurry, this machine is nicely optimised.  I'm not
> looking forward to the day that I have to rewrite all my tools.  I know it
> will be a total PITA, take ages, introduce bugs and generally cost me a
> packet.
> > Unfortunately, long-term, the alternative is even worse.  I am very
> familiar with the issues faced when migrating, as I have those issues.  Does
> this surprise you?
> >
> > Stu
> >
> > > -----Original Message-----
> > > From: full-disclosure-bounces@...ts.grok.org.uk
> > > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of lsi
> > > Sent: Saturday, May 15, 2010 4:15 PM
> > > To: full-disclosure@...ts.grok.org.uk
> > > Subject: Re: [Full-disclosure] Windows' future (reprise)
> > >
> > > > IOW, you took what Symantec's numbers were for one year, and guessed
> > > > they would be the same for this year, and then posted how you were
> > > > almost right.
> > >
> > > You definitely misunderstand.  AFAIK, Symantec do not publish the
> number 243%.  I calculated it myself, using this sum:
> > >
> > > (0.92 + 3.67 + 1.64 + 1.24 + 4.44 + 2.65) / 6
> > >
> > > I also calculated those numbers, using the general formula y(n+1) /
> y(n).  This is all explained on the link I gave in my original post:
> > >
> > > http://www.cyberdelix.net/files/malware_mutation_projection.pdf
> > >
> > > Even in the most recent report, Symantec only refer to the growth rate
> by saying it was "more than double" (eg, 200+%) - although I haven't read it
> closely, they may well elaborate on that at some point.
> > >
> > > > You people really need to get your stories straight.
> > >
> > > There is only one of me, I assure you.
> > >
> > > > Then you blithe on about how people should "avoid any software that
> > > > locks them into a Microsoft Platform like the plague" and
> > > > specifically note .NET for businesses but of course fail to provide
> > > > any examples of where they should go, or any real advice on your
> > > > "mitigation strategy."
> > >
> > > I agree Windows needs mitigation, that is why I am posting.  I didn't
> mention alternatives as that's not my purpose, to promote a specific
> product, and I wouldn't want my observations to be tainted by it.
> > > However, now you've asked, I'd recommend FreeBSD, without even seeing
> your spec.  Desktops?  PC-BSD.  As for .NET, off top of head I'd suggest a
> .NET connector for PHP, running on FreeBSD of course.
> > >
> > > > What it is about .NET that should be avoided like the plague?  Wait,
> > >
> > > Sorry but I already answered that.   It's because it locks the
> > > customer into a Microsoft platform.
> > >
> > > > One must assume that you are an expert .NET developer
> > >
> > > You'd assume wrong - it doesn't take an expert to recognise a
> dependency.
> > >
> > > > Additionally, you've clearly performed migration engagements for
> > > > these people you "advise."  Please let us know what the actual
> > > > migration plan was, and how you have so brilliantly created a
> > > > one-off cost migration path.  I'm really interested in the details
> about that.
> > >
> > > I'm sure you are, and I'd be happy to oblige.  My rates for that kind
> of work start at £120/hr.  Please PM me for more info.
> > >
> > > > Details on your SDL process would be fantastic as well.
> > >
> > > Continuous incremental improvement (TQM). RERO.  Prototyping.  Agile is
> the word used nowadays I believe... revolution through evolution, as I
> said....
> > >
> > > Stu
> > >
> > > > -----Original Message-----
> > > > From: full-disclosure-bounces@...ts.grok.org.uk
> > > > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of lsi
> > > > Sent: Saturday, May 15, 2010 1:07 PM
> > > > To: full-disclosure@...ts.grok.org.uk
> > > > Subject: Re: [Full-disclosure] Windows' future (reprise)
> > > >
> > > > Is that you, Bill?
> > > >
> > > > I think you misunderstand.  9 months ago, I measured the growth rate
> at 243%, using Symantec's stats.  9 months ago I posted that number here,
> together with a prediction of this year's stats.  Recently, I got this
> year's stats and compared them with that prediction.  I found that this
> prediction was 75.4% accurate.  I am now reporting those results back to the
> group.  And this is trolling how?
> > > >
> > > > My point is that the prediction was not wildly wrong, and so that
> leads me to wonder if anything else I said, 9 months ago, was also not
> wildly wrong.
> > > >
> > > > My main reason for claiming that Windows is inherently insecure is
> because it's closed source.  However it's also because of the sloppy,
> monolithic spaghetti code that Windows is made of.  If you're claiming
> Windows is in fact inherently secure, I assume this means you don't use AV
> on any of your Windows machines, and advise everyone you know to uninstall
> it?
> > > >
> > > > I never said migration would be free or easy.  That is why I am
> posting this data here, because I see it as a vulnerability, a very big
> vulnerability that many companies have not woken up to.  The very fact that
> migration is hard, lengthy, and expensive, means that the vulnerability is
> larger than ever.
> > > >
> > > > Stu
> > > >
> > > > On 15 May 2010 at 14:40, Thor (Hammer of God) wrote:
> > > >
> > > > From:               "Thor (Hammer of God)" <Thor@...merofgod.com>
> > > > To:                 "full-disclosure@...ts.grok.org.uk" <full-
> > > > disclosure@...ts.grok.org.uk>
> > > > Date sent:          Sat, 15 May 2010 14:40:29 +0000
> > > > Subject:            Re: [Full-disclosure] Windows' future (reprise)
> > > >
> > > > > I am constantly amazed at posts like this where you make yourself
> sound like some sort of statistical genius because you were "able to
> predict" that since last year was %243, that this year would be %243.  Wow.
>  Really?
> > > > >
> > > > > And for the record, these claims of 'inherent insecurity' in
> Windows are simply ignorant.  If you are still running Windows 95 that's
> your problem.  Do a little research before post assertions based on 10 or 20
> year old issues.
> > > > >
> > > > > This smacks of the classic troll, where you say things like
> "nothing that Microsoft makes is secure and it never will be" and then go on
> to say how easy it is to migrate, and how it's free, with only a one off
> cost, and how to move off of .NET.
> > > > >
> > > > > Obvious "predictions," ignorant assumptions, and a total lack of
> any true understanding of business computing.  Yep, "troll."
> > > > >
> > > > > t
> > > > >
> > > > > -----Original Message-----
> > > > > From: full-disclosure-bounces@...ts.grok.org.uk
> > > > > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
> > > > > lsi
> > > > > Sent: Saturday, May 15, 2010 6:12 AM
> > > > > To: full-disclosure@...ts.grok.org.uk
> > > > > Subject: [Full-disclosure] Windows' future (reprise)
> > > > >
> > > > > Hi All!
> > > > >
> > > > > Just a followup from my posting of 9 months ago (which can be
> > > > > found
> > > > > here):
> > > > >
> > > > > http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg3
> > > > > 71
> > > > > 73.html
> > > > >
> > > > > Symantec have released "Internet Security Threat Report: Volume XV:
> > > > > April 2010".  My posting from last year was based on the previous
> "Internet Security Threat Report: Volume XIV: April 2009".  So I thought it
> would be interesting to check my numbers.  The new edition of the Threat
> Report is here:
> > > > >
> > > > > http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202
> > > > >
> > > > > You may recall that last year, the average annual growth rate of
> new threats (as defined by Symantec) was 243%.  This enabled me to predict
> that the number of new threats in this year's Symantec Threat Report would
> be 243% of last years; eg. I predicted 9 months ago the number of new
> threats in this year's Symantec Threat Report would be 243% * 1656227, or
> 3840485.87.
> > > > >
> > > > > The actual number of new threats in this year's Symantec Threat
> Report is 2895802, an error on my part of 24.6%.
> > > > >
> > > > > This is quite a chunk, however it is not that far off.  My excuses:
> > > > >
> > > > > - my number was based on averages, so it will never be exact.
>  There will be a natural variance in the growth rate, caused by many
> factors.
> > > > >
> > > > > - in the new edition, Symantec have altered the raw data a little -
> the number of new threats for 2009, 2008, 2007 etc is slightly different to
> those same years, as listed in the previous version of the report.  I have
> not updated my projection to allow for this.
> > > > >
> > > > > - Symantec note that "The slight decline in the rate of growth
> should not discount the significant number of new signatures created in
> 2009. Signature-based detection is lagging behind the creation of malicious
> threats..." (page 48).
> > > > >
> > > > > Am I retreating from my position?  Absolutely not.  I am now
> expecting the number of new threats in next years' report to be 7036798.86.
> This is 2895802 * 243%.  This includes the error introduced by Symantec's
> changes to the raw data.  I don't think it matters much.
> > > > >
> > > > > As this flood of new threats will soon overpower AV companies'
> > > > > ability to catalogue them (by 2015, at 243% growth, there will be
> > > > > 2.739 MILLION new threats PER DAY (over 1900 new threats per
> minute)), and as Symantec admits above that "signature-based detection is
> lagging", and as Microsoft are not likely to produce a secure version of
> anything anytime soon, I am not at all hopeful of a clean resolution to this
> problem.
> > > > >
> > > > > I continue to advise that users should, where possible, deploy
> alternatives; that they should, if they have not already, create and action
> a migration strategy; and that they should avoid like the plague, any
> software which locks them into a Microsoft platform.
> > > > > Business .NET applications, I'm lookin' at you.
> > > > >
> > > > > Those failing to migrate will discover their hardware runs slower
> and slower, while doing the same job as it did previously.  They will need
> to take this productivity hit, OR buy a new computer, which will also
> eventually surcumb to the same increasing slowness.  They will need to buy
> new machines more and more frequently.  Eventually, they will run out of
> money - or, for the especially deep-pocketed, they will find they cannot
> deploy the new machines fast enough, before they are already too slow to
> use.  The only alternative to this treadmill is to dump Windows.  The sooner
> it is dumped, the less money is wasted buying new hardware, simply to keep
> up with security- induced slowness.
> > > > >
> > > > > Why spend all that time and money on a series of new Windows
> machines, without fixing the actual problem, which is the inherent
> insecurity of Windows?  People can spend the same time and money replacing
> Windows, and then they won't need to worry about the problem any more.  The
> difference is that sticking with Windows incurs ongoing and increasing
> costs, while a migration incurs a one- off cost.
> > > > >
> > > > > I don't think it takes a genius to see which approach will cost
> less.
> > > > >
> > > > > Notes:
> > > > > - see page 10 of the Volume XIV (2009) edition, and page 48 of
> > > > > Volume XV (2010) edition, for the relevant stats
> > > > >
> > > > > - since my post of last year, I have also noticed a similar
> > > > > exponential curve in the number of threats detected by Spybot
> > > > > Search and Destroy (a popular anti-spyware tool). This curve can
> > > > > be seen
> > > > > here:
> > > > >
> > > > > http://www.safer-networking.org/en/updatehistory/index.html
> > > > >
> > > > >  - my projection of growth rates up to 2016 (written last year) is
> > > > > here:
> > > > >
> > > > > http://www.cyberdelix.net/files/malware_mutation_projection.pdf
> > > > >
> > > > > Comments welcome..
> > > > >
> > > > > Stu
> > > > >
> >
> > ---
> > Stuart Udall
> > stuart at@...erdelix.dot net - http://www.cyberdelix.net/
> >
> > ---
> >  * Origin: lsi: revolution through evolution (192:168/0.2)
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> ---
> Stuart Udall
> stuart at@...erdelix.dot net - http://www.cyberdelix.net/
>
> ---
>  * Origin: lsi: revolution through evolution (192:168/0.2)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ