[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTilbWkcpgWh_dTwdJOSce1UQaf6Xy7L3SxlU78ib@mail.gmail.com>
Date: Tue, 18 May 2010 17:15:06 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: "Thor (Hammer of God)" <Thor@...merofgod.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Windows' future (reprise)
Thor,
Sorry, I didn't make my points clear enough. I was replying sarcastically to
Cassidy's remarks and asking him to prove his claims.
Regards.
On Tue, May 18, 2010 at 4:40 PM, Thor (Hammer of God)
<Thor@...merofgod.com>wrote:
> What messages warning you from using Windows? I certainly hope you do not
> have me confused with the OP – I already used the term “hysteria” to
> describe his ideas and subsequent recommendations. The entire premise is
> fatally flawed, and the subsequent replies show a level of ignorance that I
> have not seen in a “professional” security person in some time. It’s not
> surprising to see that the background of his site “remains blackened in
> protest against the many illegal and unethical activities of the USA.”
> Hysterical indeed.
>
>
>
> In fact, this thread has inspired me to add a new section to the Hammer of
> God website (currently undergoing major renovation) called “Tard of the
> Month” where I’ll take claims like the one submitted by the OP and
> basically… well, you know what I’ll do.
>
>
>
> I just want to make sure you understand that **I** didn’t have anything do
> with any ludicrous comments about abandoning the Windows platform because
> all the oxygen in my computer was being consumed by what Symantec notes as
> “new threats.”
>
>
>
> t
>
>
>
> *From:* Christian Sciberras [mailto:uuf6429@...il.com]
> *Sent:* Tuesday, May 18, 2010 3:40 AM
> *To:* Cassidy MacFarlane
> *Cc:* Thor (Hammer of God); full-disclosure@...ts.grok.org.uk
>
> *Subject:* Re: [Full-disclosure] Windows' future (reprise)
>
>
>
> Happens they are completely unrelated stories. Also happens that I won't
> fall for someone's hysteria from using windows.
>
> By the way, I don't know you, but I would depend on the _fact_ that I've
> been using a product without a hitch rather then someone's claims that the
> said product will fall in a year's time.
>
> By the way, I think it would do you a lot of good if you quote Thor's
> messages warning us from using Windows etc.
>
> If you only have a troll's remarks to add, then leave the discussion.
>
> As of this time, there is only one huge security risk all researchers agree
> on; human error aka people's stupidity....
>
>
>
>
> On Tue, May 18, 2010 at 11:01 AM, Cassidy MacFarlane <
> Cassidy.MacFarlane@...ntmanagement.co.uk> wrote:
>
> Sent from my HTC
>
>
> -----Original Message-----
> From: Thor (Hammer of God) <Thor@...merofgod.com>
>
> Sent: 15 May 2010 21:59
> To: full-disclosure@...ts.grok.org.uk <full-disclosure@...ts.grok.org.uk>
> Subject: Re: [Full-disclosure] Windows' future (reprise)
>
> No, It's Tim Mullen. No "Bill" here.
>
> No, I don't misunderstand: You said "You may recall that last year, the
> average annual growth rate of new threats (as defined by Symantec) was 243%.
> This enabled me to predict that the number of new threats in this year's
> Symantec Threat Report would be 243% of last years." IOW, you took what
> Symantec's numbers were for one year, and guessed they would be the same for
> this year, and then posted how you were almost right. Congratulation, you
> can make statements in the obvious.
>
> You people really need to get your stories straight. Isn't there some club
> or something you guys can join to at least sync up your talking points?
> First we hear about how AV is stupid, unneeded, useless, a waste of money,
> and if you install it then you are ignorant. Then we hear about how some
> people can "bypass AV" using kernel hooks on windows XP and call it an "8.0
> Earthquake." Now you come out and say that you predict that AV will not be
> able to keep up with these new "threats" and that people must stop using
> Windows as a result since Windows "is not likely of producing any secure
> version of anything anytime soon."
>
>
> Then you blithe on about how people should "avoid any software that locks
> them into a Microsoft Platform like the plague" and specifically note .NET
> for businesses but of course fail to provide any examples of where they
> should go, or any real advice on your "mitigation strategy."
>
> What it is about .NET that should be avoided like the plague? Wait, before
> you answer that, let's make sure you are qualified to answer. One must
> assume that you are an expert .NET developer and that you have keen insight
> into the very foundation of the platform in order to know unequivocally that
> it should not be used under any circumstances. Please give us some code
> examples of your .NET projects where it failed so miserably, even given your
> expertise, and then provide the "proper" secure solution in your magic
> TardWare solution. Certainly someone speaking with such authority on the
> matter can come up with examples in no time.
>
> Additionally, you've clearly performed migration engagements for these
> people you "advise." Please let us know what the actual migration plan was,
> and how you have so brilliantly created a one-off cost migration path. I'm
> really interested in the details about that. I would particularly like to
> know what authentication infrastructure you would build to support secure
> enterprise-based services, your solution for client access and
> administration, and your overall network concepts. Also, what is your
> preferred replacement for .NET again? Details on your SDL process would be
> fantastic as well.
>
> You've got a great opportunity to really contribute to the industry by
> providing us with your qualifications and subsequent solutions to these
> problems, so I'm really looking forward to seeing what you have to say on
> the matter beyond "Symantec said we'd have this amount of growth, so I said
> that too, and I was almost right. And since I was almost right, it is
> imperative to drop all Windows products and re-write all of your .NET code
> immediately because AV won't be able to keep up with it."
>
> t
>
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:
> full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of lsi
>
> Sent: Saturday, May 15, 2010 1:07 PM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Windows' future (reprise)
>
> Is that you, Bill?
>
> I think you misunderstand. 9 months ago, I measured the growth rate at
> 243%, using Symantec's stats. 9 months ago I posted that number here,
> together with a prediction of this year's stats. Recently, I got this
> year's stats and compared them with that prediction. I found that this
> prediction was 75.4% accurate. I am now reporting those results back to the
> group. And this is trolling how?
>
> My point is that the prediction was not wildly wrong, and so that leads me
> to wonder if anything else I said, 9 months ago, was also not wildly wrong.
>
> My main reason for claiming that Windows is inherently insecure is because
> it's closed source. However it's also because of the sloppy, monolithic
> spaghetti code that Windows is made of. If you're claiming Windows is in
> fact inherently secure, I assume this means you don't use AV on any of your
> Windows machines, and advise everyone you know to uninstall it?
>
> I never said migration would be free or easy. That is why I am posting
> this data here, because I see it as a vulnerability, a very big
> vulnerability that many companies have not woken up to. The very fact that
> migration is hard, lengthy, and expensive, means that the vulnerability is
> larger than ever.
>
> Stu
>
>
> On 15 May 2010 at 14:40, Thor (Hammer of God) wrote:
>
> From: "Thor (Hammer of God)" <Thor@...merofgod.com>
>
> To: "full-disclosure@...ts.grok.org.uk" <full-
>
> disclosure@...ts.grok.org.uk>
>
> Date sent: Sat, 15 May 2010 14:40:29 +0000
>
> Subject: Re: [Full-disclosure] Windows' future (reprise)
>
> > I am constantly amazed at posts like this where you make yourself sound
> like some sort of statistical genius because you were "able to predict" that
> since last year was %243, that this year would be %243. Wow. Really?
> >
> > And for the record, these claims of 'inherent insecurity' in Windows are
> simply ignorant. If you are still running Windows 95 that's your problem.
> Do a little research before post assertions based on 10 or 20 year old
> issues.
> >
> > This smacks of the classic troll, where you say things like "nothing that
> Microsoft makes is secure and it never will be" and then go on to say how
> easy it is to migrate, and how it's free, with only a one off cost, and how
> to move off of .NET.
> >
> > Obvious "predictions," ignorant assumptions, and a total lack of any true
> understanding of business computing. Yep, "troll."
> >
> > t
> >
> > -----Original Message-----
> > From: full-disclosure-bounces@...ts.grok.org.uk [mailto:
> full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of lsi
> > Sent: Saturday, May 15, 2010 6:12 AM
> > To: full-disclosure@...ts.grok.org.uk
> > Subject: [Full-disclosure] Windows' future (reprise)
> >
> > Hi All!
> >
> > Just a followup from my posting of 9 months ago (which can be found
> > here):
> >
>
> >
> http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg37173.html
>
> >
> > Symantec have released "Internet Security Threat Report: Volume XV:
> > April 2010". My posting from last year was based on the previous
> "Internet Security Threat Report: Volume XIV: April 2009". So I thought it
> would be interesting to check my numbers. The new edition of the Threat
> Report is here:
> >
> > http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202
> >
> > You may recall that last year, the average annual growth rate of new
> threats (as defined by Symantec) was 243%. This enabled me to predict that
> the number of new threats in this year's Symantec Threat Report would be
> 243% of last years; eg. I predicted 9 months ago the number of new threats
> in this year's Symantec Threat Report would be 243% * 1656227, or
> 3840485.87.
> >
> > The actual number of new threats in this year's Symantec Threat Report is
> 2895802, an error on my part of 24.6%.
> >
> > This is quite a chunk, however it is not that far off. My excuses:
> >
> > - my number was based on averages, so it will never be exact. There will
> be a natural variance in the growth rate, caused by many factors.
> >
> > - in the new edition, Symantec have altered the raw data a little - the
> number of new threats for 2009, 2008, 2007 etc is slightly different to
> those same years, as listed in the previous version of the report. I have
> not updated my projection to allow for this.
> >
> > - Symantec note that "The slight decline in the rate of growth should not
> discount the significant number of new signatures created in 2009.
> Signature-based detection is lagging behind the creation of malicious
> threats..." (page 48).
> >
> > Am I retreating from my position? Absolutely not. I am now expecting
> the number of new threats in next years' report to be 7036798.86. This is
> 2895802 * 243%. This includes the error introduced by Symantec's changes to
> the raw data. I don't think it matters much.
> >
> > As this flood of new threats will soon overpower AV companies'
> > ability to catalogue them (by 2015, at 243% growth, there will be
> > 2.739 MILLION new threats PER DAY (over 1900 new threats per minute)),
> and as Symantec admits above that "signature-based detection is lagging",
> and as Microsoft are not likely to produce a secure version of anything
> anytime soon, I am not at all hopeful of a clean resolution to this problem.
> >
> > I continue to advise that users should, where possible, deploy
> alternatives; that they should, if they have not already, create and action
> a migration strategy; and that they should avoid like the plague, any
> software which locks them into a Microsoft platform.
> > Business .NET applications, I'm lookin' at you.
> >
> > Those failing to migrate will discover their hardware runs slower and
> slower, while doing the same job as it did previously. They will need to
> take this productivity hit, OR buy a new computer, which will also
> eventually surcumb to the same increasing slowness. They will need to buy
> new machines more and more frequently. Eventually, they will run out of
> money - or, for the especially deep-pocketed, they will find they cannot
> deploy the new machines fast enough, before they are already too slow to
> use. The only alternative to this treadmill is to dump Windows. The sooner
> it is dumped, the less money is wasted buying new hardware, simply to keep
> up with security- induced slowness.
> >
> > Why spend all that time and money on a series of new Windows machines,
> without fixing the actual problem, which is the inherent insecurity of
> Windows? People can spend the same time and money replacing Windows, and
> then they won't need to worry about the problem any more. The difference is
> that sticking with Windows incurs ongoing and increasing costs, while a
> migration incurs a one- off cost.
> >
> > I don't think it takes a genius to see which approach will cost less.
> >
> > Notes:
> > - see page 10 of the Volume XIV (2009) edition, and page 48 of Volume XV
> (2010) edition, for the relevant stats
> >
> > - since my post of last year, I have also noticed a similar exponential
> curve in the number of threats detected by Spybot Search and Destroy (a
> popular anti-spyware tool). This curve can be seen
> > here:
> >
> > http://www.safer-networking.org/en/updatehistory/index.html
> >
> > - my projection of growth rates up to 2016 (written last year) is
> > here:
> >
> > http://www.cyberdelix.net/files/malware_mutation_projection.pdf
> >
> > Comments welcome..
> >
>
> > Stu
> >
> > ---
> > Stuart Udall
> > stuart at@...erdelix.dot net - http://www.cyberdelix.net/
> >
> > ---
> > * Origin: lsi: revolution through evolution (192:168/0.2)
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ---
> Stuart Udall
> stuart at@...erdelix.dot net - http://www.cyberdelix.net/
>
> ---
> * Origin: lsi: revolution through evolution (192:168/0.2)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> www.grantmanagement.co.uk
>
> www.gmhelp.co.uk
>
> Please consider the environment before printing this email and any
> attachments.
> This message and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. If you are not the intended recipient please disregard and delete
> this message. Please note that any views or opinions presented in this email
> do not necessarily represent those of the company. Whilst this email and any
> attachment(s) have been scanned for the presence of viruses, the company
> accepts no liability for any damage caused by any virus transmitted by this
> email.
>
> Company Registration: SC187301
> 14 Coates Edinburgh EH3 7AF
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists