New York Times writer David Pogue recently wrote an article about the recent rash of computer viruses in which he stated the old maxim that most viruses target windows because it’s the dominant platform. Welcome to the OS Wars, Pogue. In a follow-up column, he notes that he received quite an education on the subject from readers who emailed him in, and notes that he’s learned that Unix-based/Unix-like OSes like OSX and Linux are inherently more virus-proof for several reasons.
And nice to see that he is a big enough man to accept that he was wrong. Maybe if Microsoft could do that then maybe they could then move onto doing something about the problems with Windows. How about every user that is made on the computer is relegated to retricted mode only allowing them to load applications and write access to the home directory, anything that requires interaction with any other part of the system will require the user to input the root password.
This is not rocket science, this is basic computer security that Microsoft has seemed to put to one side for the sake of ease of use, well, apparent, “ease of use” because Apple has been able to produce a reasonably secure operating system without manking the average user account overly restrictive.
I can easily imagine a worm abusing something like the recent SSH-exploit, and many of us remember the bind worm of a few years back. I’m too young to remember it, but I’ve read about the Great Worm that RTM did that almost crashed the net, as well.
Well, considering the patch was applied 2 seconds after everyone read about it, I don’t suspect it would get too far just as none of the other ones ever have..
How about providing a link to the NY Times article which bypasses the NY Times Subscriber Login page? I myself am not a programmer or script writer so I don’t know how to do this, but it is routinely done over at slashdot, for instance, by readers whenever the editor fails to provide a hyperlink which bypasses the Subscriber Login page, for whatever reason.
I didn’t know that was possible. Does anyone have and details about how that’s done?
How you do it this.
1. save this page to your hdd http://www.majcher.com/nytview.html
2. Turn on cookies and referrer logging and privoxy off (if you have it)
3. enter the link given in the local nytview.html
I’m not sure that’s a good idea from a legal standpoint. Better to point to a page that gives instruction on how to bypass the login along with the article – that way you’re not circumventing the access restrictions, but you are instructing viewers how to do so.
Or, like, people can also just subscribe. It’s free and they’ve never ever sent me any junk mail.
How do you turn on referrer logging in IE or Mozilla?
Well, AFAIK the editors at slashdot dont’ do this because the NYTimes asked them not to or threatened them wil legal action. The way its done, AFAIK is that NYT creates an archive page right away that can be accessed, if you know how, but I’ve never looked into it, because subscribing has been easier for me. So its usually the archive page that gets posted in the comments.
This method I have provided bypasses nothing… it just enters the fake info you would otherwise give in a quicker manner.
“How do you turn on referrer logging in IE or Mozilla?”
It should be on by default in those browsers
The page that the guy said to save to your hard drive actually tells you to turn referrer logging OFF, which I don’t know how to do either.
Yes, yes it does. It is incorrect. NYT now checks for one.
[offtopic but i get sick of the nonsens about OpenSSH]
SSH exploit? Which exploit? Show us!
1) You’re probably talking about recent bugs in _OpenSSH_. Mind you there are other SSH implementations then just OpenSSH.
2) There is no public exploit. Don’t talk about like this is remotely exploitable. This is not proven. This is a rumor. Everyone can spread rumors. For now, it’s still FUD.
[/]
Here’s a few words about the article:
http://www.macdailynews.com/comments.php?id=P1804_0_1_0
Found with:
http://news.google.com
I couldn’t find the article. I do know that one can read NYT using this method:
http://www.robertkbrown.com/2003/02/17/partnergoogle.html
Here are examples:
http://216.239.59.104/search?q=cache:GwBgP9xAaX0J:www.mikeshea.net/…
But i couldn’t get it workin’.
…and no “free registration” required.
http://www.sunspot.net/technology/custom/pluggedin/bal-mac082803,0,…
How about every user that is made on the computer is relegated to retricted mode only allowing them to load applications and write access to the home directory
but it is, damn! It’s just that people can’t be arsed typing passwords (even if Windows XP and later offer to save them), and they always create and use administrator accounts. On top of that, Explorer isn’t easy to launch twice as two different users (hint: the easiest way is to use Internet Explorer instead of Explorer), so people who often do file management will just run as administrators
To turn off the refer logging in Mozilla do this. If you’re using versions 1.3 and above you can type about:config at the URL bar then right click on any entry, select new and integer and type this without the quotes:
network.http.sendRefererHeader
You should see 2 in there; change it to 0
Alternatively you can edit the prefs.js file in your profile directory. The entry is: user_pref(“network.http.sendRefererHeader”, 0);
Change the value to 0.
And nice to see that he is a big enough man to accept that he was wrong. Maybe if Microsoft could do that then maybe they could then move onto doing something about the problems with Windows.
Oh quit that, MSFT is one of the fastest companies to switch gears and jump into something full-force. Witness the internet — people think they were slow, but every other large company would have moved at a glacial pace. Everyone’s real problem with Microsoft is they’re too fast and smart.
Security takes time. You’re in the weird position that every security hole you fix, will result in an exploit weeks later.
Right, Microsoft once again had to backpedal because the internet was just a “fad”. Ditch the AOL, witness the real world. lol!
– http://www.tbs.co.jp/bc/gates/gatesE.html
– http://archive.salon.com/21st/books/1999/03/cov_30books.html
“1994 I see little commercial potential for the Internet for at least ten years. (Bill Gates)”
– http://www.sysprog.net/quothist.html
“1994 I see little commercial potential for the Internet for at least ten years. (Bill Gates)”
Who controls over 95% of the web browsers? Just wondering.
Maybe billg isn’t all talk.
“lol!”
I don’t bother registering and just user the login ID
slashuser
witht the password
slashuser
easy enough, no spam..
Nope, not all talk.. He’s more the murdering type.
http://www.techtv.com/news/story/0,24195,2160846,00.html
http://zdnet.com.com/2100-11-512634.html?legacy=zdnn
http://abcnews.go.com/sections/tech/DailyNews/msdoj990125_dp.html
Then again, maybe he’s just a thief..
http://www.vnunet.com/News/1131606
http://www.base.com/software-patents/articles/stac.html
http://www.aspnews.com/news/article/0,,4191_1368971,00.html
LOL
Why does billg control over 95% of web browsers?
Hmm, maybe this will help..
http://www.usdoj.gov/atr/cases/f3800/msjudgex.htm
Have a nice day.
Nope, not all talk.. He’s more the murdering type.
Take a good look at your arguments. This True Believer hyperbole is precisely what makes a fundamentalist. If you can stoke your hatred so much that you call a successful businessperson a “murderer,” then any atrocity you commit is justified.
I’m tired of these fanatics who say stupid things about the computer industry. Shouldn’t they be out bombing the Great Satan or something? I don’t have energy for you anymore.
but it is, damn! It’s just that people can’t be arsed typing passwords (even if Windows XP and later offer to save them), and they always create and use administrator accounts. On top of that, Explorer isn’t easy to launch twice as two different users (hint: the easiest way is to use Internet Explorer instead of Explorer), so people who often do file management will just run as administrators
Install Windows XP and at the “intro” create just one account. That account will have full administration privilages. Compare that to MacOS X where by there is only ONE administrator and you can’t directly log in as it (try going su in shell).
As I said previously, Microsoft puts comvienence ahead of security. If they were interested in security, they wouldn’t have the option to save password or allow the user to create an account with a password shorter than 6 charaters.
Of course I talked about OpenSSH, not some other little dinky toy implementation.
And even though it’s been proven possible to root boxes with this exploit, and even though I could say that “Not everyone reads geek news webpages, and of course everyone will report to have patched their machines in a discussion about the problem – since they’re by definition as discussion-participators aware of the exploit”, I’ll just say that it was an example, nothing more.
I use and love OpenSSH, the GNU tools, Linux, open web servers and so on. And they’re more secure, a hell of a lot more secure – but they’re not bulletproof yet.
He’s still rather clueless. Doesn’t understand the difference between a virus and a worm, for one. Actually, lots of people don’t seem to understand that, which makes discussions on whether Linux is more secure against *viruses* usually entertainingly misguided…
Of course not, when faced with the truth you make up lies about the person telling it then tuck your tail and run away.
And nice to see that he is a big enough man to accept that he was wrong.[i]
Except he probably wasn’t. Certainly, some of the replies he’s gotten back are, at best, misguided.
For example:
[i]“Unix [which underlies Mac OS X] and Linux ARE more secure,” wrote one reader. “They have been developed, open-source style, by people who know exactly what they are doing. Unix and Linux have had at least 10 years of battling hackers to better themselves. This leads to an extremely secure environment.”
NT, of which XP is just the latest release, has also been developed by people who know exactly what they are doing. It has had about 15 years to develop and mature.
When a program tries to install itself in Mac OS X or Linux, a dialog box interrupts your work and asks you permission for that installation — in fact, requires your account password.
Every version of OS X I’ve ever used allowed users (and by extension, anything they run) to “install” applications with neither warning nor prompting.
Not only that, but it would be trivial to have a worm or virus just pop up an authentication box asking for a password anyway – 99% of people would just merrily type in their password without thinking.
Administrator accounts in Windows (and therefore viruses that exploit it) have access to all areas of the operating system. In Mac OS X, even an administrator can’t touch the files that drive the operating system itself. A Mac OS X virus (if there were such a thing) could theoretically wipe out all of your files, but wouldn’t be able to access anyone else’s stuff — and couldn’t touch the operating system itself.
This is simply false. Anything running as root can access any part of a Unix system.
However, I’m willing to bet that whoever wrote this is confusing an OS X “Administrator” account with an XP “Administrator” account.
An admin account under OS X just means the user can su to root or use sudo ro run things as root.
An admin account under XP really is an admin account. XP’s equivalent to OS X’s “admin” account is probably a “power user”.
No Macintosh e-mail program automatically runs scripts that come attached to incoming messages, as Microsoft Outlook does.
Outlook does not automatically run scripts.
From a purely objective perspective, NT’s design is a generation ahead of most Unix variants in terms of security.
Implementation bugs certainly remain, but pretty much every OS suffers from buffer overflows and the like.
Similarly, there are several security-oriented features that could be implemented out-of-the-box on XP systems that aren’t due to its target audience.
The simple fact is – from a technical standpoint – there’s little standing in the way of a virus or worm rampaging through the ranks of technically disinclined Linux and OS X users just like it does on Windows.
How about every user that is made on the computer is relegated to retricted mode only allowing them to load applications and write access to the home directory, anything that requires interaction with any other part of the system will require the user to input the root password.
This is possible and always has been. However, it breaks a great deal of old software many customers still run is written under the assumption it can do anything it pleases. Heck, a great deal of current software is still written with this assumption.
Nope, just have to make sure you embed your worm in the subject line or use a midi embed tag. LOL
HAHAHAHA
Install Windows XP and at the “intro” create just one account
never installed or used Windows XP. My only experience has been with Windows NT 4 and 2000, which create just the initial “Administrator” account and ask the password for it. All the users you create subsequently will be members of the Users group by default
As I said previously, Microsoft puts comvienence ahead of security. If they were interested in security, they wouldn’t have the option to save password
don’t be monorail-minded, KDE and Gnome allow it too
or allow the user to create an account with a password shorter than 6 charaters.
passwords longer than 6 characters on a home computer? are you serious?