BetaNews has learned that Thursday’s leak of the Windows 2000 source code originated not from Microsoft, but from long-time Redmond partner Mainsoft. The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes. Dated July 25, 2000, the source code represents Windows 2000 Service Pack 1.Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company’s MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications. Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin.
The coverage of Microsoft’s woes has shown just how little people really know about computing, argues technology analyst Bill Thompson, and it is starting to worry him.
Microsoft faces its third security problem in a fortnight. Madeleine Acey explains how damaging the leaking of some of the basic Windows source code could be.
I’m waiting on the press release by MS that says that a linux server was hacked because it’s insecure.
now we know this was done on purpose.
I’d like to hear what some independent code auditors think about the quality of Microsoft’s source code. Is it any better than that of open source projects or vice-versa?
I wonder what the Windows source code was doing on a Linux computer in the first place. No self-respecting Windows user uses Linux as a development platform.
Was it their fileserver by any chance? Or some Linux geek in IT using ‘mount -t smbfs’ or cvs to hack their insecure windows servers? I’m curious where the code was supposed to be stored and how it just happened to get leaked by a Linux system.
Linux systems don’t go around leaking source code by themselves you know.
With the “critical” bugs, leaks, inconsistencies, anti-competitive business practices, and on and on and on, how the heck can Microsoft stay in business? If it were any other company customers would have long turned away, they would be shunned by the industry at large, and their income would have wasted away to nothingness.
Geez… Looking back over the last 12 years when I was amazed by what Microsoft had achieved, I wonder how it could be that they’ve had so many failures, security flaws, leaks and lawsuits and not have completely alienated everyone on the planet.
Yes, I know, they have a monopoly on the desktop and that more than anything is probably keeping them in business, but man… It just doesn’t seem possible.
According to the article, (you did read the article, right?) Mainsoft ports Windows programs to Unix and Linux.
That might explain what it was doing on a Linux box.
This right here:
http://news.bbc.co.uk/2/hi/technology/3485583.stm
sounds like a very diplomatic and subtle apology for MS. The article is Pro-MS, but who cares anyway. It’s an apology for their problem, and I don’t think that this is what their customers really expect.
>> ” The source is the set of instructions given to the
>> computer that, when executed, cause the behaviour we see on >> screen ”
Nope, completelly wrong. Instructions given to the computer to execute are machine code. You know, thos 1 and 0’roes. Source code is the way by which human logic gets translated to something that a compiler can interpret. Or to be more specific source code is the way by wich human logic is represented in a mathematical language. But it’s not by any means what the computer directly executes. Reading this lines reminded me of the “Antitrust” movies, where that guy said that “Software is 0 and 1, dead or alive…”
No, it’s not.
And the paragraph directly after the one you (marcm) quote, the author writes:
“These instructions have to be converted from the programming language in which they are written, like C or Java or C++ into a binary equivalent that the computer can understand”
… it means that hackers could now be able to find more vulnerabilities to exploit in Windows software.
Since Microsoft says that proprietary code is far more secure that open source, this should not be a worry. In fact, based on the following assertions:
(a) exposed code is vulnerable (assumption)
(b) linux code has always been exposed (fact)
(c) (until recently) windows code has always been safely locked away (fact)
Therefore we are left with the only conclusion that Linux vulnerabilities must be tremendously more than Windows.
Since the results does not agree with reality, there must be another factor at play here – my guess would be that it has to do with the quality of the code. Linux has been out in the open for a long time and so it has been hardened. Microsoft’s code will be the opposite since the only model for security so far has been secrecy and influencing lawmakers to produce draconian laws to try to prevent anyone from considering trying to bypass the security. This has resulted in Microsoft’s laxness in security that a few hyped media campaigns and a couple of code patches is not going to solve.
easily! lots of people/business *depend* on microsoft products
FEWT’s BACK
Forget about the source, this is real news!
This article gives some info as to “Where.” I’m interested in hearing “How” and “Why.”
Overall, it doesn’t seem like a significant leak. It’s partial, non-compilable code to an outdated operating system.
-Bob
This article gives some info as to “Where.” I’m interested in hearing “How” and “Why.”
Overall, it doesn’t seem like a significant leak. It’s partial, non-compilable code to an outdated operating system.
-Bob
There are literally thousands of people who have access to the windows source code, including universities, foreign governments and big companies. I think this is certainly not the first time somebody with malicious intent gets to see the windows source code. If their core system is so full of buffer overflows that they have to worry, they have a problem anyway.
But I think win2k is quite secure if you do not use IE and Outlook and disable all services you do not need (you would do the same with a linux server).
The interesting thing is that the code came from a Linux machine, which indicates that somehow the Linux machine is hacked. Again and again I see too many Linux security problems.
Linux indeed had massive security problems lately… ptrace, do_brk, do_mremap…
The advantage of closed source is not that it’s better code but that people can’t have a look at the code to find exploits. I believe AIX, HP-UX oder Solaris have the same or a higher amount of exploitable bugs but they aren’t found or they are fixed by the company before.
Ironically, Linux has the same problem Microsoft has with Outlook and IE: The more popular the product becomes and is used, the higher is the chance it will be exploited.
I think a Linux box can be setup pretty secure (as can be a windows box), but you have to stay up-to-date, use stuff like grsec and check periodically for rootkits. Same for Microsoft. I don’t think Windows is more insecure than Linux in its basic setup (not after reading bugtraq for a long time now). I use it because imho the kernel is better and Microsoft has become too powerful and dominant.
With both windows and Linux, bad security practices by the admins and having badly configured machines cause these kinds of issues.
In its most secure state a linux machine CAN be more secured then a windows machine, but that takes work. and windows machines likewise CAN be locked down pretty hard. but the thing IS, most admins do not do this stuff. and THAT is the cause of most breakins NOT the OS,
This really tweaks me when ppl say this OS that or this. Mine is more secure or what ever.
i use the best tool for the job period. I have Linux and windows Servers. each doing things they are good at. and each locked down. and very up to date.
sheesh.
-Nex6
>> Quote from article: What next – shock reports that Bill Gates has been secretly writing Linux programs?
Hahah, that would rock so much!
First of all RedHat is _a_ Linux distribution, not “Linux” or “the Linux”. All other theories about cracks and wether it was a Linux computer which got cracked are still unproven. Thus, it’s speculation. On this site ofcourse, it is quite obvious that Linux is blamed with all these anti-FLOSS zealots here.
The NIMDA possibility is totally left aside. If you look at the file list of the zip you’ll notice several *.eml files which are totally unrelated (“letter to children”) to the source. These are traces of NIMDA. What do these do in this source?
That said, this article adds nothing new which can’t be read back in the /. post or the previous OSnews post. Ofcourse it “traces back to Microsoft”… somehow.
“ptrace”
BSD was vulnerable because of a bug of similair nature.
And FreeBSD’s kernel has had just as much or even more local vulnerable bugs.
“do_brk, do_mremap”
True. do_brk was identified as a bug, but wasn’t believed exploitable.
All 3 are local exploitable. Which is unfortunate. And i agree, this isn’t good at all. But at least BSD, and as you say other OSes too, have the same problem.
They, as normal, were however at least fixed when they were noticed (except do_brak, different story. When found out it was exploitable it was fixed too). You cannot say that about these bugs in Microsoft Windows NT based products:
http://www.eeye.com/html/Research/Upcoming/
And MSIE. Seriously, leave your preference aside. Do you find it normal a known bug is kept unfixed for _156 DAYS_?!?
This is my first and last post in this thread. I hope that leads to brilliant argumented posts which sweep all my arguments away!
my company are partners in the Shared Source initiative with microsoft and I have looked at the code, not all of it mind you because that would take weeks if not months. As I cannot give specific details, so dont e-mail and ask, I think from what I have checked that Windows source code is much more refined then open Source Linux. One thing i attribute to this is the closed source nature of Windows. Somebody I talked to who worked with microsoft but now works for Sun told me he thinks the Source code to Windows is sloppy, I dont agree with his opinions but hey, its a free country and we are entitled to our Opinions. Im writing a paper on the differences between closed source development and Open Source development. i will have it ready next week but looking at a release in two weeks I will be getting permission from legal before i release it to make sure we dont violate any contracts. I will give Eugenia the URL for the paper so others can read it. but i dont think she will want to post the paper as its more for my corporate use than a blatant Open Source versus Closed Source and someone wins scenario.
There has been a rumor in this industry that Bill does contribute to certain Open Source projects under an alias, not nessecarily Linux. I dont know how true it is but i just found it interesting that it surfaces again here.
Actually, even some Microsoft people use Linux
Apparently, they really don’t care what tools you use on Microsoft’s campus.
> The interesting thing is that the code came from a Linux machine, which indicates that somehow the Linux machine is hacked. Again and again I see too many Linux security problems.
Several possibilities here:
1 – Hacker broke the firewall.
2 – Linux machine open to internet as server (not protected).
3 – Someone physically removed the code form the Linux box.
The linux box won’t just hack “itself” like a windows box will.
There had to be some mistake on the part of the administrators.
In the past 3 months at work we’ve had serveral windows machines end up having spyware on them and have had 3 viruses hit. One that destroyed any and all “.exe” files it could find. Thankfully all of our data lives on Linux file servers (but sadly windows boxen have many of those mapped).
You know it costs assloads of time to continually have some IT monkey have to go around and update the machines one by one.
And wasn’t it mentioned that the place was hacked for more than just a few days? More than a few weeks even ?
This code was released intentionally for one reason and one reason only.
The SCO case is winding down. Novell has blown what tiny sliver of a case SCO had out of the water. It is no secret that Microsoft was funding the SCO case, not against IBM, but against Linux. Remember, the Longhorn release is a couple of years off. In the meantime, new Windows vulnerabilities are being discovered every other day, forcing more maintenance costs & lost production in businesses. At the same time this is occurring, governments around the world are ditching Windows wholesale, due to both cost and these very same security/maintenance issues.
Now that Novell has shot SCO’s case out of the sky, Microsoft needs some way to continue to cast FUD and aspersions on Linux, until Longhorn is finally released, but only because they think it is possible for them to inhibit the growth of Linux.
Predictions:
6 – 12 months from now, Microsoft will be going after either OSS projects, or individual OSS developers, claiming theft or infringement of these very files that were “leaked” this week. Expect lawsuits for ridiculous amounts of money, just as with SCO. Microsoft’s claims of IP infringement will be far more believable on the surface. They will find algorithms perfectly identical, in the leaked Windows code and the OSS code which they will claim to be infringing, only because there are a limited number of ways to implement any given algorithm.
OSS developers in the US will either stop developing OSS, under threat of bankrupting legal fees or flee the country, in order to develop in peace. The US government will lend a helping hand to Microsoft in this, and most likely offer FBI assistants to hunt down the “pirates” or “terrorists” of Microsoft’s precious IP.
The linux box won’t just hack “itself” like a windows box will.
Wow, what a serious answer from somebody who claims that windows boxes will hack itself. This is what I am talking about. I didn’t see anybody serious enough to really show me that Linux has no security problems. I have seen so many people whose Linux boxes being hacked. One said he couldn’t upgrade the machine fast enough, but he used the default configuration. Another two cases, the machines were upto date according to the debian distribution.
So some people do hack Linux boxes, the reports also indicate that. We don’t see Windows boxes getting hacked where the person can run any code there. I have never seen such a case.
It takes a skill to get a windows box hacked. You have to close the update feature on windows boxes, cause we all know that all of those known worms had its cure, so it is the administarator, not windows. On the other hand, increasingly we see hacks on linux boxes, where nobody knows exactly what happens. We see people claiming that linux is more secure, windows boxes hack themselves, or that a windows box will explode unexpectedly, but we don’t see serious people who say linux is more secure than windows. My experience also proves that. As I said, I have personally seen lots of linux boxes getting hacked. I work both with windows and linux, none of the windows machines we use is getting hacked.
So you smart monkey suggest us that people shouldn’t go around and update the machines one by one. I wonder what do you recommend for linux boxes. Oh, I see, so now you are claiming that linux boxes upgrade themselves magically? Your answer itself is a proof that linux is definitely less secure. You just do not even make sense, and who knows maybe you made up the virus and worm stories about your windows boxes, which is quite likely given the answers you gave us.
I thought I read that the code originated from a windows server because there were traces of dump messages pointing back to the originating “Winmain” server which was cause by this guy using a linux box to hack the server from within the company.
Am I right or did I just skim too fast over the article?
“Your answer itself is a proof that linux is definitely less secure.”
Really? How is it proof then? I don’t see you pointing that out, except for what you state experience which is an argument not many people will buy from you.
“Really? How is it proof then? I don’t see you pointing that out, except for what you state experience which is an argument not many people will buy from you.”
….must….not………….
>
> _________________
> /| /| | |
> ||__|| | Please do not |
> / O O\__ | feed the Troll |
> / |_________________|
> / ||
> / _ ||
> / |\____ ||
> / | | | |\____/ ||
> / |_|_|/ | _||
> / / |______| ||
> / | | | –|
> | | | |______ –|
> * _ | |_|_|_| | –/
> *– _– _ | ||
> / _ \ | / ||
> * / \_ /- | | |
> * ___ o_o_o_O/ O_o_o_o____________
If you don’t investigate, how can I help you. If you are serious on IT issues, just install linux and then count the number of upgrades that you have to make because of security. Not the usual upgrades, the ones that you have to make because of security. Well you have to see that, it is in number of tens or hundrends, depending on your distribution version of course. But definitely it is whole lot more than windows patches.
and more security fixes more often for less severe threats are bad compared to less fixes less often for greater risk flaws in what way again?
I would like to point few things here
1. People hack windows because they get a challenge out of it. Think about the fun in writing a worm to affect 3% of PCs vs 95% of PCs. So the argument that windows has more viruses is lame. People try to write more viruses for windows
2. Linux must have many security holes too, many of which are seen by people and because they get a recognition by fixing them, they tend to fix it instead of writing a worm/virus to exploit it. This doesn’t mean that Linux is more secure, because there exist many exploits and a serious hacker for sure will keep them secret and due to access to source code, if fixing these flaws is easy, so is finding new ones due to open source nature.
3. Window source code theft is going to help Microsoft in long term because in most cases it will act as a free code review, If they agree that they won’t sue people who are studying stolen source code. (I think they should let people report the bugs back).
4. We should really not spread the misconception that linux is more secure and windows is not, because i am sure both have security holes which can be exploited by serious hacker, eg. redhat linux distro was compromised by a hacker in less than 45 mins.
5. The only mistake that Microsoft with windows NT series was to not make it as easy as in linux to login as a normal user and not a root/admin. But other than that, NT has a good architecture and its ACLs are more fine grained and give much better control for security.
6. I hope Longhorn makes it as convenient as Linux to run in normal user mode (known as Limited User in windows).
/* 4. We should really not spread the misconception that linux is more secure and windows is not, because i am sure both have security holes which can be exploited by serious hacker, eg. redhat linux distro was compromised by a hacker in less than 45 mins. */
This is not true becose linux is much more modulable than your ACL! For example if i need a secure server:
1) i can simply patch kernel to disable not needed features (i do this for example preventing the ptrace() local root exploit on a server, _before_ the hole get know).
2) if you don’t know C, simply go at http://www.grsecurity.net; a patch like this has been included in Fedora Core 1
3) userland apps that run as root should be carefully selected! redhat as done bad things in the past but this is a redhat problem, not a linux problem! (redhat != linux)
bye
So disablling the services in Windows that you don’t want to run isn’t the samething as turning off the modules in the kernel for linux?
If you know how to run your system the right way you can make any Windows system secure, same goes for any OS.
It seems that lots of you like to rant on about viruses and worms, which less face it don’t take advantage of any bug/hole in the OS, all they do is take advantage of user stupidity. Because MS makes it easy for users to view content in e-mails as it does in OE, you get viruses and worms that spread easy. IF the user doesn’t open the attachment and run it then they will not get infected, if all people did was delete the stupid stuff they get in their inbox we wouldn’t have these virus outbrakes. But because MS makes it easy for the common person who doesn’t know much about PC’s and how they work to actually use them and get their jobs done, we have viruses that spred.
If you take these same people and put them behind the desk of a normal out of the box linux distro which they have no idea how to secure, it would get hacked just the same. In the end it all comes down to the user and how he/she takes care of their system.
“People try to write more viruses for windows”
Of course, because it is so easy. Microsoft is the only company that designs an operating system such that an email can take over a system remotely. You don’t see this in the *nix world.
“Linux must have many security holes too”,
The majority of which are minor, as in local exploits, not huge gaping security holes that allow remote control of the machine, like Microsoft security holes do.
“they tend to fix it instead of writing a worm/virus to exploit it.”
Of course, they are patched quickly, instead of the 156 day long waits you see with Microsoft products.
“This doesn’t mean that Linux is more secure”
Oh but it does, as we don’t have to wait for one vendor to issue a patch. Anyone can submit a patch and usually someone does very quickly.
“…in most cases it will act as a free code review, If they agree that they won’t sue people who are studying stolen source code.”
They won’t.
“We should really not spread the misconception that linux is more secure and windows is not, because i am sure both have security holes which can be exploited by serious hacker”
No one here is spreading this “alleged” misconception, as you put it. Read any of the security sites to see the truth. There is no such thing as a “computer virus.” They are all Microsoft viruses, with the majority of those being Outlook Express viruses, which makes Outlook Express another huge security hole, which Microsoft has yet to address, after all of these years.
“redhat linux distro was compromised by a hacker in less than 45 mins”
So find a vendor other than Redhat. In OSS you have that choice. With Microsoft, you don’t.
“The only mistake that Microsoft with windows NT series was to not make it as easy as in linux to login as a normal user and not a root/admin. ”
This is so wrong as to be totally laughable. Microsoft still has no clue how to design a true multi-user system. Install ACT on a Windows 2000 or Windows XP box and then try to access the database as a regular user. You can’t. You MUST log on as Admin in order to use the program. And ACT is only one such program.
“But other than that, NT has a good architecture and its ACLs are more fine grained and give much better control for security. ”
Yet, Gartner is recommending businesses avoid the latest version of it like the plague. Gee, I wonder why, given that Gartner has traditionally been on Microsoft’s side.
“I hope Longhorn makes it as convenient as Linux to run in normal user mode (known as Limited User in windows).”
Microsoft is not able to do this. There is too much software available for Windows that pays no attention whatsoever to mutli-user systems, and must be run as root/admin. Add to this the fact that 98 was supposed to be the best and safest, followed by ME, followed by 2000, followed by XP followed by Melissa, I Love You, Nimda, & Blaster,etc.
To answer your concern my anonymous
An OS is secure as long as you know how to make it secure. Till date not even one virus has stuck my Windows XP box. I use it for all the things including downloading stuff from kazaa because i know how to keep it secure.
Same goes with Linux, i have a redhat 9.0 also and i know how to disable services in it. But we are talking about an average user, who has no idea how to make a system secure, he doesn’t apply patches, doesn’t enable firewall and i can bet he is as prone to getting hacked on Linux as on Windows.
About patching, not everyone can recompile kernel and patch it, its only for computer professional and they mostly won’t need it, because they already know how to keep their system secure.
Now let me remind you that there was a time when *nix was banged left n right with tons of bugs in sendmail and yeah don’t forget the wu-ftpd bug 2 years back which plagued all the linux installations.
Every distro mature with time and i have seen Microsoft coming a long way on that. XP is one of the best and most stable OS. Damn in KDE made my linux hung twice in 1 year where as i never had a single OS hang in XP.
And as i read more, i feel pretty confident with Longhorn Microsoft is going to take care of the security problems.
As for Linux, i already Love linux for what it is i.e. as a server, keep it running in the back, don’t look at it
and i equally love XP for being the best desktop OS as of now.
1. An os is never more secure then the admin of it makes it.
2. The OS that is the best, is the one that fits your purpose with the machine best, and what you feel at home with. It has nothing to do with who made it.
3. No OS is bulletproof, if it got a networkconnection it can be broken one way or another.
>There is no reason that code received via email should be allowed to write to any and every file on the system, whether the system has anti-virus or not.
Agreed. That should never happen: “A remote
attacker could send a carefully crafted mail message that can cause email client to segfault and possibly execute arbitrary code as the victim.” But it does: https://rhn.redhat.com/errata/RHSA-2004-051.html
You guess right: it is not Microsoft Errata.:)
>Oh, do you mean in the days before postfix? Is anybody using sendmail these days?
Yes, they do: but that’s not the point. The point is: a prominent OpenSource project takes months and years to fix critical bugs.
Another point you just made by telling that bright people stay away from Sendmail: in some cases it is easier to abandon OpenSource project (Sendmail) and use something else than fix its bugs.
Wow! How they say: with OpenSource friends like these who needs enemies?
>Again, with OSS you can pick your poison or pick your cure, since you are not locked into one vendor.
And what you are going to do if critical bug is inside the Linux kernel used by all Linux isnstallations? Like that one, that sat in Linux kernel for years to be finally fixed in 2004: https://rhn.redhat.com/errata/RHSA-2003-417.html
>Presently, the estimates for MyDoom, which runs on your oh so stable Windows XP, are expected to reach $4billion…
MyDoom is an excellent example of a future Linux worm. It does not use any OS vulnerability, it can run and spread itself when started under non-priviledged user. All it needs is to trick user to execute a code.
>I have never had KDE hang, so what?
It means that yours and other geeks’ (in good meaning of that word) experience in respect to Linux is irrelevant. You can make Linux not crash on you, and another IT professinal can make Windows not crash on him or not to get infected.
What is unknown: how Linux will behave in hands on unexperienced user. It is completely independent from how it behaves in hands of experienced one.
To claim that Linux will magically be as secure in mass usage as today in limited geek domain is very irresponsible.
Of course, because it is so easy. Microsoft is the only company that designs an operating system such that an email can take over a system remotely. You don’t see this in the *nix world.
This by itself proves how stupid these linux zealots are. Truly amazing. Email programs is not part of the operating system. You port the outlook to linux, you have the same exact problem. I use pine everyday, I don’t have any viruses, but I am definitely not as productive as many other windows users, because they use Outlook. I would love to use outlook, the only reason I don’t use it is that at work we use linux machines, and I get used to pine. On unix we don’t have programs like outlook, because nobody was able to write one. It may be also because on unix we have too much idiots thinking that email programs are part of the operating system. You can’t expect such people to write complicated programs like outlook, can you?
“A remote attacker could send a carefully crafted mail message that can cause email client to segfault and possibly execute arbitrary code as the victim.” But it does: https://rhn.redhat.com/errata/RHSA-2004-051.html“
This is only one hole in only ONE particular email program, from ONE specific Linux vendor, and is most certainly not the default email program used in typical Linux installations, and most especially not used for typical desktop installations. Comparing this ONE security hole, from ONE vendor, which is not the default email client, to the THOUSANDS of holes in Outlook Express is disingenious, to say the least.
“Yes, they do: but that’s not the point. The point is: a prominent OpenSource project takes months and years to fix critical bugs. ”
This is the point completely. OSS has answered the problems of sendmail, with newer, more secure apps like postfix. Ditch sendmail & install postfix, or some other mail server and the problem is solved. There is no need to wait.
“nother point you just made by telling that bright people stay away from Sendmail: in some cases it is easier to abandon OpenSource project (Sendmail) and use something else than fix its bugs. ”
If you abandon sendmail for postfix, you are hardly abandoning open source. Besides, Windows users have abandoned Outlook Express in favor of Eudora & Mozilla Mail. I fail to see how this is any different.
“And what you are going to do if critical bug is inside the Linux kernel used by all Linux isnstallations? Like that one, that sat in Linux kernel for years to be finally fixed in 2004 https://rhn.redhat.com/errata/RHSA-2003-417.html
You issue patches and fix this LOCALLY expolitable hole and you don’t wait 200 days (http://news.com.com/2100-1002_3-5158625.html?tag=nefd_top) to patch it, like some other vendors have been known to do. By the way, do you have a link that states this LOCALLY exploitable hole in the Linux kernel existed for years?
“MyDoom is an excellent example of a future Linux worm. It does not use any OS vulnerability, it can run and spread itself when started under non-priviledged user. All it needs is to trick user to execute a code. ”
If such a thing ever existed and were executed, it could not write to the entire system, but only to that user’s home directory. Of course, this assumes that the virus has been compiled against whatever versions of whichever libraries that user may have installed on the system as well, which is not likely.
“To claim that Linux will magically be as secure in mass usage as today in limited geek domain is very irresponsible.”
To claim that Windows is as secure, or more secure than Linux, is to deny all evidence of reality. Even Gartner (http://www.osnews.com/comment.php?news_id=6008) agrees with that.
“Email programs is not part of the operating system.”
Who said it was?
“You port the outlook to linux, you have the same exact problem.”
No, you wouldn’t. Linux systems do not allow code recieved in an email to automatically execute. Nor can code executed by a user write to any file on the system, since the operating system doesn’t allow it.
“I would love to use outlook, the only reason I don’t use it is that at work we use linux machines”
Try Evolution (http://www.ximian.com/products/evolution/). The interface is just like Outlook, but it does not automatically execute code received via email.
“On unix we don’t have programs like outlook, because nobody was able to write one.”
Perhaps you haven’t heard of Ximian?
“It may be also because on unix we have too much idiots thinking that email programs are part of the operating system. You can’t expect such people to write complicated programs like outlook, can you?”
This has already been accomplished, for what, 2 or 3 years now?
“6 – 12 months from now, Microsoft will be going after either OSS projects, or individual OSS developers, claiming theft or infringement of these very files that were “leaked” this week. Expect lawsuits for ridiculous amounts of money, just as with SCO. Microsoft’s claims of IP infringement will be far more believable on the surface. They will find algorithms perfectly identical, in the leaked Windows code and the OSS code which they will claim to be infringing, only because there are a limited number of ways to implement any given algorithm.”
IANAL, but what is the significance of this? In such a case, wouldn’t the burden of proof lie on the shoulders of the plaintiff? Could Microsoft prove that Linux stole the ideas for these files? I’m sure that there are a million algorithms that are similar, or exactly the same between the two operating systems, but that’s because they happen to be the optimal. AND, if Microsoft were to patent some of these algorithms, they already would have filed a suit trying to bar further distribution of Linux.
“On unix we don’t have programs like outlook, because nobody was able to write one.”
Perhaps you haven’t heard of Ximian?
This is just so embarassing. Ximian might very well be a nice product… but if the word cloning means anything this must be it. The only difference I can think of is that MS beat them with like 5 years to make a product like this.
One more thing which many people forget is that Outlook is also extremely powerful for powerusers and has many features most other apps simply don’t.
I’ve allways been loyal to Netscape Mail –> Mozilla mail and one day I got forced to use outlook. Once you start digging inside it you find a flora of features that NONE of the equivalents come even close of, (including Ximian afaik).
“Email programs is not part of the operating system.”
Who said it was?
You. “Of course, because it is so easy. Microsoft is the only company that designs an operating system such that an email can take over a system remotely.”
Not to mention there is not such design.
No, you wouldn’t. Linux systems do not allow code recieved in an email to automatically execute.
Neither does Outlook. In any event, it’s dependant on the email application, not the OS.
Nor can code executed by a user write to any file on the system, since the operating system doesn’t allow it.
Sure it does, if the email program is running as root – just like the email application has to be running as a privileged user on Windows to do the same thing.
If such a thing ever existed and were executed, it could not write to the entire system, but only to that user’s home directory.
Why are you under the completely idiotic impression that a worm needs root privileges to cause damage ?
Of course, this assumes that the virus has been compiled against whatever versions of whichever libraries that user may have installed on the system as well, which is not likely.
Despite the disinterest amongst the Linux community of decent, binary backwards compatibility, a basic statically-compiled linux binary will run on a helluva lot of different distros.
Give it a rest guys.
ALL OSs have bugs and insecurities.
I’ve been an application programmer for 20 years… COBOL, C, VB, Fortran, Pascal, shells, batches blah, blah, blah on MVS, DOS, Windows, Unix, Linux, CPM blah, blah, blah. You can’t create a multi-million line OS without some holes in it. You do the best you can the first time through then fix the rest as the holes are uncovered. Nobody releases crap on purpose.
And yeah… 200 days to fix a bug seems riduculus. But this bug affected the entire NT product line right? They had to fix EVERY line in all versions and patches before they could let the cat out of the bag lest they fix one version just to have attacks on the other not-yet-fixed versions. I don’t know why it took so long, but I didn’t hear of a single exploit until they had released all of the required patches. So their plan ultimately worked.
So create your own completely-tight, open-source, supports-everything OS and call it Anonymux.
Its really easy to point fingers, and play “My OS is better than your OS”, but how many OS patches have you written? In fact how many full-blown Linux products comparable to IE have you written? MS has created fantastic tools for creating applications in Windows. I’m still waiting for such diversity in *nix.
Windows rules because Billy and his buddies had the gonads and brains to create the monopoly in the first place. Like it or not they are true leaders in the PC industry. Everyone else is playing catch up. Where would we be without MS? I was doing COBOL on IBM mainframes and Z80-based PCs – yeck! Could any other company have opened the world of PC-based computing like Billy et-al? It still hasn’t happened has it? 20 years later. Either Windows has earned its place or nothing else is good enough to unseat it. Despite big money behind their efforts.
Is it surprising that more Windows holes are discovered? Of course not! Windows is running on 90% of the PCs worldwide. It is HUGE and it supports a HUGE number of peripherals. How much hardware do you have that doesn’t work with *nix?
Windows was written for the masses – not for the kinds of people reading this. We’re the geeks. We can install/setup/update OSs like Unix and Linux. Not normal people. When was the last time you performed support? OMG – normal people don’t know the difference between applications or OSs. They can’t even tell what a command line is much less use one. And you talking about re-linking the kernel?
So you end up with 95% of the world’s hackers targetting MS products. Why? Because MS does provide class-based software with feature-rich SDKs so people like us can create new and powerful applications – for the masses. What if the tables were turned and the hackers all targetted *nix? Of course they’d find holes. Does that mean Linux is bad and Linus is evil? They won’t find as many holes since Linux IS smaller and less diverse than Windows. Plus they wouldn’t have all the neat tools that Windows developers enjoy.
Work with what you have and be glad for what you have. I’ll continue writing applications for *nix using scripts, C and COBOL and for Windows in VB, Office with VBA and COBOL (that’s right – COBOL for Windows). You can code your applications with whatever tools you want for whatever platform they support. But I have a sneaky suspicion that its WINDOWS.
I find that Linux supporters flame far more often than Windows’. That doesn’t mean they’re right – just louder. I figure that’s because the Windows developers are a more happy bunch. They can just sit back and enjoy their productivity in their “evil” MS environment while the *nix developers spend too much time complaining and spitting into the wind.
I almost forgot.
Let’s not forget the criminals writing these worms and such. THEY ARE THE REAL PROBLEM !!!! The same people that spend hours bashing MS for what criminals are doing with Windows wouldn’t dream of bashing General Motors the next time someone uses a Chevy to run over their neighbor. We should spend more time going after the perpetrators of these crimes rather than blaming the victims. (Yes – MS is the victim here.) If you know of someone who’s been authoring malicious code – turn them in !
Just how many gazillions of development dollars have been wasted defending ourselves from these idiots? How many of our dollars have we spent to protect our own machines?
I say find them and THROW THEM IN JAIL. Just ask Michael Metnick (sp?). It’s not noble or informative to unleash a virus or worm on the world just to prove a point. If they were really interested in fixing the OS they’d send the exploit to MS and let them fix it.