<Quote>
Don't use Microsoft Windows when accessing your bank account
online....I have interviewed dozens of victim companies that lost
anywhere from $10,000 to $500,000 dollars because of a single malware
infection. I have heard stories worthy of a screenplay about the
myriad ways cyber crooks are evading nearly every security obstacle
the banks put in their way.

But regardless of the methods used by the bank or the crooks, all of
the attacks shared a single, undeniable common denominator: They
succeeded because the bad guys were able to plant malicious software
that gave them complete control over the victim's Windows computer....

David Johnston, owner of Modesto, Calif. based Sign Designs, lost
nearly $100,000 on July 23 due to Windows-based malware. Johnston's
bank requires customers to enter the code from a Vasco security token.
But the thieves - armed with malware on the company controller's PC -
were able to intercept one of those codes when the controller tried to
log in, and then delay the controller from logging in. Indeed,
Johnston said the company's computer logs show that the controller
logged into the system while the series of thefts was already in
progress.

Thieves used the same approach to steal $447,000 from Ferma Corp., a
demolition firm in Santa Maria, Calif. whose bank also required
customers to enter a code from a security token....

In direct response to this series reported and published by Security
Fix, the SANS Technology Institute, a security research and education
organization, challenged its students with creating a white paper to
determine the most effective methods for small and mid-sized
businesses to mitigate the threat from these types of attacks. Their
conclusion? While there are multiple layers that of protection that
businesses and banks could put in place, the cheapest and most
foolproof solution is to use a read-only, bootable operating system,
such as Knoppix, or Ubuntu.

Also known as "Live CDs," these are generally free, Linux-based
operating systems that one can download and burn to a CD-Rom. The
beauty of Live CD distributions is that they can be used to turn a
Windows-based PC temporarily into a Linux computer, as Live CDs allow
the user to boot into a Linux operating system without installing
anything to the hard drive. Programs on a LiveCD are loaded into
system memory, and any changes - such as browsing history or other
activity -- are compeltely wiped away after the machine is shut down.
To return to Windows, simply remove the Live CD from the drive and
reboot.

More importantly, malware that is built to steal data from Windows-
based systems won't load or work when the user is booting from LiveCD.
Put simply: even if the Windows installation on the underlying hard
drive is completely corrupted with a keystroke-logging virus or
Trojan, that malware can't capture the victim's banking credentials if
that user only transmits his or her credentials after booting up into
one of these Live CDs.

The Arc of Steuben, a Bath N.Y.-based not-for-profit that provides
care for developmentally disabled adults, has taken this advice to
heart. In September, I wrote about how thieves had used malware to
steal nearly $200,000 from the organization. Since then, the
organization has restricted access to its online bank account to a
Linux system on its network, according to an Oct. 1 report in the
local Star Gazette.

"I would strongly recommend looking at whatever systems you're using
if you're doing electronic banking," the Gazette quotes Bernie Burns,
the Arc's executive director. "And if it is a Microsoft system,
perhaps looking at something different."

Of course, a Mac computer would probably work just as well, but the
focus here is on Windows users who may be looking for a cheap way to
harden their existing setup to avoid malicious software.

If you've never used a Live CD and are interested in learning how, or
if you just want to take a Linux operating system for a test drive,
check out my tutorial on this topic here.
</Quote>

http://krebsonsecurity.com/2010/11/your-money-or-your-business/#more-6242

nessuno wrote:

> <Quote>
> Don't use Microsoft Windows when accessing your bank account
> online....I have interviewed dozens of victim companies that lost
> anywhere from $10,000 to $500,000 dollars because of a single malware
> infection. I have heard stories worthy of a screenplay about the
> myriad ways cyber crooks are evading nearly every security obstacle
> the banks put in their way.
> 
> But regardless of the methods used by the bank or the crooks, all of
> the attacks shared a single, undeniable common denominator: They
> succeeded because the bad guys were able to plant malicious software
> that gave them complete control over the victim's Windows computer....
> 
> David Johnston, owner of Modesto, Calif. based Sign Designs, lost
> nearly $100,000 on July 23 due to Windows-based malware. Johnston's
> bank requires customers to enter the code from a Vasco security token.
> But the thieves - armed with malware on the company controller's PC -
> were able to intercept one of those codes when the controller tried to
> log in, and then delay the controller from logging in. Indeed,
> Johnston said the company's computer logs show that the controller
> logged into the system while the series of thefts was already in
> progress.
> 
> Thieves used the same approach to steal $447,000 from Ferma Corp., a
> demolition firm in Santa Maria, Calif. whose bank also required
> customers to enter a code from a security token....
> 
> In direct response to this series reported and published by Security
> Fix, the SANS Technology Institute, a security research and education
> organization, challenged its students with creating a white paper to
> determine the most effective methods for small and mid-sized
> businesses to mitigate the threat from these types of attacks. Their
> conclusion? While there are multiple layers that of protection that
> businesses and banks could put in place, the cheapest and most
> foolproof solution is to use a read-only, bootable operating system,
> such as Knoppix, or Ubuntu.
> 
> Also known as "Live CDs," these are generally free, Linux-based
> operating systems that one can download and burn to a CD-Rom. The
> beauty of Live CD distributions is that they can be used to turn a
> Windows-based PC temporarily into a Linux computer, as Live CDs allow
> the user to boot into a Linux operating system without installing
> anything to the hard drive. Programs on a LiveCD are loaded into
> system memory, and any changes - such as browsing history or other
> activity -- are compeltely wiped away after the machine is shut down.
> To return to Windows, simply remove the Live CD from the drive and
> reboot.
> 
> More importantly, malware that is built to steal data from Windows-
> based systems won't load or work when the user is booting from LiveCD.
> Put simply: even if the Windows installation on the underlying hard
> drive is completely corrupted with a keystroke-logging virus or
> Trojan, that malware can't capture the victim's banking credentials if
> that user only transmits his or her credentials after booting up into
> one of these Live CDs.
> 
> The Arc of Steuben, a Bath N.Y.-based not-for-profit that provides
> care for developmentally disabled adults, has taken this advice to
> heart. In September, I wrote about how thieves had used malware to
> steal nearly $200,000 from the organization. Since then, the
> organization has restricted access to its online bank account to a
> Linux system on its network, according to an Oct. 1 report in the
> local Star Gazette.
> 
> "I would strongly recommend looking at whatever systems you're using
> if you're doing electronic banking," the Gazette quotes Bernie Burns,
> the Arc's executive director. "And if it is a Microsoft system,
> perhaps looking at something different."
> 
> Of course, a Mac computer would probably work just as well, but the
> focus here is on Windows users who may be looking for a cheap way to
> harden their existing setup to avoid malicious software.
> 
> If you've never used a Live CD and are interested in learning how, or
> if you just want to take a Linux operating system for a test drive,
> check out my tutorial on this topic here.
> </Quote>
> 
> http://krebsonsecurity.com/2010/11/your-money-or-your-business/#more-6242

Yep - very good advice.

It is also perhaps worth mentioning the upcoming Chrome OS in the same 
context.
If you'll forgive me for repeating myself, here is what I wrote in cola 
earlier today wrt Chrome OS:-

============================================

I could well be wrong in this, and if so please shout, but I am under the 
impression that the idea is:-

- An OS (linux) and a browser (Chrome!), and very little more on the device.

- That OS and browser in effect "burned in".

- At switch-on, a check against the Google repository.
   Any conflict => an upgrade.

- Thus, the entire of your "local" S/W is about as secure as your BIOS is 
now - probably more so, since there is no other S/W available to tinker 
with 
it.

As for the S/W that you can use (Word Processor etc.) this is all web-based 
apps - thought not of necessity Google Apps?

I certainly go along with your "not for geeks" sentiment, but I can't help 
thinking that the consumer could find the whole concept very compelling.
So many people now seem to use a browser most of the time they are on the 
computer, and use web-based e-mail.
I can't help wondering even if the banks at some point in the future might 
start to insist that such a device be used for Internet banking 
transactions!

I'm a bit lost as to how you scan or print, etc.  
Presumably one can read/store files locally?
That apart, it might just fly (imo) !

"nessuno" <nessuno7491@gmail.com> wrote in message 
news:95499b41-f084-4f16-b8db-d4239846e2ae@a37g2000yqi.googlegroups.com...

because it sucks.

bbgruff <bbgruff@yahoo.co.uk> writes:

> nessuno wrote:
>
>> <Quote>
>> Don't use Microsoft Windows when accessing your bank account
>> online....I have interviewed dozens of victim companies that lost
>> anywhere from $10,000 to $500,000 dollars because of a single malware
>> infection. I have heard stories worthy of a screenplay about the
>> myriad ways cyber crooks are evading nearly every security obstacle
>> the banks put in their way.
>> 
>> But regardless of the methods used by the bank or the crooks, all of
>> the attacks shared a single, undeniable common denominator: They
>> succeeded because the bad guys were able to plant malicious software
>> that gave them complete control over the victim's Windows computer....
>> 
>> David Johnston, owner of Modesto, Calif. based Sign Designs, lost
>> nearly $100,000 on July 23 due to Windows-based malware. Johnston's
>> bank requires customers to enter the code from a Vasco security token.
>> But the thieves - armed with malware on the company controller's PC -
>> were able to intercept one of those codes when the controller tried to
>> log in, and then delay the controller from logging in. Indeed,
>> Johnston said the company's computer logs show that the controller
>> logged into the system while the series of thefts was already in
>> progress.
>> 
>> Thieves used the same approach to steal $447,000 from Ferma Corp., a
>> demolition firm in Santa Maria, Calif. whose bank also required
>> customers to enter a code from a security token....
>> 
>> In direct response to this series reported and published by Security
>> Fix, the SANS Technology Institute, a security research and education
>> organization, challenged its students with creating a white paper to
>> determine the most effective methods for small and mid-sized
>> businesses to mitigate the threat from these types of attacks. Their
>> conclusion? While there are multiple layers that of protection that
>> businesses and banks could put in place, the cheapest and most
>> foolproof solution is to use a read-only, bootable operating system,
>> such as Knoppix, or Ubuntu.
>> 
>> Also known as "Live CDs," these are generally free, Linux-based
>> operating systems that one can download and burn to a CD-Rom. The
>> beauty of Live CD distributions is that they can be used to turn a
>> Windows-based PC temporarily into a Linux computer, as Live CDs allow
>> the user to boot into a Linux operating system without installing
>> anything to the hard drive. Programs on a LiveCD are loaded into
>> system memory, and any changes - such as browsing history or other
>> activity -- are compeltely wiped away after the machine is shut down.
>> To return to Windows, simply remove the Live CD from the drive and
>> reboot.
>> 
>> More importantly, malware that is built to steal data from Windows-
>> based systems won't load or work when the user is booting from LiveCD.
>> Put simply: even if the Windows installation on the underlying hard
>> drive is completely corrupted with a keystroke-logging virus or
>> Trojan, that malware can't capture the victim's banking credentials if
>> that user only transmits his or her credentials after booting up into
>> one of these Live CDs.
>> 
>> The Arc of Steuben, a Bath N.Y.-based not-for-profit that provides
>> care for developmentally disabled adults, has taken this advice to
>> heart. In September, I wrote about how thieves had used malware to
>> steal nearly $200,000 from the organization. Since then, the
>> organization has restricted access to its online bank account to a
>> Linux system on its network, according to an Oct. 1 report in the
>> local Star Gazette.
>> 
>> "I would strongly recommend looking at whatever systems you're using
>> if you're doing electronic banking," the Gazette quotes Bernie Burns,
>> the Arc's executive director. "And if it is a Microsoft system,
>> perhaps looking at something different."
>> 
>> Of course, a Mac computer would probably work just as well, but the
>> focus here is on Windows users who may be looking for a cheap way to
>> harden their existing setup to avoid malicious software.
>> 
>> If you've never used a Live CD and are interested in learning how, or
>> if you just want to take a Linux operating system for a test drive,
>> check out my tutorial on this topic here.
>> </Quote>
>> 
>> http://krebsonsecurity.com/2010/11/your-money-or-your-business/#more-6242
>
> Yep - very good advice.
>
> It is also perhaps worth mentioning the upcoming Chrome OS in the same 
> context.
> If you'll forgive me for repeating myself, here is what I wrote in cola 
> earlier today wrt Chrome OS:-
>
> ============================================
>
> I could well be wrong in this, and if so please shout, but I am under the 
> impression that the idea is:-
>
> - An OS (linux) and a browser (Chrome!), and very little more on the device.
>
> - That OS and browser in effect "burned in".

You are of course totally wrong.

They are developing their own Windowing system which acts as the
desktop.

On Nov 4, 1:16=A0am, nessuno <nessuno7...@gmail.com> wrote:

> Of course, a Mac computer would probably work just as well, but the
> focus here is on Windows users who may be looking for a cheap way to
> harden their existing setup to avoid malicious software.
>

Right.  And a Windows computer with the latest antivirus software
would work just as well.

Move along...nothing to see here.

RL

On Nov 4, 2:34=A0pm, RayLopez99 <raylope...@gmail.com> wrote:
> On Nov 4, 1:16=A0am, nessuno <nessuno7...@gmail.com> wrote:
>
> > Of course, a Mac computer would probably work just as well, but the
> > focus here is on Windows users who may be looking for a cheap way to
> > harden their existing setup to avoid malicious software.
>
> Right. =A0And a Windows computer with the latest antivirus software
> would work just as well.
>
Assuming that the anti virus software picks up the virus, trojan etc.

As the OP implied anyone who does internet banking on a Windows
machine is nuts.

On Nov 4, 3:43=A0am, peterwn <pmiln...@gmail.com> wrote:
> On Nov 4, 2:34=A0pm, RayLopez99 <raylope...@gmail.com> wrote:> On Nov 4, =
1:16=A0am, nessuno <nessuno7...@gmail.com> wrote:
>
> > > Of course, a Mac computer would probably work just as well, but the
> > > focus here is on Windows users who may be looking for a cheap way to
> > > harden their existing setup to avoid malicious software.
>
> > Right. =A0And a Windows computer with the latest antivirus software
> > would work just as well.
>
> Assuming that the anti virus software picks up the virus, trojan etc.
>
> As the OP implied anyone who does internet banking on a Windows
> machine is nuts.

Assuming?  But they do Peter.

The only thing that fails Windows AV s/w are so-called "Zero Day"
attacks--when the virus is still new and the AV company has not sent
out an update.  But even this attack fails to newer AV companies like
Norton that send out updates every 10 minutes as opposed to once a
day.

If you don't believe me, ask the people in the AV forum.

RL

RayLopez99 wrote:

> On Nov 4, 3:43 am, peterwn <pmiln...@gmail.com> wrote:
>> On Nov 4, 2:34 pm, RayLopez99 <raylope...@gmail.com> wrote:> On Nov 4, 1:16
>> am, nessuno <nessuno7...@gmail.com> wrote:
>>
>> > > Of course, a Mac computer would probably work just as well, but the
>> > > focus here is on Windows users who may be looking for a cheap way to
>> > > harden their existing setup to avoid malicious software.
>>
>> > Right.  And a Windows computer with the latest antivirus software
>> > would work just as well.
>>
>> Assuming that the anti virus software picks up the virus, trojan etc.
>>
>> As the OP implied anyone who does internet banking on a Windows
>> machine is nuts.
> 
> Assuming?  But they do Peter.

No. They find part of the viruses
 
> The only thing that fails Windows AV s/w are so-called "Zero Day"
> attacks--when the virus is still new and the AV company has not sent
> out an update.  

When taking into account how many windows machines get infected that does not 
work all too well, it seems
In fact, it is working utterly shitty

> But even this attack fails to newer AV companies like
> Norton that send out updates every 10 minutes as opposed to once a
> day.

Now *thats* some "real work" the machine has to do here then

> If you don't believe me, ask the people in the AV forum.
> 

Who are equally clueless as you are?
-- 
Support bacteria -- it's the only culture some people have!

RayLopez99 wrote:
> nessuno wrote:
>> Of course, a Mac computer would probably work just as well, but the
>> focus here is on Windows users who may be looking for a cheap way to
>> harden their existing setup to avoid malicious software.
> 
> Right.  And a Windows computer with the latest antivirus software
> would work just as well.

You cay write whatever nonsense you want, but a fully updated Windows 
machine with a installed and fully updated AV is not immune to malware. Not 
even close!

Regards.

Lusotec <nomail@nomail.not> writes:

> RayLopez99 wrote:
>> nessuno wrote:
>>> Of course, a Mac computer would probably work just as well, but the
>>> focus here is on Windows users who may be looking for a cheap way to
>>> harden their existing setup to avoid malicious software.
>> 
>> Right.  And a Windows computer with the latest antivirus software
>> would work just as well.
>
> You cay write whatever nonsense you want, but a fully updated Windows 
> machine with a installed and fully updated AV is not immune to malware. Not 
> even close!
>
> Regards.

Neither is Linux. Not even close. 

Linux is safer because it is inherently safer. That combined with lack
of interest from the "hacker community" due to a tiny moron % on the
desktop.

Possibly some of you Windows users here, like Chris or Kohlkopf, could
comment on how Windows 7 is shaping up with firewall on and a free AV
installed?

On 04/11/2010 09:48, RayLopez99 wrote:
> On Nov 4, 3:43 am, peterwn<pmiln...@gmail.com>  wrote:
>> On Nov 4, 2:34 pm, RayLopez99<raylope...@gmail.com>  wrote:>  On Nov 4, 1:16 am, nessuno<nessuno7...@gmail.com>  wrote:
>>
>>>> Of course, a Mac computer would probably work just as well, but the
>>>> focus here is on Windows users who may be looking for a cheap way to
>>>> harden their existing setup to avoid malicious software.
>>
>>> Right.  And a Windows computer with the latest antivirus software
>>> would work just as well.
>>
>> Assuming that the anti virus software picks up the virus, trojan etc.
>>
>> As the OP implied anyone who does internet banking on a Windows
>> machine is nuts.
>
> Assuming?  But they do Peter.

Dumbass.

Review after review after review of security suites paid and otherwise 
subjected to known malware and I'm still to see any security suite with 
a 100% capture rate. Soon as I do, that suite will get some serious 
business from me.


> The only thing that fails Windows AV s/w are so-called "Zero Day"
> attacks--when the virus is still new and the AV company has not sent
> out an update.  But even this attack fails to newer AV companies like
> Norton that send out updates every 10 minutes as opposed to once a
> day.
>
> If you don't believe me, ask the people in the AV forum.
>
> RL

"Phil Da Lick!" <phil_the_lick@REMOVETHISSPAMTRAP.hotmail.com> writes:

> On 04/11/2010 09:48, RayLopez99 wrote:
>> On Nov 4, 3:43 am, peterwn<pmiln...@gmail.com>  wrote:
>>> On Nov 4, 2:34 pm, RayLopez99<raylope...@gmail.com>  wrote:>  On Nov 4, 1:16 am, nessuno<nessuno7...@gmail.com>  wrote:
>>>
>>>>> Of course, a Mac computer would probably work just as well, but the
>>>>> focus here is on Windows users who may be looking for a cheap way to
>>>>> harden their existing setup to avoid malicious software.
>>>
>>>> Right.  And a Windows computer with the latest antivirus software
>>>> would work just as well.
>>>
>>> Assuming that the anti virus software picks up the virus, trojan etc.
>>>
>>> As the OP implied anyone who does internet banking on a Windows
>>> machine is nuts.
>>
>> Assuming?  But they do Peter.
>
> Dumbass.
>
> Review after review after review of security suites paid and otherwise 
> subjected to known malware and I'm still to see any security suite with 
> a 100% capture rate. Soon as I do, that suite will get some serious 
> business from me.

Really? Why? What Windows security systems are you currently paying for?

On 04/11/2010 13:18, Hadron wrote:
> "Phil Da Lick!"<phil_the_lick@REMOVETHISSPAMTRAP.hotmail.com>  writes:
>
>> On 04/11/2010 09:48, RayLopez99 wrote:
>>> On Nov 4, 3:43 am, peterwn<pmiln...@gmail.com>   wrote:
>>>> On Nov 4, 2:34 pm, RayLopez99<raylope...@gmail.com>   wrote:>   On Nov 4, 1:16 am, nessuno<nessuno7...@gmail.com>   wrote:
>>>>
>>>>>> Of course, a Mac computer would probably work just as well, but the
>>>>>> focus here is on Windows users who may be looking for a cheap way to
>>>>>> harden their existing setup to avoid malicious software.
>>>>
>>>>> Right.  And a Windows computer with the latest antivirus software
>>>>> would work just as well.
>>>>
>>>> Assuming that the anti virus software picks up the virus, trojan etc.
>>>>
>>>> As the OP implied anyone who does internet banking on a Windows
>>>> machine is nuts.
>>>
>>> Assuming?  But they do Peter.
>>
>> Dumbass.
>>
>> Review after review after review of security suites paid and otherwise
>> subjected to known malware and I'm still to see any security suite with
>> a 100% capture rate. Soon as I do, that suite will get some serious
>> business from me.
>
> Really? Why? What Windows security systems are you currently paying for?

What has that got to do with it? I use one of the better ones but 97-98% 
is less than 100% last time I checked.

"Peter K�hlmann" <peter-koehlmann@t-online.de> schreef in bericht 
news:iau529$rs0$00$5@news.t-online.com...
> RayLopez99 wrote:
>
>> On Nov 4, 3:43 am, peterwn <pmiln...@gmail.com> wrote:
>>> On Nov 4, 2:34 pm, RayLopez99 <raylope...@gmail.com> wrote:> On Nov 4, 
>>> 1:16
>>> am, nessuno <nessuno7...@gmail.com> wrote:
>>>
>>> > > Of course, a Mac computer would probably work just as well, but the
>>> > > focus here is on Windows users who may be looking for a cheap way to
>>> > > harden their existing setup to avoid malicious software.
>>>
>>> > Right.  And a Windows computer with the latest antivirus software
>>> > would work just as well.
>>>
>>> Assuming that the anti virus software picks up the virus, trojan etc.
>>>
>>> As the OP implied anyone who does internet banking on a Windows
>>> machine is nuts.
>>
>> Assuming?  But they do Peter.
>
> No. They find part of the viruses
>
>> The only thing that fails Windows AV s/w are so-called "Zero Day"
>> attacks--when the virus is still new and the AV company has not sent
>> out an update.
>
> When taking into account how many windows machines get infected that does 
> not
> work all too well, it seems
> In fact, it is working utterly shitty
>
What the fuck are you on about?, you dense twat.
Great insight for the Kohltard troll who said:
"I program Windows systems yes. But I am not a Windows user." Peter 
K�hlmann, COLA.
http://groups.google.com/group/comp.os.linux.advocacy/msg/aa52a85a3acc798a?dmode=source
So you were lying?, Kohlkopf, or just parroting other trolls to rant 
Windows. 

"Hadron" <hadronquark@gmail.com> schreef in bericht 
news:iau7ua$cg0$1@news.eternal-september.org...
> Lusotec <nomail@nomail.not> writes:
>
>> RayLopez99 wrote:
>>> nessuno wrote:
>>>> Of course, a Mac computer would probably work just as well, but the
>>>> focus here is on Windows users who may be looking for a cheap way to
>>>> harden their existing setup to avoid malicious software.
>>>
>>> Right.  And a Windows computer with the latest antivirus software
>>> would work just as well.
>>
>> You cay write whatever nonsense you want, but a fully updated Windows
>> machine with a installed and fully updated AV is not immune to malware. 
>> Not
>> even close!
>>
>> Regards.
>
> Neither is Linux. Not even close.
>
> Linux is safer because it is inherently safer. That combined with lack
> of interest from the "hacker community" due to a tiny moron % on the
> desktop.

As Unix guru Andy Tanenbaum wrote:
[q]

"most attackers think hitting Windows offers a bigger bang for the buck so 
Windows simply gets attacked more."

[/q]
http://lists.virus.org/securecoding-0405/msg00035.html

Unlike the Linux loons, who post in COLA, he's more honest about this 
matter.

>
> Possibly some of you Windows users here, like Chris or Kohlkopf, could
> comment on how Windows 7 is shaping up with firewall on and a free AV
> installed?

Chris or Kohlkopf, bwahahaha, are not the sharpest knifes in the drawer, 
maybe a tiny bit smarter than Dumb Willy, Terry Telnet and ("turd")chrisv 
:-?
Windows 7 is the most secure Windows OS today, offering:
Multiple Active Firewall Policies,
Built upon the proven security technologies in Windows Vista.
DirectAccess,
BranchCache,
BitLocker To Go,
AppLocker,
AV from Microsoft Security Essentials
With every OS update a new version of the Microsoft malicious software 
removal tool. 

Phil Da Lick! wrote:
>I'm still to see any security suite with a 100% capture rate
>
It's a logical impossibility.
M$ and the anti-whatever guys are always playing catch-up.

M$ doesn't bother to close all the holes in the first place
(for the polar opposite,
compare to OpenBSD and Theo and his fanaticism)
and M$ often doesn't doesn't patch them AFTER they are revealed
(even when M$ does bother to patch, there's an incredible lag)
and the anti-whatever guys are always in reactive mode.
Windoze is a no-win situation.

OTOH, when you use an OS with *n?x file permissions,
your files are downloaded with the executable bits set to OFF.
YOU have to chmod those to get those executables to run.
So, while you might download a *trojan*[1],
there is no such thing as a drive-by virus in *n?x.
..
..
[1] If you download stupid crap, then change the permissions,
then execute it, the onus is on YOU.
"Stupid is as stupid does."

If you're just a little bit stupid, only your /home gets damaged.
OTOH, if you're MASSIVELY stupid, the OS gets damaged.
Linux is NOT a cure-all for stupidity
--just **much** better than M$'s crap.

"JeffM" <jeffm_@email.com> wrote in message 
news:44cae010-4402-40cb-a647-73c27f7f7aff@h21g2000vbh.googlegroups.com...
> Phil Da Lick! wrote:
>
> OTOH, when you use an OS with *n?x file permissions,
> your files are downloaded with the executable bits set to OFF.
> YOU have to chmod those to get those executables to run.
> So, while you might download a *trojan*[1],
> there is no such thing as a drive-by virus in *n?x.

Nonsense - just like your little EULA rant.

Fact is that a virus/trojan/malware/etc that exploits a "remote code 
execution" vulnerability in *nix  can do this.

If the exploit is sophisticated enough that it can execute arbitrary code 
remotely, then it surely will be able to perform a "chmod" on the file that 
it wrote. So *YOU* do not have to chmod anything - the application being 
exploited remotely will do this on its own.

Ezekiel wrote:
>If the exploit is sophisticated enough
>that it can execute arbitrary code remotely
>
So, then, YOU go handing out your root password like it was candy?

"JeffM" <jeffm_@email.com> wrote in message 
news:a0dafe00-dd70-4388-b720-be16dc8f50a2@w21g2000vby.googlegroups.com...
> Ezekiel wrote:
>>If the exploit is sophisticated enough
>>that it can execute arbitrary code remotely
>>
> So, then, YOU go handing out your root password like it was candy?

Huh???? What does a root password have to do with anything?  Or are you 
simply trying to move the goal posts to the next county?

You don't need to be 'root' in order to chmod a file.

Clogwog pulled this Usenet face plant:

> "Hadron" <hadronquark@gmail.com> schreef in bericht 
> news:iau7ua$cg0$1@news.eternal-september.org...
>> Lusotec <nomail@nomail.not> writes:
>>
>>> You cay write whatever nonsense you want, but a fully updated Windows
>>> machine with a installed and fully updated AV is not immune to malware. 
>>> Not even close!
>>>
>>> Regards.
>>
>> Neither is Linux. Not even close.
>>
>> Linux is safer because it is inherently safer. That combined with lack
>> of interest from the "hacker community" due to a tiny moron % on the
>> desktop.
>
>> Possibly some of you Windows users here, like Chris or Kohlkopf, could
>> comment on how Windows 7 is shaping up with firewall on and a free AV
>> installed?

Beats me.  I haven't booted to Win 7 in a month.  I hardly use it at all.

> Windows 7 is the most secure Windows OS today, offering:
> Multiple Active Firewall Policies,
> Built upon the proven security technologies in Windows Vista.
> DirectAccess,
> BranchCache,
> BitLocker To Go,
> AppLocker,
> AV from Microsoft Security Essentials
> With every OS update a new version of the Microsoft malicious software 
> removal tool. 

Well no wonder Windows 7 is so safe!  All that bloatware slows it down so
much it cannot execute viruses and trojans!   :-D

-- 
"And, you know, I mustn't preach to you, but surely it wouldn't be right for
you to take away people's pleasure of studying your attire, by just going
and making yourself like everybody else.  You feel that, don't you?"  said
he, earnestly.
		-- William Morris, "Notes from Nowhere"

On Nov 5, 6:39=A0am, JeffM <jef...@email.com> wrote:
>
> If you're just a little bit stupid, only your /home gets damaged.
> OTOH, if you're MASSIVELY stupid, the OS gets damaged.
> Linux is NOT a cure-all for stupidity
> --just **much** better than M$'s crap.
Which is why I have a userid that I use only for internet banking. So
if my regular userid gets infected for any reason the infection does
not affect internet banking unless the infection can get 'root'. This
is in practice very difficult if not almost impossible unless you use
a feckless password for root,

"Chris Ahlstrom" <ahlstromc@xzoozy.com> schreef in bericht 
news:iav2ph$qmb$1@news.eternal-september.org...
> Clogwog pulled this Usenet face plant:
>
>> "Hadron" <hadronquark@gmail.com> schreef in bericht
>> news:iau7ua$cg0$1@news.eternal-september.org...
>>> Lusotec <nomail@nomail.not> writes:
>>>
>>>> You cay write whatever nonsense you want, but a fully updated Windows
>>>> machine with a installed and fully updated AV is not immune to malware.
>>>> Not even close!
>>>>
>>>> Regards.
>>>
>>> Neither is Linux. Not even close.
>>>
>>> Linux is safer because it is inherently safer. That combined with lack
>>> of interest from the "hacker community" due to a tiny moron % on the
>>> desktop.
>>
>>> Possibly some of you Windows users here, like Chris or Kohlkopf, could
>>> comment on how Windows 7 is shaping up with firewall on and a free AV
>>> installed?
>
> Beats me.  I haven't booted to Win 7 in a month.  I hardly use it at all.
>
>> Windows 7 is the most secure Windows OS today, offering:
>> Multiple Active Firewall Policies,
>> Built upon the proven security technologies in Windows Vista.
>> DirectAccess,
>> BranchCache,
>> BitLocker To Go,
>> AppLocker,
>> AV from Microsoft Security Essentials
>> With every OS update a new version of the Microsoft malicious software
>> removal tool.
>
> Well no wonder Windows 7 is so safe!  All that bloatware slows it down so
> much it cannot execute viruses and trojans!   :-D
>
Thanks for sharing and proving my point :-p
Not the sharpest knifes in the drawer, now are you? 

On 2010-11-04, the following emerged from the brain of Ezekiel:
>
>>>If the exploit is sophisticated enough
>>>that it can execute arbitrary code remotely
>>>
>> So, then, YOU go handing out your root password like it was candy?
>
> Huh???? What does a root password have to do with anything?  Or are you 
> simply trying to move the goal posts to the next county?
>
> You don't need to be 'root' in order to chmod a file.

But obviously you need write access to a file to chmod it.

-- 
In the beginning there was nothing. God said, 'Let there be light!' And 
there was light. There was still nothing, but you could see it a whole 
lot better.
	~ Ellen DeGeneres

Clogwog pulled this Usenet face plant:

> "Chris Ahlstrom" <ahlstromc@xzoozy.com> schreef in bericht 
>
>> Well no wonder Windows 7 is so safe!  All that bloatware slows it down so
>> much it cannot execute viruses and trojans!   :-D
>>
> Thanks for sharing and proving my point :-p
> Not the sharpest knifes in the drawer, now are you? 

No.  I understand the joke!  (And I know the plural of "knife".)

Say!  That reminds me!

   http://www.businessweek.com/microsoft/updates/up81105b.htm

   "Knife the Baby": A key allegation in Justice's antitrust case against
   Microsoft is that the software giant used illegal tactics to force Apple
   Computer Inc. to abandon its QuickTime software that plays sound and
   video files on the Internet.

   . . .

   According to Tevanian, Apple executive Peter Hoddie asked Microsoft
   officials, "'Are you asking us to kill playback? Are you asking us to
   knife the baby?'" He said Microsoft official Christopher Phillips
   responded, "'Yes, we want you to knife the baby.' It was very clear." 

-- 
Matrimony is the root of all evil.

On Thu, 04 Nov 2010 22:05:25 +0100,  TomB wrote:

> On 2010-11-04, the following emerged from the brain of Ezekiel:
>>
>>>>If the exploit is sophisticated enough that it can execute arbitrary
>>>>code remotely
>>>>
>>> So, then, YOU go handing out your root password like it was candy?
>>
>> Huh???? What does a root password have to do with anything?  Or are you
>> simply trying to move the goal posts to the next county?
>>
>> You don't need to be 'root' in order to chmod a file.
> 
> But obviously you need write access to a file to chmod it.

Uh, no - just write access to its directory.

touch ~/blah
chmod 444 ~/blah
chmod 655 ~/blah

and of course you still need root to do that in any of the system 
directories.

TomB pulled this Usenet face plant:

> On 2010-11-04, the following emerged from the brain of Ezekiel:
>>
>>>>If the exploit is sophisticated enough
>>>>that it can execute arbitrary code remotely
>>>>
>>> So, then, YOU go handing out your root password like it was candy?
>>
>> Huh???? What does a root password have to do with anything?  Or are you 
>> simply trying to move the goal posts to the next county?
>>
>> You don't need to be 'root' in order to chmod a file.
>
> But obviously you need write access to a file to chmod it.

I'm finding Zeke to be an incredible spin-doctor at this point.

-- 
Anything is possible on paper.
		-- Ron McAfee

"TomB" <tommy.bongaerts@gmail.com> wrote in message 
news:20101104220330.223@usenet.drumscum.be...
> On 2010-11-04, the following emerged from the brain of Ezekiel:
>>
>>>>If the exploit is sophisticated enough
>>>>that it can execute arbitrary code remotely
>>>>
>>> So, then, YOU go handing out your root password like it was candy?
>>
>> Huh???? What does a root password have to do with anything?  Or are you
>> simply trying to move the goal posts to the next county?
>>
>> You don't need to be 'root' in order to chmod a file.
>
> But obviously you need write access to a file to chmod it.

Yes, obviously. Which once again has absolutely zero to do with "handing out 
root passwords like candy."

The simple scenario is as follows -

Some app has a 'remote arbitrary code execution' vulnerability.
This app writes out a file somewhere in /home/<user>
Same app/malware does a chmod to set the execute bit.
App then adds an entry to the appropriate file to start each time you (the 
user) logs in.

Nowhere does it need the 'root' password.
Nowhere does it require *me* the user to chmod anything.

"Chris Ahlstrom" <ahlstromc@xzoozy.com> wrote in message 
news:iav8ol$o9p$2@news.eternal-september.org...
> TomB pulled this Usenet face plant:
>
>> On 2010-11-04, the following emerged from the brain of Ezekiel:
>>>
>>>>>If the exploit is sophisticated enough
>>>>>that it can execute arbitrary code remotely
>>>>>
>>>> So, then, YOU go handing out your root password like it was candy?
>>>
>>> Huh???? What does a root password have to do with anything?  Or are you
>>> simply trying to move the goal posts to the next county?
>>>
>>> You don't need to be 'root' in order to chmod a file.
>>
>> But obviously you need write access to a file to chmod it.
>
> I'm finding Zeke to be an incredible spin-doctor at this point.

Seeing how you insert senseless little one-liners and absolutely zero 
substance - you probably don't want to know I think of you lately.

On 2010-11-04, the following emerged from the brain of Ezekiel:
>
> "TomB" <tommy.bongaerts@gmail.com> wrote in message 
> news:20101104220330.223@usenet.drumscum.be...
>> On 2010-11-04, the following emerged from the brain of Ezekiel:
>>>
>>>>>If the exploit is sophisticated enough
>>>>>that it can execute arbitrary code remotely
>>>>>
>>>> So, then, YOU go handing out your root password like it was candy?
>>>
>>> Huh???? What does a root password have to do with anything?  Or are you
>>> simply trying to move the goal posts to the next county?
>>>
>>> You don't need to be 'root' in order to chmod a file.
>>
>> But obviously you need write access to a file to chmod it.
>
> Yes, obviously. Which once again has absolutely zero to do with "handing out 
> root passwords like candy."
>
> The simple scenario is as follows -
>
> Some app has a 'remote arbitrary code execution' vulnerability.
> This app writes out a file somewhere in /home/<user>
> Same app/malware does a chmod to set the execute bit.
> App then adds an entry to the appropriate file to start each time you (the 
> user) logs in.
>
> Nowhere does it need the 'root' password.
> Nowhere does it require *me* the user to chmod anything.

Ah, so that was the context. Perfectly feasible indeed.

-- 
If we could perpetually do blowjobs to every guy on earth, we would
own the world. And at the same time have our hands free.
	~ Samantha

On 2010-11-04, the following emerged from the brain of Bjørn Steensrud:
> On Thu, 04 Nov 2010 22:05:25 +0100,  TomB wrote:
>
>> On 2010-11-04, the following emerged from the brain of Ezekiel:
>>>
>>>>>If the exploit is sophisticated enough that it can execute arbitrary
>>>>>code remotely
>>>>>
>>>> So, then, YOU go handing out your root password like it was candy?
>>>
>>> Huh???? What does a root password have to do with anything?  Or are you
>>> simply trying to move the goal posts to the next county?
>>>
>>> You don't need to be 'root' in order to chmod a file.
>> 
>> But obviously you need write access to a file to chmod it.
>
> Uh, no - just write access to its directory.
>
> touch ~/blah
> chmod 444 ~/blah
> chmod 655 ~/blah

Actually you just have to own the file.

-- 
Opera is where a guy gets stabbed in the back, and instead of dying,
he sings.
	~ Robert Benchley

Verily I say unto thee, that Chris Ahlstrom spake thusly:
> Clogwog pulled this Usenet face plant:
>> 
>> Windows 7 is the most secure Windows OS today, offering:
>> Multiple Active Firewall Policies,
>> Built upon the proven security technologies in Windows Vista.
>> DirectAccess,
>> BranchCache,
>> BitLocker To Go,
>> AppLocker,
>> AV from Microsoft Security Essentials
>> With every OS update a new version of the Microsoft malicious
>> software removal tool. 

[quote]
CommandoBob
Windows 7
Alienware x86

Hi everyone, i was noticing that my PC was slow, so i run an scan with
Microsoft Security Essentials. It detected no threats. So i opened
msconfig and go to the startup tab. And saw 2 entries for:
%WINDIR%\system32\Winbooterr\svchost.exe

So i googled winbooterr and people said it was an virus.
Microsoft Security Essentials seem to didnt detect anything, while its
up-to-date

I installed Malware Anti-Bytes after that, and ran an quick-scan. It
detected 12 threats instead of 0 on Security Essentials.

All threats are removed, restarted my computer, ran msconfig utility,
still 2 entries for Winbooterr!

I heard this virus can eat up your resources, so how can i remove this
virus?

Thanks.

....

Jacee

You have a "backdoor Trojan" ...
These Trojans are one of the worst infections there are, and they allow
the hacker total access to the infected machine, so much access in fact,
that they have as much control of the machine as if they were sitting in
front of it.

What this Trojan does:

# Turns off anti-virus applications
# Allows others to access the computer
# Steals information
# Downloads code from the internet
# Reduces system security
# Records keystrokes

I've emphasized several issues that, depending on how you use this
system, may put a system owner at risk for identity theft.  The question
to ask yourself is: What sort of personal identifying and/or financial
information is on this system?

Frankly, a system that has been compromised by this sort of infection
cannot be trusted, simply because the tools available to us cannot
guarantee it will have been totally cleaned. The only way to be sure is
to completely reformat and rebuild the system.  I'm sorry to be the
'bearer of bad news', but it is important that you be as fully informed
about the risks as possible.
[/quote]

http://www.sevenforums.com/system-security/104563-infection-winbooterr-svchost-exe.html

That sure is some impressive "proven security technologies".

> Well no wonder Windows 7 is so safe!  All that bloatware slows it down so
> much it cannot execute viruses and trojans!   :-D

But with a list of buzzwords like the above, how can it possibly fail?

-- 
K.                           | [ubuntu]
http://slated.org            | 
Fedora 8 (Werewolf) on sky   | 1. Ancient African word meaning
kernel 2.6.31.5, up 21 days  |    'I can't configure Debian'

On Thu, 04 Nov 2010 23:57:50 +0100, TomB wrote:

> On 2010-11-04, the following emerged from the brain of Bjørn Steensrud:
>> On Thu, 04 Nov 2010 22:05:25 +0100,  TomB wrote:
>
>> Uh, no - just write access to its directory.
>>
>> touch ~/blah
>> chmod 444 ~/blah
>> chmod 655 ~/blah
> 
> Actually you just have to own the file.

No, you must have write access to the directory. Try it.

Verily I say unto thee, that TomB spake thusly:
> On 2010-11-04, the following emerged from the brain of Ezekiel:

>> App then adds an entry to the appropriate file to start each time you
>> (the user) logs in.

Adds an "entry" to what?

The only thing that starts every time I log in, is Bash.

> Ah, so that was the context. Perfectly feasible indeed.

And highly dependent on a large number of variable conditions.

-- 
K.                           | [ubuntu]
http://slated.org            | 
Fedora 8 (Werewolf) on sky   | 1. Ancient African word meaning
kernel 2.6.31.5, up 21 days  |    'I can't configure Debian'

On 2010-11-04, the following emerged from the brain of Hardon:
> On Thu, 04 Nov 2010 23:57:50 +0100, TomB wrote:
>
>> On 2010-11-04, the following emerged from the brain of Bjørn Steensrud:
>>> On Thu, 04 Nov 2010 22:05:25 +0100,  TomB wrote:
>>
>>> Uh, no - just write access to its directory.
>>>
>>> touch ~/blah
>>> chmod 444 ~/blah
>>> chmod 655 ~/blah
>> 
>> Actually you just have to own the file.
>
> No, you must have write access to the directory. Try it.

No Hadron, just access (ie. 0100 or just the user x-bit set) to the
directory is enough. /You/ try it.

-- 
Middle age is having a choice between two temptations and choosing the
one that'll get you home earlier.
	~ Dan Bennett

Chris Ahlstrom wrote:

> Clogwog pulled this Usenet face plant:
>
>> "Hadron" <hadronquark@gmail.com> schreef in bericht 
>> news:iau7ua$cg0$1@news.eternal-september.org...
>>> Lusotec <nomail@nomail.not> writes:
>>>
>>>> You cay write whatever nonsense you want, but a fully updated Windows
>>>> machine with a installed and fully updated AV is not immune to malware. 
>>>> Not even close!
>>>>
>>>> Regards.
>>>
>>> Neither is Linux. Not even close.
>>>
>>> Linux is safer because it is inherently safer. That combined with lack
>>> of interest from the "hacker community" due to a tiny moron % on the
>>> desktop.
>>
>>> Possibly some of you Windows users here, like Chris or Kohlkopf, could
>>> comment on how Windows 7 is shaping up with firewall on and a free AV
>>> installed?
>
> Beats me.  I haven't booted to Win 7 in a month.  I hardly use it at all.

Heh. The troll trots out the old "lack of interest from the
"hacker community" due to a tiny moron % on the desktop." too.
(Surprise, surprise). A variation of the "If Linux was as popular as
Windows.." argument which has been demolished many times.
As in here:
http://www.securityfocus.com/columnists/188

And the " tiny moron % on the desktop", which belies the fact that *if*
that were so, why are all the wintrolls making such a song & dance about
it? Why would they, & M$, even bother with something so insignifiacnt?
http://broadcast.oreilly.com/2010/09/debunking-the-1-myth.html

>> Windows 7 is the most secure Windows OS today, offering:
>> Multiple Active Firewall Policies,
>> Built upon the proven security technologies in Windows Vista.
>> DirectAccess,
>> BranchCache,
>> BitLocker To Go,
>> AppLocker,
>> AV from Microsoft Security Essentials
>> With every OS update a new version of the Microsoft malicious software 
>> removal tool. 
>
> Well no wonder Windows 7 is so safe!  All that bloatware slows it down so
> much it cannot execute viruses and trojans!   :-D

And don't forget they have to regularly defrag it! 
http://windows.about.com/od/maintainandfix/ss/SBSdefragWin7.htm

-- 
Cpio - A Star Wars Movie archiving droid.
FreeBSD 8.1 64-bit; Kubuntu 10.04 64-bit
Kubuntu 10.10 64-bit; Scientificlinux 5.5 64-bit

Verily I say unto thee, that Hardon spake thusly:
> On Thu, 04 Nov 2010 23:57:50 +0100, TomB wrote:
>> On 2010-11-04, the following emerged from the brain of Bjørn
>> Steensrud:
>>> On Thu, 04 Nov 2010 22:05:25 +0100,  TomB wrote:
>>
>>> Uh, no - just write access to its directory.
>>>
>>> touch ~/blah
>>> chmod 444 ~/blah
>>> chmod 655 ~/blah
>> 
>> Actually you just have to own the file.
>
> No, you must have write access to the directory. Try it.

And the immutable bit must be clear.

E.g.:

touch testfile
ls -l testfile
-rw-r--r-- 1 homer homer 0 Nov  4 23:53 testfile
chmod 755 testfile
ls -l testfile    
-rwxr-xr-x 1 homer homer 0 Nov  4 23:53 testfile
su -c "chattr +i testfile"
Password: 
ls -l testfile            
-rwxr-xr-x 1 homer homer 0 Nov  4 23:53 testfile
chmod 644 testfile
chmod: changing permissions of `testfile': Operation not permitted

-- 
K.                           | [ubuntu]
http://slated.org            | 
Fedora 8 (Werewolf) on sky   | 1. Ancient African word meaning
kernel 2.6.31.5, up 21 days  |    'I can't configure Debian'

On Fri, 05 Nov 2010 00:49:06 +0100, TomB wrote:

> On 2010-11-04, the following emerged from the brain of Hardon:
>
>> No, you must have write access to the directory. Try it.
> 
> No Hadron, just access (ie. 0100 or just the user x-bit set) to the
> directory is enough. /You/ try it.

Ach, brain fart. You are correct.

"TomB" <tommy.bongaerts@gmail.com> wrote in message 
news:20101104231022.448@usenet.drumscum.be...
> On 2010-11-04, the following emerged from the brain of Ezekiel:
>>
>> "TomB" <tommy.bongaerts@gmail.com> wrote in message
>> news:20101104220330.223@usenet.drumscum.be...
>>> On 2010-11-04, the following emerged from the brain of Ezekiel:
>>>>
>>>>>>If the exploit is sophisticated enough
>>>>>>that it can execute arbitrary code remotely
>>>>>>
>>>>> So, then, YOU go handing out your root password like it was candy?
>>>>
>>>> Huh???? What does a root password have to do with anything?  Or are you
>>>> simply trying to move the goal posts to the next county?
>>>>
>>>> You don't need to be 'root' in order to chmod a file.
>>>
>>> But obviously you need write access to a file to chmod it.
>>
>> Yes, obviously. Which once again has absolutely zero to do with "handing 
>> out
>> root passwords like candy."
>>
>> The simple scenario is as follows -
>>
>> Some app has a 'remote arbitrary code execution' vulnerability.
>> This app writes out a file somewhere in /home/<user>
>> Same app/malware does a chmod to set the execute bit.
>> App then adds an entry to the appropriate file to start each time you 
>> (the
>> user) logs in.
>>
>> Nowhere does it need the 'root' password.
>> Nowhere does it require *me* the user to chmod anything.
>
> Ah, so that was the context. Perfectly feasible indeed.

I also want to add that it's not as far-fetched or hypothetical as some 
might pretend/wish it was. Recent example:

<quote>
Adobe to Patch Flash Player Vulnerability This Week
2010-11-02

Adobe Systems is prepping a patch for a critical security vulnerability in 
Flash Player.

The update will be for Flash Player 10x for Windows, Macs, Linux and 
Solaris, but the bug actually covers larger ground.

"This vulnerability (CVE-2010-3654) could cause a crash and potentially 
allow an attacker to take control of the affected system,"
</quote>

http://www.eweek.com/c/a/Security/Adobe-to-Patch-Flash-Player-Vulnerability-This-Week-278646/


There's is just one. There have been vulnerabilities in Firefox, Chrome, 
image viewer libraries(*1) and etc.

*1 - In another post you had mentioned much of Linux using a common set of 
shared-libs. So if there was a flaw in the lib that renders .jpg images then 
it would make multiple apps that use this library vulnerable. (The good news 
of course is that one fix to the shared-lib also fixes multiple apps.)

On 2010-11-05, the following emerged from the brain of Hardon:
> On Fri, 05 Nov 2010 00:49:06 +0100, TomB wrote:
>
>>> No, you must have write access to the directory. Try it.
>> 
>> No Hadron, just access (ie. 0100 or just the user x-bit set) to the
>> directory is enough. /You/ try it.
>
> Ach, brain fart. You are correct.

Haha, and I actually thought you were Hadron :-p

-- 
Thats galloping insanity for you if you ask me.
	~ 7

On 2010-11-05, the following emerged from the brain of Ezekiel:
>
> *1 - In another post you had mentioned much of Linux using a common set of 
> shared-libs. So if there was a flaw in the lib that renders .jpg images then 
> it would make multiple apps that use this library vulnerable. (The good news 
> of course is that one fix to the shared-lib also fixes multiple apps.)

Yes, as usual the coin has two sides.

-- 
The last capitalist we hang shall be the one who sold us the rope.
	~ Karl Marx

TomB stated in post 20101105012233.519@usenet.drumscum.be on 11/4/10 5:24
PM:

> On 2010-11-05, the following emerged from the brain of Ezekiel:
>> 
>> *1 - In another post you had mentioned much of Linux using a common set of
>> shared-libs. So if there was a flaw in the lib that renders .jpg images then
>> it would make multiple apps that use this library vulnerable. (The good news
>> of course is that one fix to the shared-lib also fixes multiple apps.)
> 
> Yes, as usual the coin has two sides.

It should, in theory, make things more consistent, too!


-- 
[INSERT .SIG HERE]

TomB pulled this Usenet face plant:

> On 2010-11-04, the following emerged from the brain of Hardon:
>> On Thu, 04 Nov 2010 23:57:50 +0100, TomB wrote:
>>
>>> On 2010-11-04, the following emerged from the brain of Bj??rn Steensrud:
>>>> On Thu, 04 Nov 2010 22:05:25 +0100,  TomB wrote:
>>>
>>>> Uh, no - just write access to its directory.
>>>>
>>>> touch ~/blah
>>>> chmod 444 ~/blah
>>>> chmod 655 ~/blah
>>> 
>>> Actually you just have to own the file.
>>
>> No, you must have write access to the directory. Try it.
>
> No Hadron, just access (ie. 0100 or just the user x-bit set) to the
> directory is enough. /You/ try it.

On Debian, I verify Tom's statement:

dr-xr-xr-x  test

cd into test, and you can chmod a file already in it.  You cannot create a
file, though.

-- 
I hope the ``Eurythmics'' practice birth control ...

TomB pulled this Usenet face plant:

> On 2010-11-05, the following emerged from the brain of Hardon:
>> On Fri, 05 Nov 2010 00:49:06 +0100, TomB wrote:
>>
>>>> No, you must have write access to the directory. Try it.
>>> 
>>> No Hadron, just access (ie. 0100 or just the user x-bit set) to the
>>> directory is enough. /You/ try it.
>>
>> Ach, brain fart. You are correct.
>
> Haha, and I actually thought you were Hadron :-p

Hadron had his own brain fart.  Or, he actually does not have
a Linux system on which to test his incorrect chmod assertion.  :-D

-- 
If you wait long enough, it will go away... after having done its damage.
If it was bad, it will be back.

Homer pulled this Usenet face plant:

> And the immutable bit must be clear.
>
> touch testfile
> ls -l testfile
> -rw-r--r-- 1 homer homer 0 Nov  4 23:53 testfile
> chmod 755 testfile
> ls -l testfile    
> -rwxr-xr-x 1 homer homer 0 Nov  4 23:53 testfile
> su -c "chattr +i testfile"
> Password: 
> ls -l testfile            
> -rwxr-xr-x 1 homer homer 0 Nov  4 23:53 testfile
> chmod 644 testfile
> chmod: changing permissions of `testfile': Operation not permitted

I'm curious.  I do

$ lsattr /usr/bin/*

And I get the following (just a small excerpt):

   ------------------- /usr/bin/xzdiff
   lsattr: Operation not supported While reading flags on /usr/bin/xzegrep
   lsattr: Operation not supported While reading flags on /usr/bin/xzfgrep
   ------------------- /usr/bin/xzgrep
   ------------------- /usr/bin/xzless

Why the "Operation not supported" on some of the files?

Oh, never mind.  They're soft links.  Doh.

-- 
"Not only is God dead, but just try to find a plumber on weekends."
		-- Woody Allen

On 2010-11-05, the following emerged from the brain of Chris Ahlstrom:
> TomB pulled this Usenet face plant:
>
>> On 2010-11-04, the following emerged from the brain of Hardon:
>>> On Thu, 04 Nov 2010 23:57:50 +0100, TomB wrote:
>>>
>>>> On 2010-11-04, the following emerged from the brain of Bj??rn Steensrud:
>>>>> On Thu, 04 Nov 2010 22:05:25 +0100,  TomB wrote:
>>>>
>>>>> Uh, no - just write access to its directory.
>>>>>
>>>>> touch ~/blah
>>>>> chmod 444 ~/blah
>>>>> chmod 655 ~/blah
>>>> 
>>>> Actually you just have to own the file.
>>>
>>> No, you must have write access to the directory. Try it.
>>
>> No Hadron, just access (ie. 0100 or just the user x-bit set) to the
>> directory is enough. /You/ try it.
>
> On Debian, I verify Tom's statement:
>
> dr-xr-xr-x  test
>
> cd into test, and you can chmod a file already in it.  You cannot create a
> file, though.

It even works with d--x------ on the directory (the 0100 I mentioned
above).

And of course the immutable bit must not be set, like Homer mentioned.

-- 
Humor is reason gone mad.
	~ Groucho Marx

"Chris Ahlstrom" <ahlstromc@xzoozy.com> schreef in bericht 
news:iav7af$ru9$5@news.eternal-september.org...
> Clogwog pulled this Usenet face plant:
>
>> "Chris Ahlstrom" <ahlstromc@xzoozy.com> schreef in bericht
>>
>>> Well no wonder Windows 7 is so safe!  All that bloatware slows it down 
>>> so
>>> much it cannot execute viruses and trojans!   :-D
>>>
>> Thanks for sharing and proving my point :-p
>> Not the sharpest knifes in the drawer, now are you?
>
> No.  I understand the joke!  (And I know the plural of "knife".)
>
Well a typo lamer as well I see, again you proved my point. 

"Homer" <usenet@slated.org> schreef in bericht 
news:terbq7-fv6.ln1@sky.matrix...
> Verily I say unto thee, that Chris Ahlstrom spake thusly:
>> Clogwog pulled this Usenet face plant:
>>>
>>> Windows 7 is the most secure Windows OS today, offering:
>>> Multiple Active Firewall Policies,
>>> Built upon the proven security technologies in Windows Vista.
>>> DirectAccess,
>>> BranchCache,
>>> BitLocker To Go,
>>> AppLocker,
>>> AV from Microsoft Security Essentials
>>> With every OS update a new version of the Microsoft malicious
>>> software removal tool.
>
> [quote]
> CommandoBob
> Windows 7
> Alienware x86
>
> Hi everyone, i was noticing that my PC was slow, so i run an scan with
> Microsoft Security Essentials. It detected no threats. So i opened
> msconfig and go to the startup tab. And saw 2 entries for:
> %WINDIR%\system32\Winbooterr\svchost.exe
>
> So i googled winbooterr and people said it was an virus.
> Microsoft Security Essentials seem to didnt detect anything, while its
> up-to-date
>
> I installed Malware Anti-Bytes after that, and ran an quick-scan. It
> detected 12 threats instead of 0 on Security Essentials.
>
> All threats are removed, restarted my computer, ran msconfig utility,
> still 2 entries for Winbooterr!
>
> I heard this virus can eat up your resources, so how can i remove this
> virus?
>
> Thanks.
>
> ...
>
> Jacee
>
> You have a "backdoor Trojan" ...
> These Trojans are one of the worst infections there are, and they allow
> the hacker total access to the infected machine, so much access in fact,
> that they have as much control of the machine as if they were sitting in
> front of it.
>
> What this Trojan does:
>
> # Turns off anti-virus applications
> # Allows others to access the computer
> # Steals information
> # Downloads code from the internet
> # Reduces system security
> # Records keystrokes
>
> I've emphasized several issues that, depending on how you use this
> system, may put a system owner at risk for identity theft.  The question
> to ask yourself is: What sort of personal identifying and/or financial
> information is on this system?
>
> Frankly, a system that has been compromised by this sort of infection
> cannot be trusted, simply because the tools available to us cannot
> guarantee it will have been totally cleaned. The only way to be sure is
> to completely reformat and rebuild the system.  I'm sorry to be the
> 'bearer of bad news', but it is important that you be as fully informed
> about the risks as possible.
> [/quote]
>
> http://www.sevenforums.com/system-security/104563-infection-winbooterr-svchost-exe.html
>
> That sure is some impressive "proven security technologies".
>
Nice selfnuke [H]omo!
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fVB.XR#summary_link
A typical case of (most likely) some Lintard anti Microsoft troll (maybe 
you) to make a bogus post.
Or someone who hasn't downloaded the latest definitions, maybe because he 
runs a pirated version ==> PICNIC 

Clogwog pulled this Usenet face plant:

> "Chris Ahlstrom" <ahlstromc@xzoozy.com> schreef in bericht 
> news:iav7af$ru9$5@news.eternal-september.org...
>> Clogwog pulled this Usenet face plant:
>>
>>> "Chris Ahlstrom" <ahlstromc@xzoozy.com> schreef in bericht
>>>
>>>> Well no wonder Windows 7 is so safe!  All that bloatware slows it down 
>>>> so
>>>> much it cannot execute viruses and trojans!   :-D
>>>>
>>> Thanks for sharing and proving my point :-p
>>> Not the sharpest knifes in the drawer, now are you?
>>
>> No.  I understand the joke!  (And I know the plural of "knife".)
>>
> Well a typo lamer as well I see, again you proved my point. 

Well, you're a "typo lamer" lamer!  So you are lamer than me!

You need a "brightness" knob [see below] :-D

-- 
I wish there was a knob on the TV to turn up the intelligence.  There's a
knob called "brightness", but it doesn't seem to work.
		-- Gallagher

"Chris Ahlstrom" <ahlstromc@xzoozy.com> schreef in bericht 
news:ib19es$20t$1@news.eternal-september.org...
> Clogwog pulled this Usenet face plant:
>
>> "Chris Ahlstrom" <ahlstromc@xzoozy.com> schreef in bericht
>> news:iav7af$ru9$5@news.eternal-september.org...
>>> Clogwog pulled this Usenet face plant:
>>>
>>>> "Chris Ahlstrom" <ahlstromc@xzoozy.com> schreef in bericht
>>>>
>>>>> Well no wonder Windows 7 is so safe!  All that bloatware slows it down
>>>>> so
>>>>> much it cannot execute viruses and trojans!   :-D
>>>>>
>>>> Thanks for sharing and proving my point :-p
>>>> Not the sharpest knifes in the drawer, now are you?
>>>
>>> No.  I understand the joke!  (And I know the plural of "knife".)
>>>
>> Well a typo lamer as well I see, again you proved my point.
>
> Well, you're a "typo lamer" lamer!  So you are lamer than me!

And I'm frwee toh lamee a "typos laamer" lammes, that's also "bwightness", I 
guessss! :-p
--
Linux has 100% Desktop marketshare in.................... North Korea!
http://en.wikipedia.org/wiki/Red_Star_OS 

"William Poaster" <wp@mylinux.machines.test> schreef in bericht 
news:pmtbq7-155.ln1@alpha.mylinuxnet.org...
> Chris Ahlstrom wrote:
>
>> Clogwog pulled this Usenet face plant:
>>
>>> "Hadron" <hadronquark@gmail.com> schreef in bericht
>>> news:iau7ua$cg0$1@news.eternal-september.org...
>>>> Lusotec <nomail@nomail.not> writes:
>>>>
>>>>> You cay write whatever nonsense you want, but a fully updated Windows
>>>>> machine with a installed and fully updated AV is not immune to 
>>>>> malware.
>>>>> Not even close!
>>>>>
>>>>> Regards.
>>>>
>>>> Neither is Linux. Not even close.
>>>>
>>>> Linux is safer because it is inherently safer. That combined with lack
>>>> of interest from the "hacker community" due to a tiny moron % on the
>>>> desktop.
>>>
>>>> Possibly some of you Windows users here, like Chris or Kohlkopf, could
>>>> comment on how Windows 7 is shaping up with firewall on and a free AV
>>>> installed?
>>
>> Beats me.  I haven't booted to Win 7 in a month.  I hardly use it at all.
>
> Heh. The troll trots out the old "lack of interest from the
> "hacker community" due to a tiny moron % on the desktop." too.
> (Surprise, surprise). A variation of the "If Linux was as popular as
> Windows.." argument which has been demolished many times.
> As in here:
> http://www.securityfocus.com/columnists/188
>
> And the " tiny moron % on the desktop", which belies the fact that *if*
> that were so, why are all the wintrolls making such a song & dance about
> it? Why would they, & M$, even bother with something so insignifiacnt?
> http://broadcast.oreilly.com/2010/09/debunking-the-1-myth.html
>
>>> Windows 7 is the most secure Windows OS today, offering:
>>> Multiple Active Firewall Policies,
>>> Built upon the proven security technologies in Windows Vista.
>>> DirectAccess,
>>> BranchCache,
>>> BitLocker To Go,
>>> AppLocker,
>>> AV from Microsoft Security Essentials
>>> With every OS update a new version of the Microsoft malicious software
>>> removal tool.
>>
>> Well no wonder Windows 7 is so safe!  All that bloatware slows it down so
>> much it cannot execute viruses and trojans!   :-D
>
> And don't forget
> *they* have to regularly defrag it!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Liar!
"Windows 7 or Vista automatically configures Disk Defrag to schedule 
defragment to run once a week, usually at 1am on Wednesday."
 http://www.howtogeek.com/howto/windows-vista/configure-disk-defragmenter-schedule-in-windows-vista/>

On 2010-11-04, the following emerged from the brain of Homer:
> Verily I say unto thee, that TomB spake thusly:
>> On 2010-11-04, the following emerged from the brain of Ezekiel:
>
>>> App then adds an entry to the appropriate file to start each time you
>>> (the user) logs in.
>
> Adds an "entry" to what?
>
> The only thing that starts every time I log in, is Bash.
>
>> Ah, so that was the context. Perfectly feasible indeed.
>
> And highly dependent on a large number of variable conditions.

That's also true of course.

-- 
It's the dwarves that go swimmin' with big hairy women.
	~ Gimli, son of Gloin

Phil Da Lick! wrote:

> On 04/11/2010 13:18, Hadron wrote:
>> "Phil Da Lick!"<phil_the_lick@REMOVETHISSPAMTRAP.hotmail.com>  writes:
>>
>>> On 04/11/2010 09:48, RayLopez99 wrote:
>>>> On Nov 4, 3:43 am, peterwn<pmiln...@gmail.com>   wrote:
>>>>> On Nov 4, 2:34 pm, RayLopez99<raylope...@gmail.com>   wrote:>   On Nov
>>>>> 4, 1:16 am, nessuno<nessuno7...@gmail.com>   wrote:
>>>>>
>>>>>>> Of course, a Mac computer would probably work just as well, but the
>>>>>>> focus here is on Windows users who may be looking for a cheap way to
>>>>>>> harden their existing setup to avoid malicious software.
>>>>>
>>>>>> Right.  And a Windows computer with the latest antivirus software
>>>>>> would work just as well.
>>>>>
>>>>> Assuming that the anti virus software picks up the virus, trojan etc.
>>>>>
>>>>> As the OP implied anyone who does internet banking on a Windows
>>>>> machine is nuts.
>>>>
>>>> Assuming?  But they do Peter.
>>>
>>> Dumbass.
>>>
>>> Review after review after review of security suites paid and otherwise
>>> subjected to known malware and I'm still to see any security suite with
>>> a 100% capture rate. Soon as I do, that suite will get some serious
>>> business from me.
>>
>> Really? Why? What Windows security systems are you currently paying for?
> 
> What has that got to do with it? I use one of the better ones but 97-98%
> is less than 100% last time I checked.

Not to mention the fact that well over 5000 new viruses are emerging every
single day, and that it's totally impossible for any AV suite to keep up
with that -- unless it checks for updates every 10 seconds or so.
Half the world's Windows boxes are compromised, but still some idiots
maintain that AV offers sufficient protection. Sure, it's better than
nothing, but using Windows is turning more into Russian Roulette every
year.

And this is why, when I go to my bank's Web site, I now have to click
through one or sometimes even two(*) pages of warnings about Internet
security, telling me to double-check everything that happens on-screen
(URL's, account numbers, amounts, codes entered), and that I should contact
the bank immediately, should I notice anything unusual.

*: One extra page if a particular new virus or phishing e-mail has been
doing the rounds, which happens with increasing frequency.

Richard Rasker
-- 
http://www.linetec.nl

"Richard Rasker" <spamtrap@linetec.nl> wrote in message 
news:4cd6a02a$0$729$7ade8c0d@textreader.nntp.internl.net...
> Phil Da Lick! wrote:
>

>> What has that got to do with it? I use one of the better ones but 97-98%
>> is less than 100% last time I checked.
>
> Not to mention the fact that well over 5000 new viruses are emerging every
> single day, and that it's totally impossible for any AV suite to keep up
> with that -- unless it checks for updates every 10 seconds or so.
>
> And this is why, when I go to my bank's Web site, I now have to click
> through one or sometimes even two(*) pages of warnings about Internet
> security, telling me to double-check everything that happens on-screen
> (URL's, account numbers, amounts, codes entered), and that I should 
> contact
> the bank immediately, should I notice anything unusual.
>
> *: One extra page if a particular new virus or phishing e-mail has been
> doing the rounds, which happens with increasing frequency.

Something doesn't make sense here. What does checking "everything that 
happens on-screen" (urls, acct nums, amounts, codes, etc) have anything to 
do with viruses or malware?  Will somehow checking an URL tell the average 
banking customer that they do or don't have a virus?

Now *ALL* of this does make sense when it comes to phishing schemes.  So are 
you somehow claiming that only Windows is susceptable to phishing? You do 
realize that phishing is social engineering exploit.

"Ezekiel" <no_zeke@fake-zeke.com> writes:

> "Richard Rasker" <spamtrap@linetec.nl> wrote in message 
> news:4cd6a02a$0$729$7ade8c0d@textreader.nntp.internl.net...
>> Phil Da Lick! wrote:
>>
>
>>> What has that got to do with it? I use one of the better ones but 97-98%
>>> is less than 100% last time I checked.
>>
>> Not to mention the fact that well over 5000 new viruses are emerging every
>> single day, and that it's totally impossible for any AV suite to keep up
>> with that -- unless it checks for updates every 10 seconds or so.
>>
>> And this is why, when I go to my bank's Web site, I now have to click
>> through one or sometimes even two(*) pages of warnings about Internet
>> security, telling me to double-check everything that happens on-screen
>> (URL's, account numbers, amounts, codes entered), and that I should 
>> contact
>> the bank immediately, should I notice anything unusual.
>>
>> *: One extra page if a particular new virus or phishing e-mail has been
>> doing the rounds, which happens with increasing frequency.
>
> Something doesn't make sense here. What does checking "everything that 
> happens on-screen" (urls, acct nums, amounts, codes, etc) have anything to 
> do with viruses or malware?  Will somehow checking an URL tell the average 
> banking customer that they do or don't have a virus?
>
> Now *ALL* of this does make sense when it comes to phishing schemes.  So are 
> you somehow claiming that only Windows is susceptable to phishing? You do 
> realize that phishing is social engineering exploit.

You ARE talking to Richard "mangle the facts" Rasker. The man you
proudly informed COLA that Linux netbooks were outselling the XP ones on
Amazon ...... He had of course tailored the search criteria....

Ezekiel wrote:

> 
> "Richard Rasker" <spamtrap@linetec.nl> wrote in message
> news:4cd6a02a$0$729$7ade8c0d@textreader.nntp.internl.net...
>> Phil Da Lick! wrote:
>>
> 
>>> What has that got to do with it? I use one of the better ones but 97-98%
>>> is less than 100% last time I checked.
>>
>> Not to mention the fact that well over 5000 new viruses are emerging
>> every single day, and that it's totally impossible for any AV suite to
>> keep up with that -- unless it checks for updates every 10 seconds or so.
>>
>> And this is why, when I go to my bank's Web site, I now have to click
>> through one or sometimes even two(*) pages of warnings about Internet
>> security, telling me to double-check everything that happens on-screen
>> (URL's, account numbers, amounts, codes entered), and that I should
>> contact
>> the bank immediately, should I notice anything unusual.
>>
>> *: One extra page if a particular new virus or phishing e-mail has been
>> doing the rounds, which happens with increasing frequency.
> 
> Something doesn't make sense here. What does checking "everything that
> happens on-screen" (urls, acct nums, amounts, codes, etc) have anything to
> do with viruses or malware?  Will somehow checking an URL tell the average
> banking customer that they do or don't have a virus?

The by now normal warning screen, tells bank clients that they should make
sure that their anti-virus software is up-to-date etcetera.

> Now *ALL* of this does make sense when it comes to phishing schemes.  So
> are you somehow claiming that only Windows is susceptable to phishing? You
> do realize that phishing is social engineering exploit.

Nah, Windows isn't more susceptible to phishing -- it's worse: Windows is
responsibe for a large part of it. Every single phishing e-mail I received
in the past few years that I took the trouble of tracing back originatied
from a compromised Windows box.

Richard Rasker
-- 
http://www.linetec.nl

"Richard Rasker" <spamtrap@linetec.nl> wrote in message 
news:4cd6fbb9$0$727$7ade8c0d@textreader.nntp.internl.net...
> Ezekiel wrote:
>
>>
>> "Richard Rasker" <spamtrap@linetec.nl> wrote in message
>> news:4cd6a02a$0$729$7ade8c0d@textreader.nntp.internl.net...
>>> Phil Da Lick! wrote:
>>>
>>
>>>> What has that got to do with it? I use one of the better ones but 
>>>> 97-98%
>>>> is less than 100% last time I checked.
>>>
>>> Not to mention the fact that well over 5000 new viruses are emerging
>>> every single day, and that it's totally impossible for any AV suite to
>>> keep up with that -- unless it checks for updates every 10 seconds or 
>>> so.
>>>
>>> And this is why, when I go to my bank's Web site, I now have to click
>>> through one or sometimes even two(*) pages of warnings about Internet
>>> security, telling me to double-check everything that happens on-screen
>>> (URL's, account numbers, amounts, codes entered), and that I should
>>> contact
>>> the bank immediately, should I notice anything unusual.
>>>
>>> *: One extra page if a particular new virus or phishing e-mail has been
>>> doing the rounds, which happens with increasing frequency.
>>
>> Something doesn't make sense here. What does checking "everything that
>> happens on-screen" (urls, acct nums, amounts, codes, etc) have anything 
>> to
>> do with viruses or malware?  Will somehow checking an URL tell the 
>> average
>> banking customer that they do or don't have a virus?
>
> The by now normal warning screen, tells bank clients that they should make
> sure that their anti-virus software is up-to-date etcetera.
>
>> Now *ALL* of this does make sense when it comes to phishing schemes.  So
>> are you somehow claiming that only Windows is susceptable to phishing? 
>> You
>> do realize that phishing is social engineering exploit.
>
> Nah, Windows isn't more susceptible to phishing -- it's worse: Windows is
> responsibe for a large part of it. Every single phishing e-mail I received
> in the past few years that I took the trouble of tracing back originatied
> from a compromised Windows box.


I've read some stupid claims and "reasoning" in COLA over the years. This is 
certainly one of them.

"Ezekiel" <no_zeke@fake-zeke.com> writes:

> "Richard Rasker" <spamtrap@linetec.nl> wrote in message 
> news:4cd6fbb9$0$727$7ade8c0d@textreader.nntp.internl.net...
>> Ezekiel wrote:
>>
>>>
>>> "Richard Rasker" <spamtrap@linetec.nl> wrote in message
>>> news:4cd6a02a$0$729$7ade8c0d@textreader.nntp.internl.net...
>>>> Phil Da Lick! wrote:
>>>>
>>>
>>>>> What has that got to do with it? I use one of the better ones but 
>>>>> 97-98%
>>>>> is less than 100% last time I checked.
>>>>
>>>> Not to mention the fact that well over 5000 new viruses are emerging
>>>> every single day, and that it's totally impossible for any AV suite to
>>>> keep up with that -- unless it checks for updates every 10 seconds or 
>>>> so.
>>>>
>>>> And this is why, when I go to my bank's Web site, I now have to click
>>>> through one or sometimes even two(*) pages of warnings about Internet
>>>> security, telling me to double-check everything that happens on-screen
>>>> (URL's, account numbers, amounts, codes entered), and that I should
>>>> contact
>>>> the bank immediately, should I notice anything unusual.
>>>>
>>>> *: One extra page if a particular new virus or phishing e-mail has been
>>>> doing the rounds, which happens with increasing frequency.
>>>
>>> Something doesn't make sense here. What does checking "everything that
>>> happens on-screen" (urls, acct nums, amounts, codes, etc) have anything 
>>> to
>>> do with viruses or malware?  Will somehow checking an URL tell the 
>>> average
>>> banking customer that they do or don't have a virus?
>>
>> The by now normal warning screen, tells bank clients that they should make
>> sure that their anti-virus software is up-to-date etcetera.
>>
>>> Now *ALL* of this does make sense when it comes to phishing schemes.  So
>>> are you somehow claiming that only Windows is susceptable to phishing? 
>>> You
>>> do realize that phishing is social engineering exploit.
>>
>> Nah, Windows isn't more susceptible to phishing -- it's worse: Windows is
>> responsibe for a large part of it. Every single phishing e-mail I received
>> in the past few years that I took the trouble of tracing back originatied
>> from a compromised Windows box.
>
> I've read some stupid claims and "reasoning" in COLA over the years. This is 
> certainly one of them.

It looks like "phishing" is another thing we can add to Rasker's list of
things he's clueless about.

Ezekiel wrote:

> 
> "Richard Rasker" <spamtrap@linetec.nl> wrote in message
> news:4cd6fbb9$0$727$7ade8c0d@textreader.nntp.internl.net...
>> Ezekiel wrote:
>>
>>>
>>> "Richard Rasker" <spamtrap@linetec.nl> wrote in message
>>> news:4cd6a02a$0$729$7ade8c0d@textreader.nntp.internl.net...
>>>> Phil Da Lick! wrote:
>>>>
>>>
>>>>> What has that got to do with it? I use one of the better ones but
>>>>> 97-98%
>>>>> is less than 100% last time I checked.
>>>>
>>>> Not to mention the fact that well over 5000 new viruses are emerging
>>>> every single day, and that it's totally impossible for any AV suite to
>>>> keep up with that -- unless it checks for updates every 10 seconds or
>>>> so.
>>>>
>>>> And this is why, when I go to my bank's Web site, I now have to click
>>>> through one or sometimes even two(*) pages of warnings about Internet
>>>> security, telling me to double-check everything that happens on-screen
>>>> (URL's, account numbers, amounts, codes entered), and that I should
>>>> contact
>>>> the bank immediately, should I notice anything unusual.
>>>>
>>>> *: One extra page if a particular new virus or phishing e-mail has been
>>>> doing the rounds, which happens with increasing frequency.
>>>
>>> Something doesn't make sense here. What does checking "everything that
>>> happens on-screen" (urls, acct nums, amounts, codes, etc) have anything
>>> to
>>> do with viruses or malware?  Will somehow checking an URL tell the
>>> average
>>> banking customer that they do or don't have a virus?
>>
>> The by now normal warning screen, tells bank clients that they should
>> make sure that their anti-virus software is up-to-date etcetera.
>>
>>> Now *ALL* of this does make sense when it comes to phishing schemes.  So
>>> are you somehow claiming that only Windows is susceptable to phishing?
>>> You
>>> do realize that phishing is social engineering exploit.
>>
>> Nah, Windows isn't more susceptible to phishing -- it's worse: Windows is
>> responsibe for a large part of it. Every single phishing e-mail I
>> received in the past few years that I took the trouble of tracing back
>> originatied from a compromised Windows box.
> 
> 
> I've read some stupid claims and "reasoning" in COLA over the years. This
> is certainly one of them.

So the fact that Windows is insecure has nothing to do with the fact that
those thousands of spam, phishing and virus e-mails offered to my mail
server every day are sent from infected Windows boxes?

You sound like those NRA loonies in the US, who claim that there's no
connection whatsoever between the ubiquitous availability of firearms and
the huge number of deaths caused by said weapons.

In a semantic sense, you have a point: Windows isn't a sentient being and
thus can't be held responsible for anything, any more than a gun can be
held responsible for a shooting. So OK, it's the people who spread and
promote the stuff who should be held responsible. In the case of software,
Microsoft should in part be held responsible for the crimes perpetrated
with the insecure products they sold. There, happy now?

Richard Rasker
-- 
http://www.linetec.nl

Richard Rasker <spamtrap@linetec.nl> writes:

> Ezekiel wrote:
>
>> 
>> "Richard Rasker" <spamtrap@linetec.nl> wrote in message
>> news:4cd6fbb9$0$727$7ade8c0d@textreader.nntp.internl.net...
>>> Ezekiel wrote:
>>>
>>>>
>>>> "Richard Rasker" <spamtrap@linetec.nl> wrote in message
>>>> news:4cd6a02a$0$729$7ade8c0d@textreader.nntp.internl.net...
>>>>> Phil Da Lick! wrote:
>>>>>
>>>>
>>>>>> What has that got to do with it? I use one of the better ones but
>>>>>> 97-98%
>>>>>> is less than 100% last time I checked.
>>>>>
>>>>> Not to mention the fact that well over 5000 new viruses are emerging
>>>>> every single day, and that it's totally impossible for any AV suite to
>>>>> keep up with that -- unless it checks for updates every 10 seconds or
>>>>> so.
>>>>>
>>>>> And this is why, when I go to my bank's Web site, I now have to click
>>>>> through one or sometimes even two(*) pages of warnings about Internet
>>>>> security, telling me to double-check everything that happens on-screen
>>>>> (URL's, account numbers, amounts, codes entered), and that I should
>>>>> contact
>>>>> the bank immediately, should I notice anything unusual.
>>>>>
>>>>> *: One extra page if a particular new virus or phishing e-mail has been
>>>>> doing the rounds, which happens with increasing frequency.
>>>>
>>>> Something doesn't make sense here. What does checking "everything that
>>>> happens on-screen" (urls, acct nums, amounts, codes, etc) have anything
>>>> to
>>>> do with viruses or malware?  Will somehow checking an URL tell the
>>>> average
>>>> banking customer that they do or don't have a virus?
>>>
>>> The by now normal warning screen, tells bank clients that they should
>>> make sure that their anti-virus software is up-to-date etcetera.
>>>
>>>> Now *ALL* of this does make sense when it comes to phishing schemes.  So
>>>> are you somehow claiming that only Windows is susceptable to phishing?
>>>> You
>>>> do realize that phishing is social engineering exploit.
>>>
>>> Nah, Windows isn't more susceptible to phishing -- it's worse: Windows is
>>> responsibe for a large part of it. Every single phishing e-mail I
>>> received in the past few years that I took the trouble of tracing back
>>> originatied from a compromised Windows box.
>> 
>> 
>> I've read some stupid claims and "reasoning" in COLA over the years. This
>> is certainly one of them.
>
> So the fact that Windows is insecure has nothing to do with the fact that
> those thousands of spam, phishing and virus e-mails offered to my mail
> server every day are sent from infected Windows boxes?

Did you hear that? It was the screech of moving goalposts.

"Richard Rasker" <spamtrap@linetec.nl> wrote in message 
news:4cd7d28f$0$726$7ade8c0d@textreader.nntp.internl.net...
> Ezekiel wrote:
>
>>
>> "Richard Rasker" <spamtrap@linetec.nl> wrote in message
>> news:4cd6fbb9$0$727$7ade8c0d@textreader.nntp.internl.net...
>>> Ezekiel wrote:
>>>
>>>>
>>>> "Richard Rasker" <spamtrap@linetec.nl> wrote in message
>>>> news:4cd6a02a$0$729$7ade8c0d@textreader.nntp.internl.net...
>>>>> Phil Da Lick! wrote:
>>>>>
>>>>
>>>>>> What has that got to do with it? I use one of the better ones but
>>>>>> 97-98%
>>>>>> is less than 100% last time I checked.
>>>>>
>>>>> Not to mention the fact that well over 5000 new viruses are emerging
>>>>> every single day, and that it's totally impossible for any AV suite to
>>>>> keep up with that -- unless it checks for updates every 10 seconds or
>>>>> so.
>>>>>
>>>>> And this is why, when I go to my bank's Web site, I now have to click
>>>>> through one or sometimes even two(*) pages of warnings about Internet
>>>>> security, telling me to double-check everything that happens on-screen
>>>>> (URL's, account numbers, amounts, codes entered), and that I should
>>>>> contact
>>>>> the bank immediately, should I notice anything unusual.
>>>>>
>>>>> *: One extra page if a particular new virus or phishing e-mail has 
>>>>> been
>>>>> doing the rounds, which happens with increasing frequency.
>>>>
>>>> Something doesn't make sense here. What does checking "everything that
>>>> happens on-screen" (urls, acct nums, amounts, codes, etc) have anything
>>>> to
>>>> do with viruses or malware?  Will somehow checking an URL tell the
>>>> average
>>>> banking customer that they do or don't have a virus?
>>>
>>> The by now normal warning screen, tells bank clients that they should
>>> make sure that their anti-virus software is up-to-date etcetera.
>>>
>>>> Now *ALL* of this does make sense when it comes to phishing schemes. 
>>>> So
>>>> are you somehow claiming that only Windows is susceptable to phishing?
>>>> You
>>>> do realize that phishing is social engineering exploit.
>>>
>>> Nah, Windows isn't more susceptible to phishing -- it's worse: Windows 
>>> is
>>> responsibe for a large part of it. Every single phishing e-mail I
>>> received in the past few years that I took the trouble of tracing back
>>> originatied from a compromised Windows box.
>>
>>
>> I've read some stupid claims and "reasoning" in COLA over the years. This
>> is certainly one of them.
>
> So the fact that Windows is insecure has nothing to do with the fact that
> those thousands of spam, phishing and virus e-mails offered to my mail
> server every day are sent from infected Windows boxes?

Because your bank is warning you about *phishing* attacks is an indication 
that *people* (not computers) are susceptable to SOCIAL ENGINEERING. You 
can't fool a computer to fall for a social engineering attack - it's 
something that is done against a person, not a  computer or OS.



> You sound like those NRA loonies in the US, ....

You sound like someone trying to move goal posts.


> In a semantic sense, you have a point: Windows isn't a sentient being and
> thus can't be held responsible for anything,

It certainly isn't a weakness of the OS, any OS, that human beings fall for 
PHISHING scams. When somebody gets an email telling them "There is an 
overdraft on your account... click here and enter your login-id and password 
to...."  and falls for it then this is PHISHING. Because your bank is 
warning people about phishing attacks has absolutely zero to do with the 
relative security of operating systems.

Perhaps you should quit whining about Windows and actually learn what 
phishing is. Phishing scams don't care what OS you are using - they are 
exploiting a human weakness.

In message
<3ee970da-1d77-41d4-87f1-ebbb91b3d1ee@r29g2000yqj.googlegroups.com>, 
RayLopez99 wrote:

> And a Windows computer with the latest antivirus software
> would work just as well.

Except that “latest” in this case means “no older than 17 minutes”.

Not every Dimdows user can afford to keep updating that often...