The easiest box to hack...
....is the one with the dumbest owner.
This story was updated to correct the maximum prize amount available. Tired of all the knee-jerk banter from fanboys about whose operating system is the most secure? So are the organizers of the CanSecWest security conference, which will be held in Vancouver later this month. And with a contest awarding as much as $20,000 worth …
This post has been deleted by its author
Whoever hacks a laptop first gets to take it away with them?
So once they've proven how crap the OS is they get to keep the vista machine?
I suppose at least if they won the mac they could put any OS on it, whereas the vista/ubuntu machines you're limited to windows/linux(/dos/etc)
What's the betting that they have XP running within fusion on the mac? that'd double the vulnerabilities while still keeping to the rules of popular software.
It all depends upon who wants which box the most. I personally wouldn't want a MacBook air, I'd prefer a good ol' MacBook Pro. As for the PCs, I'd rather have a new Thinkpad so wouldn't bother attempting them. This is all pretty academic as I'm by no means some kick ass hacker.
Surely a known security hole that is still present in the most up to date patches is much more of a concern that a one-off homebrew hack by a pro? In the interests of exciting competition i can see the reasoning behind that rule, but it most certainly invalidates this as a test of the most secure OS.
It's funny. I don't own a Mac, don't use a Mac, and I think the MacBook Air is design for morons.
But I am absolutely certain that OS X is orders of magnitude more secure than any version of Windows; OS X doesn't come with Internet Explorer, and IE is *designed* to allow remote code execution.
"Winning exploits must target a previously unknown vulnerability; vulns that have already been reported to the affected software maker or a third party are not eligible."
That is horribly unfair, because Apple in particular fails to fix vulnerabilities even after they've been reported. This skews it horribly in Apple's favor. After all, what other company sits on a publicly disclosed security vulnerability for a year and STILL doesn't fix it?
"with the world+dog currently hacking Vista, there can't be that many exploits left undiscovered"
As Oscar Wilde said of second marriages "the triumph of optimism over experience".
Are you really suggesting that, after several years, XP has no vulnerabilities left undiscovered?
The advantage the linux hacker has, of course, is that he/she has full access to ALL the coding - which is why its hacked so much more often than Microsoft produts, isn't it?
It doesn't matter what the story is about, if it mentions Apple/MS/Linux or anything vaguely related, people write bad comments about it or the competitors.
Here's a quick template to save them coming up with something even vaguely original:
*Delete were appropriate
Apple/Microsoft* are awful, why does anyone use the overpriced stuff created by them? The should try using a proper operating system like OSX/XP/Vista/W2000/Ubuntu/OtherLinuxDistro*. I had a OSX/XP/Vista/W2000/Ubuntu/OtherLinuxDistro* system and it was awful, so many problems with it. In the end I got OSX/XP/Vista/W2000/Ubuntu/OtherLinuxDistro* and it works great. The Apple/Microsoft/Linux* fanboys should stop licking obs/Gates/Ballmer/Linus* by ignoring the failings and start using free/stable/flexible/innovative/intuitive/secure* stuff like me. Take your JesusPhone/Microshaft/Freetardware* and shove it!
If you're used to writing exploits for windows machines wouldn't you go for the Vista box as it'd be the easiest for you?
The counter to that people may avoid the Vista machine just for the sake of proving linux/mac isn't secure - as you're only allowed to target one machine you'd have to pick one.
Also the shiny aspect has been mentioned - butt ugly flakey fuji, sexy sony or sleek air?
All the air's and graces of a fair fight but still not cutting it - you can never get a fair balance due to the above, and other, circumstances.
How do you Apple FUDS account for that??
And as for the inane comment "Dumb prize", a computer is a computer whether it's a notebook or a desktop. The target is the OS, not the conveyance, dope. A MacBook Air is more attractive when it's free than having to buy the under-featured POS.
I'll have plenty of Catsup for you MacTards to eat your Crow with. Keep watchin.
"That is horribly unfair, because Apple in particular fails to fix vulnerabilities even after they've been reported. This skews it horribly in Apple's favor. After all, what other company sits on a publicly disclosed security vulnerability for a year and STILL doesn't fix it?"
Well said that person!
Also, i was under the impression that the going rate for an unknown vuln was on the order or several grand anyway. so....
~£700 - £mackbook pro and 1337 glory. (and 10k prize for the last compo? nice! assuming you win...)
fair bit of cash for selling expoit to legit people (no time limit)
loadsa £££ for going black hat on peoples a$$es (both selling and using exploit) (no time limit)
besides, whats the point in finding a shiny new exploit when there are plenty of known ones that are not yet patched?
as paris might say:
glory is nice, cash is better. ;)
that we were getting worried that Webster might be sick or have expired from excessive spleen. Back to his usual rabid form after all. If you don't want to buy something then don't buy it. No need to make it your mission in life to insult the item and anyone who does actually buy it.
And here is the articles from last years:
Way they're written suggest that is that Mac was the looser because it was the only contestent (can anyone confirm).... Gee Webster, hardly a fair fight if the other guy doesnt show up.
What the hell kind of article is this, anyway? It seems more like an advertisement for the "contest" than an actual, objective, researched account of the event-to-be. You're implying that such a "contest" can *end* or serve to be a talking point for fans of one operating system over another? One commenter already pointed out that CERT numbers over the year are very close for Linux and Windows, there's no mention of how different the code bases are, how mature any of the individual products are at the time of the "contest," nor does it mention how absurd it is to call such a thing a fair competition at all. Sounds more to me like you either have no idea what you're talking about, you're one of those who actually thinks Fox News is "fair and balanced," and/or just wanted to plug the event and get another dollar for posting another article. Too bad the register doesn't pay for quality instead of quantity.
As for those who are wasting your time and ours touting the wonders of your operating system, hey, let's have an subjective argument about car brands next! How about shampoo! Because we've all had *exactly* the same amount of experience and training and marketing spewed at us for every brand of shampoo and every brand of car, so certainly we can form rational, logical opinions on which is the 'best' for every or any situation. Christ, people, flame wars were so last century. Stop wasting the bandwidth of those of us who want to use the internet for more than a giant circle jerk.
"I would have thought that Fedora running SELinux would have been the harder Linux target."
Agreed. I have enough trouble running things normally with SELinux installed. I wouldn't even know where to begin with a remote exploit.
... and my coat is the one next to it. The one with all the sleeves and pockets sewn up.
Let us know how this turns out. I for one want to know which falls first though for all intents and purposes I think whoever tries the Vista box will get so frustrated with the UAC on Vista they will probably crack the laptop faster by hitting it with ol' trusty the sledgehammer. But let us know :)
i often find head and shoulder leaves my hair nice and managable where as herbal escences and pantenne make my hair feel frizzy. so head and shoulders ftw
i think the newer model fiesta look spiffy, but have never driven one.
ok ill bite
yes the article is obvious flame bait - sorry - "a thoughtful piece intended to encourage debate" but it hardly warrants your level of vitriol.
the contest is between the *people* and assuming the CERT metric makes all Os included "very close", then *it doesnt matter which system is hacked first*, only how fast the person is.
"Stop wasting the bandwidth of those of us who want to use the internet for more than..." looking down our noses at people who dare discuss things?
or to sum up
"Stop wasting the bandwidth of those of us who want to use the internet for more than..." Trolling
from the register itself
"We queried the United States Computer Emergency Readiness Team (CERT) database, and the CERT data confirms our conclusions by a more dramatic margin. When we queried the database to present results in order of severity from most critical to least critical, 39 of the first 40 entries in the CERT database for Windows are rated above the CERT threshold for a severe alert. Only three of the first 40 entries were above the threshold when we queried the database about Red Hat. When we queried the CERT database about Linux, only 6 of the first 40 entries were above the threshold."
looking at cert numbers alone is pointless.
The problem of security holes is nearly pointless. Windows doesn't need to be attacked, it runs slower and slower each week from the minute you buy a new computer until it is so slow that it is worthless. Linux doesn't work with my printer or my wireless card, and the free freaks drop subsysyems that work for things that don't simply because they have more utopian licenses (sound and printing) OS X is worthless by itself without $$$ of purchased software and cost $$$ for every minor update and codebase patch.
I have all three, and an exploit would be refreshing, better than products that I pay good money for that in one way or another render themselvers inoperable.
They all suck.
personally, i think i think they shouldn't install third party software, just defaults with full patches.
The quicktime exploit last year would have also worked against windows, but the exploit writer was quoted saying he targeted mac on purpose 'because of smug attitude' (because i wanted to join the smug club)
This post has been deleted by its author
The attacks on the Linux machine are going to focus on skype, a proprietary application or driver is not easy to secure or to test for security problems. I find the very idea of having skype on the linux machine to be unfair.
the above post is right, all operating systems suck; the question is what the hell are you doing about it punk.
Of course They had to choose Ubuntu, which is one of those excellently loaded distros that runs god knows what services by default. They should have thrown in some BSD just to make it interesting. And some machines that anyone would actually want to own (I mean have as personal property... not crack...).
Few problems as I see it..
1) Different hardware in each lappy. There may be a vuln available in one particular laptop that isnt available in the other 2. BIOS, manufacturer drivers etc
2) This is a test of stable OS. I dont know anything about OSX, but Windows you cant just "install the OS", where you can with any form of linux. When does it stop being a test of OS, and more a test of "which 3rd party dev writes the shittiest code?"
3) Last year it was won by hacking an application, Quicktime. This year, the Vista box could be hacked via Quicktime, or the Mac box hacked via Office for Mac. Do you honestly think Microsoft would spend as much time on stability/security on a product for a competitor compared to one for their own market. Think Apple would return the favour?
Mine the tartan trenchcoat with "Cyncial Prick" on the back.
... given the competition permits a hardwire (cross-over cable?) link - we must assume that the target system is in the room... so the most effective tool for getting anything out of this system is a philips screwdriver.
In all honesty though, as we already know, the easiest system to hack is one that was designed or operated by any member of a british government agency.
"The advantage the linux hacker has, of course, is that he/she has full access to ALL the coding - which is why its hacked so much more often than Microsoft produts, isn't it?"
Kinda, there are lots of theoretical vulnerabilities that are patched regularly - as people can see the code and guess. But I hate to disappoint you - there are not that many real world exploits.
I think if you read the CERTs, you will find that a large number of the Linux vulnerabillities are theroetical, unexploited problems that have been identified by examination of the code. Do you really think that the buffer overrun security pronlems were all discovered by experimentation? Many of these problems have not even got example exploit code published.
So, which do you trust more. The code that has been examined and found that there may be theoretical problems (which are fixed reeeal quick), or the code that has definite exploits published, and may not get patched for months. Just imagine how many problems are likely to be found in Windows if the code was open, if there are this many discovered by experimentation.
Please don't just count the exploits, examine them in detail, and you then won't compare apples and oranges.
The reason that they will be running Ubuntu is that it is probably the most popular/mainstream Linux that regular people would try.
Fair enough if some other distro is more secure "with no known exploits" but if a regular person like myself can't install it becuse you need and command line stuff then we would just go with OSX, Vista or Ubuntu.
This is a comp to find the flaws in the biggest/latest distros of each and not a competition of which version of an OS has the most secure version.
I'm sure someone could write a Linux distro that was 100% remote secure but if an everyday user can't use it easily then it is useless for everyday people. Thats also why they are having common apps installed on all of them, because people use them. If you had a OS with no apps then it kind of serves no point except to heat and light the room slightly!!
I don't get it.
If you have a fully patched machine without viruses or trojans etc, and you have a Norton / McAfee / TrendMicro etc. type firewall with all the ports except internet and email locked down, are you still vulnerable to be taken over completely from the Internet?
What about if you also have a modern router with an ADDITIONAL firewall?
Surely that must be safe? Or is this competition not using firewalls and third party security products?
are the posts pointing out that the real weak point is the WetWare. I'd wager that 90% of *real world* inappropriate disclosure of computer data (which is what actually matters in the end) and creation of botnets comes down to social engineering.
Even on the notoriously hackable XP/2000 + IE combo I reduced real world infections by Malware by about 99% by finally separating users from the admin rights which they'd historically become accustomed to believe they were entitled to have and run with - admittedly, at the time when the only remote mass configuration options we had were NetWare login scripts, which run as the user logging in, this was pretty much true. But I digress.
A better use of time than this contest would be finding the writers of software who expect the user to have admin rights on Windows boxes and putting them up against the wall. Mind you, they'll be out of a job soon anyway because their shite won't work on Vista with UAC.
The contest doesn't end when a computer gets hacked. People can still try and get the other two (and claim the bounty on finding the exploit which compromises that computer as well).
As people above have pointed out it isn't about which platform is the "most secure" but about finding possible vulnerabilities for the major plaforms with a fairly standard hardware/software setup for each platform.
... It could include a 'user' sat at each laptop who you would have to trick into installing your malware/exploit to make it more like reality (alongside attacking just the machine itself). I reckon if you got some 'uninitiated' regular users to act as the 'marks' the competition would be over in minutes. :o)
This post has been deleted by a moderator
This post has been deleted by a moderator
There is plenty of the usual fanboy rubbish being spouted on here... even the first comment is excusing windows. People can't just wait and see based on the rules supplied, they have to get in there already and justify their view.
Personally i would expect someone with real skill to get into any of the three. However since its going to be pros who are likely to win, i still feel more secure using a unix based OS (i.e. both the non-vista machines).
Also for you windows fanboys, dont take it too personally, windows really is crap.
want all the hackers / crackers to target the apple laptop first. The reasong behind this is that apple claims to be more secure than windows. I'm not a MS fanboy but I absolutely detest the over-priced under-spec'd systems that Apple puts their badge on. Since the apple laptop (yes the mac air, mac book pro, mac whatever IS a laptop / PC) will be the first one to fall, surely then it'll be less secure than windows? I use the reasoning that a bank vault is pretty secure even if unlocked as long as no one wants to break into it. But that same bank vault will be less secure if an army of umpa lumpas used molten chocolate to fight their way in.
Flame: because I really want apple to burn.
...it's not a scientific study or some kind of cracker world championship, it's a publicity stunt aimed at raising the profile of security on all platforms (as well as the profile of the people who are running it). Which is a good thing, right?
Anyway, how are you supposed to pronounce 'pwn' - I always assumed you said 'own' but that would make the name of this competition sound like the name of a former cheapskate mobile operator as rendered by a non-English speaker, which can't be exactly what they had in mind.
If all it's doing is sitting on the 'net - and not being used - XP SP2 is pretty secure - the firewall may not be very powerful but it's up to the job of stopping unsolicited incoming connections, until the spyware you pick up off some dodgy website punches large holes through it, at least. I can't imagine Vista is much different.
Conversely, Ubuntu comes with no firewall configured. The blessing and curse of linux - configurability - means that it doesn't come with, say, firestarter, because some people (like, er, me) like to hand-hack their iptables scripts, and some other people don't want a firewall at all. (Funny how the blessing and curse of linux is the curse and blessing of windows, eh?)
Personally my gut instinct (that and a second mortgage will get you a cup of coffee at Kosta) is that a well-tuned ubuntu box is more secure than windows, that ubuntu is not tuned specifically for security out of the box, that ubuntu is easier to tune than windows, and that windows is fairly well tuned out of the box.
The question is, how are most net-connected machines out in the wild configured?
..aside from the obvious point that any box is secure as the owner makes it..
surely having seperate people attempting the task makes it an unfair test immediately
they should have 2 "competitions"
one to find the most skilled sys admin, having one winner for all three platforms. and another to find the most skilled hacker, once again having one winner for all three platforms
present the three computers to the sys admin winner and ask him to secure them as best he can
ask the hacker to break into them as required, timing each attempt and also looking at his/her methods
even then it wouldnt be a fair test.
i disagree with all of it.
...it only takes ONE (count 'em ONE) exploit to compromise any OS. Just ONE. Forget the 50,000+ vulnerabilities you've patched in whichever OS you develop, it only takes a single unpatched critical hole and your previous efforts are for naught.
Does nobody remember this? Reminds me of the Terry Pratchett book with the fight between the little dragon and the massive monster that was King of Ankh-Morpork for a whlie.
The little dragon had to be lucky every single time the big dragon attacked. The big dragon only had to be lucky *once*...
We're asking for humans to create perfection. Isn't going to happen.
Paris, because she's a pretty girl.
This post has been deleted by a moderator
it looks like you think if any muppet can't use something it must be flawed in some way.
If a 'regular person' like yourself can't do something, how about you maybe put a little effort into it instead of demanding that everyone else cater to the lowest common denominator?
-consider that it's at least plausible you are not in fact 'an everyday user', but a lazy twat who expects others to solve their problems, whilst telling them how wrong they are about everything.
"If you have a fully patched machine without viruses or trojans etc, and you have a Norton / McAfee / TrendMicro etc. type firewall with all the ports except internet and email locked down, are you still vulnerable to be taken over completely from the Internet?"
A firewall inspects all the packets of data arriving from or going to a network interface, and then decides what to do with each on according to a list of rules. A firewall can reject a packet, ignore it, forward it, redirect it, log it or some combination of the above.
Send whatever you like at my telnet port, and you will not achieve anything useful - even if the firewall leaves the port open - as I have nothing listening on the telnet port. Setting the firewall to blocking outgoing packets with a destination of port 80 can make a machine more secure at the expense of making it difficult to access the internet.
The competition is based on cracking computers that have (more than) enough software working to make them useful, so the firewall rules have to be quite lax.
"What about if you also have a modern router with an ADDITIONAL firewall?"
A second firewall is only going to do the same thing as the first firewall, and is only of value if you think the first firewall is defective.
Once some data is past the firewall, it is up to some application to treat all the data from the network as suspicious. Some applications do a worse job than others. Any bug in an application that causes network data to be trusted without rigorous checking is is a weakness that can be exploited. A badly designed application will give the exploiter root/admin access at once. A better design gives the cracker only the authority that the application needs, so she need a local elevation of privilege exploit to get root/admin rights.
As far as I know, Norton / McAfee / TrendMicro antivirus software is more than just a firewall. They also examine files and processes for clues that they are not a virus/trojan/worm/root kit. This adds an extra hoop to jump, but as I have not used windows for over a decade, I have not bothered to find out if it is a significant barrier.
"Surely that must be safe?"
Safe from what?
If you get access to my desktop machine, you can change what TV programs I record. I have not made a huge effort to secure it is not worth anyone's time to crack it. It is acceptably safe for me.
If you crack my laptop, add a key logger without me catching on, get my gpg password and my encrypted password file, you could play with my bank accounts. Find a gullible mule to launder the money for you, and you get a few thousand. I have added enough personalised security to make this not worth your time. Again, it is acceptably safe for me.
An individual installation of XP/Vista/Linux/OSX/BSD may not guard much value, but when a single image is installed on thousands of machines, the budget available to crackers will be far in excess of what any individual is prepared to spend on defending the machine. I would not use a large mass produced software image to defend anything that I could not easily replace. Other people have different opinions on what is safe. If I had ten years of experience securing XP, I might have different opinions too.
I agree that they should allow a more real world challenge. Known valnerabilitys should be allowed, afterall, if they are known then surely they should be fixed.
The fact that the attacking computer has a user and the victim does not have a user seems a bit unfair. Also the use of a crossover cable seems a bit limiting. Perhaps a hub might make things more interesting, for that matter a router would be even better. Everyone in the world could hack and defend against everyone. It would be just like the real Internet. Hang on....
The same vulnerability can't be used against more than one box - how can that give a balanced result. The results will be skewed by the attractiveness of the platform for the hacker to hack, something which the organisers say is specifically intended not to happen.
Always thought you were just trying to make other people (fanboyz of whatever kind) angry because your comments were so ridiculous they had hardly any insight or knowledge. Just provoking. Nice to see some self-criticism from your side, makes me easier to tell that I'm a Mac Lunatic (aka idiot) ever since I was touched by this dark side (at the age of 5)
But I think you should get a real life some time, because there's only so much to say about any platform without repeating yourself ;)
That said - grow up you fanatics
There's no such thing as: One OS to rule them all. Every OS has its uses.
... it is a time-limited competition - whoever cracks whichever machine first, wins. Therefore, what point is there in allowing attack of known vulnerabilities? It would just turn into a competition to see who could install and run their pre-rolled (prior to the competition) exploit the fastest.
Excuse me while I roll my eyes at the fricking morons who continually post here at the Register.
What would make this particularly interesting to me is if the sponsors had some way of tracking the number of discrete attacks on each machine during the contest.
That is, at the point that laptop "A" gets pwned, I'd like to know what number of attacks it sustained, compared with "B" and "C".
I don't suppose that it would really make a difference, I'd just find it interesting to see it graphed out, since it would presumably imply something about the contestants' mindset - which one they felt they were likeliest to be able to get into.
On the other hand, it might be really amusing if some attacker managed to "piggy-back" on another's work - either intentionally or inadvertently - an independent attack by attacker "X" that strikes right after attacker ""Y" has caused a buffer overflow, say, but before "Y" can follow up on it... I'd suggest a Texas-Cage match to see who gets to take the laptop home, in that case.
Of course, if someone were REALLY devious, they could spend the duration of the event trying to subvert all of the other contestants' machines on the network while they are all busy frantically trying to break in to the "official" target boxes. That way, the "winner" might go home with a new laptop, but the REAL winner would "go home" with fifty!
I admit that Vista is completely rubbish hence why I haven't installed it even though I have a MSDN license. The reason why I want Apple to burn is bacause MS doesn't come out with some dodgy advert about the naughty step. Couple that with apple products being over priced, under spec'd, over sexed up, and shamelessly being the bimbo of the computing world, and you get a huge friggin explosion.
Flame: cos I want apple to burn, I want the mac brand to burn, I want the ipod brand to burn, and I want Jobs to burn. Actually scratch the last part. Instead I want jobs to march the apple fanboys off a cliff and then march off after them as well.
"CanSecWest's Pwn2Own contests are useful because they allow us to isolate the technical strengths and weaknesses of a given platform from its popularity."
Kinda... I have a hunch, from my own uninformed guts, that a skilled hacker will be able to target and own any "regular" system hooked to the net. Also, I think that that's is fundamentally very different from the automated exploits, worms, whatever in the wild. That's more of a concern to me: which system is less vulnerable to the script kiddies? Because I have no reason to fear being targeted by a skilled hacker. But anyone who connects to the net is automatically and fully exposed to the automated stuff, so that's what's much more worrying.
Can't they devise a competition to check for that instead?
You can argue about Apple being over priced, but under spec'd? The MacBook Pro is one of the fastest Vista notebooks available. Stand Apple models up against decent brand name Wintel kit and they compare pretty well. It's not until you get to the bespoke or kit-built boxes with nutter bastard cooling and go-faster stripes that you can significantly out-perform them.
We're all going to die, so life/everything is just a giant circle ..... so get used to them. In the meantime, this looks like a fun contest for anyone who doesn't regularly get paid more for exploits, or want's to pad their resume with some publicity. And it's fair if you look where they're comming from. They want 0-day, that's why they have the prize. Using know exploits would just be boring, Joe Turk doesn't get bonus prizes for defacing websites regularly!
They set them up with some common apps, some default settings. Sounds fair to me. Own a box to own the box.
The heart has been repurposed for this post...
Quite impressive...15 times Anonymous appears.
The string "tard" only appears 3 times in this page (until this post). And one of those was Bastard. I think this might be a good sign.
Fanboy (or variants fanbois, fanboyz) appears 10 time (again, +1).
Not *very* creative.
I think the Reg's comments pages are becoming chatrooms for the pairing of "trolls" and apologists.
Maybe a dating service could be established...or "no-holds barred" mud-wrestling match to be webcast from the Reg website. In the latter case, my prediction is that more so-called fanboys will show up than "trolls". "Trolls" usually seem to like the cover of anonymity – or am I playing a troll with that last comment? Also, I predict the first whining will be heard from the "fanboys". But, in my experience, trolls are also prone to wingeing.
In any case, I favour the dating service. Then they can all look meaningfully (and contemptuously) into one-another's eyes and breeding a new generation of American corporate CEOs, leaving room in the comments pages for any really meaningful and thoughtful commentary.
"I admit that Vista is completely rubbish hence why I haven't installed it even though I have a MSDN license"
I always here this shit. "Vista is completely rubbish" then you ask them "How long you been running it", then they usually say "I'm not running it" or "I installed it, didn't like it, then installed XP again". Oooo, scary change!!!
Do we really have to do this EVERY time something new comes out!
"Fair enough if some other distro is more secure "with no known exploits" but if a regular person like myself can't install it becuse you need and command line stuff then we would just go with OSX, Vista or Ubuntu."
Command line stuff. Because It's all so scary. Amateur.
"I'm sure someone could write a Linux distro that was 100% remote secure"
100%. Totally, completely and utterly. I could do that now, including a pair of wirecutters and my ethernet cable.
"if an everyday user can't use it easily then it is useless for everyday people. "
No sh*t, sherlock. And if an everyday user can't use it they shouldn't be using a computer in the first place.
"I always here this shit. 'Vista is completely rubbish' then you ask them 'How long you been running it', then they usually say 'I'm not running it' or 'I installed it, didn't like it, then installed XP again'. Oooo, scary change!!!
Do we really have to do this EVERY time something new comes out!
You're absolutely right, if not a bit harsh.
However, I've been running Vista Home Premium for about 5 months now, so I speak from experience when I say that it definitely shipped before its time. In fact, Vista just crashed this morning and refuses to boot at all (even booting to the "recovery partition" won't work). I know this isn't a hardware problem because I can boot Ubuntu just fine and mount (and access every part of) the NTFS Vista partition.
I guess it's time to dig out those recovery CDs... At least I can use Ubuntu to save off my documents and other important files to a USB drive or something.
I thought the main attractiveness of UNIX (and thus LINUX, the free copy) was that it was coded with multiple simultaneous users in mind, ie I thought it was not like Windows where they took a single user system and hacked multiuser capability (kinda) into its backdoor.
I'm positive that I have read this from multiple credible sources.
The setup is completely unrealistic.
First of all you may only use unknown security problems. Keep in mind that companies like Microsoft are horribly bad at patching them even if they are known. Internet Explorer, for example still has ActiveX support althought it's a known security hole for about a decade now.
Second not all machines are patched equal. Windows machines barely get patched because of various reasons. One is that the typical fix for a broken Windows system is to reinstall it. The install-medium automatically sets it back to the unpatched version.
So the realistic test would be to just clone some random boxes from companies and individuals.
Of course, one also has to include the user. For example the simplest way to get your code executed on a Windows box is to set up a website offering a "free download", or bundling it with a crack to a popular software programme. Windows users essentially will run any .exe-file they get ahold off. And the typical way of searching for software is typing "name free download" into a random search engine and clicking the first link.
Windows and MacOSX just make dangerous things to simple. That is the reason why I currently wouldn't give my parents such a box.
"You're absolutely right, if not a bit harsh.
However, I've been running Vista Home Premium for about 5 months now, so I speak from experience when I say that it definitely shipped before its time. In fact, Vista just crashed this morning and refuses to boot at all (even booting to the "recovery partition" won't work). I know this isn't a hardware problem because I can boot Ubuntu just fine and mount (and access every part of) the NTFS Vista partition."
Well in your case I'll allow the criticism! All these other sheep though, they get right on my tits.
"Brimful" is definitely a tosser though, I stand by that.
the perfect story...., put a prebuilt Phorm box on that table and you guys can then tell us just how secure that really is going to be ;)
www.badphorm.co.uk have had some interesting answers to questions they posed to Phorm (see
page http://www.badphorm.co.uk/page.php?16 )
*Q8. Are Phorm's servers within the ISP prebuilt (OS & software wise) by Phorm, or are they built
by ISP technical groups following instructions given by Phorm?*
A8. Prebuilt by Phorm.
*Q9. Is all Phorm proprietary software delivered in unobfuscated source form to the ISPs and
compiled by trustworthy employees of the ISP?*
A9. No, ISPs don’t get access to the source code.
Well I tried Vista Ultimate, but gave up and went back to WinXP. Not because Vista was a security nightmare (UAC was a pain), but rather that it performed badly compared to WinXP and openSUSE 10.3.
BUT it was very pretty and i do seem to spend a lot of time trying to make Suse look prettier (!)(=slower?).
So with WinXP, and SUSE 10.3. I _suspect_ SUSE is more secure because there is less crap that I know about is running on it, whereas, XP probably has stuff I don't know about running on it.
So *nix = I know about (ish) and can fell happy that its ok, but
Windows = know less about and so have to rely on Microsoft efforts to keep it safe (they do issue a lot of patches dont they).
Which would I trust? *nix because of my background........
The value of the test? Not which O/S is best, but rather which exploit can be found that can then be fixed.
(Penguin because its not a tart)
This post has been deleted by a moderator
Biting the hand that feeds IT © 1998–2021