
Oi! Keep quiet
We definitely don't want to attract the crims' attention to Linux. Even if you're certain the cage is secure, you don't go poking the lions with sharp sticks.
Eight out of the ten most exploited vulnerabilities tracked by threat intelligence biz Recorded Future in 2018 targeted Microsoft products – though number two on its list was, surprise surprise, a Flash flaw. The most exploited vuln in the firm's hall of shame was a remote code execution flaw in Windows' VBScript engine that …
You would be deeply saddened by the number of businesses that have "mission critical" stuff they don't understand and/or don't have access to the original code or developers to help them. Furthermore, many simply won't spend the money until the fan gets hit (even though everyone reading El Reg saw it coming years ago).
VBScript is not the same as VB. The syntax is similar, but the former is a scripting language which can be embedded into other software, or as a shell scripting language via WSH (Windows Scripting Host). Plain VB is an application programming language, with the "classic" version producing "exe" files and using loads of COM and ActiveX objects, and the later versions being another Dot Net language (with the Dot Net version not being backwards compatible with the "classic" versions). VBScript was also used by IIS, so if you have a legacy IIS installation it may be in there somewhere.
VBScript was used as an extension language in various applications. It may be hard to get rid of simply because some legacy business applications such as accounting systems may make use of it to tailor the application for the customer. It's one of those Microsoft zombie technologies that stagger on devouring victims long after everyone thought they were dead.
Some Windows propeller head is probably going to nit pick at the details, but that's it in a nutshell.
I used it for some simple shell scripting years ago. It was absolutely wretched to try to do anything useful with.
"VBScript was used as an extension language in various applications."
Yeah , like all the office apps , The called it vba
but if you want to really customise excel for a particular task , i dont know another way of doing it.
Probly you shouldnt be using excel for the task in the first place but if its a spreadsheety type job ....
>If a business has to rely on a "mission critical" VB app, then they can either rewrite it in a real language
If only there was some way of protecting a computer program that didn't depend on the language it was written in. Perhaps some sort of system that operated the computer and dealt with things like security and limiting what resources a user and program had access to.
I think there is a kernel of an idea there....
"If Flash is insecure, why does the BBC now insist I install Flash to get their podcasts or view catch up?"
They don't - I've not needed it for years.
Suggest you look at http://www.bbc.co.uk/html5
The exceptions are :
"There are some places where the HTML5 player won't work. These include:
Windows XP
Internet Explorer on Windows 8.1 or below
Safari on MacOS El Capitan or older"
(Some 3rd party content does need flash )
"why does the BBC now insist I install Flash to get their podcasts or view catch up?"
Dunno mate, you must be special, because they don't ask me. (And I just tested it on two different machines without flash, Windows and Linux).
What urls are you visiting where you're getting asked to install flash? I'm assuming you're not just making it up of course.
And I shall follow you this year.
I just bought a refurbed HP Elite which happens to have a copy of Windows 10 installed. It has some good aspects, and they say it is more secure so of course that must be true.
But the good aspects are mostly hidden, and the only new program that I really like is Task Manager.
Still around.
Had to do a site induction today for a customer which required viewing an online Flash presentaiton. As none of my home systems (tablets, PCs, whatever) have Flash installed, and never will, and with project managers, customers and the like jumping up and down about it, I drive to a public place with a computers and ran it there.
Still beats installing and running it at home. I'm sure there's more out there.
According to the best stats we have (which are not perfect) Linux powers around 96% of the one million highest-traffic web servers on the planet. If you look at the top 10 million web servers, Linux runs on about 70%.
Now, about phone and tablet OSes -- Android (a Linux derivative, of course) and iOS split the market. Windows is not significant.
The point being: Yes, Windows prevails on desktop and laptop machines. On other computers, other operating systems -- mostly Linux or Linux-derived -- dominate.
And hacker crims don't target these other machines why, exactly?
Of course they target them. And there can be handsome payoffs for compromising a server. It's not like Linux is magically super-secure. (Though some distros are built to be easily made secure -- Qubes, for instance.)
Consider it karma for all the commenters who pop up in threads about windows claiming to have not used windows since 98, and telling us how happy they are since they switched to Linux last week/month/life-time..
It's just The Register biting your hand this time. It's only fun when it's someone you don't like getting bit.
That's it right there. I didn't move to Linux because I am ideologically opposed to selling software or the concept of profit. I don't care whether it is cool or not, as I am certainly about as far from being cool as one can be, and I certainly didn't like Linux before Linux was cool. I've only been using Linux seriously since the second half of 2015... all the "cool" kids got on board years before U did. I'm an unabashed fan of unfettered capitalism and opponent of all forms of socialism (which open-source development is not).
So why Linux?
Simply put, I use Linux because I wish to keep using computers, and computers need operating systems to function. What other choice do I have? Windows is being cancelled*, and MacOS requires buying their overpriced, substandard hardware with their singular vision of what hardware should be... glued-in batteries, riveted-in keyboards that break if exposed to dust, and other such things. They won't sell you parts like Lenovo, Dell, Asus, Acer, etc. will, and they go out of their way to make sure their older kit has to be thrown away rather than repaired.
Linux (and other similar open source offerings, like BSD) are all that remain. It's either that or abandon the PC platform, and I don't like Google's spying any more than I like Apple's cultism and "you're holding it wrong" attitude regarding their customers. That means mobile devices are out... so you see, Linux is all that remains. Fortunately, it's proven to be quite excellent (even if am committing the sin of pretending that Linux is one singular OS rather than a kernel. People here know better, so no need to explain the basics here).
If Windows 10 ever makes it out of its permanent beta state and begins to resemble a commercially acceptable product, I'll re-evaluate, but the trust that was lost by Microsoft's behavior will be very hard to get back. It would take a hell of a turnaround to get me to ever look Microsoft's way again, and the Linux bell is not going to be un-rung. I'm keeping Linux for sure; the only question is whether MS will play a secondary role or none at all. As it stands, it's "none at all."
* Windows, as it always has been. This doesn't include the abomination known as "Windows 10", which is so bad that it is not a product worthy of serious consideration for any purpose. Thus, "Windows", as I use the term, consists of all Windows versions from the start through Windows 8.1.
“Sorry, Linux. We know you want to be popular, but cyber-crooks are all about Microsoft for now”
This is the same kind of meme Microsoft have been shoving for decades. Linux doesn't get hacked not because it's secure but because it isn't popular.
“Eight out of the ten most exploited vulnerabilities tracked by threat intelligence biz Recorded Future in 2018 targeted Microsoft products”
What else would a Windows vulnerability target except Windows and hacks don't target product they target Operating Systems.
Contextualized threat intelligence is a vital component of any truly proactive security strategy.
How about a ‘computer’ that can't be hacked by opening an email/document?
Maybe Windows and Intel are just easier to hack and install APTs on? Heck if the vendors (who are often not known for being all that tech-savvy, ironically) are installing firmware based nasties, maybe those locked, game-console like machines run by users that have tech skillz barely a step up from a teenage gamer make a nice juicy target with lots of ROI for criminal types?
Sure, Linux users do stupid things too, but they tend to not all do the same stupid thing as their counterparts, making automated probing / hacking more likely to fail. Plus, not limited by hardware and license fees, they might just be more likely to have things like a proper firewall active if there's anything worth stealing on their machines. And if not, then they might be in that camp of using Linux because they have no money -- not bad for users without income to legally get an OS in that case, but no incentive / ROI for hacking that machine either.
And if not, then they might be in that camp of using Linux because they have no money -- not bad for users without income to legally get an OS in that case, but no incentive / ROI for hacking that machine either.
Linux needs hardware to run on, though. What OS does anyone suppose that hardware came with? Unless you built your own PC, which is not really an option with laptops, currently the most popular form of PC, it's gonna be Windows nearly every time. I've got valid Windows 10 licenses for all of my non-obsolete Linux machines, but... no, just no.
What OS does anyone suppose that hardware came with?
Don't assume that:
a.) The hardware came with a valid license. Changing a motherboard is enough to effectively require a new license, and hardware resold from corporate use would not have a valid license attached.
b.) Windows 10 Home has the needed features (or doesn't have unwanted features like slurp).
I've got valid Windows 10 licenses for all of my non-obsolete Linux machines, but... no, just no.
Exactly. Windows 10 is cyanide in a jelly baby. If you give all your data to Microsoft anyway just go rent space on their cloud like they want, don't waste your money on Windows locked hardware or software licenses on top of it.
"just go rent space on their cloud like they want"
Windows next iteration will be MS365. Your ipx boot will point at a URI and will require that your hardware be registered with MS, and will only cost you $320/year. MS everything, everywhere. Cloud storage, cloud browser history, cloud based phone book and email contacts list. And of course, a sync client for your phone - with it's always on GPS of course. Oh. Say, whats that noise at my front door?
Windows next iteration will be MS365. Your ipx boot will point at a URI and will require that your hardware be registered with MS
Not too far off, but MS doesn't want to pay for that bandwidth to boot the OS when they can do the same thing with locked bootloaders and local storage. And I imagine the per year is just the base rate, with burst billing at peak times for the actual cloudy bits?
Best part? All they need to do is flip a switch in the existing Intel/AMD ecosystem to do this....the frogs are almost (but just not quite yet) done boiling...