OSNews

yes, lets hear it for the lemmings!

Good thing for you, 2K and XP have automatic updates. Just set it up to automatically download and install updates at a time you KNOW their computer will be on, and no more problems.

Hummmmm, problem with that is what do you do (Like now with Microsoft Security Advisory 912840) when there is no patch?

Unplug the thing or pray you don't get jacked? LOL!

Good luck!

Just give them the patch on GRC.com

"Alcibiades' description of the effects of malware assumes the user goes to every warez/porn/malware/social engineering/phishing site on earth"

Well not really. At least not around here. I have seen a pro shop down the street in the process of taking several hundred items off a family machine, and another family paying for a disinfection of similar scale - and the comment was, you don't understand what normal use is these days, its ring tones and music downloads, and instant messaging, and that's what does it.

Then I know of two machines in another family made essentially unusable by a family visit of a (girl) teenager. They didn't know what she had done. But I doubt very much it was porn. It was probably just instant messaging. I know for sure of one case in which ringtones were to blame, because the mobile in question was charged with them. Then another local case in which the guy for sure had not been to any porn site or even warez, and he had quite a few pieces. All he ever does is probably read the papers and shop.

The really eye opening experience for me has been how innocently you can be infected. The cases I've seen, you really don't have to have done anything deliberately 'out of line' or risky, just get a little careless. Scary.

Which is where user education comes into play, my wife and daughter know better because I take the time to educate them. With my daughter it is standard procedure, if she is not sure she asks me. Music downloads (and we all download music in our house) is limited to samples through approved web sites (CD Baby, Amazon, etc.). She also uses IM (both AOL and MSN), no downloads are allowed at all. The end result is few if any security issues.

Most of the users you reference fall into what I call the "clueless" category, either by accident or design. And unfortunately for many it is by design, they prefer not to know because it is "too hard to understand" or "too much to learn". With children it is also a lack of parental control, or the parents being "too busy" to see or learn what Johnny is doing (thus the situation where the kids know more about computing than their parents). When I did phone support for Canon I took a call where the parents handed the phone over to their son because he knew more about the problem than they did!

It is too easy for many people to skate by and expect their more knowledgeable friends/neighbors/workmates to bail them out when they get into trouble (I know, I get the frantic calls from my wife's friends). And until these people decide it is their responsibility to maintain their computer hardware and software, no amount of guides will help them out.

"Spend more time reading how to cover your own butt because Windows sucks then you do actually enjoying your PC."

Umm... no. Depending on how "filthy" the machine is, it might take some time to clean it up and lock it down, but after that weekly anti-spyware scans should be enough. Contrary to what your trollish screen name claims, Windows is a decent platform that allows users to be productive and enjoy their PC. Security, after all, exists mainly between the chair and the keyboard.

You need to do much more then Spyware scans, you must also pay for and update virus scan, you must spend time trying to figure out if emails even from your friends can contain malware.

And how can you be productive if your machine is always having problems. The end user should not have to worry daily about if your PC is secure!

And what about this current WHM hole, no patch for that and it's a BIG hole! What do you do with that.

I don't see how people can say that windows is good. No other product known to man has as many problems as Windows. I mean here we are in the first week of the year and there are several major problems! You dont see that with any other piece of software on earth!

The kicker is that Microsoft has 50 billion in the bank! There is NO excuse for this crap!

"You need to do much more then Spyware scans, you must also pay for and update virus scan, you must spend time trying to figure out if emails even from your friends can contain malware."

This is a weak argument. Since HTML itself cannot be executable, all you have to watch out for are the attachments. However, in this day and age, if you're dumb enough to click on an attachement without making sure that it's safe... well, you deserve to have your system borked by malware; maybe that'll teach you the lesson of being careful online.

Secondly, periodically paying for an update to your virus scanner isn't exactly a huge time-killer, since those subscriptions last a long time. Once again, with most of those services, you can schedule the frequency of getting the updates and scanning your system. Those processes will be run in the background, thereby not affecting your overall performance due to the fact that Windows is a multi-tasking OS. Your argument still doesn't wash.

I will give you the WMF vulnerability. It does sound quite scary. Overall however, it fails to prove your point that Windows is hard to maintain periodically. Every OS is bound to have its "scary virus" once in a while.

I'm not going to bother replying to the emotionally charged anti-Windows ranting and raving that constitutes the rest of your post. I don't like using Windows, but emotional appeals have nothing to do with logical reasoning.

Wow, so I wonder why I don't have to pay for that stuff on any other OS.

I wonder why when on my Mac if I slip up and click on an attachment I dont have to worry that my computer is gonna die.

I wonder why there are more security applications for Windows then any other type of application.

And why should I pay for Microsofts problems?

So because MS has a ton of money and their products still suck, I am being emotional? Yet we all sit here day in and day out and compare MS's products to products made by companies (Some of which like Ubuntu don't even have an income)

You don't find that odd? Come on now.

All I can say is that I showed my grandmother this page today and asked her if she wanted to do this to her machine so she could use Windows. She laughed cause she could not understand any of it.

All she could say is "Why don't I have to do any of that on the Ubuntu machine you set up for me" LOL! All I could do whas shrug my sholders.

I have better solutions:

A: Get a tech geek to set you up with Linux on a machine.
B: Buy a Mac

There is a woman who lives just off the alley we share who doesn't have time, or perhaps the desire to poison or pick the goat-head throns growing on her lawn. My father , on the other hand, religiously removes them from the alley, driveway, and periodically, from our yard. I doubt the woman down the street cares that my father does this, as she doesn't see to care where the y grow at all. Her yard is the last oupost of them anywhere, and if they were picked, no one would have to worry about them at all.

Some people fail to recognize the consequences of their own actions, and their affects on other people. Be assured that just like that woman who slipped on the sticker patch last week, they'll get the idea once it's too late. try not to waste too much hostility on them, they'll get theirs.

Are you serious? You can actually cause other processes, than your own, to load libraries?

Is this possible on other systems?
Do you have any good reading material on this?

Yes you can do this, however you need to have permission to access the other process in this way.

On Windows, the way you do this is to:
1) Open a handle to the target process
2) Allocate memory in the other process space
3) Write the path to your DLL into that memory space
4) Create a thread in the target process space with the thread proc set to LoadLibrary and the parameter set to the memory address you allocated in step 2.
5) Your dll code is now running in the other process...

This is a very well known DLL process injection attack. The OS APIs used for this attack exist to allow debuggers to function (among other things). This is just an example of how powerful tools can be used for good and for bad.

A few things to keep in mind with this attack:
1) You can be attacked in this way even if you are not running as administrator. The attack can simply choose to inject into a process that your user account owns.... like iexplore.exe.
2) You cannot inject into a process if you don't have permission to open the process and create remote threads. This would prevent even the administrator from attacking processes owned by the system without doing a bit more work.

I haven't really looked into this style of attack on Mac OS X, or variants of Linux, however I wouldn't be surprised to find that a similar attack is possible. For Mac OS previous to OS X and Windows 9x/ME/3.x would probably be rather easy to attack. IIRC they lacked protected memory so any process could access another process's memory space.

There are plenty of sources on the net that describe this sort of thing. See www.rootkit.com for some examples.

Edited 2006-01-05 15:55

MacOS before OS X did lack memory protection. Windows 9x had a memory protection scheme, and I think it was the reason it was so unstable after a few weeks (it wasn't very good).
I don't know about 3.1. But I don't know if the hardware could have even supported a protected mode in 16bit. IIRC you needed to be using 32bit code to get that.

I'd honestly be a bit surprised to see this attack possible on Unix systems. I googled around a bit, but "injection dll" is a whole lot better than "injection so" . I kept getting junk about mysql.

I'll do some more digging using your instructions on how it's actually done.

Windows 9x IIRC had 2Gig of memory space for each user process, and a shared 2Gig space for the system. This is all you would need.

3.x was even weaker.

Protected memory on windows became possible with the i386. This is because the processor had built in components to tie to a VMM.

With Unix, I wouldn't worry about forcing another process to load a shared library. That is just a means to an end. The real goal is to get another process to execute your code. As I said, I haven't really looked into this, but I suspect that one could use the proc filesystem to adjust the memory contents of another process owned by the same user. That could get your executable code into the other process... The trick then is to convice that process to execute it. I'm not sure if there is a way to create a thread in another process on Unix (the way you can on Windows).

If I were to attack a Unix like OS, or Mac OS, I would start by looking for exploits that allow me an elevation in privilage. From there I could load a kernel module and be able to do what ever I want.

The short story here is that _every_ OS is vulnerable to exploits of some sort. CERT has many for MacOS as well as Linux. The trick is to be consious of the risks and to act in a manner that protects you from harm. I would be concened if I had a Mac or Linux user on my network who felt so secure in thier OS that they started doing risky things (like executing random downloads, visiting questionable sites, etc...). Everyone, regardless of their OS, needs to be wary in thier computing practices.

-r--r--r-- 1 root root 0 2006-01-05 14:31 maps

I don't think you can manipulate things via the proc filesystem.

Even things which have permissions that look readable and writable I can't even read:
lrwxrwxrwx 1 root root 0 2006-01-05 14:31 exe
[chris@rachelanne 3692]$ file exe
exe: unreadable symlink `exe' (Permission denied)


I think there's a big difference between vulnerabilities from problems in your code and vulnerabilities you designed into the system and documented...

Again, I'm very understanding of exploits. It's unfixed design flaws that bug me.

In this scenario, zonealarm is totally useless. All access to the internet from the spyware code will look like it comes from iexplore.exe, which has proabably been set to OK by the user.

I've been running ZA for ages. It monitors for processes attempting network access via another process, I get warnings all the time for routine Windows operations. It detects via signature when trusted or known applications are modified (legitimately or maliciously). It will even monitor application actions after a new install in a learning-mode to determine some sort of rudimentary baseline reference for how the applications interact.

Sure, it's not infallible, but I wouldn't write off the relevance of personal firewalls, particularly for newer users. The popup windows may be confusing to some, but at least they force the users to think about what is running on their system. They're no different than A/V filters, not an overall solution but simply a piece of one.

You're perfectly right!

Until people get completely crashed by some malware they don't feel the danger even if they are aware. This is like car driving: everyone thinks he drives better than his neighbour. For computers, everyone thinks he's safe enough - safer than others.

The truth is most people don't know what these popup windows are - well it's a windows feature?, they do not know that some malware has read their adress book to send spam, they even don't know that their computer may be hosting some pirated software or porn videos!

And the worse: they think their computer is perfectly designed, they totally trust microsoft and never wonder about why their system need so many addons to get safer (anti-virus, etc.)...