Oh boy
|
| Author | Content |
|---|---|
| fewt Nov 30, 2011 7:55 AM EDT |
Ugh, Techrights. Yet another Shysterwitz article that uses his own ego as a source to back up all of his claims. Note the quote:Quoting:Forensic investigators found some PCs and servers with out-of-date software and uninstalled security patches, Reuters reported, including Microsoft Windows Server 2003. The stock exchange had also incorrectly configured some of its firewalls. If Techrights was even slightly reputable, rather than blaming Microsoft, Roy would have placed the blame where it really belongs; on the managers of the systems. Using Roys logic, RedHat should be to blame for any company that gets hacked while running unpatched RHEL 5 servers. It's RedHat's fault, not the fault of the managers of the systems, right? Wrong. Sorry, Roy; You seem to be spreading the same sort of FUD you claim to be defending against. Credibility -1. |
| gus3 Nov 30, 2011 10:24 AM EDT |
I'll disagree in part. Microsoft's "security is an added component" mentality should get the lion's share of the blame. As for the rest of your comment, yeah, pretty much. |
| fewt Nov 30, 2011 11:09 AM EDT |
Quoting:Microsoft's "security is an added component" mentality should get the lion's share of the blame. While I would agree that it was their mentality for a long time, their strategy shifted to a more security minded focus in 2002, over 9 years ago. http://www.microsoft.com/mscorp/execmail/2002/07-18twc.mspx With that, the blame lies solely on the individuals responsible for the vulnerable systems. |
| gus3 Nov 30, 2011 11:29 AM EDT |
And they're just now adding an anti-virus component to their core system? When a properly-implemented privilege system would have taken care of most of their virus threats years ago? Acknowledging the problem was only a PR move. Their "fixes" have been half-hearted at best (crippling Vista with DRM was more important). Taking nine years to tackle the most obvious threat--viruses--is inexcusable. |
| jdixon Nov 30, 2011 11:33 AM EDT |
> When a properly-implemented privilege system ... Gus, when has Microsoft ever "properly" implemented anything? |
| fewt Nov 30, 2011 11:33 AM EDT |
@gus3Quoting:And they're just now adding an anti-virus component to their core system? This I agree with. Think about it though. They are an illegal monopoly that has already gotten in trouble for bundling Internet Explorer. What do you think would happen if they bundled antivirus capability and killed the "antivirus" market? They would have been sued again, but this time for the wrong reasons. I'm not trying to make excuses for why they didn't, because they should have. It's not simply black and white though. Was it just a PR move? I don't think so, look at XP SP3. Look at how Vista broke so many things because of the security changes. Certainly they could do better, I wouldn't argue that they are perfect at all because they certainly aren't. In this particular scenario however, sole responsibility for the failure lies on the individuals that made the decision to not install patches that were readily available. |
| mrider Nov 30, 2011 12:25 PM EDT |
Just adding proper umask like capabilities so that every darn file on the computer doesn't get execute permissions by default would go miles towards securing the M.S. security crapfest. It cracks me up when people say that it's the end user that secures the computer, and that trojan horse programs are the new way to break into computers. Windows: Receive malware in email. Double-click malware. Infected. Linux: Receive malware in email. Double-click malware. Doesn't work. Detach malware to hard drive. Double-click malware. Doesn't work. Open terminal. chmod +x malware. ./malware. Infected. Yeah, that's exactly the same. |
| Fettoosh Nov 30, 2011 12:41 PM EDT |
Quoting:What do you think would happen if they bundled antivirus capability and killed the "antivirus" market? Hogwash, why would they need to bundle it? They would be safe of such lawsuit if they just make it available to install by users or at least easy to uninstall. I am not sure MS is deterred by lawsuits, otherwise they wouldn't mandate OEMs to implement UEFI on every PC that comes with Windows 8. That would really tick off "antivirus" vendors. Besides, since when did MS pay any attention to lawsuits when the penalties are much less than revenues brought in by breaking the law? You have been under a rock for a while to surface all the sudden, it must be bonus time. |
| fewt Nov 30, 2011 1:00 PM EDT |
Quoting: They would be safe of such lawsuit if they just make it available to install by users or at least easy to uninstall. Do you mean something like informing the user that they need antivirus, and linking them to a page where they can select from a large number of options including their own Microsoft Security Essentials? Win 7 already does that. Quoting:otherwise they wouldn't mandate OEMs to implement UEFI on every PC that comes with Windows 8 Ugh, this has already been disproven my multiple vendors. In case you weren't aware, RedHat and Canonical are already members of the committee that is working on UEFI (I discovered this after one of my early criticisms). Quoting:You have been under a rock for a while to surface all the sudden, it must be bonus time. I just look at the big picture, and don't wear a tinfoil hat. Sorry to disappoint. What were your contributions to the community again? Oh right, nothing. |
| Fettoosh Nov 30, 2011 3:22 PM EDT |
Quoting:Win 7 already does that. And no lawsuits were initiated, which proves my point and your point above is hollow. Quoting:Ugh, this has already been disproven my multiple vendors. What was disproven? which vendors? where are your links? Here is my link, you can find many others to convince yourself Quoting:UEFI secure booting (part 2) by: Matthew Garrett Quoting:In case you weren't aware, RedHat and Canonical are already members of the committee that is working on UEFI (I discovered this after one of my early criticisms). I am aware of that and I don't dispute their support. Actually, UEFI is pretty good protocol and should be supported with one condition that users should be in control of UEFI on their machines, not vendors and certainly not Microsoft. |
| fewt Nov 30, 2011 3:38 PM EDT |
Quoting:And no lawsuits were initiated, which proves my point and your point above is hollow. Except what you said and what I initially said are two different things. The original comment concerned installing AV by default. Try re-reading it from the beginning and perhaps you'll understand it. Quoting:What was disproven? which vendors? where are your links? http://www.osnews.com/story/25293/Dell_HP_Respond_to_Secure_... http://ostatic.com/blog/uefi-wont-trouble-linux-users-much http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-... |
| Fettoosh Nov 30, 2011 4:04 PM EDT |
http://www.osnews.com/story/25293/Dell_HP_Respond_to_Secure_... All coming from "The Ed Bott Report on ZDNet". Give me a break, they are your companions. You better have more credible reporters to cite. Otherwise your arguments are all bunk and next time choose better sources to back them up. I hardly find any of the following assuring Quoting: 'having plans' is of course far from a definitive promise |
| fewt Nov 30, 2011 4:16 PM EDT |
@fettooshQuoting: Give me a break, they are your companions I don't know who Bott is or why you would consider him my companion but personal attacks from someone that provides zero value to the open source community really don't hurt my feelings. Sorry, bro. Here are a few more links providing guidance to vendors, feel free to pretend the sky is still falling though. :D http://threatpost.com/en_us/blogs/linux-foundation-says-uefi... http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf https://www.linuxfoundation.org/sites/main/files/lf_uefi_sec... You do know what happens to the boy who constantly cried wolf, don't you? When the wolf really came, no one listened. What do I know though, I've just been reading about the sky falling since 1995 when I first installed Linux on my desktop. |
| Fettoosh Nov 30, 2011 5:24 PM EDT |
Quoting:Here are a few more links providing guidance to vendors, feel free to pretend the sky is still falling though. :D You keep dancing around the real issue. Your are not telling me something that I don't know. I already said I have no problem with UEFI. The issue is with its implementation by the OEMs who are bowing to MS pressure. The sky is falling is in your imagination, and I said nothing to imply it. I actually dare MS & OEM to go through with their plans. Users who already have applications that are not signed are going to be very unhappy when they can't install them. That is going to cause a major uproar and will backfire at MS. I would like to see how MS is going to get around that. In terms of implementation, I am sure there are OEMs other than HP , Dell, etc. who are going to have open implementation of UEFI. I have no reason to be concerned. By the way, companions as MS shills. |
| fewt Nov 30, 2011 5:33 PM EDT |
Quoting:The issue is with its implementation by the OEMs who are bowing to MS pressure. Show me one instance of Windows only hardware based on UEFI. Just one. Quoting:By the way, companions as MS shills. I can assure you that I have no relationship with Microsoft, nor do I care too. I do have a long history with the open source community, the majority of which is indexed by google. While I find your accusation of being an MS shill extremely entertaining, it is unfortunately for you baseless and factually untrue. An entertaining example of a contribution from Feb 2003.  Sorry, bro. |
| Fettoosh Nov 30, 2011 6:11 PM EDT |
Quoting:Show me one instance of Windows only hardware based on UEFI. Just one. I would have to get on my time machine to show you, unfortunately it is being repaired. Haven't you noticed we are talking about MS asserted future plans! |
| fewt Nov 30, 2011 6:16 PM EDT |
@fettooshQuoting:I would have to get on my time machine to show you, unfortunately it is being repaired. So, when you said: Quoting:The issue is with its implementation by the OEMs who are bowing to MS pressure. You were lying. Thanks for clearing that up. |
| BernardSwiss Nov 30, 2011 9:19 PM EDT |
Ed Bott has a history of being an unreliable source on matters of this sort -- in my opinion (and back in the day when I was a Windows-user I rather admired him for his Windows expertise) he's a well documented and badly-biased Windows fanboy who may know a great deal about Windows, and even criticize MS on occasion, but refuses to countenance any external criticism or concerns from outside the Windows loyalist camp (especially from Linux fans). More to the point: This nakedly biased, established Linux-denigrater casually called a couple of companies and talked to talked to a couple of nameless "someones" of no particular importance or responsibility at HP and Dell -- who agreeably replied in the negative to to Bott's question, by his own account a question phrased in terms of whether their company was participating in some "conspiracy" with Microsoft to get rid of Linux via their EUFI Secure Boot implementation. This was hardly rigorous investigatory exercise. Or even a pretence of one. One "spokesperson" (it's not even clear whether these low-level drones were in sales or in marketing) even pointed out it was to soon to say as product development for Win8 systems wasn't that far along yet. Oddly enough, Ed Bott chose to speak to "representatives" at the two companies that already have a significant amount of (mostly commercial, sever oriented) Linux business. It is hardly surprising to learn that neither company is actively planning to dump their paying Linux business. It is also clear that these alleged "assurances" are even more meaningless when applied to the non-corporate and desktop systems and especially consumer markets. It is plainly true that EUFI Secure Boot is not inherently "anti-Linux" and that in fact a well implemented EUFI Secure Boot would be equally useful to any OS, including both Linux and Windows. It is also clear that MS has never been shy about pressuring, or rewarding and punishing OEMs by means both open and covert, legal and illegal, to hamper competition. It's also well documented that MS is willing to employ deliberately malicious and non-compatible implementations of official standards for similar purposes. Thus, to deny that there is any grounds for concern is to ignore both the facts on the ground and the historical record. Chanting that "it's all up to the OEMs" and/or "invisible hand of the free market" is a naive response. Take home message: there have been no meaningful assurances EUFI Secure Boot will be generally implemented in a proper OS-agnostic manner, and there are reasonable grounds for concern about the matter. |
| tuxchick Nov 30, 2011 9:54 PM EDT |
Excellent summary, Bernard. Bott's "reporting" was useless, and the rest of your points are spot-on. |
| BernardSwiss Nov 30, 2011 10:13 PM EDT |
Why, thank-you :-) The thing I don't understand is how readily that meme (ie. that there is no problem after all, because supposedly most OEMs have already promised to "do it right") has managed to get such widespread and uncritical acceptance, even in FOSS circles. |
| fewt Nov 30, 2011 10:51 PM EDT |
Quoting:but refuses to countenance any external criticism or concerns from outside the Windows loyalist camp (especially from Linux fans). Hmm, where have I seen that before. Oh, right, here. Check. ;) We have enough Linux friendly vendors that I really don't think it will be a problem. For example, so what if we can't buy the new Sony Vaio X, the ASUS Y was probably a more compatible machine anyway. Besides, where there is a hacker, there is a way. That is all. Worst case scenario, System 76 and Zareason git a big boost in sales. In a way, that's still a win. |
| gus3 Nov 30, 2011 11:16 PM EDT |
There are legitimate gripes (Unity, Gnome 3, KDE 4), and there's FUD. We sift them out, as vigorously as necessary, and then a little harder, just to be sure. |
| caitlyn Dec 01, 2011 12:08 AM EDT |
Even a broken clock is right twice a day. Roy is right this time. It's not a well researched or sourced article, but the conclusion is, by and large, correct. |
| fewt Dec 01, 2011 7:25 AM EDT |
@gusQuoting:We sift them out, as vigorously as necessary, and then a little harder, just to be sure. If by sift them you, you mean make the community look silly then SUCCESS! @Caitlyn Quoting:Roy is right this time. It's not a well researched or sourced article, but the conclusion is, by and large, correct. I wish he was right about Android, but sadly there have already been multiple cases of malware sneaking into Market. .. and then there was this: Quoting:If you have any decently modern Android phone, everything you do is being recorded by hidden software lurking inside. It even circumvents web encryption and grabs everything—including your passwords and Google queries. http://gizmodo.com/5863849/your-android-phone-is-secretly-re... |
| Fettoosh Dec 01, 2011 11:23 AM EDT |
Quoting:So, when you said: I don't lie, I don't need to lie and there is no reason for me to lie. It is you who are misinterpreting, misrepresenting, and twisting my words trying to get out of a predicament you put yourself into. Implementation is a noun that describes a process. It is vastly different from implementing, which is a verb that "puts (a decision, plan, agreement, etc.) into effect". In regards to "who are bowing...", that is a fact because such OEMs have a well know history of openly and blindly following the instructions and wishes of MS without any regards to the interest of their customers. Having said that, I think I wasted enough time on your distractions. |
| fewt Dec 01, 2011 11:52 AM EDT |
Quoting:I don't lie, I don't need to lie and there is no reason for me to lie. It is you who are misinterpreting, misrepresenting, and twisting my words trying to get out of a predicament you put yourself into. Nice try at saving face, but you were caught in a lie. You'll just have to live with it. |
| Fettoosh Dec 01, 2011 12:39 PM EDT |
Quoting: |
| fewt Dec 01, 2011 12:48 PM EDT |
@fettoosh - you just make the community look silly. Good job, bro. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!