If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
"H M" wrote in message
... in Win 98 it was impossible to send packets with spoofed IP addresses. With the Microsoft-supplied software, true. With add-on software, not true at all. that feature was only included in XP. now every PC running XP can participate in DrDOS attacks on other computers, with or without the owner's consent or even knowledge (if someone manages to install a zombie or a bot on the system). Every PC running Windows 98 (or any other operating system) can participate in denial-of-service attacks on other computers, with or without the owner's consent or even knowledge. Raw sockets have NOTHING to do with this. In fact, raw sockets are only really important for a DOS attack if the attacker is using their own machine, since they don't care if a zombie machine is easily traced. the decision to include fully open raw sockets was FOOLISH. If you actually knew anything about network security, rather than just blindly believing what you read on Steve Gibsons lame-ass web site, you wouldn't say so. the ONLY people who NEED raw sockets are system administrators (for testing purposes, and even that doesn't require FULLY open raw sockets) and evil hackers (to attack other systems). Why are you running your XP machine with admin privileges? On XP, only adminstrators have the ability to use raw sockets. Which, by the way, is exactly as it is in OS X, Linux, and other Unix variants. The decision for XP to include raw sockets was primarily based on the fact that Windows was not compliant with the socket standard. Including raw sockets made XP work the same as other operating systems. sys admins (should) know better than attack other systems, and evil hackers have no business doing what they do. Raw sockets have nothing to do with whether evil hackers do what they do or not. Any hacker who wanted to use raw sockets would have just set up a Linux box. XP has been out for quite a while now. Where are all the raw-socket DOS attacks that Gibson claims were going to happen? Pete |
#12
|
|||
|
|||
On Thu, 24 Jul 2003 13:10:38 -0500, Tim Lavoie
wrote: "John" == John Steed writes: When Linux is seen more and more in the corporate domain you'll start reading about all of it's security vulnerabilities. John Don't tell that to the Linux advocates. According to them John you don't need an anti-virus program because you won't get John any using Linux. I've used Mandrake and there are always John security issues with each version, only problem is that John getting all of those updates is a royal pain in the butt John compared to Windows. All systems have bugs, and vulnerabilities will come up. People do talk about Linux security vulnerabilities, along with those of all other operating systems, but some get fixed faster than others. I haven't used Mandrake, but updating the works in Debian is pretty much a one-liner, including dependency checks etc. I suspect the main issue which comes up is that the Windows environment tends to be much more homogenous, and the sole vendor likes to integrate "features" which bite their users later. Everybody have Outlook? Yup Nope. I prefer OE even if Outlook is considered the better of the two. I've used Outlook several times and have always gone back to OE. . How about executable spreadsheets and Word docs? No Problem Yup. Poor default choices in one app allow rogue code to exploit the idiot features of another, creating a huge market for a potential virus. I don't use the default. Nor to I use the default to add all addresses automatically to the address book. You can send viruses to me too, but neither Gnus nor Mutt will try to execute them, and you won't find an Outlook address book for further targets either. Outlook and Outlook Express can be set to read e-mail in text only. Mine are so I don't have to worry about macros, and tracking sites. Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) Cheers, Tim |
#13
|
|||
|
|||
Why are you running your XP machine with admin privileges?
what makes you think i have an XP machine? i don't, and if i ever need one, i won't unleash it on the internet without a firewall that runs on another piece of hardware... |
#14
|
|||
|
|||
On Mon, 04 Aug 2003 14:34:40 -0700, John Steed
wrote: On Thu, 24 Jul 2003 13:10:38 -0500, Tim Lavoie wrote: All systems have bugs, and vulnerabilities will come up. People do talk about Linux security vulnerabilities, along with those of all other operating systems, but some get fixed faster than others. I haven't used Mandrake, but updating the works in Debian is pretty much a one-liner, including dependency checks etc. Yea right, I updated some files in Mandrake 9.0 and then it tried to update some dependencies needed by the newer files and it could'nt find them on the FTP server. If you dion't get the dependcy files then your Mandrake install is screwed. I suspect the main issue which comes up is that the Windows environment tends to be much more homogenous, and the sole vendor likes to integrate "features" which bite their users later. Everybody have Outlook? Yup. How about executable spreadsheets and Word docs? Yup. Poor default choices in one app allow rogue code to exploit the idiot features of another, creating a huge market for a potential virus. The key is default and choices. Mine is set not to run HTML and macros do not automatically execute. Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) You can send viruses to me too, but neither Gnus nor Mutt will try to execute them, and you won't find an Outlook address book for further targets either. Outlook is easy to make completely secure and you can even uninstall it from your system and use an alternative program if you are that worried about it. I'm not. |
#15
|
|||
|
|||
On Thu, 14 Aug 2003 08:09:30 -0700, Gnasher wrote:
On Thu, 14 Aug 2003 08:45:00 GMT, Roger Halstead wrote: The key is default and choices. Does Mandrake come with a firewall enabled by default? No, it does not. XP does. I'm running XP Pro. The firewall was not enabled by default. Plus I use a commercial firewall on each computer, not the one from MS. Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) |
#16
|
|||
|
|||
On Fri, 15 Aug 2003 11:59:58 -0700, Gnasher wrote:
On Fri, 15 Aug 2003 04:22:26 GMT, Roger Halstead wrote: I'm running XP Pro. The firewall was not enabled by default. Mine was. Plus I use a commercial firewall on each computer, not the one from MS. So do I, plus I use a router with a hardware firewall built in, but my comment still stands. Linux does not come locked down by default either. My mistake, I thought you were saying that XP had the firewall on by default. Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) |
#17
|
|||
|
|||
* Gnasher :
[SNIP] Linux does not come locked down by default either. That is only true if you actually name a distribution that doesn't come locked down by default (most of the popular distributions did/do fall into this category). If you want things locked down by default, get a distribution that does this. Saying that "Linux" doesn't come locked down by default doesn't really make much sense. -- Dave Pearson http://www.davep.org/ |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
American nazi pond scum, version two | bushite kills bushite | Naval Aviation | 0 | December 21st 04 10:46 PM |
Flight Simulator 2004 pro 4CDs, Eurowings 2004, Sea Plane Adventures, Concorde, HONG KONG 2004, World Airlines, other Addons, Sky Ranch, Jumbo 747, Greece 2000 [include El.Venizelos], Polynesia 2000, Real Airports, Private Wings, FLITESTAR V8.5 - JEP | vvcd | Home Built | 0 | September 22nd 04 07:16 PM |
Boeing Boondoggle | Larry Dighera | Military Aviation | 77 | September 15th 04 02:39 AM |
Real World test bed for avionics - Megawatts at Delano | MikeremlaP | Instrument Flight Rules | 1 | June 6th 04 08:13 PM |
Real World test bed for avionics - Megawatts at Delano | MikeremlaP | Home Built | 0 | June 2nd 04 04:24 AM |