Chinese Program Exploits Windows
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 36

Thread: Chinese Program Exploits Windows

  1. #1
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583

    Chinese Program Exploits Windows

    The program, posted on the group's website, takes advantage of a vulnerability in nearly all versions of Microsoft's Windows operating system, including Windows Server 2003, touted as Microsoft's safest ever.
    To read the full story
    http://www.wired.com/news/technology...,59792,00.html

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    [rant]

    "Three times a year, there are (flaws) this bad," Maiffret said. "This is one of those times."
    Only three times a year? RIIIIGHT, and I only breathe about three times a year too. What are they trying to do, fool the entire world into thinking Microsoft doesn't release a security patch every other day?

    Personally I don't understand why M$ doesn't get off their ass and just fix a damn OS to work. I mean come on people please, I know it's next to impossible to make an OS hack proof, but at least you could do better than all these patches and crap. I mean for the past month I have been installing a new security update at least every other day. This is just insane practice!

    *passes out from shock*
    ~AciD

    [/rant]
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  3. #3
    Senior Member
    Join Date
    Jul 2002
    Posts
    315
    Personally I don't understand why M$ doesn't get off their ass and just fix a damn OS to work.
    Do you really think they can do that? All M$ does is create a new OS built over the current errors and maybe correct one or two errors to make it look impressive. Then they go along creating patches for eternity. How many patches can there be? I guess infinite amount when it comes to M$.

    We need a solid OS M$, since Windows Server 2003 still doesn't cut it.

    Guidance...
    - The mind is too beautiful to waste...
    Cutty


  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Acid: You are forgetting one tiny little detail, namely that security is the balance between a secure OS and a useable one. People do not buy stuff they do not understand or know how to work. Microsoft's original products did not have to worry about being hacked over always on connections and barely had to worry about much else malicious either. In order to make market share they went ahead and did things in such a way as to make _everything_ work seamlessly for "Joe Stupid" and his wife "Josephine". The problem came when M$ raised the level of expectation to a point where the OS was thoroughly usable but utterly insecure. Give 98% of Windows users a *nix distro and less then one percent would succeed in using it. Placing yourself in Bill G's position - Would you risk the loss of 97% of your business to provide users who, for the most part, are oblivious to computer security issues, (since you know that if you leave the "usable but insecure" market someone else will jump right in with an equally usable but insecure product), or will you continue to make it usable and issue patches for those who are interested when you find holes?

    Looking at Bill's bank account he seems to have made a good decision...... looking at the customer base Bill has I would suggest that there are plenty of shops that are "windows only" and are secure.

    It's fine to rant about M$'s patches etc. but think about your grandma trying to set up that spanking new linux box. Don't expect an email from her too soon......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    Yea I agree cutty, stop making new OSs and just take the next few years and build one without so many damn holes. And it's not even the fact that it has holes, its the fact that most of the problems a security issues are things that are right there out in the open.

    But no, they don't care because they know there will still be a lot of people sitting there jerking Bill Gates off as they give him more money for the same BS! Yet all Gates seems to really worry about is the fact of people pirating his software. Maybe people would buy it if you wouldn't keep giving them **** in a box, and charging more for it each year!

    Maybe I'm the crazy one, maybe I'm just being foolish, who knows...
    ~AciD

    [edit]

    Even still, Windows 95 was nice and easy to use, and did what it did. Though it had a ton of issues itself after time went on. Sure you could make the excuse that it was because it was new, but then look at Windows 98. Built off 95, was supposed to work better, but didn't. It had it's own issues and things seemed to be worse. Those OSs would crash all the time, memory hole issues, etc. They worked for the average person, but even the average person got sick of dealing with that stuff.

    Maybe I just don't see it in that logical sense. But I'm just getting sick of using "the new and improved Micrsoft Windows Product" that seems to work nice for a week and then have issues. Xp works great, but it's security patch after secuirty patch and it's just getting to be a little crazy with all the patches that come out day after day. To me that says that someone is missing something while coding.

    That's my personal view...
    ~AciD

    [/edit]
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  6. #6
    Senior Member
    Join Date
    Jul 2002
    Posts
    315
    Looking at Bill's bank account he seems to have made a good decision......
    Tiger Shark, Bill did not make a good decision. Bill figured out a way to monopolize the market and con us into buying his products that are build without respect for the users.

    Yes his products are easy to use but what good is easy to use when you have to reboot your system constantly, or it crashes for no apparent reason? What good is a windows box that has to be patched everyday? Why should we spend so much money to buy a windows product when we can get another for free? Why can't we take the time off to learn another OS, which in the long run will cause us less headache?

    You know why? We settle for second best, because it's easier. We don't want to go the extra mile for what is better and that's just an issue people like Bill capitalizes on and always will. Until the day we open our eyes and see windows for what it really is then Bill we continue to make tremendous amounts of money for building OSs that have four times more errors than the one before and make twice the amount of money for it.

    We need to wake up.

    Guidance...
    - The mind is too beautiful to waste...
    Cutty


  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    Well done cutty, you always do know how to write those posts. Just one thing to add to that now that cutty struck up the conversation... so what if Bill's bank account is big? Look at all the mob bosses; they had big wads of cash... does that mean they are doing right in taking money from all the little people just because the little people were scared of the mob? Money in today's age does not show that someone is doing something the "right" way, it just means that they are getting paid well for what they do. Bill never came up with DOS, he bought it off someone. All the technological advancements in the OS stage have been stolen from the little people. Windows was a copy of the Mac OS GUI interface, and OS/2 was a copy from Windows.

    If you've ever watched Triumph of the Nerds or done any research on Gate's youth, you'll know how his mind worked at solving puzzles. That's all the industry was when he started out, a puzzle to put together. He's played the game and put the pieces together and built a big company, mainly on other people's work. He's smart yes, and he has the money to show for it. But to me that doesn't mean that I am going to bow down and kiss the earth that Gates walks on just because he happens to be on top of the market... for right now. In another 5 years, a blink of the eye in the computer industry, Gates and Microsoft could be a memory long forgotten and someone else could be on top. Then it would be the same question all over again...

    Just a thought...
    ~AciD
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Not wanting to get into a "my OS is better than yours" pissing match which has been hashed out a million times and still has no definitive answer.............

    Cutty:

    Bill did not make a good decision. Bill figured out a way to monopolize the market and con us into buying his products that are build without respect for the users.
    Ergo..... Bill looked for an opportunity at the inception of a revolution, found one, exploited it in a fashion that maximized his gain and has managed to keep himself at the forefront of that revolution for 30 or so years..... You are right... He didn't make a good decision.... He made lots of them.....

    Yes his products are easy to use but what good is easy to use when you have to reboot your system constantly
    Yeah, I could live with that statement if what you are talking about hasn't improved 100-fold since windows 3.0, (which it has in case you are totally locked in a *nix world).

    What good is a windows box that has to be patched everyday
    Ever heard of auto-updates? Gee..... And, if you follow bugtraq, you would have noticed that the number of patches for non-windows systems/software has exceeded the windows patches quite nicely over the last 3 months or so. Maybe you aren't affected by the different flavors that are being exploited but let's be a little honest here - *nix is how many OS's really?.... There are n different kernels and everyone has their own builds with different "features" complied into them. Windows is basically 2 OS', (the Win9X kernel and the WINNT kernel). Let me also point out that WINNT has been around for more than 10 years but it was the business OS, not the home OS..... people didn't need the business OS for a system that connected from time to time through AOL or whatever. One of the big problems now is that the old systems are connected through always on high speed connections..... They weren't designed for that...... Let me repeat that..... They weren't designed for that!!!! Now.... with the hodge-podge of *nix flavors with each with different code against the 2 largest used OS's in the world - if you were a non-talented skiddie what OS would you want exploits for? The one that affords you the most chance of success. Therefore, if you are the guy finding the exploits to prove that you are 31337 which OS are you going to try to exploit to fill the demand for exploits....... This **** isn't rocket science you know......

    We settle for second best, because it's easier
    No, we settle for what we can teach the users to learn. Cutty, you need to sit back for a sec and think about why you are here...... You are here because you are a cut above the users, (no pun intended...... ). You are here because you understand computers better then 99% of the entire population of the world, possibly more than that....... You need to step back sometimes and understand that what you find easy and "second nature" just ain't like that for the masses. Look at the user that gets the same error message every time they try to do something and they don't even read it.... Why? Because they are convinced they won't understand it..... That's what Bill has to overcome in as many people as he can to get them into a new computer...... He succeeded.... May we all share such success sometime soon.

    There is a "big picture"..... Step back and look at it..... We aren't all computer geniuses!!!!

    Acid:


    But to me that doesn't mean that I am going to bow down and kiss the earth that Gates walks on just because he happens to be on top of the market... for right now. In another 5 years, a blink of the eye in the computer industry, Gates and Microsoft could be a memory long forgotten and someone else could be on top. Then it would be the same question all over again...
    Exactly..... So demonizing Bill, (who I might add was the guy who pushed out the then "big fish", IBM), is only a temporary thing until a bigger "evil" presents itself.

    I am far from being a Bill fan..... In fact I am the first to say that he has made his billions off the backs of hard-working and talented sysadmins like myself who worked long hours to get around some of his OS's shortcomings..... BUT..... It's what the users want....period!!!! And you know what...... It's their train-set and they can play with it any way they want. It's our job as sysadmins to make it work for them - not us.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Senior Member
    Join Date
    Jul 2002
    Posts
    315
    Yeah, I could live with that statement if what you are talking about hasn't improved 100-fold since windows 3.0, (which it has in case you are totally locked in a *nix world).
    Tiger Shark I would have to agree with you that windows have improved since 3.0 but this improvement comes with a lot of errors. DOS don't crash, 3.0 had some issues but was pretty stable, win95 was a disaster waiting to happen and win98(first one) made it worst, win98CE tried to correct the mistakes. Some were corrected but not all. Win2k was definitely a break through, not the best but better after various patches but I still don't get the transition to winXP. Was winXP a graphical transition or was it, suppose to be better than win2k? I guess winXP has a lot more things built in but it also has a lot more errors than win2k. You get my drift?

    Windows improves yes but the problems before are almost never corrected and more are added. I am a multi OS user because I have to be but I just believe that Bill can do a better job and am not to sure he's trying to IMO.

    Ever heard of auto-updates?
    Tiger Shark, I have heard of this but guess what I stay away from that. You know why? Have you ever heard of "Updating system resources error occurred windows was unable to start"? Well that's what happened to me on two occasions while running auto updates. Am just lucky I keep backups. So it isn't all just let it do its thing since you run into these problems, maybe not all the time but it happens and it happened to me one time to many. Just a thought.

    There is a "big picture"..... Step back and look at it..... We aren't all computer geniuses!!!!
    Tiger Shark, we may not all be computer geniuses but we all have sense of familiarity and guess what that's what Bill has used. We are familiar with windows; hence we are stuck with it. We are not really familiar with the other OSs and it's a hassle to learn no doubt about it but if we really want to computer geniuses or not can't we? Am not saying that Bill didn't do a good job by making (probably stealing ) windows user friendly and easy to use, he did. That allows my parents, parents to go online and communicate and that's great. The issue is however; Bill has used this to put in work on new OSs that are mediocre which is wrong. You should always build the best product possible and am sorry but I don't think Bill has ever tried to build the best.

    It's like to me he says to his developers, 'Just make it look the best it doesn't have to be the best cause they won't know the difference and even if they do we have the market so they have to use our crappie OS anyway' and that's the sad thing about the world. We can be manipulated so easily but there's really nothing one individual can do about that.

    Just my $0.02 and I would say Tiger Shark you made some real valid points but there's a lot wrong doing to the users by Bill.

    Guidance...
    - The mind is too beautiful to waste...
    Cutty


  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Cutty: No offence - but you made me roll on the floor for ages with your "DOS didn't crash" comment..... There wasn't a **** load to crash to start with but I remember spending many, many hours trying to reconfigure autoexec/config.sys or a new mouse that didn't want to talk because it conflicted with a modem that seemed to be lying about it's IRQ...... So the reason it never crashed was cos if you were going to start it with a config that was prone to a crash the bloody thing wouldn't start in the first place..... Thanks for the giggle though.....

    As I said in my last post.... I'm no big fan of Bill's.... But you have to give the guy credit..... He has built a universal OS with 40 million lines of code much of which gets ported from system to system and it works right out of the box on most any hardware. That's an amazing feat.... ****, I've written publicly available code in my deep dark past that was fine within certain parameters but running it on _any_ box was impossible.

    As to auto-updates...... I think that's why Bill allows disk mirroring. All our servers, especially those that are publicly available, have two IDE boot drives, (let's face it they are cheap nowadays). Every two weeks or so we make the mirror, allow it to complete the rebuild and then break the mirror again and unplug it. This serves two purposes:-

    1. If an autoupdate messes with the system I can remove the drive, plug in the mirror and away I go.

    2. If some nasty "B" compromises the system I can, if I chose to, get the service back up in minutes with the knowledge that the drive is intact and undamaged by the little "B".

    As to not all being computer genuises and familiarity....... That's part of Bill's genius.... Before you ever saw a computer you had no familiarity with windows or *nix or anything. What Bill did was make a product that he marketed well but, more importantly, after the sale it wouldn't be bad-mouthed by the masses, (you and I might but we don't get heard by Bill's buying public). In fact it was lauded by the masses, (Coo, grandma.... You need email, we have a windows X computer... It's ever so easy.....).... See what I mean.... In a way it sold itself and that is what I am giving Bill the credit for.......

    I will join you in your criticism of his security but only insofar as it is a product of him becoming a businessman rather than a deliberate act on anyone at M$'s part. They simply didn't go out to create an inferior product..... They just got one because of a lack of insight as to how quickly things might change and their inability to properly react to that change in a cost effective manner..... aka bad business planning......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •