Quote:
Originally posted here by gore
And where in the hell, are you going to find an exploit for DOS? It's no longer supported, so people don't even bother trying to find holes in it anymore. When have you honestly seen a DOS box get owned?
Back when it was still being used. "Owning" wasn't really what happened back then, but there were trojans developed for Win3.11.
Quote:
I've never even seen an exploit that would work on DOS.
Exploits need something to break. There is very little to DOS. Most of the exploitable software was terminal-oriented, therefore there was little protocol/interpretation crap to exploit (which is a fair chunk of what you see today).
Quote:
Again, as I've said before, I'll say it again:
If you could re-write parts to DOS, so that you could actually take out and modify parts of it, then leave a program running all the time, that's a task running, and another can't be started. Well, actually, I tale that back, yes one can be, but all I'm saying is that, with proper re-write, you could make DOS very secure.
As soon as you start to re-write the OS you aren't just "Using DOS as a secure platform", thus defeating this whole thread.
Quote:
BIOS boot password, make a Batch file to use Anti Virii to scan at every boot up and shut down.
DOS does not shut down. Really, your lack of working experience with it speaks volumes about how you came up with the concept.
Quote:
And for the people who aren't getting the point of this thread:
I'm not trying to make DOS out to be the greatest thing since SCO making asses of themselves publicly, I'm just trying to have something on the front page that isn't a tech support question, and where people can discuss ideas.
That's all well and good, but IMO this isn't the type of discussion that should hang around on the front page. It looks ridiculous, and isn't even all that good a discussion. If you wanted a thread about security theory, work with something modern, don't jump to something decades old as a potential solution. The KISS (Keep It Simple, Stupid) principle applies up to the point where you are sacrificing all useability, then it falls short.
Quote:
I'm NOT trying to make out like DOS is the answer to everything, I AM trying to show uses of something most people won't even look at twice.
Having used DOS back in its time, it was a decent option for an operating system. Nowadays it is an impractical farce at best. It served its purpose, let dead dogs lie.
Quote:
And again, I'd like to see someone show me an exploit that would actually allow you to take over a DOS box.
Boot the operating system and leave it running. There is no login management, there is nothing preventing a person from using your box while it is running.
Quote:
Now, as for being well thought out....Mmm, I can't admit to that, it was more like "Dude, Since DOS can't handle more than one user or task, wouldn't that make it hard to break into?"
Which is a flawed statement. DOS can handle more than one task, as I'm sure you are aware at this point.
Quote:
I'm still waiting for someone to say if it would be possible to code into DOS a bit more to make my theory true. And besides, so far the most someone has pointed out for exploits was a buffer overflow that I've never seen.
Writing anything for dos would be a waste of time and effort. I have no doubt I could write something as you mentioned, however it is counterproductive and an utter waste of time to write proof of concept code for an operating system that ceased vendor support 8 years ago and is no longer in common (or even uncommon) use.
Quote:
But that was correct, the application set up requests, not DOS.
Correct. The vast majority of exploits that occur occur not because of the OS itself, but rather due to applications/services running on it. Mostly you'll find privilege escalation exploits targeting the OS, but actual intrusions will occur via a service/application (eg: IE/Outlook, Apache, etc.).
Quote:
And if using it for a server is such a bad idea..... How many of you who used computers in the 1980's used something besides DOS? Anyone I've talked to from back then used DOS, and would run BBS servers on the boxes. Nothing but DOS.
I have. BBS software is not what you would call complicated like today's servers are. They were interactive terminal packages, and that was about it.
As for alternatives, Netware was the most popular non-mainframe server back in the '80s. My Uncle had a Netware 2 server setup in the mid-late '80s that lasted him through 1994 -- in uptime, we were talking 7+ years, had UPS and his law firm was on diesel backup. He went from that to NT.
Quote:
And it's not like no one ever broke into computers back then, so why didn't they get owned?
They did. Read up on wardialing and so forth. The attacks were different, but just as effective.
Quote:
I know a dude who used DOS for his BBS server for over 3 years. It was up the whole 3 years, stable as hell, and his never got broken into. Explain?
Nobody cared about his BBS? Seriously, the number of people attempting crap back in that era was basically numbered in the 100s in North America. It has honestly really only picked up a lot since the WWW brought the Internet to home users.
