Thread: XP vs W-98 as spam zombies (was: Asia top source of spam)
View Single Post
  #2  
Old April 30th 06, 06:01 PM posted to alt.spam,microsoft.public.win98.gen_discussion,alt.comp.virus
Jack
external usenet poster
  
Posts: n/a
Default XP vs W-98 as spam zombies
Virus Guy wrote:

There is little evidence that XP specific exploits have done much
in the way of spam zombie creation.

That conclusion needs to be backed up with some facts, otherwise it
just appears that you are defending XP for the sake of defending XP.

What kind of facts would serve to back that conclusion up, in your view?
Little ones?

My point is that the claim that there is "little evidence" is a
challenge to you to produce plentiful evidence. The burden falls on you.

Not to mention another dozen unpatched DoS vulnerabilities.

Indeed; and they shouldn't be mentioned in this context, as they are
completely irrelevant to the matter of zombification.

My central thesis: Is that versions of Windows such as Win-2k and XP
have always been (and continue to be) uniquely vulnerable to
exploitation (in ways more numerous than for Windows 98) that lead to
all the usual end results - including turning a machine into a spam
zombie.

You say "uniquely", but the context is Win2K, WinXP and such-like. Do
you mean all NT-derived operating systems? So in what sense do you mean
"uniquely"?

My central rant: Is that it was a flawed (if not a criminally
negligent) decision by Microsoft to position XP as a credible
operating system for home and SOHO computers - and that Microsoft's
major reason for migrating XP to all markets (home, institutional,
corporate) was anti-piracy (only XP has WPA, Win-98 didn't, and 2K
was never marketed for home use) and Microsoft did it at the expense
of security. In spite of this flawed, monopoly-driven business
decision, Microsoft showed it's incompetence by not configuring
XP-Home's default settings in such a way that would minimize it's
vulnerability to network or internet-based exploitation.

My view is that XP Home is a business-oriented operating system, aimed
at network environments, and re-chromed for the home environment. A
number of the services found in XP Pro and Win2K Pro are absent from
Win2K Home; not enough, and it would probably have required some
re-engineering of the entire range to make XP Home run with
significantly less services.

Making XP Home and XP Pro essentially the same OS was not a malicious or
negligent decision, I think; they were made the same for reasons of
compatibility - so that home users would see essentially the same OS
that they had become used to at work. That could arguably be seen as
something unavoidable, because it was demanded by their market.

There *was* a valid criticism of XP's network stack, which Steve Gibson
used to rant about very loudly, involving the ability of usercode on XP
to create 'illegal' packets (the claim being that raw socket access
should only be permitted to privileged code). The alleged defect is also
present in Win2K Pro, I believe, but that was never (supposed to be)
marketed as a home OS. As it happens, (a) most home users run their XP
system as an Administrator anyway, and therefore the objection seems to
be irrelevant; and (b) the predicted pandemic of DoS attacks never
materialised, and Gibson went quiet.

--
Jack.