If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
XP vs W-98 as spam zombies (was: Asia top source of spam)
Munger Joe wrote:
Here's why you're wrong about the back doors via Blaster, etc. First, analysis of Blaster shows that all it does is spread. Second, no back door is needed... the vulnerability itself is the back door. Blaster targets only Windows 2000 and Windows XP via the DCOM RPC vulnerability. Are you saying that Blaster does not set a machine up for subsequent tampering or intrusion by other infectors? Is that documented? Sobig is a different animal. It does open back doors, and all versions of Windoze are vulnerable. Yes, and I erroneously included Sobig in my list (as it seems to be spread only via e-mail). I contend that 2K and XP were amazingly vulnerable to several such infectors in a way that Win-98 never was. You are correct, and at one time an unpatched vulnerable machine was guaranteed to get infected after being exposed to the Internet for just a few minutes. Maybe that's still true, I dunno, but that vulnerability has been patched for years, and you can be sure that the computer makers have been installing patched versions for years. But have home XP users? Consistently? There is little evidence that XP specific exploits have done much in the way of spam zombie creation. That conclusion needs to be backed up with some facts, otherwise it just appears that you are defending XP for the sake of defending XP. How can you say that XP-specific exploits were somehow magically under-utilized for spam-zombie creation (but presumably were well utilized for other purposes) ? What would account for that? Were spam-masters sympathetic towards XP and collectively decided not to take advantage of XP's specific weaknesses? We both agree that 2K/XP was (at one time, and unlike W-98) vulnerable to an incredibly infective exploit that required no user involvement. XP/IE/IM have also been vulnerable to user-aided exploits that (again) W-98 was not affected by (the WMF and JPEG vulnerabilities for example). And even now, XP has the following unpatched vulnerabilities that allow system access or result in privledge escalation: http://secunia.com/advisories/14896/ http://secunia.com/advisories/10968/ http://secunia.com/advisories/10708/ http://secunia.com/advisories/10066/ http://secunia.com/advisories/9921/ http://secunia.com/advisories/7793/ http://secunia.com/advisories/7688/ Not to mention another dozen unpatched DoS vulnerabilities. My central thesis: Is that versions of Windows such as Win-2k and XP have always been (and continue to be) uniquely vulnerable to exploitation (in ways more numerous than for Windows 98) that lead to all the usual end results - including turning a machine into a spam zombie. My central rant: Is that it was a flawed (if not a criminally negligent) decision by Microsoft to position XP as a credible operating system for home and SOHO computers - and that Microsoft's major reason for migrating XP to all markets (home, institutional, corporate) was anti-piracy (only XP has WPA, Win-98 didn't, and 2K was never marketed for home use) and Microsoft did it at the expense of security. In spite of this flawed, monopoly-driven business decision, Microsoft showed it's incompetence by not configuring XP-Home's default settings in such a way that would minimize it's vulnerability to network or internet-based exploitation. |
#2
|
|||
|
|||
XP vs W-98 as spam zombies
Virus Guy wrote:
There is little evidence that XP specific exploits have done much in the way of spam zombie creation. That conclusion needs to be backed up with some facts, otherwise it just appears that you are defending XP for the sake of defending XP. What kind of facts would serve to back that conclusion up, in your view? Little ones? My point is that the claim that there is "little evidence" is a challenge to you to produce plentiful evidence. The burden falls on you. Not to mention another dozen unpatched DoS vulnerabilities. Indeed; and they shouldn't be mentioned in this context, as they are completely irrelevant to the matter of zombification. My central thesis: Is that versions of Windows such as Win-2k and XP have always been (and continue to be) uniquely vulnerable to exploitation (in ways more numerous than for Windows 98) that lead to all the usual end results - including turning a machine into a spam zombie. You say "uniquely", but the context is Win2K, WinXP and such-like. Do you mean all NT-derived operating systems? So in what sense do you mean "uniquely"? My central rant: Is that it was a flawed (if not a criminally negligent) decision by Microsoft to position XP as a credible operating system for home and SOHO computers - and that Microsoft's major reason for migrating XP to all markets (home, institutional, corporate) was anti-piracy (only XP has WPA, Win-98 didn't, and 2K was never marketed for home use) and Microsoft did it at the expense of security. In spite of this flawed, monopoly-driven business decision, Microsoft showed it's incompetence by not configuring XP-Home's default settings in such a way that would minimize it's vulnerability to network or internet-based exploitation. My view is that XP Home is a business-oriented operating system, aimed at network environments, and re-chromed for the home environment. A number of the services found in XP Pro and Win2K Pro are absent from Win2K Home; not enough, and it would probably have required some re-engineering of the entire range to make XP Home run with significantly less services. Making XP Home and XP Pro essentially the same OS was not a malicious or negligent decision, I think; they were made the same for reasons of compatibility - so that home users would see essentially the same OS that they had become used to at work. That could arguably be seen as something unavoidable, because it was demanded by their market. There *was* a valid criticism of XP's network stack, which Steve Gibson used to rant about very loudly, involving the ability of usercode on XP to create 'illegal' packets (the claim being that raw socket access should only be permitted to privileged code). The alleged defect is also present in Win2K Pro, I believe, but that was never (supposed to be) marketed as a home OS. As it happens, (a) most home users run their XP system as an Administrator anyway, and therefore the objection seems to be irrelevant; and (b) the predicted pandemic of DoS attacks never materialised, and Gibson went quiet. -- Jack. |
#3
|
|||
|
|||
XP vs W-98 as spam zombies (was: Asia top source of spam)
"Virus Guy" wrote in message ... Munger Joe wrote: Here's why you're wrong about the back doors via Blaster, etc. First, analysis of Blaster shows that all it does is spread. WHICH Blaster? IIRC some kid added that function to the original code and pointed himself out to the police in the process. Second, no back door is needed... the vulnerability itself is the back door. In a manner of speaking, this is true. I like to call such 'ways in' "trapdoors" rather than backdoors because it is original programming rather than some aftermarket malicious modification that is responsible. If a malware were to retrograde your patch level - that I would have to call a backdoor even tho the same coding flaw is responsible for the vulnerability. Blaster targets only Windows 2000 and Windows XP via the DCOM RPC vulnerability. It's a service, not the OS itself, that is the vulnerable program. You can't (or shouldn't) fault the OS just because it came with vulnerable bundled software. Win98 is just as capable of running vulnerable programs as any other OS. Sure, Blaster "targeted" those OSes, but that doesn't mean they are in any way inferior - just that they were known to have that vulnerable software in use by default "out of the box". Are you saying that Blaster does not set a machine up for subsequent tampering or intrusion by other infectors? Is that documented? "Blaster" refers to a group of worms, some of which do and some of which don't. Sobig is a different animal. It does open back doors, and all versions of Windoze are vulnerable. If I'm not mistaken, even Blaster could do this on non-targeted OSes if it happened to find itself executing on one. Think of the worm body being a separate entity from the exploit code used to intrude on a system. The exploit code may not work on a particular OS, but the worm body doesn't care whether it is running because of a successful exploit or because of a willful execution of the worm binary. If it happened to be transferred from a targeted OS to a non-targeted OS via the network file system and then subsequently executed by the user, it could install a backdoor. You may be thinking "who cares, the normal course is by exploit of the targeted OSes, and any other vector doesn't matter", but filesharing is a very successful vector - just look at the p2p worms. Yes, and I erroneously included Sobig in my list (as it seems to be spread only via e-mail). ....and the original Blaster by DCOM RPC service exploit. Neither are actually that OS specific. There is little evidence that XP specific exploits have done much in the way of spam zombie creation. That conclusion needs to be backed up with some facts, otherwise it just appears that you are defending XP for the sake of defending XP. The integration of web browser and file manager sort of makes it look like all IE faults are OS faults, but actually a file manager is not the OS and neither is a web browser. I agree with your rant where it concerns how MS chose to include, and have running by default, several vulnerable programs. Seems they never heard of "least privilege" "minimalist confuguration" (KISS) and set it up so the defaults had clueless home users running vulnerable services that they didn't even need - naked on the internet. |
Thread Tools | |
Display Modes | |
|
|