A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows 98 » General
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

XP vs W-98 as spam zombies (was: Asia top source of spam)



 
 
Thread Tools Display Modes
  #1  
Old April 30th 06, 03:47 PM posted to alt.spam,microsoft.public.win98.gen_discussion,alt.comp.virus
external usenet poster
 
Posts: n/a
Default XP vs W-98 as spam zombies (was: Asia top source of spam)

Munger Joe wrote:

Here's why you're wrong about the back doors via Blaster, etc.
First, analysis of Blaster shows that all it does is spread.
Second, no back door is needed... the vulnerability itself
is the back door.


Blaster targets only Windows 2000 and Windows XP via the DCOM RPC
vulnerability.

Are you saying that Blaster does not set a machine up for subsequent
tampering or intrusion by other infectors? Is that documented?

Sobig is a different animal. It does open back doors, and
all versions of Windoze are vulnerable.


Yes, and I erroneously included Sobig in my list (as it seems to be
spread only via e-mail).

I contend that 2K and XP were amazingly vulnerable to several
such infectors in a way that Win-98 never was.


You are correct, and at one time an unpatched vulnerable machine
was guaranteed to get infected after being exposed to the
Internet for just a few minutes. Maybe that's still true, I
dunno, but that vulnerability has been patched for years,
and you can be sure that the computer makers have been
installing patched versions for years.


But have home XP users? Consistently?

There is little evidence that XP specific exploits have done
much in the way of spam zombie creation.


That conclusion needs to be backed up with some facts, otherwise it
just appears that you are defending XP for the sake of defending XP.

How can you say that XP-specific exploits were somehow magically
under-utilized for spam-zombie creation (but presumably were well
utilized for other purposes) ? What would account for that? Were
spam-masters sympathetic towards XP and collectively decided not to
take advantage of XP's specific weaknesses?

We both agree that 2K/XP was (at one time, and unlike W-98) vulnerable
to an incredibly infective exploit that required no user involvement.
XP/IE/IM have also been vulnerable to user-aided exploits that (again)
W-98 was not affected by (the WMF and JPEG vulnerabilities for
example).

And even now, XP has the following unpatched vulnerabilities that
allow system access or result in privledge escalation:

http://secunia.com/advisories/14896/
http://secunia.com/advisories/10968/
http://secunia.com/advisories/10708/
http://secunia.com/advisories/10066/
http://secunia.com/advisories/9921/
http://secunia.com/advisories/7793/
http://secunia.com/advisories/7688/

Not to mention another dozen unpatched DoS vulnerabilities.

My central thesis: Is that versions of Windows such as Win-2k and XP
have always been (and continue to be) uniquely vulnerable to
exploitation (in ways more numerous than for Windows 98) that lead to
all the usual end results - including turning a machine into a spam
zombie.

My central rant: Is that it was a flawed (if not a criminally
negligent) decision by Microsoft to position XP as a credible
operating system for home and SOHO computers - and that Microsoft's
major reason for migrating XP to all markets (home, institutional,
corporate) was anti-piracy (only XP has WPA, Win-98 didn't, and 2K was
never marketed for home use) and Microsoft did it at the expense of
security. In spite of this flawed, monopoly-driven business decision,
Microsoft showed it's incompetence by not configuring XP-Home's
default settings in such a way that would minimize it's vulnerability
to network or internet-based exploitation.
  #2  
Old April 30th 06, 06:01 PM posted to alt.spam,microsoft.public.win98.gen_discussion,alt.comp.virus
external usenet poster
 
Posts: n/a
Default XP vs W-98 as spam zombies

Virus Guy wrote:

There is little evidence that XP specific exploits have done much
in the way of spam zombie creation.


That conclusion needs to be backed up with some facts, otherwise it
just appears that you are defending XP for the sake of defending XP.


What kind of facts would serve to back that conclusion up, in your view?
Little ones?

My point is that the claim that there is "little evidence" is a
challenge to you to produce plentiful evidence. The burden falls on you.

Not to mention another dozen unpatched DoS vulnerabilities.


Indeed; and they shouldn't be mentioned in this context, as they are
completely irrelevant to the matter of zombification.

My central thesis: Is that versions of Windows such as Win-2k and XP
have always been (and continue to be) uniquely vulnerable to
exploitation (in ways more numerous than for Windows 98) that lead to
all the usual end results - including turning a machine into a spam
zombie.


You say "uniquely", but the context is Win2K, WinXP and such-like. Do
you mean all NT-derived operating systems? So in what sense do you mean
"uniquely"?

My central rant: Is that it was a flawed (if not a criminally
negligent) decision by Microsoft to position XP as a credible
operating system for home and SOHO computers - and that Microsoft's
major reason for migrating XP to all markets (home, institutional,
corporate) was anti-piracy (only XP has WPA, Win-98 didn't, and 2K
was never marketed for home use) and Microsoft did it at the expense
of security. In spite of this flawed, monopoly-driven business
decision, Microsoft showed it's incompetence by not configuring
XP-Home's default settings in such a way that would minimize it's
vulnerability to network or internet-based exploitation.


My view is that XP Home is a business-oriented operating system, aimed
at network environments, and re-chromed for the home environment. A
number of the services found in XP Pro and Win2K Pro are absent from
Win2K Home; not enough, and it would probably have required some
re-engineering of the entire range to make XP Home run with
significantly less services.

Making XP Home and XP Pro essentially the same OS was not a malicious or
negligent decision, I think; they were made the same for reasons of
compatibility - so that home users would see essentially the same OS
that they had become used to at work. That could arguably be seen as
something unavoidable, because it was demanded by their market.

There *was* a valid criticism of XP's network stack, which Steve Gibson
used to rant about very loudly, involving the ability of usercode on XP
to create 'illegal' packets (the claim being that raw socket access
should only be permitted to privileged code). The alleged defect is also
present in Win2K Pro, I believe, but that was never (supposed to be)
marketed as a home OS. As it happens, (a) most home users run their XP
system as an Administrator anyway, and therefore the objection seems to
be irrelevant; and (b) the predicted pandemic of DoS attacks never
materialised, and Gibson went quiet.

--
Jack.
  #3  
Old May 1st 06, 02:03 AM posted to alt.spam,microsoft.public.win98.gen_discussion,alt.comp.virus
external usenet poster
 
Posts: n/a
Default XP vs W-98 as spam zombies (was: Asia top source of spam)


"Virus Guy" wrote in message ...
Munger Joe wrote:

Here's why you're wrong about the back doors via Blaster, etc.
First, analysis of Blaster shows that all it does is spread.


WHICH Blaster? IIRC some kid added that function to the original code
and pointed himself out to the police in the process.

Second, no back door is needed... the vulnerability itself
is the back door.


In a manner of speaking, this is true. I like to call such 'ways in' "trapdoors"
rather than backdoors because it is original programming rather than some
aftermarket malicious modification that is responsible. If a malware were to
retrograde your patch level - that I would have to call a backdoor even tho
the same coding flaw is responsible for the vulnerability.

Blaster targets only Windows 2000 and Windows XP via the DCOM RPC
vulnerability.


It's a service, not the OS itself, that is the vulnerable program. You can't
(or shouldn't) fault the OS just because it came with vulnerable bundled
software. Win98 is just as capable of running vulnerable programs as
any other OS. Sure, Blaster "targeted" those OSes, but that doesn't
mean they are in any way inferior - just that they were known to have
that vulnerable software in use by default "out of the box".

Are you saying that Blaster does not set a machine up for subsequent
tampering or intrusion by other infectors? Is that documented?


"Blaster" refers to a group of worms, some of which do and some of which
don't.

Sobig is a different animal. It does open back doors, and
all versions of Windoze are vulnerable.


If I'm not mistaken, even Blaster could do this on non-targeted OSes if it
happened to find itself executing on one. Think of the worm body being a
separate entity from the exploit code used to intrude on a system. The
exploit code may not work on a particular OS, but the worm body doesn't
care whether it is running because of a successful exploit or because of a
willful execution of the worm binary. If it happened to be transferred from
a targeted OS to a non-targeted OS via the network file system and then
subsequently executed by the user, it could install a backdoor.

You may be thinking "who cares, the normal course is by exploit of the
targeted OSes, and any other vector doesn't matter", but filesharing is
a very successful vector - just look at the p2p worms.

Yes, and I erroneously included Sobig in my list (as it seems to be
spread only via e-mail).


....and the original Blaster by DCOM RPC service exploit. Neither are
actually that OS specific.

There is little evidence that XP specific exploits have done
much in the way of spam zombie creation.


That conclusion needs to be backed up with some facts, otherwise it
just appears that you are defending XP for the sake of defending XP.


The integration of web browser and file manager sort of makes it look
like all IE faults are OS faults, but actually a file manager is not the OS
and neither is a web browser.

I agree with your rant where it concerns how MS chose to include, and
have running by default, several vulnerable programs. Seems they never
heard of "least privilege" "minimalist confuguration" (KISS) and set it up
so the defaults had clueless home users running vulnerable services that
they didn't even need - naked on the internet.


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 03:26 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.