Cyber attack spreads worldwide

If it doesn't relate to Debian, but you still want to share it, please do it here

Re: Cyber attack spreads worldwide

Postby phenest » 2017-05-14 17:07


I was going to sign that petition. I feel sorry for people using Windows 10.
Dell XPS 17 L702X i7 2860QM 2.5GHz - 32GB RAM - 4G WWAN - Pioneer TD05-BDR
NEC Spirit 550 P4 3.8GHz HT - 2GB RAM - nVidia 7600GT - Pioneer BDR-209DBK
ASUS P8P67 EVO i7 3770K - 32GB RAM - 2x nVidia 660GTX SLI'd
User avatar
phenest
 
Posts: 1385
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Cyber attack spreads worldwide

Postby dasein » 2017-05-14 18:16

phenest wrote:
dasein wrote:Windows' installed user base for desktop machines is 3x the size of all other OSes combined.

What if it was the other way round...[W]ould these viruses/malware/ransomware succeed in the same way they have with Windows users?

The phrase "same way" is an invitation to imprecision and equivocation, so let's focus on the specifics you mentioned.

I guess that's a 2 part question:
1. Would it succeed with the OS?
2. If Linux and BSD was dumbed down more to reduce the learning curve, would it succeed with the users too?

Question 1 comes down to a matter of whether privilege escalation and arbitrary code execution vulnerabilities exist in Linux. They most certainly do. Many of them lie hidden for years before they were discovered. (So much for Linus' Law!) An hour at Google reviewing the history of such security issues in Linux is enough to give anyone pause.

Question 2 is a bit fuzzier. It assumes that Windows is "dumbed down" in some way that Linux is not. Is that perception affected, for instance, by the fact that Windows' default UI is a GUI? If so, then Linux is far more vulnerable, historically speaking, than Windows.

Any *nix GUI has historically required X, and X was applied retroactively and superficially atop existing core components (similar to the way Windows '95 was merely a GUI shell atop a base of largely unchanged MS-DOS). X is fundamentally insecure with a metric crap-ton of vulnerabilities all its own.

The vulnerabilities for which XP was (in)famous came down to a deeply flawed security posture; but every time a newb-ish Linux user talks about wanting to run as root 24/7, or presents "chmod 777" as a "fix" for a problem they encountered, they are actively recreating that flawed posture.

There is an additional layer of analysis available, one that focuses on design principles. But that discussion pretty much inevitably leads down a path directly towards systemd, which is a discussion I refuse to have for reasons I've articulated thoroughly elsewhere. (Some might say "thoroughly" is an understatement ;-))

P.S. You say you feel sorry for Win10 users. Ironically, they are the only Windows users unaffected by WannaCry.
User avatar
dasein
 
Posts: 7371
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Cyber attack spreads worldwide

Postby phenest » 2017-05-14 19:38

I guess it all comes down to the user again. There are those (I'm one) who would argue that Windows can be used without any antivirus or antimalware protection. I did it successfully myself for many years on Windows XP.

dasein wrote:P.S. You say you feel sorry for Win10 users. Ironically, they are the only Windows users unaffected by WannaCry.

That was not about WannaCry. The petition in the video is to do with the telemetry sent to MS which cannot be turned off in Windows 10.

dasein wrote:similar to the way Windows '95 was merely a GUI shell atop a base of largely unchanged MS-DOS

That's actually a myth. Windows '95 was not dependent on DOS except for 16bit driver compatibility only. You could not use DOS applications whilst using Windows, and vice versa. Windows '95 had its own set of libraries.
Dell XPS 17 L702X i7 2860QM 2.5GHz - 32GB RAM - 4G WWAN - Pioneer TD05-BDR
NEC Spirit 550 P4 3.8GHz HT - 2GB RAM - nVidia 7600GT - Pioneer BDR-209DBK
ASUS P8P67 EVO i7 3770K - 32GB RAM - 2x nVidia 660GTX SLI'd
User avatar
phenest
 
Posts: 1385
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Cyber attack spreads worldwide

Postby dasein » 2017-05-14 19:50

phenest wrote:
dasein wrote:similar to the way Windows '95 was merely a GUI shell atop a base of largely unchanged MS-DOS

That's actually a myth. Windows '95 was not dependent on DOS...

I'm not gonna debate this tangential and utterly unimportant point with you, but I'd suggest that if you're going to go around making claims such as this, you best confirm them for yourself.
User avatar
dasein
 
Posts: 7371
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Cyber attack spreads worldwide

Postby phenest » 2017-05-14 20:06

dasein wrote:
phenest wrote:
dasein wrote:similar to the way Windows '95 was merely a GUI shell atop a base of largely unchanged MS-DOS

That's actually a myth. Windows '95 was not dependent on DOS...

I'm not gonna debate this tangential and utterly unimportant point with you, but I'd suggest that if you're going to go around making claims such as this, you best confirm them for yourself.

It's not a claim. If you booted into Windows '95, DOS was demoted to a compatibility layer for 16bit drivers. That's a fact. Perhaps you can show me proof of YOUR claim that it was merely a GUI shell.
Dell XPS 17 L702X i7 2860QM 2.5GHz - 32GB RAM - 4G WWAN - Pioneer TD05-BDR
NEC Spirit 550 P4 3.8GHz HT - 2GB RAM - nVidia 7600GT - Pioneer BDR-209DBK
ASUS P8P67 EVO i7 3770K - 32GB RAM - 2x nVidia 660GTX SLI'd
User avatar
phenest
 
Posts: 1385
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Cyber attack spreads worldwide

Postby alan stone » 2017-05-15 03:04

Last edited by alan stone on 2017-05-15 04:50, edited 2 times in total.
Debian GNU/Linux 8.8 (jessie)
wm: openbox

If you need initiation of coercion, force, violence to enforce your idea or theory, or if every single time it is applied to the real world it fails completely, your idea or theory sucks and is worthless.
User avatar
alan stone
 
Posts: 132
Joined: 2011-10-22 14:08
Location: In my body.

Re: Cyber attack spreads worldwide

Postby dasein » 2017-05-15 03:36

I don't think that its origin was ever in question. I think that MSFT's advocacy regarding the sheer stupidity of zero-day stockpiling is exactly on target. Good for them. If WannaCry is what it takes for folks to get that message, then I call "silver lining."
User avatar
dasein
 
Posts: 7371
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Cyber attack spreads worldwide

Postby n_hologram » 2017-05-15 16:39

phenest wrote:What if it was the other way round. What if 3 quarters (or higher) of the world's userbase was using Linux and BSD...

Then I would probably go back to stone-age materials and punchcards.
https://www.linux.com/learn/myth-busting-linux-immune-viruses
nearly all malicious email attachments target Windows machines.

https://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0
Windows 7: 48.5%
Windows 10: 26.28%
Linux: 2.09%

Windows is my current antivirus software. I hope the company maintains its market share.
But, as many users have said, *nix isn not immune. Heartbleed, for instance, rendered the whole "encryption obfuscates observation" luxury as an emperor's new clothes story, and that undiscovered vulnerability just lingered for god-knows-how-long. As dasein suggested, consult Google/Startpage for more. Linux receives its share of earth-shattering exploits, just not as frequently as Windows.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 189
Joined: 2013-06-16 00:10

Re: Cyber attack spreads worldwide

Postby acewiza » 2017-05-15 17:04

n_hologram wrote:Linux receives its share of earth-shattering exploits, just not as frequently as Windows.

The only thing shattered when this stuff hits from time-to-time is people's false sense of security. That is a good thing. :wink:
User avatar
acewiza
 
Posts: 184
Joined: 2013-05-28 12:38
Location: Out West

Re: Cyber attack spreads worldwide

Postby ruffwoof » 2017-05-15 17:23

acewiza wrote:
n_hologram wrote:Linux receives its share of earth-shattering exploits, just not as frequently as Windows.

The only thing shattered when this stuff hits from time-to-time is people's false sense of security. That is a good thing. :wink:

Perhaps that's why the likes of Puppy Linux desktop users who run everything as root, whilst oft said to be mad for doing so, are less prone to damage/attack. You can either think you're safe in a unsafe world, or take the complete opposite stance and accept that you're running unsafely and take other measures in awareness of that risk exposure. I guess if you treat your PC/laptop as being little different to a public PC and take appropriate measures that can be safer than thinking your PC is isolated/safe and being more blasé about security. Of the two the one who thinks they're safe is more inclined to the greater negative side.

Desktop PC ... operating system - easily replaced. Personal data/files - potentially invaluable, so keep secure (encrypted) and safe (physically disconnected backups).
ruffwoof
 
Posts: 103
Joined: 2016-08-20 21:00

Re: Cyber attack spreads worldwide

Postby n_hologram » 2017-05-15 19:04

ruffwoof wrote:Perhaps that's why the likes of Puppy Linux desktop users who run everything as root, whilst oft said to be mad for doing so, are less prone to damage/attack...

I guess if you treat your PC/laptop as being little different to a public PC and take appropriate measures that can be safer than thinking your PC is isolated/safe and being more blasé about security. Of the two the one who thinks they're safe is more inclined to the greater negative side.

Wouldn't that be akin to removing the doors in your house and becoming a self-taught Navy SEAL because someone might break in anyway?
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 189
Joined: 2013-06-16 00:10

Re: Cyber attack spreads worldwide

Postby Hallvor » 2017-05-15 19:07

Laptop: Intel Core i5 3210-M CPU @ 2.50 GHz, 16 GB RAM, Intel HD 4000 graphics, 128 GB SSD + 1 TB HDD, Debian Jessie (KDE)
Laptop 2: Intel Core i5 3320-M CPU @ 2.60 GHz, 6 GB RAM, Intel HD 4000 graphics, 300 GB HDD, Debian Jessie (KDE)
User avatar
Hallvor
 
Posts: 693
Joined: 2009-04-16 18:35
Location: Norway

Re: Cyber attack spreads worldwide

Postby stevepusser » 2017-05-15 19:25

I guess the NSA really didn't have any secret backdoors built into Windows with Redmond's collusion, despite all the rumors.

Maybe this will quiet down the US government's continual cries to have these backdoors in all software, but I doubt it--many of our representative's heads seem dehyrated-rock-on-Venus dense. If a backdoor exists, it will be found and used for nefarious purposes; history shows that over and over again.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: AzPainter 2.0.4, Pale Moon 27.3.0, Liquorix kernel 4.11-4, mpv 0.25.0, Kodi 17.1, Ksnip 1.3.1, Mesa 13.0.6
User avatar
stevepusser
 
Posts: 8217
Joined: 2009-10-06 05:53

Re: Cyber attack spreads worldwide

Postby ruffwoof » 2017-05-15 19:39

n_hologram wrote:
ruffwoof wrote:Perhaps that's why the likes of Puppy Linux desktop users who run everything as root, whilst oft said to be mad for doing so, are less prone to damage/attack...

I guess if you treat your PC/laptop as being little different to a public PC and take appropriate measures that can be safer than thinking your PC is isolated/safe and being more blasé about security. Of the two the one who thinks they're safe is more inclined to the greater negative side.

Wouldn't that be akin to removing the doors in your house and becoming a self-taught Navy SEAL because someone might break in anyway?

Do you use a restricted user or sandbox for all web/external activity? If say your browser is breached and enables access to your data files at the same access level as what you invoked the browser with, how secure would your data/system be? One mindset accepts that risk and takes protective measures. The other mindset assumes safety where safety is far from assured.
ruffwoof
 
Posts: 103
Joined: 2016-08-20 21:00

Re: Cyber attack spreads worldwide

Postby n_hologram » 2017-05-15 19:45

ruffwoof wrote:One mindset accepts that risk and takes protective measures. The other mindset assumes safety where safety is far from assured.

I'm fairly certain this doesn't support the idea of running everything as root.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 189
Joined: 2013-06-16 00:10

PreviousNext

Return to Offtopic

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable