Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows' future (reprise)
From: "lsi" <stuart () cyberdelix net>
Date: Sun, 16 May 2010 03:15:09 +0100

On 16 May 2010 at 0:09, Thor (Hammer of God) wrote:

Just as I expected.   A wishy washy response, nothing concrete or even
vaguely resembling substantive material, backtracking on an exact
quote, the obligatory reference to your formula ala Craig Wright, with
the final "oh, I'm sure you would like to know, but I'll have to
charge you in order to tell you." 

Well spotted, I am a consultant... I get paid to behave that way!

It was your misquote I corrected, if you call that a backtrack, suit 
yourself!  I was giving you my working so you could reproduce my 
numbers... never mind.

I was wrong to assume that you would try to educate yourself about .NET

Other than how to uninstall it, I have no desire to know anything 
about it.

The "amount of free disk space on a drive" utility you wrote

Yeah, how crap, it's called df in unix, everyone hates it enormously! 
A truly useless tool.  That must be why a df command appeared in 
Version 1 of AT&T UNIX.  Windows doesn't have something like that, so 
I made one myself.  You should see the new version, writes to STDOUT, 
supports multiple drives on one commandline, 1951 bytes of source, 
154k uncompressed EXE, beat it if you can....

P.S.  The headers on your email show that you are using Pegasus Mail
for Windows (4.51).  I know a guy who can help you switch to Linux if
you want.  I think he charges about £120/hr. 

Amusing, however Pegasus is a perfect example of the difficulty users 
face when migrating.  As my dear Peg isn't open source, it's one of 
the reasons this machine still runs Windows (along with Quake, and 
the tools I have created over years to help me work, and their 
PowerBasic compiler).  I don't want to be on the phone to a customer 
and trying to figure out how to use my computer at the same time, so 
I decided to go slow for now.  I think this is a fair decision.  My 
servers run unix, it's just this desktop that is left.  I'm not in a 
big hurry, this machine is nicely optimised.  I'm not looking forward 
to the day that I have to rewrite all my tools.  I know it will be a 
total PITA, take ages, introduce bugs and generally cost me a packet. 
Unfortunately, long-term, the alternative is even worse.  I am very 
familiar with the issues faced when migrating, as I have those 
issues.  Does this surprise you?

Stu

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
lsi
Sent: Saturday, May 15, 2010 4:15 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Windows' future (reprise)

IOW, you took what Symantec's numbers were for one year, and guessed 
they would be the same for this year, and then posted how you were 
almost right.

You definitely misunderstand.  AFAIK, Symantec do not publish the number 243%.  I calculated it myself, using this 
sum:

(0.92 + 3.67 + 1.64 + 1.24 + 4.44 + 2.65) / 6

I also calculated those numbers, using the general formula y(n+1) / y(n).  This is all explained on the link I gave 
in my original post:

http://www.cyberdelix.net/files/malware_mutation_projection.pdf

Even in the most recent report, Symantec only refer to the growth rate by saying it was "more than double" (eg, 
200+%) - although I haven't read it closely, they may well elaborate on that at some point.

You people really need to get your stories straight.

There is only one of me, I assure you.

Then you blithe on about how people should "avoid any software that 
locks them into a Microsoft Platform like the plague" and specifically 
note .NET for businesses but of course fail to provide any examples of 
where they should go, or any real advice on your "mitigation 
strategy."

I agree Windows needs mitigation, that is why I am posting.  I didn't mention alternatives as that's not my purpose, 
to promote a specific product, and I wouldn't want my observations to be tainted by it.  
However, now you've asked, I'd recommend FreeBSD, without even seeing your spec.  Desktops?  PC-BSD.  As for .NET, 
off top of head I'd suggest a .NET connector for PHP, running on FreeBSD of course.

What it is about .NET that should be avoided like the plague?  Wait,

Sorry but I already answered that.   It's because it locks the 
customer into a Microsoft platform.

One must assume that you are an expert .NET developer

You'd assume wrong - it doesn't take an expert to recognise a dependency.

Additionally, you've clearly performed migration engagements for these 
people you "advise."  Please let us know what the actual migration 
plan was, and how you have so brilliantly created a one-off cost 
migration path.  I'm really interested in the details about that.

I'm sure you are, and I'd be happy to oblige.  My rates for that kind of work start at £120/hr.  Please PM me for 
more info.

Details on your SDL process would be fantastic as well. 

Continuous incremental improvement (TQM). RERO.  Prototyping.  Agile is the word used nowadays I believe... 
revolution through evolution, as I said....

Stu

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of lsi
Sent: Saturday, May 15, 2010 1:07 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Windows' future (reprise)

Is that you, Bill?

I think you misunderstand.  9 months ago, I measured the growth rate at 243%, using Symantec's stats.  9 months ago 
I posted that number here, together with a prediction of this year's stats.  Recently, I got this year's stats and 
compared them with that prediction.  I found that this prediction was 75.4% accurate.  I am now reporting those 
results back to the group.  And this is trolling how?

My point is that the prediction was not wildly wrong, and so that leads me to wonder if anything else I said, 9 
months ago, was also not wildly wrong.

My main reason for claiming that Windows is inherently insecure is because it's closed source.  However it's also 
because of the sloppy, monolithic spaghetti code that Windows is made of.  If you're claiming Windows is in fact 
inherently secure, I assume this means you don't use AV on any of your Windows machines, and advise everyone you 
know to uninstall it?

I never said migration would be free or easy.  That is why I am posting this data here, because I see it as a 
vulnerability, a very big vulnerability that many companies have not woken up to.  The very fact that migration is 
hard, lengthy, and expensive, means that the vulnerability is larger than ever.

Stu

On 15 May 2010 at 14:40, Thor (Hammer of God) wrote:

From:               "Thor (Hammer of God)" <Thor () hammerofgod com>
To:                 "full-disclosure () lists grok org uk" <full-
disclosure () lists grok org uk>
Date sent:          Sat, 15 May 2010 14:40:29 +0000
Subject:            Re: [Full-disclosure] Windows' future (reprise)

I am constantly amazed at posts like this where you make yourself sound like some sort of statistical genius 
because you were "able to predict" that since last year was %243, that this year would be %243.  Wow.  Really?

And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant.  If you are still 
running Windows 95 that's your problem.  Do a little research before post assertions based on 10 or 20 year old 
issues.

This smacks of the classic troll, where you say things like "nothing that Microsoft makes is secure and it never 
will be" and then go on to say how easy it is to migrate, and how it's free, with only a one off cost, and how to 
move off of .NET.

Obvious "predictions," ignorant assumptions, and a total lack of any true understanding of business computing.  
Yep, "troll."

t

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of lsi
Sent: Saturday, May 15, 2010 6:12 AM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Windows' future (reprise)

Hi All!

Just a followup from my posting of 9 months ago (which can be found
here):

http://www.mail-archive.com/full-disclosure () lists grok org uk/msg371
73.html

Symantec have released "Internet Security Threat Report: Volume XV: 
April 2010".  My posting from last year was based on the previous "Internet Security Threat Report: Volume XIV: 
April 2009".  So I thought it would be interesting to check my numbers.  The new edition of the Threat Report is 
here:

http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202

You may recall that last year, the average annual growth rate of new threats (as defined by Symantec) was 243%.  
This enabled me to predict that the number of new threats in this year's Symantec Threat Report would be 243% of 
last years; eg. I predicted 9 months ago the number of new threats in this year's Symantec Threat Report would be 
243% * 1656227, or 3840485.87.

The actual number of new threats in this year's Symantec Threat Report is 2895802, an error on my part of 24.6%.

This is quite a chunk, however it is not that far off.  My excuses:

- my number was based on averages, so it will never be exact.  There will be a natural variance in the growth 
rate, caused by many factors.

- in the new edition, Symantec have altered the raw data a little - the number of new threats for 2009, 2008, 
2007 etc is slightly different to those same years, as listed in the previous version of the report.  I have not 
updated my projection to allow for this.

- Symantec note that "The slight decline in the rate of growth should not discount the significant number of new 
signatures created in 2009. Signature-based detection is lagging behind the creation of malicious threats..." 
(page 48).

Am I retreating from my position?  Absolutely not.  I am now expecting the number of new threats in next years' 
report to be 7036798.86. This is 2895802 * 243%.  This includes the error introduced by Symantec's changes to the 
raw data.  I don't think it matters much.

As this flood of new threats will soon overpower AV companies' 
ability to catalogue them (by 2015, at 243% growth, there will be
2.739 MILLION new threats PER DAY (over 1900 new threats per minute)), and as Symantec admits above that 
"signature-based detection is lagging", and as Microsoft are not likely to produce a secure version of anything 
anytime soon, I am not at all hopeful of a clean resolution to this problem.

I continue to advise that users should, where possible, deploy alternatives; that they should, if they have not 
already, create and action a migration strategy; and that they should avoid like the plague, any software which 
locks them into a Microsoft platform.  
Business .NET applications, I'm lookin' at you.

Those failing to migrate will discover their hardware runs slower and slower, while doing the same job as it did 
previously.  They will need to take this productivity hit, OR buy a new computer, which will also eventually 
surcumb to the same increasing slowness.  They will need to buy new machines more and more frequently.  
Eventually, they will run out of money - or, for the especially deep-pocketed, they will find they cannot deploy 
the new machines fast enough, before they are already too slow to use.  The only alternative to this treadmill is 
to dump Windows.  The sooner it is dumped, the less money is wasted buying new hardware, simply to keep up with 
security- induced slowness.

Why spend all that time and money on a series of new Windows machines, without fixing the actual problem, which 
is the inherent insecurity of Windows?  People can spend the same time and money replacing Windows, and then they 
won't need to worry about the problem any more.  The difference is that sticking with Windows incurs ongoing and 
increasing costs, while a migration incurs a one- off cost.

I don't think it takes a genius to see which approach will cost less.

Notes:
- see page 10 of the Volume XIV (2009) edition, and page 48 of 
Volume XV (2010) edition, for the relevant stats

- since my post of last year, I have also noticed a similar 
exponential curve in the number of threats detected by Spybot Search 
and Destroy (a popular anti-spyware tool). This curve can be seen
here:

http://www.safer-networking.org/en/updatehistory/index.html

 - my projection of growth rates up to 2016 (written last year) is
here:

http://www.cyberdelix.net/files/malware_mutation_projection.pdf

Comments welcome..

Stu


---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault