Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows' future (reprise)
From: Christian Sciberras <uuf6429 () gmail com>
Date: Sun, 16 May 2010 12:22:12 +0200

An interesting point - Unicode?

I don't think 5Mb files are infeasible, especially as time passes,
that'll be just a blip before long.

Stu


You call it a "blip" yet you are counting in infections for *everywhere* and
*anyone* so, what makes you think service providers (which have been comfy
in the last 6 years with a dialup-grade connection) to abruptly switch to
high-speed fiber-optic?

I'm just saying that your statistics are based on too little variables - it
would be like saying Earth will die of hunger just because a product is out
of stock at a local supermarket.

You yourself mentioned an error margin of ~24%. This will only *grow* by
next year.
Lastly, I stand my point: Malware cannot be taken is a combination (as you
and other certain "specialists" think of it). Reason number one being that a
software combination (hash) can vary from between "malware", "useful" or
"utterly useless"; ie, the combination of having only malware is so
undefinable that you can't put it in any equation.

Symantec's results are not wrong, it is how you/people use them that may be
wrong, such as attempting to predict anything out of them.

On Sun, May 16, 2010 at 6:32 AM, lsi <stuart () cyberdelix net> wrote:

Hi Bill!

Thanks for the tip on the DIR command, I did in fact notice that,
however it doesn't give percentages (or total space), AFAIK, and my
monitoring bot wants percentages.  My df also reports the computer
name (so I can make sense of the output when the space on multiple
machines is listed one after the other in a report, and if an alert
is generated by the monitoring bot).

The new version of my df uitil is 1951 bytes, the version on my site
is old.

I'm sorry I upset you because I mentioned .NET, is it because you
make a living off it?  Sorry to be the bearer of bad tidings.  .NET
is merely one case of many, I picked it as an example because I am
currently supporting a customer with a £23,000 .NET application that
has them utterly locked to Microsoft, and I have no hope at all of
selling them unix anything.  Which is a shame for them (I just made a
packet cleaning a nasty virus infection from one of their XP PCs).

As for the .NET connector for PHP, yes, I made that up, and the
problem is where?  You wanted a migration strategy, I gave you one! I
did say off top of head.  You want me to research it?  That's
£120/hr.

I also don't see a problem posting my mail from a Windows PC.  Why do
I need to be running unix before I can report that malware is
mutating at 243%?  I don't, is the short answer.

Why don't you criticise my arguments, instead of myself, or my job,
or my computer, or my email program, or my personal migration
strategy, or my software?  Is it because you can't?  I think so.

Stu

On 16 May 2010 at 3:06, Thor (Hammer of God) wrote:

From:                   "Thor (Hammer of God)" <Thor () hammerofgod com>
To:                     "full-disclosure () lists grok org uk" <full-
disclosure () lists grok org uk>
Date sent:              Sun, 16 May 2010 03:06:18 +0000
Subject:                Re: [Full-disclosure] Windows' future (reprise)

This just gets better all the time.  I have to admit, it was fun at
first, but now's I grow weary, mostly because this is just sad.

For you to actually think that one can't find out how much free drive
space in Windows would be funny it were not so ridiculous.  And it's been
built into DIR forever.  Oh, and your .bas file is 60,000 some odd bytes,
not 1951.  I think you are confusing the size with the last time you
actually did research into what you are talking about.

The main point here is for people to see how easy it is for someone who
admits that they know nothing about .NET, nor care to learn anything about
.NET, to honestly and publically say that people must uninstall it as if it
were the plague.  You actually get paid to tell people to uninstall it and
use "a .NET connector to PHP" - whatever the hell that is.  Simply amazing
to me.

And yet, it's fine for YOU to continue to use a "closed source" operating
system to run your "dear Peg" closed source email program because you don't
feel like practicing what you preach.   To think that you consider insight
into moving a couple of computers over to *nix as the basis to make sweeping
generalized statements of how migrating is a one-off cost staggers the
imagination.  But, everyone is entitled to their opinion, so good luck with
yours dude.   But what you are doing to the poor people who not only trust
you but also pay you seems to be quite a disservice indeed.  But that's
between you and whatever your ethic is.

So in a nutshell (and I'll drop off after this as I think this has played
itself out) you hate closed source and .NET and get paid to tell other
people to migrate to non-existent ".NET connector's to PHP" after switching
from Windows to BSD, but compose the very email that you so vehemently
condemn them on a closed source operating system with a closed source
program because you don't have "time to figure out how to use your computer
at the same time." (direct quote).  I think I got it.  Thanks for sharing.

Oh, one last thing - your "dear Pegasus" 4.51 Windows-based program that
you hypocritically hold on to while demonizing Windows and .NET was...
wait for it....   wait for it....   written with Visual Studio 2008 C++  - a
proud Microsoft .NET Framework development platform!

Ladies and Gentlemen, Goodnight!

t

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:
full-disclosure-bounces () lists grok org uk] On Behalf Of lsi
Sent: Saturday, May 15, 2010 7:15 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Windows' future (reprise)

On 16 May 2010 at 0:09, Thor (Hammer of God) wrote:

Just as I expected.   A wishy washy response, nothing concrete or even
vaguely resembling substantive material, backtracking on an exact
quote, the obligatory reference to your formula ala Craig Wright, with
the final "oh, I'm sure you would like to know, but I'll have to
charge you in order to tell you."

Well spotted, I am a consultant... I get paid to behave that way!

It was your misquote I corrected, if you call that a backtrack, suit
yourself!  I was giving you my working so you could reproduce my numbers...
never mind.

I was wrong to assume that you would try to educate yourself about
.NET

Other than how to uninstall it, I have no desire to know anything about
it.

The "amount of free disk space on a drive" utility you wrote

Yeah, how crap, it's called df in unix, everyone hates it enormously!
A truly useless tool.  That must be why a df command appeared in Version
1 of AT&T UNIX.  Windows doesn't have something like that, so I made one
myself.  You should see the new version, writes to STDOUT, supports multiple
drives on one commandline, 1951 bytes of source, 154k uncompressed EXE, beat
it if you can....

P.S.  The headers on your email show that you are using Pegasus Mail
for Windows (4.51).  I know a guy who can help you switch to Linux if
you want.  I think he charges about £120/hr.

Amusing, however Pegasus is a perfect example of the difficulty users
face when migrating.  As my dear Peg isn't open source, it's one of the
reasons this machine still runs Windows (along with Quake, and the tools I
have created over years to help me work, and their PowerBasic compiler).  I
don't want to be on the phone to a customer and trying to figure out how to
use my computer at the same time, so I decided to go slow for now.  I think
this is a fair decision.  My servers run unix, it's just this desktop that
is left.  I'm not in a big hurry, this machine is nicely optimised.  I'm not
looking forward to the day that I have to rewrite all my tools.  I know it
will be a total PITA, take ages, introduce bugs and generally cost me a
packet.
Unfortunately, long-term, the alternative is even worse.  I am very
familiar with the issues faced when migrating, as I have those issues.  Does
this surprise you?

Stu

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of lsi
Sent: Saturday, May 15, 2010 4:15 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Windows' future (reprise)

IOW, you took what Symantec's numbers were for one year, and guessed
they would be the same for this year, and then posted how you were
almost right.

You definitely misunderstand.  AFAIK, Symantec do not publish the
number 243%.  I calculated it myself, using this sum:

(0.92 + 3.67 + 1.64 + 1.24 + 4.44 + 2.65) / 6

I also calculated those numbers, using the general formula y(n+1) /
y(n).  This is all explained on the link I gave in my original post:

http://www.cyberdelix.net/files/malware_mutation_projection.pdf

Even in the most recent report, Symantec only refer to the growth rate
by saying it was "more than double" (eg, 200+%) - although I haven't read it
closely, they may well elaborate on that at some point.

You people really need to get your stories straight.

There is only one of me, I assure you.

Then you blithe on about how people should "avoid any software that
locks them into a Microsoft Platform like the plague" and
specifically note .NET for businesses but of course fail to provide
any examples of where they should go, or any real advice on your
"mitigation strategy."

I agree Windows needs mitigation, that is why I am posting.  I didn't
mention alternatives as that's not my purpose, to promote a specific
product, and I wouldn't want my observations to be tainted by it.
However, now you've asked, I'd recommend FreeBSD, without even seeing
your spec.  Desktops?  PC-BSD.  As for .NET, off top of head I'd suggest a
.NET connector for PHP, running on FreeBSD of course.

What it is about .NET that should be avoided like the plague?  Wait,

Sorry but I already answered that.   It's because it locks the
customer into a Microsoft platform.

One must assume that you are an expert .NET developer

You'd assume wrong - it doesn't take an expert to recognise a
dependency.

Additionally, you've clearly performed migration engagements for
these people you "advise."  Please let us know what the actual
migration plan was, and how you have so brilliantly created a
one-off cost migration path.  I'm really interested in the details
about that.

I'm sure you are, and I'd be happy to oblige.  My rates for that kind
of work start at £120/hr.  Please PM me for more info.

Details on your SDL process would be fantastic as well.

Continuous incremental improvement (TQM). RERO.  Prototyping.  Agile is
the word used nowadays I believe... revolution through evolution, as I
said....

Stu

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of lsi
Sent: Saturday, May 15, 2010 1:07 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Windows' future (reprise)

Is that you, Bill?

I think you misunderstand.  9 months ago, I measured the growth rate
at 243%, using Symantec's stats.  9 months ago I posted that number here,
together with a prediction of this year's stats.  Recently, I got this
year's stats and compared them with that prediction.  I found that this
prediction was 75.4% accurate.  I am now reporting those results back to the
group.  And this is trolling how?

My point is that the prediction was not wildly wrong, and so that
leads me to wonder if anything else I said, 9 months ago, was also not
wildly wrong.

My main reason for claiming that Windows is inherently insecure is
because it's closed source.  However it's also because of the sloppy,
monolithic spaghetti code that Windows is made of.  If you're claiming
Windows is in fact inherently secure, I assume this means you don't use AV
on any of your Windows machines, and advise everyone you know to uninstall
it?

I never said migration would be free or easy.  That is why I am
posting this data here, because I see it as a vulnerability, a very big
vulnerability that many companies have not woken up to.  The very fact that
migration is hard, lengthy, and expensive, means that the vulnerability is
larger than ever.

Stu

On 15 May 2010 at 14:40, Thor (Hammer of God) wrote:

From:               "Thor (Hammer of God)" <Thor () hammerofgod com>
To:                 "full-disclosure () lists grok org uk" <full-
disclosure () lists grok org uk>
Date sent:          Sat, 15 May 2010 14:40:29 +0000
Subject:            Re: [Full-disclosure] Windows' future (reprise)

I am constantly amazed at posts like this where you make yourself
sound like some sort of statistical genius because you were "able to
predict" that since last year was %243, that this year would be %243.  Wow.
 Really?

And for the record, these claims of 'inherent insecurity' in
Windows are simply ignorant.  If you are still running Windows 95 that's
your problem.  Do a little research before post assertions based on 10 or 20
year old issues.

This smacks of the classic troll, where you say things like
"nothing that Microsoft makes is secure and it never will be" and then go on
to say how easy it is to migrate, and how it's free, with only a one off
cost, and how to move off of .NET.

Obvious "predictions," ignorant assumptions, and a total lack of
any true understanding of business computing.  Yep, "troll."

t

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of
lsi
Sent: Saturday, May 15, 2010 6:12 AM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Windows' future (reprise)

Hi All!

Just a followup from my posting of 9 months ago (which can be
found
here):

http://www.mail-archive.com/full-disclosure () lists grok org uk/msg3
71
73.html

Symantec have released "Internet Security Threat Report: Volume XV:
April 2010".  My posting from last year was based on the previous
"Internet Security Threat Report: Volume XIV: April 2009".  So I thought it
would be interesting to check my numbers.  The new edition of the Threat
Report is here:

http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202

You may recall that last year, the average annual growth rate of
new threats (as defined by Symantec) was 243%.  This enabled me to predict
that the number of new threats in this year's Symantec Threat Report would
be 243% of last years; eg. I predicted 9 months ago the number of new
threats in this year's Symantec Threat Report would be 243% * 1656227, or
3840485.87.

The actual number of new threats in this year's Symantec Threat
Report is 2895802, an error on my part of 24.6%.

This is quite a chunk, however it is not that far off.  My excuses:

- my number was based on averages, so it will never be exact.
 There will be a natural variance in the growth rate, caused by many
factors.

- in the new edition, Symantec have altered the raw data a little -
the number of new threats for 2009, 2008, 2007 etc is slightly different to
those same years, as listed in the previous version of the report.  I have
not updated my projection to allow for this.

- Symantec note that "The slight decline in the rate of growth
should not discount the significant number of new signatures created in
2009. Signature-based detection is lagging behind the creation of malicious
threats..." (page 48).

Am I retreating from my position?  Absolutely not.  I am now
expecting the number of new threats in next years' report to be 7036798.86.
This is 2895802 * 243%.  This includes the error introduced by Symantec's
changes to the raw data.  I don't think it matters much.

As this flood of new threats will soon overpower AV companies'
ability to catalogue them (by 2015, at 243% growth, there will be
2.739 MILLION new threats PER DAY (over 1900 new threats per
minute)), and as Symantec admits above that "signature-based detection is
lagging", and as Microsoft are not likely to produce a secure version of
anything anytime soon, I am not at all hopeful of a clean resolution to this
problem.

I continue to advise that users should, where possible, deploy
alternatives; that they should, if they have not already, create and action
a migration strategy; and that they should avoid like the plague, any
software which locks them into a Microsoft platform.
Business .NET applications, I'm lookin' at you.

Those failing to migrate will discover their hardware runs slower
and slower, while doing the same job as it did previously.  They will need
to take this productivity hit, OR buy a new computer, which will also
eventually surcumb to the same increasing slowness.  They will need to buy
new machines more and more frequently.  Eventually, they will run out of
money - or, for the especially deep-pocketed, they will find they cannot
deploy the new machines fast enough, before they are already too slow to
use.  The only alternative to this treadmill is to dump Windows.  The sooner
it is dumped, the less money is wasted buying new hardware, simply to keep
up with security- induced slowness.

Why spend all that time and money on a series of new Windows
machines, without fixing the actual problem, which is the inherent
insecurity of Windows?  People can spend the same time and money replacing
Windows, and then they won't need to worry about the problem any more.  The
difference is that sticking with Windows incurs ongoing and increasing
costs, while a migration incurs a one- off cost.

I don't think it takes a genius to see which approach will cost
less.

Notes:
- see page 10 of the Volume XIV (2009) edition, and page 48 of
Volume XV (2010) edition, for the relevant stats

- since my post of last year, I have also noticed a similar
exponential curve in the number of threats detected by Spybot
Search and Destroy (a popular anti-spyware tool). This curve can
be seen
here:

http://www.safer-networking.org/en/updatehistory/index.html

 - my projection of growth rates up to 2016 (written last year) is
here:

http://www.cyberdelix.net/files/malware_mutation_projection.pdf

Comments welcome..

Stu


---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

---
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

---
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault