Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows' future (reprise)
From: Christian Sciberras <uuf6429 () gmail com>
Date: Tue, 18 May 2010 17:15:06 +0200

Thor,

Sorry, I didn't make my points clear enough. I was replying sarcastically to
Cassidy's remarks and asking him to prove his claims.

Regards.


On Tue, May 18, 2010 at 4:40 PM, Thor (Hammer of God)
<Thor () hammerofgod com>wrote:

What messages warning you from using Windows?  I certainly hope you do not
have me confused with the OP – I already used the term “hysteria” to
describe his ideas and subsequent recommendations.  The entire premise is
fatally flawed, and the subsequent replies show a level of ignorance that I
have not seen in a “professional” security person in some time.   It’s not
surprising to see that the background of his site “remains blackened in
protest against the many illegal and unethical activities of the USA.”
Hysterical indeed.



In fact, this thread has inspired me to add a new section to the Hammer of
God website (currently undergoing major renovation) called “Tard of the
Month”  where I’ll take claims like the one submitted by the OP and
basically… well, you know what I’ll do.



I just want to make sure you understand that **I** didn’t have anything do
with any ludicrous comments about abandoning the Windows platform because
all the oxygen in my computer was being consumed by what Symantec notes as
“new threats.”



t



*From:* Christian Sciberras [mailto:uuf6429 () gmail com]
*Sent:* Tuesday, May 18, 2010 3:40 AM
*To:* Cassidy MacFarlane
*Cc:* Thor (Hammer of God); full-disclosure () lists grok org uk

*Subject:* Re: [Full-disclosure] Windows' future (reprise)



Happens they are completely unrelated stories. Also happens that I won't
fall for someone's hysteria from using windows.

By the way, I don't know you, but I would depend on the _fact_ that I've
been using a product without a hitch rather then someone's claims that the
said product will fall in a year's time.

By the way, I think it would do you a lot of good if you quote Thor's
messages warning us from using Windows etc.

If you only have a troll's remarks to add, then leave the discussion.

As of this time, there is only one huge security risk all researchers agree
on; human error aka people's stupidity....




On Tue, May 18, 2010 at 11:01 AM, Cassidy MacFarlane <
Cassidy.MacFarlane () grantmanagement co uk> wrote:

Sent from my HTC


-----Original Message-----
From: Thor (Hammer of God) <Thor () hammerofgod com>

Sent: 15 May 2010 21:59
To: full-disclosure () lists grok org uk <full-disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] Windows' future (reprise)

No, It's Tim Mullen.  No "Bill" here.

No, I don't misunderstand:  You said "You may recall that last year, the
average annual growth rate of new threats (as defined by Symantec) was 243%.
 This enabled me to predict that the number of new threats in this year's
Symantec Threat Report would be 243% of last years."  IOW, you took what
Symantec's numbers were for one year, and guessed they would be the same for
this year, and then posted how you were almost right.  Congratulation, you
can make statements in the obvious.

You people really need to get your stories straight.  Isn't there some club
or something you guys can join to at least sync up your talking points?
First we hear about how AV is stupid, unneeded, useless, a waste of money,
and if you install it then you are ignorant.  Then we hear about how some
people can "bypass AV" using kernel hooks on windows XP and call it an "8.0
Earthquake."  Now you come out and say that you predict that AV will not be
able to keep up with these new "threats" and that people must stop using
Windows as a result since Windows "is not likely of producing any secure
version of anything anytime soon."


Then you blithe on about how people should "avoid any software that locks
them into a Microsoft Platform like the plague" and specifically note .NET
for businesses but of course fail to provide any examples of where they
should go, or any real advice on your "mitigation strategy."

What it is about .NET that should be avoided like the plague?  Wait, before
you answer that, let's make sure you are qualified to answer.  One must
assume that you are an expert .NET developer and that you have keen insight
into the very foundation of the platform in order to know unequivocally that
it should not be used under any circumstances.   Please give us some code
examples of your .NET projects where it failed so miserably, even given your
expertise, and then provide the "proper" secure solution in your magic
TardWare solution.  Certainly someone speaking with such authority on the
matter can come up with examples in no time.

Additionally, you've clearly performed migration engagements for these
people you "advise."  Please let us know what the actual migration plan was,
and how you have so brilliantly created a one-off cost migration path.  I'm
really interested in the details about that.  I would particularly like to
know what authentication infrastructure you would build to support secure
enterprise-based services, your solution for client access and
administration, and your overall network concepts.  Also, what is your
preferred replacement for .NET again?  Details on your SDL process would be
fantastic as well.

You've got a great opportunity to really contribute to the industry by
providing us with your qualifications and subsequent solutions to these
problems, so I'm really looking forward to seeing what you have to say on
the matter beyond "Symantec said we'd have this amount of growth, so I said
that too, and I was almost right.  And since I was almost right, it is
imperative to drop all Windows products and re-write all of your .NET code
immediately because AV won't be able to keep up with it."

t

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:
full-disclosure-bounces () lists grok org uk] On Behalf Of lsi

Sent: Saturday, May 15, 2010 1:07 PM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Windows' future (reprise)

Is that you, Bill?

I think you misunderstand.  9 months ago, I measured the growth rate at
243%, using Symantec's stats.  9 months ago I posted that number here,
together with a prediction of this year's stats.  Recently, I got this
year's stats and compared them with that prediction.  I found that this
prediction was 75.4% accurate.  I am now reporting those results back to the
group.  And this is trolling how?

My point is that the prediction was not wildly wrong, and so that leads me
to wonder if anything else I said, 9 months ago, was also not wildly wrong.

My main reason for claiming that Windows is inherently insecure is because
it's closed source.  However it's also because of the sloppy, monolithic
spaghetti code that Windows is made of.  If you're claiming Windows is in
fact inherently secure, I assume this means you don't use AV on any of your
Windows machines, and advise everyone you know to uninstall it?

I never said migration would be free or easy.  That is why I am posting
this data here, because I see it as a vulnerability, a very big
vulnerability that many companies have not woken up to.  The very fact that
migration is hard, lengthy, and expensive, means that the vulnerability is
larger than ever.

Stu


On 15 May 2010 at 14:40, Thor (Hammer of God) wrote:

From:                   "Thor (Hammer of God)" <Thor () hammerofgod com>

To:                     "full-disclosure () lists grok org uk" <full-

disclosure () lists grok org uk>

Date sent:              Sat, 15 May 2010 14:40:29 +0000

Subject:                Re: [Full-disclosure] Windows' future (reprise)

I am constantly amazed at posts like this where you make yourself sound
like some sort of statistical genius because you were "able to predict" that
since last year was %243, that this year would be %243.  Wow.  Really?

And for the record, these claims of 'inherent insecurity' in Windows are
simply ignorant.  If you are still running Windows 95 that's your problem.
 Do a little research before post assertions based on 10 or 20 year old
issues.

This smacks of the classic troll, where you say things like "nothing that
Microsoft makes is secure and it never will be" and then go on to say how
easy it is to migrate, and how it's free, with only a one off cost, and how
to move off of .NET.

Obvious "predictions," ignorant assumptions, and a total lack of any true
understanding of business computing.  Yep, "troll."

t

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:
full-disclosure-bounces () lists grok org uk] On Behalf Of lsi
Sent: Saturday, May 15, 2010 6:12 AM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Windows' future (reprise)

Hi All!

Just a followup from my posting of 9 months ago (which can be found
here):



http://www.mail-archive.com/full-disclosure () lists grok org uk/msg37173.html


Symantec have released "Internet Security Threat Report: Volume XV:
April 2010".  My posting from last year was based on the previous
"Internet Security Threat Report: Volume XIV: April 2009".  So I thought it
would be interesting to check my numbers.  The new edition of the Threat
Report is here:

http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202

You may recall that last year, the average annual growth rate of new
threats (as defined by Symantec) was 243%.  This enabled me to predict that
the number of new threats in this year's Symantec Threat Report would be
243% of last years; eg. I predicted 9 months ago the number of new threats
in this year's Symantec Threat Report would be 243% * 1656227, or
3840485.87.

The actual number of new threats in this year's Symantec Threat Report is
2895802, an error on my part of 24.6%.

This is quite a chunk, however it is not that far off.  My excuses:

- my number was based on averages, so it will never be exact.  There will
be a natural variance in the growth rate, caused by many factors.

- in the new edition, Symantec have altered the raw data a little - the
number of new threats for 2009, 2008, 2007 etc is slightly different to
those same years, as listed in the previous version of the report.  I have
not updated my projection to allow for this.

- Symantec note that "The slight decline in the rate of growth should not
discount the significant number of new signatures created in 2009.
Signature-based detection is lagging behind the creation of malicious
threats..." (page 48).

Am I retreating from my position?  Absolutely not.  I am now expecting
the number of new threats in next years' report to be 7036798.86. This is
2895802 * 243%.  This includes the error introduced by Symantec's changes to
the raw data.  I don't think it matters much.

As this flood of new threats will soon overpower AV companies'
ability to catalogue them (by 2015, at 243% growth, there will be
2.739 MILLION new threats PER DAY (over 1900 new threats per minute)),
and as Symantec admits above that "signature-based detection is lagging",
and as Microsoft are not likely to produce a secure version of anything
anytime soon, I am not at all hopeful of a clean resolution to this problem.

I continue to advise that users should, where possible, deploy
alternatives; that they should, if they have not already, create and action
a migration strategy; and that they should avoid like the plague, any
software which locks them into a Microsoft platform.
Business .NET applications, I'm lookin' at you.

Those failing to migrate will discover their hardware runs slower and
slower, while doing the same job as it did previously.  They will need to
take this productivity hit, OR buy a new computer, which will also
eventually surcumb to the same increasing slowness.  They will need to buy
new machines more and more frequently.  Eventually, they will run out of
money - or, for the especially deep-pocketed, they will find they cannot
deploy the new machines fast enough, before they are already too slow to
use.  The only alternative to this treadmill is to dump Windows.  The sooner
it is dumped, the less money is wasted buying new hardware, simply to keep
up with security- induced slowness.

Why spend all that time and money on a series of new Windows machines,
without fixing the actual problem, which is the inherent insecurity of
Windows?  People can spend the same time and money replacing Windows, and
then they won't need to worry about the problem any more.  The difference is
that sticking with Windows incurs ongoing and increasing costs, while a
migration incurs a one- off cost.

I don't think it takes a genius to see which approach will cost less.

Notes:
- see page 10 of the Volume XIV (2009) edition, and page 48 of Volume XV
(2010) edition, for the relevant stats

- since my post of last year, I have also noticed a similar exponential
curve in the number of threats detected by Spybot Search and Destroy (a
popular anti-spyware tool). This curve can be seen
here:

http://www.safer-networking.org/en/updatehistory/index.html

 - my projection of growth rates up to 2016 (written last year) is
here:

http://www.cyberdelix.net/files/malware_mutation_projection.pdf

Comments welcome..


Stu

---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

---
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

---
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

www.grantmanagement.co.uk

www.gmhelp.co.uk

Please consider the environment before printing this email and any
attachments.
This message and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you are not the intended recipient please disregard and delete
this message. Please note that any views or opinions presented in this email
do not necessarily represent those of the company. Whilst this email and any
attachment(s) have been scanned for the presence of viruses, the company
accepts no liability for any damage caused by any virus transmitted by this
email.

Company Registration: SC187301
14 Coates Edinburgh EH3 7AF


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]