You can have child porn on your computer and not know

Post Reply New Topic

What if you tell the web browser to remember nothing and have a program that cleans out the web folders of cookie's cache, etc? And What if you regularly before you go to sleep to tell the computer to "erase free space" which means the computer makes a massive dummy file and it will erase the directory of the hard drive so nothing could be traced?

I actually do this, but I'm not a p®on addict. It's just out of habit from years of mom always wondering what website I was just on, so do that and you're good.

Thankfully, I'm on dialup most of the time, but the office PCs are on broadband.

1. Use a NAT router for broadband. It isn't bulletproof, but it stops anyone coming in uninvited as inbound communication is only possible if the bridge is initiated from INSIDE the network (e.g. surfing the web, checking e-mail).

2. Use a good reputation virus scanner, keep it updated (lots of good free ones are available...like AVG).

3. Don't go to places of questionable reputation (I know, obvious one).

4. Don't use Internet Explorer. It's the most exploited web browser out there. I only use it for Windows Update. Firefox is pretty good, and you can use plug-ins that block scripts that you don't authorize...scripts can sneak in viruses which is what makes blocking them from unknown sources so important.

5. Download and install COMODO firewall. Unlike the one included in Windows, Comodo has the ability to learn. So, it starts with nothing being authorized and as you authorize one thing after another, it will let that which should go online to do so and block other items you said "no" to. It can also go to a "block everything" setting at the click of the mouse...making your system impossible to breach even if the connection is on.

Are we comparing Win9x with modern day Linux here?
The NT kernel has most if not all the security features of Linux, and in some cases they are actually better. Linux is good, especially so for its price tag. But if you want to bash Windows, do it with facts:

1. default settings
The default settings on XP is like a security bypass mode. It's done to ease migration from Win9x. Unfortunately, this gives little incentives to software writers to adhere to M$'s guidelines. In the end a lot of softwares from XP's days don't like to run with restricted privileges.
With Vista, any software that put Vista's logo on its box has to adhere to M$'s guidelines. So newer programs should have no problems with restricted privileges. For older programs, Vista virtualizes various system directories so that changes are private, not global. This make using a standard user account much easier (which was a problem on XP). UAC also makes an admin account act like a standard one, so even the default settings on Vista is not a problem now.
btw even on XP, you just need to create a standard user account to be on level ground with Linux. The only inconvenience is that you have to use "Run As" or something like sudo to run some programs.

2. OS components
Windows' own components seem to have a higher exploit rate than Linux. My view is that programs will always have bugs, M$ just enabled too much junks by default, unnecessarily enlarging the attack vector. However, the underlining design of Windows' service is not less secure than Linux's daemons.

That's only true if you use a admin account all the time. I consider that poor user practice not a design quality of Windows.

Vista/Win7 also has Integrity Level, a protection not available on Linux. The benefit to objects (files, registry, etc.) is actually negligibly, as the existing ACL already covered that. But IL is also used to provide process separation in a very novel way.


The permission system of Linux is actually less powerful than the ACL (Access Control List) of Windows. The default settings are also well designed, you just need to run as a standard user to take advantage of it.


Not true with UAC.


I think anyone who can install Linux should have no problem setting up a new user account on Windows and log on to it.


Most binary only trojans are eventually found too. It may be found sooner when the source code is available but it just shorten the window of opportunities. The best practice is to use well known programs only, whether Linux or Windows. However, you may claim that Linux's repository make finding trust-able programs easier.


Agreed. Just want to add that the repository is almost a necessity because of distro and kernel version differences.


There's also a PoC trojan for BlackBerry.


Reinstall won't cost you a licence, it's upgrades that may cause problems. No matter what, cost will always be an advantage of Linux.


XP has even finer control with "Software Restriction Policies" and Windows 7 has an improved version called AppLocker.


If you are willing to get into the trouble of using SELinux, there are numerous HIPS programs available on Windows too.
Besides, "Group Ploicies" already covered the most important aspects.


Not sure about your numbers, but Linux does win this round. The big loser has to be Apple though.


Given the perceived user stereotype, I think most malware writers will consider spending time on OSX more profitable and leave Linux alone.

Agreed. Its about equal in simplicity. Many people wont be installing their own linux though.


Two years from discovery to fix in the case of one windows(xp) flaw. Sorry I cannot remember the details.


And cause complacency. I could have a repository easily enough and all I have to do is get you to add it. Maybe I am too lazy to check the code there. Maybe I have bad intentions.



How so? Upgrades are easier than windows, last I checked. And a fresh install is even easier. You can even retain your installed software.



Thats still operating system level software, not integral to the format of the disk.



Honestly? I'm not. But I figure the US department of defense designed it, and they are going to do a better job than MS employees and contractors. Actually, we cant tell: the MS source is closed. We can only have faith, a rather dirty word in engineering.


Not sure about your numbers, but Linux does win this round. The big loser has to be Apple though.

I cannot be sure either, right? MS employees are restricted to their department, and motivated(usually) by pay. They dont get paid for doing things that are not their job. If another department will even share source at all, they may even get reprimanded. Linux people are motivated solely by interest, and restricted by nothing. They gain status by being well versed in a number of areas.

So the point is that only a small portion of MS(I assume apple is different) employees are even in a position to repair security, while any interested(and who wouldnt be?) linux developer can take a crack at a fix.

So you are right. Hands down, Linux wins on speed of fix.

[/quote]

Your idea seems reasonable, yes.

Lets also see about Linux viruses. If you need need to clean a virus its quite easy. Especially since the file system/ structure is not as flawed as spaghetti. Not to mention a system without a registry and a bunch of misorganized cross-linked files helps to hint down the source. As well as get rid of all remaints.

Windows however is not innovative and is in most cases reversed engineered Apple II OS. Most of the security features in Windows 7 has been in most linux distros since the late 90's and even before. Linux was developed from the ground-up to be a secure UNIX like OS.

You mean an actual trojan? I've only heard of a vulnerability that has taken 2 years+ to fix, which is unacceptable enough.


Yup. Some people are too easy to trust.


Aren't mount options stored in /etc/fstab? Can you really store that in the filesystem itself?
Anyhow, I imagined the check will be handled by the process creation API, the filesystem or the registry simply supply the restriction information. On Windows, anything after the boot time drivers can be blocked. Unless Linux can block drivers too, the check doesn't seem to function earlier. On the other hand, Windows allow fine grained control and the convenient option to limit the rules to non-admin only.



Now please elaborate.


I agreed that a centralized registry is counter productive. But apart from the centralized part, what's so superior about storing data in config files over storing data in registries?


I'll have to ask you to elaborate on this one too.


You mean MS-DOS is a copycat of AppleDOS? This is not true however. MS-DOS is based on QDOS which mimicked CP/M.
Or did you mean Windows is a copycat of Macintosh? In that case, you should be saying both are copycat of Xerox Alto.


Most of the security features in linux has been in Windows NT since 1993.


So what exactly makes UNIX and its derivatives secure and not others?

Windows has an ultra secret file that stores the contents of every website you've been to since you started using the OS, long after the time you think you've erased it. people can still trace the websites you've been to.

Mostly the superuser system. By default, programs can't do anything to folders outside your home directory without your permission. Vista has tried to imitate this though.

Are you saying Windows or IE?
If you really mean Windows, then please be more specific about this ultra secret file.

Privileges control has been available in Windows since the very first version of NT. A standard user doesn't have modify permission to any system objects. The default on XP just bypass this protection for the noobs. All you have to do is create a new standard user account and use it.

Vista's UAC imitated the sudo command, not the superuser system. The built-in "Run As" on XP will run the elevated programs under a different credentials with admin privileges. UAC makes it possible to keep the elevated programs on the same credential. btw the system to have different security tokens for the same credential is already there in XP. That's what makes programs like psexec, DropMyRights, and SuRun possible.

Its a checkmark that is activated when you prepare the partitions, long before files are installed. fstab doesnt exist at that point.

It would be in whatever ext uses for a file attribute table I suppose. In linux we use a boolean to mask whether something make execute or not. My assumption is that this bit is either forced low, or that the format negates the storage of an execute bit. when the system orders that the execute bit be written, its value is shuffled off to /dev/null, the bit bucket, and the table doesnt contain a storage spot anyway.

So its a whitelist instead of a blacklist.
But I speculate.




Well, just on the surface of it, they are files and not prone to duplicate names. You can also copy individual items instead of needing the whole registry. This makes it easier to patch them back in. You also wont see nonsense character name entries with no clue what they do.

Cool, I thought /etc/fstab is the only place to set noexec. I'll have to check that out some time.


What I meant is that instead of a single file (well actually each hive as the top most key is called is stored in separate files), M$ could have stored the registry for each program in its own program data directory. That way the only difference is binary vs text format. You just have to use registry editor instead of a text editor to change settings.


You should really blame the author of whatever program that's in your mind for that. Registry or text file makes no difference.

Lets elaborate what I said.

The UI for Windows has been the same since 1983 when Gates worked for the Apple II. Which in nature was copied from Xerox. The mouse pointer, mouse animation and the base of the UI has not change. For the exception of a bunch of stupid eye candy and the start menu.

Windows is like spaghetti because of the registry database that it uses. Despite for some registry safety nets inherited when Microsoft released Windows ME and Windows 2000 nothing has changed. Windows still uses the same registry system inherited in Windows NT 3.5. They just added some safety nets to make it a bit more sturdy when it comes to software installations. Example, when you install Office 2007 or Symantec Antivirus it creates a bunch of regisitry keys. Some of them not even in use that software and are just plain cumbersome. Not the mention the software bloat associated with the Registry Database in windows. When you uninstall the software it can either.

A)Refuse to uninstall
B)Screw up other programs, drivers and other stuff. Not to mention leaving the empty regsitry keys. Thus slowing your computer down.

Why is UNIX secure you may ask. Well the way Unix is designed it only does what you need it to due. Thus the software packages are not integrated at all to the OS. Not even by a measly key. All that happens when you launch a program in UNIX is that it launches the base executable. Therefor creating no security flaws due to no excess crap running in background. Tight UAC control over the system and so on. If you don't ask to start a program nothing starts. For the exception of base security updates and so on. Not to mention with less software bloat you can also easily get the the base of malicious software. You should also consider the locking of the file system to anything not enunciated by the user. As well as the firewall integration. Making Unix great for super computers, embedded devices and so on.

Again, I could be wrong, but I know when you set up partitions in the alternate Debian installer, you set flags for various things, then a format happens. After that you enter the install portion. So it is possible that settings are written to a file. I'm going to format a disk in a few minutes and I'll see if i can get some screen shots. I want to see your take on the matter.



Well, thats one benefit right there. We can use any text editor we choose.

The next thing I can think of is that values are not deeply embedded in the tree branches, and you cant mistakenly end up in the wrong branch labeled(purely for example) 'microsoft'.

One big benefit comes to mind. The configuration files in linux are stored in /home, rather than in the system area. Provided you have a separate partition for /home, if you reinstall, all settings are restored - desktop wallpaper, themes, window locations, current read folders for various apps, etc. Not only is my data retained, its method of usage is as well.

I was successful(it wasnt trivial) in setting documents as well as program files in windows xp to D: drive for this effect, but vista, and I presume seven, have made this even harder. At times, some windows apps insisted on still installing their stuff to C:\Documents, and since it did not exist, they either balked or created their own entries. What a cluster euphemism that was.


Thats good to know that its four files instead of one. Thats one benefit of linux' system - you can lose files without corrupting the whole thing.

And as a byproduct, the linux permissions system applies to the configuration files. Its possible for the admin to allow a user to edit their own 'registry', but only select parts. In windows its all or nothing regarding the registry, right?



Thats correct. The author(s) are to blame. But I've also never seen nonsense filenames like that in linux. A user would likely get suspicious and kill it. As well, the repository approval people would likely not approve it with such a vague and misleading appellation.

As an aside, one of the things I like about linux is the file system tree. If I decide that /usr/local/share/lib is going to be on a different hard disk, its happy to accommodate me. If I were to try set up windows so that C:\windows\System32 was on a different disk.. well, I dont think thats possible at all.

Last edited by Fuzzy on 14 Nov 2009, 1:19 pm, edited 2 times in total.

I was referring to something I read in a previous thread. But it does seem to be linked with IE:

http://www.wrongplanet.net/postt98779.html.

Yes that vulnerability is what I meant.