Ok, let.s return to reality (sorry for moving this thread into the OS related flame). First of all, even if OS have not any caveats, it will not protect it from spyware/adware. if I want to install my 'Cool-Search' into million of computers, all I need to do is to write fancy game, and offer it 'free of change' in exchange of 'Allow to show you ads once / day'. That's all - you will have everything installed explicitly. But 'hidden' installation makes it much more easy for spyware, and is (in general) a very big evil. System must distinguish between 'USER' mode (use applications but do not change system behavior) and 'INSTALL' mode (install/delete/add software, processes and so on). In many cases, system must ask password to do any such action. (If you know MS, you can image which nightmare is to implement it -- I worked with IDS such as Osiris and had a fun, guessing what system decide to change today. But it is not a problem in most other OS). Second, but even worst, problem is absense of ANY system interface showing you, what is starting, stopping and running. It is not any problem to remove spyware, from common point of view - just open 'list of running processes' and 'Startup list' and uncheck everything you do not want to see. Problem - such interface does not exist, is not possible because of complexity (there are milluions ways of starting anything) and can not trace a history of processes (because of, again, extra complexity, unlimited usage of 'classes' and 'objects' and 'pluginns' and 'toolbars' and so on). Anyway, good 'change history' system could easily revert such changes back so that instead of very complex 'adaware' scaners we will have just 'change history, revert ?' button. Third is more easy for ISP - if we can not fight with bad software, fight whith those who got a profit using it. For SPAM - ok, there is not ANY way to stop sending spam (fort now), but any SPAM advertices someone, and this someone is always 100% identified - so fight (limit, flood by calls, overload by false information, etc) SPAM benefitiants, learn them do not purchase 'We will send your advertice to 10M people over the world'. The same in case of adaware. For spyware, fight those who receive information back - by any way. ----- Original Message ----- From: "John Underhill" <stepnwlf@magma.ca> To: "Niels Bakker" <niels=nanog@bakker.net>; <nanog@merit.edu> Sent: Wednesday, July 14, 2004 1:12 PM Subject: Re: Spyware becomes increasingly malicious
Ok.. but has BSD been attacked on the scale that MS code has? I would
no, not even close. Do you believe BSD is invulnerable to attack? Hardly.. Unless you want to go back to text based browsers and kernals that fit on a floppy, it is extermely difficult to eliminate all vulnerabilities in the code of a sophisticated OS. The more complex the system, the easier it is to break, and with the level of automation currently expected by most users, this requires a very complex build. Could MS be made more secure, of course. Do I think they are actively working on the problem, yes. If Novell or Mac had risen to the top of the OS heap, would they be catching all the viruses now? I think they would. Really, my point was not to argue this, but that there is no justification for malicious code, that you can't simply pawn it off on MS as being the real problem. By doing that, you are saying that people creating spyware and viruses are not culpable for their actions, that they should be allowed to create havoc and destroy systems, because really they are only leveraging 'features' built into the operating system.
----- Original Message ----- From: "Niels Bakker" <niels=nanog@bakker.net> To: <nanog@merit.edu> Sent: Wednesday, July 14, 2004 3:31 PM Subject: Re: Spyware becomes increasingly malicious
Sorry, it was a _technical_ question - is MAC OS known as having
argue pests
and ad-ware in the comparable numbers (if any)?
* stepnwlf@magma.ca (John Underhill) [Wed 14 Jul 2004, 19:45 CEST]:
This is spurious logic. You are suggesting that Mac is a more secure operating system, and I would suggest that it is probably far less secure, because it has not had to withstand years of unearthing vulnerabilities in the code.
It has. Darwin is based on years of development in BSD code.
-- Niels.
-- Today's subliminal thought is: