Microsoft V Hackers: Who Is Really At Fault?

[dbrown]

if you have to run windows programs, have you considered a dual boot system
or maybe even WINE, the windows emulator for BSD
also i think the problem may be that while businesses run UNIX-based
most home computers run windows and since it is probably the most common OS
it is most likely to be the most targeted
why write a virus that would only effect 25% of the computers out there?

[dannyp]

Microsoft V hackers: who is at fault?

both of course. although hackers have the motive, microsoft does not. if you're out to blame microsoft go right ahead but it doesn't help anything.

</span><blockquote><span class="smallfont">Quote:</span><hr size="1" />Originally Posted by (Gwala)
Ahuh, and you dont look at that and say 'hey, there are THOUSANDS of patches, maybe we should help the user update them every ten nano-seconds when another fault exists'. I am a programmer, I am also a proffessional security analysist (read: whitehat).<hr size="1" /></blockquote><span class='postcolor'>

which certifications do you have? what do you code?

</span><blockquote><span class="smallfont">Quote:</span><hr size="1" />Originally Posted by (Gwala)
Microsoft IS negligent, would you like to know why these problem's exist? buffer overflow's are the result of poor programming, believe it or not, if you send a dynamically-sized variable, into a fixed sized one, then you really wonder what you were trying to do when you set it to be fixed in the first place. <hr size="1" /></blockquote><span class='postcolor'>

although buffer overflows are a gigantic reason for many operating systems vulnerabilities, linux and bsd have them as well. though, they both are more adamant about fixing the issues for the betterment of the os, rather than in microsofts case the cost value. buffer overflows will exist for quite some time as long as there are memory limits and programs able to take advantage of them. If you don't believe me try researching DDoS attacks and find a perfect well rounded working defense for all buffer overflow situations.

</span><blockquote><span class="smallfont">Quote:</span><hr size="1" />Originally Posted by (Gwala)
Take a look at linux, it generally suffer's from less of these incursions for two reasons I can think of:
1) Linux programmer's tend to look for peer acceptance of their code, thus check it, and try make it as well written as possible
2) Code is then reviewed before endering the Kernel<hr size="1" /></blockquote><span class='postcolor'>

Re: 1. sure, but at a pace that they want, its not driven for the buisness market, and is not updated nearly enough for high buisness standards.
Re: 2. yes but you hang from Linus' nuts if its not approved. similar to WinNT kernel and Gates.

</span><blockquote><span class="smallfont">Quote:</span><hr size="1" />Originally Posted by (Gwala)
Then look at microsoft programmer's:
1) I'm being paid to write this, not to write it well
2) My boss isnt going to check this.<hr size="1" /></blockquote><span class='postcolor'>

Re: 1. i'm not going to defend microsofts programmers, but i'm sure they are kept buisy maybe not the os thats been known to have problems and whatnot, but they're working on the next big thing thats going to make them their gripfulls of money.
Re. 2. i wouldn't say that but i agree that more time needs to be spent sensitivity testing the software for total exploitation.
but consider this: if you release a program to the public, with say, 200 million users, do you think they will find at least some kind of fault in your small program? I assure you someone would if they wanted to, and just let me propose just for a second that you were a big corporate evil empire. theres no doubt in my mind that people would be going against you. so yeah microsoft has a lot of vulnerabilities, but thats because people a. dislike them and/or b. are so many users to test and break the software.

</span><blockquote><span class="smallfont">Quote:</span><hr size="1" />Originally Posted by (Gwala)
Thus you have a clear divide that could be called negligence. Consider a comparison with the car industry, if say GM didnt crash-test their vehicles, and thouroughly test them, they would be negligent, why should the software industry be any different, when we have nuclear reactor's running on WinNT (which incidentally was the cause of that major blackout)<hr size="1" /></blockquote><span class='postcolor'>

your logic seems more negligent to me than microsoft not testing their software, you don't see the big picture. No matter what there is going to be a way to mess with a program, unless the hardware is controlled, and even then human inginuity will overcome that.

you think you're all about different things but at the core you're just playing in. if you don't believe me consider that redhat linux is one of the main os's for dell, solaris and sun microsystems, mac OS X are all in competition easily, and you're feeding money to some of them in some way weather you're aware of it or not, they play off of eachother. Just read into the economics of it a bit. consider the money being shuffled around in the various companies microsoft holds stock in, i'm sure you buy or use any of those services or goods. If you're truely against the corporation you would research it a bit and stop being so thickheaded. "oh they're stupid they can't blah bla blah" well step in the shoes of those programmers, they get paid to get it to work on a time crunch most likely, and i KNOW they can't test it to the extent that all of the M$ users/abusers can. Try to take a step back and try to stop being so operating system zealous. I will agree that I prefer not to feed into corporate scum. But i try to learn how to use most of the said operating systems powerfully (Linux, Mac OS X, Solaris, Unix, BSD, Windows all versions)

personally i find it funny that all these 'linux is best' quotes are pushed around when whats really the amazing thing is open source.


edit: i'd post direct replies to everyone but it would get ridiculously lengthy as if it isn't already.

anyway i also wanted to point out that Evios had probably the most sensable reply on this topic.

[dannyp]

[Scribbler1]

After reading all of this, I wish Commodore hadn't gone out of business, or more correctly, ruined by it's executives. My old Commie 64 was impervious to hackers and viruses, as the OS was hardware based, not software. I'm not a programmer (anything past basic anyway) but I think with Windows being such bloatware the Commodore as it was built would probably fill a room!

As for Microsoft, while Windows IS vulnerable and buggy, it's still HUGE and they can be forgiven for missing a few grains of sand on the beach. Also, the hackers are mostly kids,around 16 or so, I think, and for some reason they seem to adapt to computers faster than any other age group I can think of. I've been using computers in one form or another for almost 20 years and taugh my kid everything I knew, and within a couple of years picked up so much he made me feel like an illiterate fool. :)
But here's a possible solution. Amend the laws to force convicted hackers to do 10 years of work for Microsoft, where they can be put to good use!

[dannyp]

forcing people to do work (for microsoft)? thats gotta go against so many civil liberties.

it would be funny and quite ironic if that were the case though.

[Scribbler1]

</span><blockquote><span class="smallfont">Quote:</span><hr size="1" />Originally Posted by (dannyp,)
forcing people to do work (for microsoft)? thats gotta go against so many civil liberties.

it would be funny and quite ironic if that were the case though.<hr size="1" /></blockquote><span class='postcolor'>

I dunno. Convicted felons, after release can't vote or own a gun regardless of what put them in there. Convicted sex offenders, after serving their time must register in whatever area they move to (so much for paying your debt to society). In Wilmington, Delaware, they are creating a law which bars anyone with a criminal record from working at the Port of Wilmington. So what's another civil liberty among friends, eh? You give up a lot more than time when you go to prison.
But if so many non violent offenders can be sentenced to community service in place of jail time, why NOT make hackers work for Microsoft (and for free, too)? They're malicious little bastards but they're clever, and if forcing a few dozen maladjusted computer geeks to spend their time doing nothing but finding flaws in Windows before the outside world does, so much the better. This country's prison system is simply warehousing, and the word "rehabilitation" isn't even used anymore. So what's wrong with these punks doing something good for the country instead of three hots and a cot, with all the priveleges, all paid for by our taxes. Besides, considering they would be sentenced to do what they did that got them busted anyway is hardly punishment, and they would be doing us a great service by showing Microsoft the holes in their software before some other business loses all it's records or someone's 3 year in the making novel goes poof.

Besides, it's probably better then my first idea of having them all shot.

[Sean]

Yea, but would you, as a clever hacker, really do the job right? I probably would make my each one of my codes slightly harm the company if I was forced to work for them :)

</span><blockquote><span class="smallfont">Quote:</span><hr size="1" />Originally Posted by
Use Linux.<hr size="1" /></blockquote><span class='postcolor'>
The problem with this-- if everyone used linux, viruses would be written for linux.

it's not relly microsoft's fault for having more users than anyone else.

and dont tell me that linux is oh so much more secure than windows, because im sure some crafty hacker could destroy just as bad or worse than they could windows.

[Scribbler1]

</span><blockquote><span class="smallfont">Quote:</span><hr size="1" />Originally Posted by (Sean,)
Yea, but would you, as a clever hacker, really do the job right? I probably would make my each one of my codes slightly harm the company if I was forced to work for them :)<hr size="1" /></blockquote><span class='postcolor'>

Good point. But don't hackers do this stuff for more than just malicious destruction? I think most of them like the kick from showing the world how clever they are. After all, I don't think there's any money in it and there's CERTAINLY no widespread recognition (I don't expect to see "The 2004 Hacker of the Year" awards on NBC anytime soon).
So maybe we can turn their mindset around. It's worth a try anyway. Just say, "if you're so smart, then show us by fixing this program so NOBODY will be able to hack it, and that'll prove you're the best of the best". Also, like in the bank where I work, although they do a serious screening on you before you're hired, they STILL randomly watch what you're doing and the threat of immediate firing is always there. So just tell them not only can they prove how smart they are, they will also get 20 years on a Georgia labor farm if they deliberately screw up.
I don't have all the answers, but if they can find some teenager downloading MP3s I think they could do a little more to find the hackers.

Then again, there IS my other idea. :)

[Compugasm]

I noticed corporate software policy for the last 2 companies I worked for said "Microsoft Only". Meaning they used Outlook exchange, SQL Server, etc... So, the legions of people these companies employed, use the MS Office suite. Very efficient. I would also say that 90% of those people only care enough about computers to do their work and get paid. Knowledge of Mac/Unix/Win software to email is redundant.

You could make the argument that Hackers improve the sofware we use. But, did those "improvements" really NEED to be made? It ultimately makes the software more difficult to use as well. As I said, most people just wanna get paid and go home to a hot pocket and "survivor". Instead of emailing, I'm navigating subwindow after subwindow of security tab settings and configuration options.

In that respect, I blame MS for not making the software "secure" to begin with, and hackers for adding to the complexity, time, and cost it takes me to complete a task.

[rcne]

Linux and crossover office are nice and stable. Yet I still can't deploy Linux since all my apps won't work on it yet.

I find 'hundreds of patches' to be the root of the MS problem. Oh yeah, they want you to allow MS in for auto updates - right....wasn't that one of the ways the virus was spread?

MS support is only to fix their security holes - can we all say 'back door'.

MS should stick with their flagship - MS office - thats their cash cow anyhow.

When Linux matures - MS will lose 100 licenses. (I've been with MS since word 1.1) Feature not available when checking a help option...yeah those were the days,

[localr00t]

Well...The hacker mentality hasn't even been mentioned here. Hacking is all about exploring, not "0wn1ng j0ur b0x"...no no no....that is a scriptkiddie, (a lower form of human beings, hacker wannabes with large egos.) exploration being the key word here, what did Billy think people were going to do with his bloated piece of crap?...
Hackers are not at fault here. Microsoft should think about people first, then think about their money. spyware, adware, iDOWNLOAD (Heh-he) and others in the same category are ALL seemingly Microsoft products.

Linux on the other hand...i
Linux is developed by ethical smart, ingenious programmers that have been programming since age 10. Now with these guys watching everything that happens to microsoft, they learn. and once linux becomes mainstream, and spywares && viruses start being programmed in mass quantities, generious programmers will immediatley put this to a halt...
Spyware, viruses and adware will nevereverevernever flourish in the world of open source.

/rant
SO microsoft is at fault here, they should make good clean OOP free code. (damned be OOP)

[castille]

Ok nerd boy, I get your point, Linux is God

The assumption you make is that:

1) 99% of the world, most of whom don't even know how to put a computer together, isn't going to know how to use linux. Linux was made by nerds, for nerds, not regular people.

2) Once linux becomes more popular, there WILL be viruses, spyware, etc made for Linux users. Remember that the criminals are always one step ahead of the law.

3) Microsoft has something called "customer support", manned by professional technicians who are paid. As for Linux? Dream on. Linux needs to be commericial to become popular, because you're gonna get a shitload of idiots calling tech support with dumb questions.


As for hackers, don't forget the ones who do it for profit. Namely, the people who make shit like adware/dialers.