Author Topic: Directly running a .zip, kinda  (Read 24010 times)

0 Members and 2 Guests are viewing this topic.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Directly running a .zip, kinda
« Reply #45 on: February 21, 2006, 01:32:39 am »
@Sidoh:

You pay for MSDN subscription then you have access to Vista, what are you getting at?

Are you implying that an average member of society is going to fork over $2,400 (or something along those lines) for a copy of an OS they can probably buy for $600 or less in a few months?  Hahahaha.

Again: publically available means it's available to the public, not indirectly available to the public through means of subscription to an extremely expensive technical organization.

Also, I'm not going to take him "being an informed person" from you unless I see some degrees in the feilds of security coming out because anything else is just another user stating something withought information to back it up. It isn't my fault you can't backup your claims so you both resort to personal attacks to feel like you're worth something

I could easily call you both fucking retards for even touching Linux.

Okay, fine.  I'll do some Google searches for you.  Be aware: I'm not going to review the articles I assume are relevant.  I'm not going to waste my time teaching you something that your damned intuition should tell you is true:

http://reviews.cnet.com/4520-3513_7-6436607-1.html
http://www.cdrinfo.com/Sections/News/Details.aspx?NewsId=10606
http://www.cnet.com/4520-10192_1-6378864-1.html
http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/
http://www.theregister.co.uk/security/security_report_windows_vs_linux/#cert
http://www.michaelhorowitz.com/Linux.vs.Windows.html

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Directly running a .zip, kinda
« Reply #46 on: February 21, 2006, 01:35:10 am »
Linux boxes aren't the main target for quite a few reasons.

1. Persons running *nix usually have much more experience than your average windows user.  This in turn means that they usually have more experience implementing better security than your average windows user. 

Oh yes, an experienced sysadmin will stop a hacker with an exploit? Especially ones that allow a hacker to obtain control remotely.

2. Most major exploits for *nix are local, this means that you must already have some kind of access to a command line on the box to even try to execute the vulnerability. Sure more and more rce (remote code execution) exploits appear everyday, but this only gives the hacker access to a make-shift shell, and as I stated in point one, the average *nix administrator has more experience w/security, meaning most *nix boxes today have hardening patches installed (these tend to keep hackers out).

So you presented an argument then took it down yourself then attempted to defend it again? Okay. Once they have access to the "make shift shell" it is more probable that there is already nothing that can be done right? Also not all hacks are found and documented right away because not all hackers help the security sites.

3. It is much harder to hide things on a *nix system.  If you haven't noticed, there are many different flavors of *nix.  This being true, it is much harder to develop a standard rootkit.  Sure shv5 works on a portion, but there are hardly any for freebsd.  In retrospect, if you look at windows there are numerous rootkits, backdoors, and ways to hide things away from the administrator.  Ever hear of ntfs streams?  So simple yet almost completey undetectable to the average user.

Also, if most 'hackers' targeted *nix so much it would get much more attention from the government.  I guess you've never seen what 17 kaitens can do compared to a couple thousand bots.  There are so many more reasons why *nix is a lesser target than windows to hackers, including one huge one that I didn't bother to mention.

State the last one because other from this one I see no others in your post helping you at all.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Directly running a .zip, kinda
« Reply #47 on: February 21, 2006, 01:37:56 am »
@Sidoh:

You pay for MSDN subscription then you have access to Vista, what are you getting at?

Are you implying that an average member of society is going to fork over $2,400 (or something along those lines) for a copy of an OS they can probably buy for $600 or less in a few months?  Hahahaha.

I'm the public and it's availible to me "Publicly availible", it's good enough to be used in an argument then it seems.
Can't fight fire with fire on Vista so you're trying to make me fall back to XP? Cmonnnn

Also, I'm not going to take him "being an informed person" from you unless I see some degrees in the feilds of security coming out because anything else is just another user stating something withought information to back it up. It isn't my fault you can't backup your claims so you both resort to personal attacks to feel like you're worth something

I could easily call you both fucking retards for even touching Linux.

Okay, fine.  I'll do some Google searches for you.  Be aware: I'm not going to review the articles I assume are relevant.  I'm not going to waste my time teaching you something that your damned intuition should tell you is true:

http://reviews.cnet.com/4520-3513_7-6436607-1.html
http://www.cdrinfo.com/Sections/News/Details.aspx?NewsId=10606
http://www.cnet.com/4520-10192_1-6378864-1.html
http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/
http://www.theregister.co.uk/security/security_report_windows_vs_linux/#cert
http://www.michaelhorowitz.com/Linux.vs.Windows.html

Hmm maybe I should google random sites with the keyword "Linux sucks" and not review them, when you decide to review them (Seeing the first one hardly even spoke of Windows other than safe IE browsing habbits) then I'll takethe time to review the rest. Until then you still stand withought proof.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline ink

  • Newbie
  • *
  • Posts: 74
    • View Profile
Re: Directly running a .zip, kinda
« Reply #48 on: February 21, 2006, 01:43:56 am »
You really need to stop with the sarcasm, doesn't prove a thing but your immaturity and your incompitence to defend your own arguement.

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Directly running a .zip, kinda
« Reply #49 on: February 21, 2006, 01:45:48 am »
I see you've probably lost the ability to argue any further, therefore after your friend and Sidoh give up then I win. I am now going to start ignoring your posts as they are insignificant.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline mc0

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Directly running a .zip, kinda
« Reply #50 on: February 21, 2006, 01:50:46 am »
Oh yes, an experienced sysadmin will stop a hacker with an exploit? Especially ones that allow a hacker to obtain control remotely.

Obviously experienced sysadmins do stop hackers with exploits.  Thus the intarweb exists today! HARR

So you presented an argument then took it down yourself then attempted to defend it again? Okay. Once they have access to the "make shift shell" it is more probable that there is already nothing that can be done right? Also not all hacks are found and documented right away because not all hackers help the security sites.

There's much that can be done. Remove the offending software, make sure that certain users&groups are given a null shell, update software, the list goes on. You are correct that not all vulnerabilities are published right away.  This is where those magical little things I mentioned called hardening patches come in.  Even w/out a hardening patch, disable wget/fetch/curl/gcc/etc for your user accounts that don't need them.  There are not many remote root vulnerabilites for *nix.

State the last one because other from this one I see no others in your post helping you at all.

Do I really have to? Ever notice how many people complain about spyware/adware? Why do you think all that keeps getting installed? It must serve a purpose somewhere .. oh yeah, that's right .. someone gets PAID to install that stuff. Who woulda thunk?

Also, see my edit.

Offline ink

  • Newbie
  • *
  • Posts: 74
    • View Profile
Re: Directly running a .zip, kinda
« Reply #51 on: February 21, 2006, 01:52:37 am »
Quote
I see you've probably lost the ability to argue any further, therefore after your friend and Sidoh give up then I win. I am now going to start ignoring your posts as they are insignificant.
ROFL HAHA. wow. really man. thats good stuff. Considering you don't address half the thing's we do mention, and half the ones you do address are just retarded sarcastic remarks.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Directly running a .zip, kinda
« Reply #52 on: February 21, 2006, 01:53:03 am »
Oh yes, an experienced sysadmin will stop a hacker with an exploit? Especially ones that allow a hacker to obtain control remotely.

No, but they stand much more of a chance than a script kiddie vs. an average Windows user.

State the last one because other from this one I see no others in your post helping you at all.

I thought all of his points were completely rational and defensive points.  Just because you accuse them of not being good points doesn't mean they aren't.

I'm the public and it's availible to me "Publicly availible", it's good enough to be used in an argument then it seems.
Can't fight fire with fire on Vista so you're trying to make me fall back to XP? Cmonnnn

Vista isn't publicly available.  That's pretty obvious, I think.  It hasn't been released; it isn't available to the public.  That's obvious.

No, this topic is talking about Windows, thus that's what I'm discussing.  You drug Vista into it.

Hmm maybe I should google random sites with the keyword "Linux sucks" and not review them, when you decide to review them (Seeing the first one hardly even spoke of Windows other than safe IE browsing habbits) then I'll takethe time to review the rest. Until then you still stand withought proof.

From the brief glancings I did of the articles, they looked like definitive proof.  Why don't you check them out?

I see you've probably lost the ability to argue any further, therefore after your friend and Sidoh give up then I win. I am now going to start ignoring your posts as they are insignificant.

Haha, you think I'm going to give up?  I think that my previous debating encounters with you would tell you otherwise.  Personally, I think you're making yourself look like a fool.  I'm probably doing the same by arguing with you, but that's okay.  I'm stubborn.

Concurrently, I'd like to state that I agree with ink.  Your scarcasm does nothing for your argument.  It's nothing but an annoyance.

Offline ink

  • Newbie
  • *
  • Posts: 74
    • View Profile
Re: Directly running a .zip, kinda
« Reply #53 on: February 21, 2006, 02:02:06 am »
Warrior, I've noticed this whole time you've been on the defensive, always responding to what we have to say.
Why not support your side of the arguement instead of just trying to cut ours down?

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Directly running a .zip, kinda
« Reply #54 on: February 21, 2006, 02:32:48 am »
Oh yes, an experienced sysadmin will stop a hacker with an exploit? Especially ones that allow a hacker to obtain control remotely.

Obviously experienced sysadmins do stop hackers with exploits.  Thus the intarweb exists today! HARR

Not before much damage is done, unless he is vigilant 24/7 eventually he'll be caught with his pants down and all he'll be able to do is recover. I don't doubt that if they notice something happening it can't be stopped, of course it can.

So you presented an argument then took it down yourself then attempted to defend it again? Okay. Once they have access to the "make shift shell" it is more probable that there is already nothing that can be done right? Also not all hacks are found and documented right away because not all hackers help the security sites.

There's much that can be done. Remove the offending software, make sure that certain users&groups are given a null shell, update software, the list goes on. You are correct that not all vulnerabilities are published right away.  This is where those magical little things I mentioned called hardening patches come in.  Even w/out a hardening patch, disable wget/fetch/curl/gcc/etc for your user accounts that don't need them.  There are not many remote root vulnerabilites for *nix.

What is a "hardening patch"? You do however make some good points I'll admit, but I'll mention like above that caught off guard, it really depends when you notice it happening. I doubt you'd want to cripple your system like said above withought a good reason right? So am I correct that disabling all that stuff is usually not done off the bat?

State the last one because other from this one I see no others in your post helping you at all.

Do I really have to? Ever notice how many people complain about spyware/adware? Why do you think all that keeps getting installed? It must serve a purpose somewhere .. oh yeah, that's right .. someone gets PAID to install that stuff. Who woulda thunk?

Well yes, companies advertise their product..just via shady ways..I don't know what you're suggesting here however.

About that milw0rm thing I'd point out the Linux page: http://milw0rm.com/parse.php?platform=linux
But yes, no one is hiding the fact that Windows has exploits. Are these unpatched or what? I saw the first few regarding media players 9 and 10 but there have been a few patches for them. So I don't know.

One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Directly running a .zip, kinda
« Reply #55 on: February 21, 2006, 02:36:43 am »
Oh yes, an experienced sysadmin will stop a hacker with an exploit? Especially ones that allow a hacker to obtain control remotely.

No, but they stand much more of a chance than a script kiddie vs. an average Windows user.

Agreed, sorta sad they get them in the first place.

State the last one because other from this one I see no others in your post helping you at all.

I thought all of his points were completely rational and defensive points.  Just because you accuse them of not being good points doesn't mean they aren't.

Well when I argue them, I'll assume that they've been effectively countered. Of course he proved me wrong so it was again open for discussion.

I'm the public and it's availible to me "Publicly availible", it's good enough to be used in an argument then it seems.
Can't fight fire with fire on Vista so you're trying to make me fall back to XP? Cmonnnn

Vista isn't publicly available.  That's pretty obvious, I think.  It hasn't been released; it isn't available to the public.  That's obvious.

No, this topic is talking about Windows, thus that's what I'm discussing.  You drug Vista into it.

Last I checked Vista is Windows.

Hmm maybe I should google random sites with the keyword "Linux sucks" and not review them, when you decide to review them (Seeing the first one hardly even spoke of Windows other than safe IE browsing habbits) then I'll takethe time to review the rest. Until then you still stand withought proof.

From the brief glancings I did of the articles, they looked like definitive proof.  Why don't you check them out?

The first few I discussed IE security and such but had no real proof showing why Windows is a valid target for hackers. I still don't believe so.

I see you've probably lost the ability to argue any further, therefore after your friend and Sidoh give up then I win. I am now going to start ignoring your posts as they are insignificant.

Haha, you think I'm going to give up?  I think that my previous debating encounters with you would tell you otherwise.  Personally, I think you're making yourself look like a fool.  I'm probably doing the same by arguing with you, but that's okay.  I'm stubborn.

How am I making myself look like a fool exactly? As of yet there still isn't an argument I havn't countered and the only one even giving substatial argument is mc0.

Concurrently, I'd like to state that I agree with ink.  Your scarcasm does nothing for your argument.  It's nothing but an annoyance.

It shows how stupid your point was, else you wouldn't get it unless I laugh at it.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline ink

  • Newbie
  • *
  • Posts: 74
    • View Profile
Re: Directly running a .zip, kinda
« Reply #56 on: February 21, 2006, 03:40:58 am »
Quote
As of yet there still isn't an argument I havn't countered

As of yet, you havn't given us an argument to counter.

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Directly running a .zip, kinda
« Reply #57 on: February 21, 2006, 06:07:56 am »
Quote
As of yet there still isn't an argument I havn't countered

As of yet, you havn't given us an argument to counter.

Maybe if you read and didn't dodge what I said. You primarily, you stopped being important a while ago.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline ink

  • Newbie
  • *
  • Posts: 74
    • View Profile
Re: Directly running a .zip, kinda
« Reply #58 on: February 21, 2006, 08:10:56 am »
Riiight

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Directly running a .zip, kinda
« Reply #59 on: February 21, 2006, 08:48:15 am »
Ok, I just have to say one thing.  This is the STUPIDEST argument I've EVER heard.  Warrior, you're a total idiot with no facts.  You don't listen to other people's arguments, and you ignore the obvious.  I'm not even going to bother carrying this on because it's so bloody ludicrous. 

Windows is attacked MUCH more frequently by viruses and worms.  And that's what we're discussing here!  The fact that they have filename extensions off by default makes these attacks easier.  I don't think anybody could deny it.  That's it!  The argument here is over.  Ok?

This has ABSOLUTELY NOTHING to do with Linux or any other OS.  Stop making everything into an OS flame war!  This has only to do with a stupid decision made by Windows.  THAT'S IT! 

So please, cut it out with this stupid, stupid argument.