Vista - Vista Internet Security/anti-virus?

A question I've always had: How do you know you've never had a virus if you
have nothing that can detect them? Let's face it, many bugs can run hidden
in the background, even in linux, and are not easily detected. I don't
disagree that a knowledgable user can run without any AV (I do it
frequently), but to recommend that one run without it is irresponsible,
regardless of the OS in use. Linux distros aren't any more secure than
Windows, they are just targeted less frequently.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org

"Alias" <aka@maskedandanonymous.eu> wrote in message
news:eoe4vs$1ri$1@aioe.org...
> Bob wrote:
>> I see you know nothing about security.
>
> Yeah, so little that I have never gotten a virus or malware with either
> Windows or Linux. Yeah, I know nothing.
>
> I do have a hard firewall through my router, but, other than that, my
> Ubuntu has no software firewall or AV and needs none.
>
> Alias
>>
>>
>> "Alias" <aka@maskedandanonymous.eu> wrote in message
>> news:eodt5f$gg2$1@aioe.org...
>>> Robert Moir wrote:
>>>> On 2007-01-14 18:20:09 +0000, Alias <aka@maskedandanonymous.eu> said:
>>>>
>>>>> Panic wrote:
>>>>>> I "heard" that Vista incorporates Internet Security and Anti-virus
>>>>>> ability so 3rd party programs are not required. Is that true?
>>>>>>
>>>>>
>>>>> No, it isn't. If you want MS' One Care anti virus program, you gotta
>>>>> pay for it as it doesn't come bundled with any flavor of Windows.
>>>>>
>>>>> Of course, if you were to upgrade to Ubuntu, you wouldn't need to
>>>>> worry about Internet security or viruses.
>>>>>
>>>>> Alias
>>>>
>>>> Since when has Linux been totally immune to Internet security. Remember
>>>> "Hackers Love Ramen Noodles"?
>>>
>>> Yawn. I see you know nothing about the latest Linux distros.
>>>
>>> Alias
>>

Rick Rogers wrote:
> A question I've always had: How do you know you've never had a virus if
> you have nothing that can detect them? Let's face it, many bugs can run
> hidden in the background, even in linux, and are not easily detected. I
> don't disagree that a knowledgable user can run without any AV (I do it
> frequently), but to recommend that one run without it is irresponsible,
> regardless of the OS in use. Linux distros aren't any more secure than
> Windows, they are just targeted less frequently.
>

That isn't true. Even if you were stupid enough to install malware on a
linux platform, and you would have to knowingly do it, you can isolate
the user account, make another, import your data and then either delete
or ignore the affected account. Windows, OTOH, lets it infect all users
and the core of the software.

Alias

Colin Barnhorst wrote:
> Is that why I had 90 updates and vulnerability patches download and
> install right after I install Ubuntu 6.10?

I didn't have any and I had 204 to the stable version, 6.06. You're
using a version in development.

Alias
>
> "Alias" <aka@maskedandanonymous.eu> wrote in message
> news:eods8e$e43$2@aioe.org...
>> Panic wrote:
>>> I "heard" that Vista incorporates Internet Security and Anti-virus
>>> ability so 3rd party programs are not required. Is that true?
>>>
>>
>> No, it isn't. If you want MS' One Care anti virus program, you gotta
>> pay for it as it doesn't come bundled with any flavor of Windows.
>>
>> Of course, if you were to upgrade to Ubuntu, you wouldn't need to
>> worry about Internet security or viruses.
>>
>> Alias
>

Well, that is one major change in Vista, as all software should run within
the user's environment instead of crapping all over all user accounts. Plus,
the new file protection scheme prevents changes to core system files.

Funny, isn't it, how some parts of Windows are so similar to Linux, yet
people are willing to pay for one over installing the other for free?

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org

"Alias" <aka@maskedandanonymous.eu> wrote in message
news:eoebbe$hj0$1@aioe.org...
> Rick Rogers wrote:
>> A question I've always had: How do you know you've never had a virus if
>> you have nothing that can detect them? Let's face it, many bugs can run
>> hidden in the background, even in linux, and are not easily detected. I
>> don't disagree that a knowledgable user can run without any AV (I do it
>> frequently), but to recommend that one run without it is irresponsible,
>> regardless of the OS in use. Linux distros aren't any more secure than
>> Windows, they are just targeted less frequently.
>>
>
> That isn't true. Even if you were stupid enough to install malware on a
> linux platform, and you would have to knowingly do it, you can isolate the
> user account, make another, import your data and then either delete or
> ignore the affected account. Windows, OTOH, lets it infect all users and
> the core of the software.
>
> Alias

On Sun, 14 Jan 2007 16:04:25 -0500, Rick Rogers wrote:

> A question I've always had: How do you know you've never had a virus if
> you have nothing that can detect them?

The biggest threat to a Linux machine is a direct attack by a hacker on
that specific box. Hackers are usually after valuable financial,
corporate, and government databases (and the desktop machines that are
often the gateway to the database). Linux sysadmins religiously use
various intrusion detectors and kernel capabilities which by their nature
would also catch file changes due to viruses, spyware, etc. Being
open source, those same tools are readily available at no cost to home
users paranoid enough to care.

> Let's face it, many bugs can run hidden in the background, even in
> linux, and are not easily detected.

Enough Linux desktop machines are tightly secured that it's simply not
credible that there are Linux viruses floating around out there that
haven't triggered someone's security system.

> I don't disagree that a knowledgable user can run without any AV (I do
> it frequently), but to recommend that one run without it is
> irresponsible, regardless of the OS in use.

"Prevention" is approached a little differently under Linux. Rather than
relying on A/V scanners to catch infections after the fact, the developers
issue immediate patches for any specific vulnerabilities that the virus
or worm needs to get a toehold. If the virus takes advantage of an
algorithmic weakness then the algorithms will also be changed so the virus
can't simply be tweaked a little and used again.

This system works a lot better for Linux users than it would under Windows
because a) open source means that a single updater can cover all of a
user's applications as well as the core system; and b) we're more
comfortable enabling automatic updates because, unlike Microsoft, Linux
distributors don't abuse updates to shut down our systems, force
"features" on us that we don't want, or infect our machines with nasty
things like DRM, WGA(N), etc.

> Linux distros aren't any more secure than Windows, they are just
> targeted less frequently.

They're targeted less frequently because the channels by which malware
automatically spreads under Windows are very effectively blocked under
Linux. Email attachments aren't executed, the browser is a userland
application instead of being foolishly woven into the kernel, applications
in the consumer-oriented distro's are only installed from an approved
repository, etc. This will remain so no matter how much of the market
Linux gains in the future.

"arachnid" <none@goawayspammers.com> wrote in message
newsan.2007.01.14.23.13.26.409693@goawayspammers.com...
> On Sun, 14 Jan 2007 16:04:25 -0500, Rick Rogers wrote:
>
>> A question I've always had: How do you know you've never had a virus if
>> you have nothing that can detect them?
>
> The biggest threat to a Linux machine is a direct attack by a hacker on
> that specific box. Hackers are usually after valuable financial,
> corporate, and government databases (and the desktop machines that are
> often the gateway to the database). Linux sysadmins religiously use
> various intrusion detectors and kernel capabilities which by their nature
> would also catch file changes due to viruses, spyware, etc. Being
> open source, those same tools are readily available at no cost to home
> users paranoid enough to care.

Well, my main point here was that it was being inferred that there is no
need for protection if you are running linux, when in fact there is. Open
source is available to hackers as well as the sysadmins.

>> Let's face it, many bugs can run hidden in the background, even in
>> linux, and are not easily detected.
>
> Enough Linux desktop machines are tightly secured that it's simply not
> credible that there are Linux viruses floating around out there that
> haven't triggered someone's security system.

It is credible, just because you don't see it doesn't mean it doesn't exist.
We're talking users, not sysadmins here. You only need one unguarded
machine. There are plenty around that have no idea what is going on with
their systems. Linux and Vista are both tightly secured, but there are
already 'proof of concept' bugs for both.

>> I don't disagree that a knowledgable user can run without any AV (I do
>> it frequently), but to recommend that one run without it is
>> irresponsible, regardless of the OS in use.
>
> "Prevention" is approached a little differently under Linux. Rather than
> relying on A/V scanners to catch infections after the fact, the developers
> issue immediate patches for any specific vulnerabilities that the virus
> or worm needs to get a toehold. If the virus takes advantage of an
> algorithmic weakness then the algorithms will also be changed so the virus
> can't simply be tweaked a little and used again.

The number one way these vulnerabilities come to light is immediately after
a bug is written to exploit it. Like Window developers, they are re_acting,
not pro_active. One of the downsides of the many iterations of Linux is that
there is not one central developer releasing updates to protect them all.
You are beholden to the distributor of your version for assistance. While
Linux proposes to be a collaberative effort, it is often very devisive
instead.

> This system works a lot better for Linux users than it would under Windows
> because a) open source means that a single updater can cover all of a
> user's applications as well as the core system; and b) we're more
> comfortable enabling automatic updates because, unlike Microsoft, Linux
> distributors don't abuse updates to shut down our systems, force
> "features" on us that we don't want, or infect our machines with nasty
> things like DRM, WGA(N), etc.

a) That's great provided the developer remains interested or involved and
has enough time to work for free. The hobbiest nature of the home user
distributions is one of the reasons Linux does not become more widely
accepted.

b) No doubt that some updates are pushed out unnecessarily. I dislike DRM,
WGA as much as you, but it is Microsoft's operating system to do with as
they please. If they displease enough consumers, the market will shift.

>> Linux distros aren't any more secure than Windows, they are just
>> targeted less frequently.
>
> They're targeted less frequently because the channels by which malware
> automatically spreads under Windows are very effectively blocked under
> Linux. Email attachments aren't executed, the browser is a userland
> application instead of being foolishly woven into the kernel, applications
> in the consumer-oriented distro's are only installed from an approved
> repository, etc. This will remain so no matter how much of the market
> Linux gains in the future.

Study up on the changes made in Vista, much of which you just stated is
implemented in the Vista user experience. Also, it's funny how people
complain about proprietary software for Windows, yet in Linux you must also
get your applications from an approved repository.

I have a Windows/Mac comic based on the recent Apple commercials that goes
like this:

Mac: Hi, I'm a Mac. Obviously because I'm a young hip guy.
Win: And I'm the nerdy old loser, so apparently I'm a pc.
Mac: Yep, no thinly-coated subliminal imagery here at all.
Win: Whew, I don't feel well. I think I caught a virus. There were over
one-hundred thousand viruses for pc's last year.
Mac: Ahh, yeah. On pc's. Not on Mac's though.
Win: Wow, is that because Mac's have superior protection and antivirus and
stuff?
Mac: No, it's.....well....nobody even bothers trying to make viruses for the
Mac. I think they figure Mac users are suffering enough already.
Win: Wow, you can't even get negative attention. That's sort of depressing.
Mac: Yeah, I cry myself to sleep a lot....

Substitute Linux for Mac, as it's the same effect. Linux is not targeted, so
development of attacks and the search for exploits is not as far along as it
is for Windows. If the market shifts to a predominantly Linux environment,
you can be assured that the virus development will shift similarly and
quickly advance. To think otherwise is to turn a blind eye.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org

Rick Rogers wrote:
> Well, that is one major change in Vista, as all software should run
> within the user's environment instead of crapping all over all user
> accounts. Plus, the new file protection scheme prevents changes to core
> system files.
>
> Funny, isn't it, how some parts of Windows are so similar to Linux, yet
> people are willing to pay for one over installing the other for free?
>

More people are willing to go the free route. If it weren't for the
insulting and demeaning WPA/WGA and all its flavors, I would have never,
ever even considered switching from Windows to Linux but here I am
posting from Ubuntu.

Alias

Rick Rogers wrote:
> Well, that is one major change in Vista, as all software should run
> within the user's environment instead of crapping all over all user
> accounts. Plus, the new file protection scheme prevents changes to core
> system files.
>
> Funny, isn't it, how some parts of Windows are so similar to Linux, yet
> people are willing to pay for one over installing the other for free?
>

Most likenesses that Windows and linux share are security features that
linux has had for a very long time and Windows is finally coming to have
recently. Linux actually has been of great benefit to Windows in
showing MS what a good security model actually is.


--
Priceless quotes in m.p.w.vista.general group:
http://protectfreedom.tripod.com/kick.html

"Good poets borrow; great poets steal."
- T. S. Eliot

--
Posted via a free Usenet account from http://www.teranews.com

Rick Rogers wrote:
> "arachnid" <none@goawayspammers.com> wrote in message
> newsan.2007.01.14.23.13.26.409693@goawayspammers.com...
>> On Sun, 14 Jan 2007 16:04:25 -0500, Rick Rogers wrote:
>>
>>> A question I've always had: How do you know you've never had a virus if
>>> you have nothing that can detect them?
>>
>> The biggest threat to a Linux machine is a direct attack by a hacker on
>> that specific box. Hackers are usually after valuable financial,
>> corporate, and government databases (and the desktop machines that are
>> often the gateway to the database). Linux sysadmins religiously use
>> various intrusion detectors and kernel capabilities which by their nature
>> would also catch file changes due to viruses, spyware, etc. Being
>> open source, those same tools are readily available at no cost to home
>> users paranoid enough to care.
>
> Well, my main point here was that it was being inferred that there is no
> need for protection if you are running linux, when in fact there is.
> Open source is available to hackers as well as the sysadmins.
>

So is Windows code, to those hackers that pay the right price. It has
already leaked and been up for sale:

http://it.slashdot.org/article.pl?si...96213&from=rss

Windows 2000 was cracked open and the code released too. The linux code
is much more secure because everyone has it, or can have it easily.
Which means that the developers had better do an excellent job combing
over the code for security vulnerabilities, because hackers will be
doing the same. The developers seem to be doing a good job so far as
linux (for a variety of reasons) is more secure than Windows. That
being said, I agree that even with linux, you can't completely disregard
securing your machine, no matter what it runs.


<snip>


--
Priceless quotes in m.p.w.vista.general group:
http://protectfreedom.tripod.com/kick.html

"Good poets borrow; great poets steal."
- T. S. Eliot

--
Posted via a free Usenet account from http://www.teranews.com

A quote from one smart man in British security firm
"If Windows and Linux had the same market share, 40%
of viruses will be written for Windows, 40% for Linux and
the 20% for both. This should be end of this discussion
Linux lovers.

"Alias" wrote:

> Panic wrote:
> > I "heard" that Vista incorporates Internet Security and Anti-virus ability
> > so 3rd party programs are not required. Is that true?
> >
>
> No, it isn't. If you want MS' One Care anti virus program, you gotta pay
> for it as it doesn't come bundled with any flavor of Windows.
>
> Of course, if you were to upgrade to Ubuntu, you wouldn't need to worry
> about Internet security or viruses.
>
> Alias
>