RE: The Death of TCP/IP

From: Wojtek Zlobicki [mailto:wojtekz@idirect.com]
Sent: Sunday, August 05, 2001 3:09 PM

<RANT>

Nothing other than anti-Microsoft propaganda. You cannot
blame Microsoft
for high market share.

But you can blame them for making Vbasic available to every email message
that wants to rape your system. Boy, what a brain-fart that was. It still
stinks. Repeat after me; nothing in an email message should be executable
without express and very deliberate operator intervention.

The main reason that *Nix hosts are generally more
resilient to these type of worms is that it is less likely for a non
informed administrator to administer a *Nix sever.

False. A very large portion of the *nux machines are in this sad condition.

If everyone that had a
IIS box available on the big I, installed all related
patches, worms like Code Red would never propagate very far.

Sure they would, you'd just never notice it. A *real* programmer would have
started CodeRed out at the current Level III version.

Raw socket support in NOT a bad thing. I wonder if Robert
Cringely and Steve Gibson are friends.

Now here, we agree.

"Say goodbye to TCP/IP and to anonymous connections of any
kind. Hello to
Hailstorm, tracking everything down to the last mile, and a more
business-friendly Internet with prioritized packet-handling. "

I've just been looking at Hailstorm, it sucks. Think "totalitarianism".
Think, re-enforcment of monopoly position.

> From: Wojtek Zlobicki [mailto:wojtekz@idirect.com]
> Sent: Sunday, August 05, 2001 3:09 PM
>
> <RANT>
>
> Nothing other than anti-Microsoft propaganda. You cannot
> blame Microsoft
> for high market share.

But you can blame them for making Vbasic available to every email message
that wants to rape your system. Boy, what a brain-fart that was. It still
stinks. Repeat after me; nothing in an email message should be executable
without express and very deliberate operator intervention.

Agreed, BUT .... as stated by Cringley himself, Microsoft tailors their
software to the
populus. Wow a software company listening to its users, what a travesty.

> The main reason that *Nix hosts are generally more
> resilient to these type of worms is that it is less likely for a non
> informed administrator to administer a *Nix sever.

False. A very large portion of the *nux machines are in this sad

condition.

False, many popular exploits (such as those with BIND) are fixed/patched
much faster.
Now a really scarry worm would be one that exploits Apache. I used *NIX and
not Linux for a reason. Many UNIX boxes are much better secured. Joe
Sixpack
that installs his favourite distro of Linux is just as vulnerable as a
windows users. I will give you
the fact that there are still many unsecure/unpatched boxes in both worlds.
It all comes
down to the poor management of Internet connected devices. I am really
encouraged
by the new option of auto installing updates in Windows XP. It is sad that
such a well
publicized worm/bug is spreading so far (it made the front page of the
National Post here
in Canada).

> If everyone that had a
> IIS box available on the big I, installed all related
> patches, worms like Code Red would never propagate very far.

Sure they would, you'd just never notice it. A *real* programmer would

have

Does a manufacturer of *any* product have a moral obligation to give their
customers what they ask for, if they know that it would be a bad/unsafe idea?

I'm sure consumers would want a backyard gas grill that can heat itself up
to cooking temperature in 5 seconds flat. The average consumer may not
realize that this also means you're 7 seconds away from a fire, but the
design engineers should know that.

There *are* successful corporations that make a conscious decision to
disregard the customers when they feel they have a moral obligation to
do so. I know Chick-Fil-A loses my business every time I want a chicken
sandwich on Sunday. I'm sure *most* of their customers wish they were
open on Sunday - but they have their reasons, clearly explained on a big
sign on every store I've been in.

Also, remember that when Microsoft says "We just gave users what they asked for",
there's a *VERY* good chance that (a) the users didn't know they had a *CHOICE*
(you don't believe me, stop 50 people in front of a WalMart sometime, and ask them
if a PC can run anything other than Windows), and (b) would probably answer
differently if the question was rephrased ("Would you want more ease-of-use
features, if those features also meant that some hacker from a Third World country
could use them to hack into your computer, take your credit card numbers, and
generally make your life miserable?").

False, many popular exploits (such as those with BIND) are fixed/patched
much faster.
Now a really scarry worm would be one that exploits Apache. I used *NIX and
not Linux for a reason. Many UNIX boxes are much better secured. Joe
Sixpack
that installs his favourite distro of Linux is just as vulnerable as a
windows users. I will give you
the fact that there are still many unsecure/unpatched boxes in both worlds.
It all comes
down to the poor management of Internet connected devices. I am really
encouraged
by the new option of auto installing updates in Windows XP. It is sad that
such a well
publicized worm/bug is spreading so far (it made the front page of the
National Post here
in Canada).
>

I'd like to point out the many, many IRIX machines out there, along with AIX, Solaris,
and any other *cough* "real" *cough* OS, that still come with telnet on by default,
(ready to be broken into), RPC services, ftpd, [insert-wonderful-exploitable-service-here].

It isn't specific to any operating system, Microsoft just makes it a lot easier to get
along, while being completely stupid, and hiding what's going on behind the scenes, as
a side note, RedHat 7.1 now comes default with sshd, a firewall, hardly anything on by
default (even if it is, it's firewalled), along with the ability to sign onto their site
(free) and have it keep track of what updates you need to install (it emails you).

This results in a Point, Click, wait for download, wait for update to install, and
you're updated, debian has a similar capability (although not as good) which will
also keep your system up-to-date.

Please keep the unfounded OS bashing to a minimum.

        -poptix

I'm seeing this. Anyone else?