Would a firewall prevent Sasser worm?

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In comp.security.misc Leythos <void@nowhere.com> wrote:
> In article <c7f3h1$mf01@cliff.xsj.xilinx.com>, "Jörn W. Janneck"
> <jwjanneck at yahoo dot com> says...
>> since, surely, nobody in their right mind wants to spend that amount of
>> money for something that they could replace for free, now would they. (on
>> amazon: xp pro 179 to 269 + office 124 to 419 + outlook 86 + nav 59 +
>> quickbooks 139 to 289 = 587 to 1122, and that's USD) but i am sure that
>> there is some feature in, what was it, quickbooks, that is not in gnucash,
>> and that just happens to be absolutely essential to this "mother-in-law."
>> and if it's just the ability to read quickbook files.
>
> Well, lets take a look at this - since we're talking about people that
> are doing it on their own, we're talking about people that must know
> enough to purchase OEM copies instead of retail. Heck, if they know
> enough to find/download/install Mandrake and Open Office and then find
> GNUCash and install/import they know enough to get OEM.
>
> Windows XP Prof OEM: $140
> Office 2003 SBE (Access, Word, Excel, Publisher, Outlook) $241
> Total cost $381
>
> Open Source:
> Time to find Mandrake 10 Beta 15 minutes
> Time to download - 2 streams 4 hours each - 8 hours total 3 ISO images
> Burn to CD - 4 minutes each
> Wipe computer you just downloaded from - 15 minutes
> Install Mandrake 10 - Guessing 1 hours for first time?
> Install Open Office - Guessing 15 minutes first time?
> Get Travan 40 tape drive working - 2 hours
> Restore backup of data - nope, used Tapeware for backup
> Find Tapeware for nix - download it
> Figure out how to install it - 30 minutes
> Restore backup of data - Yea, (no time since it would be the same on a
> Windows box)
> Find GNUCash - 15 minutes
> Install GNUCash - 15 minutes
> Restore QuickBooks backup file - not sure if we could
> Relearn office tasks - about 30 minutes over the week.

Hmmmm.... you're willing to go out and find OEM versions of MS
software, but can't just buy a Linux distribution? Buy SuSE,
Mandrake, or even RedHat, and you don't have to find squat. Pop in
the CDs and install -- very user friendly, and they all include
OpenOffice and GNUCash. And you're still a pile of cash ahead of the
game, if money is a concern...

--

That's News To Me!
newstome@comcast.net

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos <void@nowhere.com> writes:

>In article <j2hsm1xloq.ln2@innovative.iinet.net.au>,
>bernie@innovative.iinet.net.au says...
>> SuSE Linux 9.1 Pro costs $89.95 for the full edition with all the
>> manuals. Overnight (Fedex) brings that to a "grand" total of
>> $110.90.

>> Which is still less than the cost of only Win XP Pro.

>Not much less - I can get the OEM Version of Windows XP Professional,
>full install for $140.

But you then have _ONLY_ XP. No applications. If you didn't want to
spend big money on NAV, M$-Office, then you could download free
Antivir and OOo.

With SuSE Pro, you also save the download times for OOo, etc, etc,
etc; which is a major motivation for opting for that packaging.

SuSE Pro installs with firewall enabled.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos <void@nowhere.com> writes:

>In article <c7g4m8$2e8s$5@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu
>says...
>> Now, do you have a valid argument ( like comparing, let's say KDE to
>> windows screen manager) in terms of vulnerabilyties ? Please give
>> one or two examples, not a pure "echo of MS FUD"

>Sure, here's an example - give your neighbor, the one that doesn't know
>anything about computers, a RH9 CD set and see if they end up with a
>secure system with no help from you.

Hand them your copy of XP expect people to self-install to achieve a
"secure" system?

Yeah; right.

Just because you think you know how to make it "secure", doesn't
mean it will be, and it certainly doesn't mean that the vast
majority of Windows lusers will get anywhere near that either.

Read recent comp.risks articles for the _traps_ of using NAV on XP,
and not fully reading the instructions...

http://catless.ncl.ac.uk/Risks/23.35.html#subj9

>As with both platforms you have to do the updates, which both OS's
>prompt you for, and both platforms need some form of AV software -
>which is free for both platforms from their party sources.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos <void@nowhere.com> writes:

>In article <2g1mveF3kr2sU1@uni-berlin.de>,
>Luke_Tulkas_88@hotmail.com says...
>>
>> "Leythos" <void@nowhere.com> wrote in message
>> news:MPG.1b0545b35bea29df98a4f1@news-server.columbus.rr.com...
>> > In article <4nKmc.2338$Yc.35503@news4.e.nsc.no>,
>> > toreld@netscape.net says...
>> > > So why isn't there a configuration page in Windows where the
>> > > average user can do this sort of thing by pointing and
>> > > clicking? Sure, there will have to be some options to allow
>> > > for different configurations, but the idea still seems worth
>> > > pursuing.

>> > There are many pages on the web, even from MS, that tell you
>> > how to secure your installation - you just have to look a
>> > little.

>> Ah! A little: ?? hours, maybe ?? days. Add that to the "total" in some
>> of your previous posts. ;-)

>Nope, I posted a link that I found in Google, it was the #2 link - was
>very clear and easy to follow - did you miss that link?

You forget that the user will be accessing the net insecurely in
order to get there.

And you neglect to consider that security isn't a priority with most
users.

So even if the user caresto check , the computer will already be
compromised.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos <void@nowhere.com> writes:

>In article <2g1nlqF3ghpvU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
>says...
>> Removing viruses on Linux is as simple as removing an account of the
>> person who infected it. Assuming it's not woot. ;-)

>Ah, but, there's the problem, most home users that don't understand
>computers and security are going to run as root.

Try a GUI login under SuSE and you very rapidly get the idea that
you *really* shouldn't be doing it!

You're discouraged from doing so because by default, the root
account isn't shown in the list of accounts.

Installation forces you to create a normal account for login.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <nl2um1xo02.ln2@innovative.iinet.net.au>,
bernie@innovative.iinet.net.au says...
> You forget that the user will be accessing the net insecurely in
> order to get there.

Nope, I posted in another thread that she sits behind a router already.
I never forget security, I'm in the security business.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos <void@nowhere.com> writes:

>In article <2g1ntaF3m070U1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
>says...
>> Free? There's no such word in M$ terminology. M$ even discourages it's
>> use.
>> Again: why isn't there a viable M$ AV software and why isn't it a part
>> of the system?

>You're stating that each distro of Linux comes with a vendor

Some do. Another reason to choose SuSE. 🙂

>provided AV product with free updates? If not, then why question MS
>about doing it?

Linus distros are competitive and provides a choice.

MS's recent update CD package had a proprietary virus scanner for CA
in the package.

>I have a lot more faith in Symantec than some open source solution AV
>that is not supported by a major company with a business reason to
>support it.

AntiVir is not open source. It's proprietary but free for
non-commercial use. Also available for Windows. Free for
non-commercial use.

There are some open-source anti-virus tools usually included with a
Linux distro.

As for having a business reason with open source; if one has
developed anti-virus software because one cannot trust closed-source
anti-virus software for some reason, then there are business reasons
for providing that software as open source to the community if one
isn't in the anti-virus software *business*. Open-sourcing means
free code reviews and enhancement suggestions for example. It also
enhances the reputation of the "publisher".
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos <void@nowhere.com> writes:

>In article <slrnc9ncah.914.BitTwister@wb.home.invalid>,
>BitTwister@localhost.localdomain says...
>> On Fri, 07 May 2004 15:27:00 GMT, Leythos wrote:
>> > I tried every US download site listed at the bottom of the Mandrake Site
>> > download page - only one site has MD 10 RC 1.
>> >
>> > Where did you find 10 RC1 with that performance? I still have 100MB of
>> > the last ISO to download.

>> RC 1 is superseded with Community. Even with Community there were
>> 176 package updates when I quit using Community.

[snip]

>> Please trash the rc1 cds.

>I just looked at the ISO file names and they show the following:

>Mandrakelinux-10.0-Community-Download-CD1.i586.iso

>Even though the site said RC1 it appears as though the files are CD.

>Thanks for the update on the FTP, I will try it later this evening.

May edition of Linux Magazine has 10.0 as the cover-DVD.
Version: Mandrake Linux 10.0 Community-download-i586 20040305 18:50

Just drop it in the DVD drive and reboot the system. Boot from the
DVD... you may have to twiddle with the BIOS.

Probably easier, cheaper and quicker just to buy the magazine.
Saves a few gigabytes of downloading and burning.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Bit Twister <BitTwister@localhost.localdomain> writes:

>On Fri, 07 May 2004 15:51:22 GMT, Leythos wrote:
>>
>> I just looked at the ISO file names and they show the following:
>>
>> Mandrakelinux-10.0-Community-Download-CD1.i586.iso
>>
>> Even though the site said RC1 it appears as though the files are CD.

>Hmmm, something is funny. Names of the iso should be what you gave not
>rc1. Hope you download the md5 sum file and verify they match before
>burning. Also Community is still buggy. It installed fiine on one box
>and failed partition phase on another box. You may want to read
>http://www.mandrakelinux.com/en/errata.php3

>I receved the Official cds in the mail wednesday last week, and it
>installed clean on both boxes.

>rc1 and community are for ringing out bugs by people who will report
>them. They are not for the newbie to evaluate if it is better than
>windows. The Official would be fair game.

Absolutely.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

phn@icke-reklam.ipsec.nu writes:

>In comp.security.misc Leythos <void@nowhere.com> wrote:
>> In article <c7g4m8$2e8s$5@nyheter.ipsec.se>, phn@icke-reklam.ipsec.nu
>> says...
>>> Now, do you have a valid argument ( like comparing, let's say KDE to
>>> windows screen manager) in terms of vulnerabilyties ? Please give
>>> one or two examples, not a pure "echo of MS FUD"

>> Sure, here's an example - give your neighbor, the one that doesn't know
>> anything about computers, a RH9 CD set and see if they end up with a
>> secure system with no help from you.

>Ok, you choose one distribution i would not choose.

>Giove them a FreeBSD system and i'm convinced it will bve safe
>"by default". Same goes with a suse or debian ( or OpenBSD)

Probably.

>> As with both platforms you have to do the updates, which both OS's
>> prompt you for, and both platforms need some form of AV software - which
>> is free for both platforms from their party sources.

>On of my FreeBSD systems has not been updated for :
>11:26PM up 365 days, 11:40, 1 user, load averages: 1.02, 0.54, 0.24

Ooh... anniversary. Worth a celebratory drink or three. 🙂

>and i'm still "safe" from attacks.

>Secure from install will remain secure ( unless a new vulnerability
>is discovered).

>Now, when did you last rebooted you favorite box ?

2 days. Kernel patch. Not because it's needed as vulnerabilities
fixed can only be exploit by moi.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos <void@nowhere.com> writes:

>In article <a1esm1xhjq.ln2@innovative.iinet.net.au>,
>bernie@innovative.iinet.net.au says...
>> If you really think it necessary; it's free for personal use.
>> Antivir is professionally maintained. Pleanty of free stuff
>> included/available with a Linux distro.

>> I count no less than 20 different Windows viruses running rampant
>> during any given week; along with some real antiques that crop up
>> occasionally.

>> How many Liunx viruses are in the wild that do real damage?

>So, what you're saying is that I should trust some open-source virus
>protection that is available from a company I've never herd of?

Antivir isn't open source. It's free for personal, non-profit use.

>Are you also saying that I should not bother with it since Linux is
>more secure and has only virus's that don't really do any damage?

No. Not saying any such thing.

I've asked how many Linux viruses are out in the wild? i.e. self
propagating.

Linux mail applications still know the difference between data and
executable. Although it's possible to "open" an executeable and to
have it run locally with the luser's permissions, that can only
impact on what the luser can access.

>If you wait until Linux becomes popular on the desktop you'll see
>the same problems.

Only if Mickeysoft start writing Linux applications that require
root privileges to run.

Linux is not a mono-culture. The variety of distributions and
versions prevents many of the possible exploits from working and
propagating.

But I do know that Wine is so good at running Windows apps under
Linux that somebody clicking on an attachment within Lookout!
running under it, managed to "infect" his Wine registry and started
getting all sorts of wierd errors revealing some shortcomings in
Wine's bug-for-bug compatability. Skull-and-crossbones for that
Wine window!

His Linux wasn't infected.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos <void@nowhere.com> writes:

>In article <vkfsm1xloq.ln2@innovative.iinet.net.au>,
>bernie@innovative.iinet.net.au says...
>> Very, very wrong. Every new release of Windows/Office has an
>> equivalent learning curve.

>But, every release has almost the same basic features - XP can
>easily be made to look like 2000 or W98's menu structure. Office,
>all the version, have the same basic menu structure - it's only the
>new features that require any study.

Linux can be made to look like Windows as well.

It demonstrates good taste (or maybe successful aversion therapy)
that most Linux users choose not to have that setup.

So; what about XP's ability to preserve viruses after NAV has
"cleaned them up"? Most lusers don't even know that their computer
does anything like that.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

Leythos <void@nowhere.com> writes:

>30% of the people on the net use P2P? I bet not. In reality most of the
>people surfing the net from their home systems would not be impacted at
>all. The people running P2P programs on their computers are, in most
>cases, violating their ISP TOS so that's a non-issue and once you take
>out the illegal content it's even less of an issue.

Violating ISP TOS? Not with any ISP around here.

There are plenty of legitimate reasons to share files. If you have
family spread over 5 continents, then sharing photos, sound clips,
etc is perfectly legitimate. P2P is peer-to-peer. It just means that
you enter into agreement with another individual to share files,
without paying for an intermediary to do the job.

>The simple fact is that if ISP's installed with NAT by default and
>customers had to request to have it disabled, all of us we be
>better off and people (that requested) could still do anything they
>want - you can have your cake and eat it too.

Network address translation does nothing more than hide "internal"
addresses from the outside world.

You are talking about filtering, which is one of the functions of a
_firewall_. NAT is network address translation. If the router with
NAT has the ability to filter packets, then it's also a packet
filtering firewall.

A router capable of NAT doesn't necessarily provide the facility to
filter packets.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Tore Lund <toreld@netscape.net> writes:

>Leythos wrote:
>> In article <veLmc.2343$Yc.35576@news4.e.nsc.no>, toreld@netscape.net
>> says...
>>>
>>> I mean instructions that a mother-in-law could follows. (But she would
>>> not have to if Windows was properly strapped down by default.)

>> The number two item on google.com for "How to secure Windows XP" was at
>> this link http://www.markusjansson.net/exp.html with instructions that
>> even a Linux user could follow

>I wonder if you are sober. That link points to a long list of
>instructions on how to modify Local Security Poliy, the Registry and
>other sensitive part of Windows. Doing that sort of thing would be
>suicide for the average PC user.

By the time those are done, the PC will be infected. NAV will try to
clean it up but XP "Recovery" will restore it and the previous, out
of date NAV database.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

On Tue, 04 May 2004 18:11:22 GMT, Leythos <void@nowhere.com> wrote:

>In article <c78mat$4ps$1@string.physics.ubc.ca>,
>unruh@string.physics.ubc.ca says...
>> "Close all ports that you do not absolutely need on your machine"
>> should surely be the first bit of advice. Then after you have done that
>> also install a firewall for that extra bit of protection.
>
>The problem is that most people don't have a clue as to how to close
>ports, setup IPSec rules, etc... Most people don't even know to enable
>the ICF on their machines.
>
>The best thing people can do is purchase a cheap router with NAT and use
>it from the moment they get their computer. This lets them download the
>updates, install and update the AV software, etc... before they have a
>chance to get hacked.
>
>I put this back on the ISP's - they provide a open connection and don't
>warn the unsuspecting public about the risk/problems. If they just
>enabled NAT by default on their routers (DSL or Cable) most of this
>problem would go away.
>
>
>
>--
try this

-[ Disabling the raw SMB transport without disabling NetBT transport
]-

In some cases, you might want to run the NetBT driver without using
the raw SMB
transport, which uses TCP port 445.

In that case, you can set the following registry value:

Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Value: SmbDeviceEnabled
Type: DWORD value (REG_DWORD)
Content: 0 (to disable)

After a reboot, TCP port 445 will no longer be opened by the NetBT
driver.

(or just change the o in the value to 1 (hex) and reboot.

turn off alerter service and netbios helper service to eliminate one
instance of svchost.exe.
--
jspud
---

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos <void@nowhere.com> writes:

>In article <nl2um1xo02.ln2@innovative.iinet.net.au>,
>bernie@innovative.iinet.net.au says...
>> You forget that the user will be accessing the net insecurely in
>> order to get there.

>Nope, I posted in another thread that she sits behind a router already.
>I never forget security, I'm in the security business.

The point is that not every luser has that luxury.

Security is everybody's business. Otherwise it doesn't work.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Richard H Miller wrote:
>
> Lassi =?iso-8859-1?Q?Hippel=E4inen?= (lahippel@ieee.orgies.invalid) wrote:
>
> : There are sandbox versions of Linux. Using them is as fair as calling
> : both 9x and NT with the same name...
>
> I have no idea what you meant here.

It refers to my comment above: "...And Unix architecture is far better
than Windows, in the sense that software modules can be isolated from
each other."

Windows started with a linear memory model, because it is originally a
single user system. It is hard to prevent applications from colliding
with each other, especially if they are malicious, and try to do tricks
like privilege escalation.

In Unix it is possible to run each application instance in a separate
sandbox. From Intel 80386 onwards there has even been hardware support
for it. In Windows sandboxes aren't used routinely, except with Java
Virtual Machine.

-- Lassi

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Lassi Hippeläinen" <lahippel@ieee.orgies.invalid> wrote in message
news:409E511B.B3184DC6@ieee.orgies.invalid...

> In Unix it is possible to run each application instance in a separate
> sandbox. From Intel 80386 onwards there has even been hardware support
> for it. In Windows sandboxes aren't used routinely, except with Java
> Virtual Machine.

The JVM is unrelated to the "hardware support" for a "sandbox" in the 386+.
Windows rarely uses the 386 VM, and Unix never uses it. Windows does not
use it to implement the JVM. Just because they both have VM in the name
doesn't imply that there is a relationship.

The protection between application instances is very similar between recent
versions of Windows and Unix. Both rely on the virtual memory model of the
x86, and they are used almost identically. One could argue that on Windows
versions prior to NT 4.0 there were some holes in the operating system code
that weren't possible in Unix, but since then, the memory model has been
similar. There really isn't a "sandbox" in either, other than the JVM,
which is a programmatic, rather than hardware, concept.

What you got right, however, is that Unix has a much better developed
concept of a "user" and what constraints to place on a user. Even in the
most recent versions of Windows that concept still needs some development.

...

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:68lk90hv4oub9n46s93355jvq0flhcsrjf@4ax.com...

> There is nothing wrong with C or C++, only with how some people write
> their code. Seems like too many people have gotten some bad habits with
> regards to static vs dynamic buffer lengths...

Amen to that. Back in my uni days when I learned C++ one of the things they
kept hammering home was to watch your buffer usage carefully. You can't
blame the language for the complete incompetence of some of the people using
it.

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

xpyttl wrote:
>
> "Lassi Hippeläinen" <lahippel@ieee.orgies.invalid> wrote in message
> news:409E511B.B3184DC6@ieee.orgies.invalid...
>
> > In Unix it is possible to run each application instance in a separate
> > sandbox. From Intel 80386 onwards there has even been hardware support
> > for it. In Windows sandboxes aren't used routinely, except with Java
> > Virtual Machine.
>
> The JVM is unrelated to the "hardware support" for a "sandbox" in the 386+.
> Windows rarely uses the 386 VM, and Unix never uses it. Windows does not
> use it to implement the JVM. Just because they both have VM in the name
> doesn't imply that there is a relationship.

I didn't claim they are the same. They are different developments from a
decades old basic idea. At abstract level there is a relationship.

> The protection between application instances is very similar between recent
> versions of Windows and Unix.

That's why (IMHO) calling both 9X and NT as 'Windows' is a bit
cheating...

> What you got right, however, is that Unix has a much better developed
> concept of a "user" and what constraints to place on a user. Even in the
> most recent versions of Windows that concept still needs some development.

My main point. Sorry for explaining it so badly.

-- Lassi

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:

> When I can give my mother-inlaw a CD with Linux and Star Office and have
> her install it from scratch in one evening I'll be happy, till then
> she's on XP prof with Office 2003 and sitting behind a Linksys router
> with Norton AV 2004 running.
>

I take it from this that your mother-in-law installed her own system, from
scratch, in one evening? And does she know how to secure her installation
properly?

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:
> In article <c7f3h1$mf01@cliff.xsj.xilinx.com>, "Jörn W. Janneck"
> <jwjanneck at yahoo dot com> says...
>
>>since, surely, nobody in their right mind wants to spend that amount of
>>money for something that they could replace for free, now would they. (on
>>amazon: xp pro 179 to 269 + office 124 to 419 + outlook 86 + nav 59 +
>>quickbooks 139 to 289 = 587 to 1122, and that's USD) but i am sure that
>>there is some feature in, what was it, quickbooks, that is not in gnucash,
>>and that just happens to be absolutely essential to this "mother-in-law."
>>and if it's just the ability to read quickbook files.
>
>
> Well, lets take a look at this - since we're talking about people that
> are doing it on their own, we're talking about people that must know
> enough to purchase OEM copies instead of retail. Heck, if they know
> enough to find/download/install Mandrake and Open Office and then find
> GNUCash and install/import they know enough to get OEM.
>
> Windows XP Prof OEM: $140
> Office 2003 SBE (Access, Word, Excel, Publisher, Outlook) $241
> Total cost $381

You haven't included the time it's taken her to go out and buy Windows and
Office. Lets assume it's an online purchase as local shops probably won't
have OEM versions for sale (also, as she's not buying any hardware with
Windows/Office to justify the OEM license, the OEM license is not valid; we
really ought to include the fine for running unlicensed software if we want
a true comparison). So that's (being generous) 2 days lost productivity at
$25/hour = $400.

Time to install Windows:
1 hour

Time to install all necessary drivers (including reboots) and configure
basic networking etc.
1 hour - and your system is now completely vulnerable unless you add the
cost, and time, to install a firewall and anti-virus software. You should
also download all the MS critical updates (about 3-4 hours on a broadband
connection IIRC).

Time to install Office
30 mins


>
> Open Source:
> Time to find Mandrake 10 Beta 15 minutes
> Time to download - 2 streams 4 hours each - 8 hours total 3 ISO images
> Burn to CD - 4 minutes each
> Wipe computer you just downloaded from - 15 minutes

zero, it gets overwritten during the install if you require.

> Install Mandrake 10 - Guessing 1 hours for first time?

Fedora takes abount 30 mins if you know what you are doing, I'd guess
Mandrake to be the same. So, for a first install it's about the right ball
park. Thats to install a fully loaded system, Office, full development etc.
networking up and running. Considerably less than the time it takes for a
novice user to install Windows (why isn't my USB port working? What
motherboard drivers?).

> Install Open Office - Guessing 15 minutes first time?

Included in the above.

> Get Travan 40 tape drive working - 2 hours

Why? You've not included the time it takes to get it working in the Windows
setup? I would expect Linux to detect and use it without any problem,
although I've never used a Travan.

> Restore backup of data - nope, used Tapeware for backup

Again, you have not included this in the costing for Windows install.
And if you don't even know what you used for backup, what hope is there for
you? Besides, there's no need to restore the data, Linux will quite happily
read it from the Windows partition.

> Find Tapeware for nix - download it
> Figure out how to install it - 30 minutes
> Restore backup of data - Yea, (no time since it would be the same on a
> Windows box)
> Find GNUCash - 15 minutes
> Install GNUCash - 15 minutes

It's likely on the CDs, and would be installed with everything else if you
wanted it.

> Restore QuickBooks backup file - not sure if we could
> Relearn office tasks - about 30 minutes over the week.
>
> TOTAL TIME 14 hours, 6 hours if we don't count downloads
>
> Pay rate $25/hr * 14 hours = $350 base cost
> Pay rate $25/hr * 6 hours = $150 base cost
>
> So, if we account for all of her time to download and setup Mandrake 10
> and Open Office it's about a wash, even if we don't count the time she
> takes to be around to monitor the FTP, Mandrake/Office solution is only
> half as cheap as the MS solution.
>
> In reality, the Mandrake / Open Office solution is going to cost her
> much more in relearning time over the next 6 to 8 months as she learns
> more about it and tries to do the same things she did on Windows base.
>
> Once you look at the cost, it's not much difference, it's about comfort
> and ease of use, and for someone that already knows the Windows base
> it's not worth the effort.
>


As with all "comparisons" I've seen of Windows vs. Linux "true" costs,
you've managed to conveniently ignore the true costs of Windows.


--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <c7nvb7$95r$1@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
> As with all "comparisons" I've seen of Windows vs. Linux "true" costs,
> you've managed to conveniently ignore the true costs of Windows.

I didn't conveniently miss anything - I threw this out based on a quick
review of what I thought it would take. I can see that I did miss a
couple things, but it's still about the same cost in all. I was only
looking at Mandrake 10 because there was a poster that specifically
stated that M10 was as easy to install and use as XP.

What would be nice is if we could get two machines, side by side (and I
happen to have two machines with the exact same config in my office) and
run the install on both to see what really happens. Once I get the
production release of M10 and Open Office, I'll do just that - install
both, taking notes of all steps, and time, I'll assume that I have blank
drives, with data burned to DVD or CD as backup.

When I get done I'll post the results.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:

>
> I didn't count any of the NAV updates or cost since both platforms have
> FREE AV products and BOTH require updates. I was only trying to show the
> differences.
>

Linux doesn't require any AV software, and therefore no updates either.



--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555

 

[Guest]

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <c7nvg4$95r$2@south.jnrs.ja.net>, nmw@ion.le.ac.uk says...
> Leythos wrote:
>
> >
> > I didn't count any of the NAV updates or cost since both platforms have
> > FREE AV products and BOTH require updates. I was only trying to show the
> > differences.
> >
>
> Linux doesn't require any AV software, and therefore no updates either.

That's complete BS - just because you don't think you have a need for it
doesn't mean that you don't. That's like the security through obscurity
practice. It will be funny when your machine goes down once they start
targeting the Linux systems as much as they do the Windows systems.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)