Thor,
Sorry, I didn't make my points clear enough. I was replying
sarcastically to Cassidy's remarks and asking him to prove his claims.
Regards.
On Tue, May 18, 2010 at 4:40 PM, Thor (Hammer of God) <Thor@xxxxxxxxxxxxxxx
> wrote:
What messages warning you from using Windows? I certainly hope you
do not have me confused with the OP – I already used the term
“hysteria” to describe his ideas and subsequent recommendations.
The entire premise is fatally flawed, and the subsequent replies sho
w a level of ignorance that I have not seen in a “professional”
security person in some time. It’s not surprising to see that the
background of his site “remains blackened in protest against the man
y illegal and unethical activities of the USA.” Hysterical indeed.
In fact, this thread has inspired me to add a new section to the
Hammer of God website (currently undergoing major renovation) called
“Tard of the Month” where I’ll take claims like the one
submitted by the OP and basically… well, you know what I’ll do.
I just want to make sure you understand that *I* didn’t have anythin
g do with any ludicrous comments about abandoning the Windows platfo
rm because all the oxygen in my computer was being consumed by what
Symantec notes as “new threats.”
t
From: Christian Sciberras [mailto:uuf6429@xxxxxxxxx]
Sent: Tuesday, May 18, 2010 3:40 AM
To: Cassidy MacFarlane
Cc: Thor (Hammer of God); full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Windows' future (reprise)
Happens they are completely unrelated stories. Also happens that I
won't fall for someone's hysteria from using windows.
By the way, I don't know you, but I would depend on the _fact_ that
I've been using a product without a hitch rather then someone's
claims that the said product will fall in a year's time.
By the way, I think it would do you a lot of good if you quote
Thor's messages warning us from using Windows etc.
If you only have a troll's remarks to add, then leave the discussion.
As of this time, there is only one huge security risk all
researchers agree on; human error aka people's stupidity....
On Tue, May 18, 2010 at 11:01 AM, Cassidy MacFarlane <Cassidy.MacFarlane@xxxxxxxxxxxxxxxxxxxxx
> wrote:
Sent from my HTC
-----Original Message-----
From: Thor (Hammer of God) <Thor@xxxxxxxxxxxxxxx>
Sent: 15 May 2010 21:59
To: full-disclosure@xxxxxxxxxxxxxxxxx <full-disclosure@xxxxxxxxxxxxxxxxx
>
Subject: Re: [Full-disclosure] Windows' future (reprise)
No, It's Tim Mullen. No "Bill" here.
No, I don't misunderstand: You said "You may recall that last year,
the average annual growth rate of new threats (as defined by
Symantec) was 243%. This enabled me to predict that the number of
new threats in this year's Symantec Threat Report would be 243% of
last years." IOW, you took what Symantec's numbers were for one
year, and guessed they would be the same for this year, and then
posted how you were almost right. Congratulation, you can make
statements in the obvious.
You people really need to get your stories straight. Isn't there
some club or something you guys can join to at least sync up your
talking points? First we hear about how AV is stupid, unneeded,
useless, a waste of money, and if you install it then you are
ignorant. Then we hear about how some people can "bypass AV" using
kernel hooks on windows XP and call it an "8.0 Earthquake." Now you
come out and say that you predict that AV will not be able to keep
up with these new "threats" and that people must stop using Windows
as a result since Windows "is not likely of producing any secure
version of anything anytime soon."
Then you blithe on about how people should "avoid any software that
locks them into a Microsoft Platform like the plague" and
specifically note .NET for businesses but of course fail to provide
any examples of where they should go, or any real advice on your
"mitigation strategy."
What it is about .NET that should be avoided like the plague? Wait,
before you answer that, let's make sure you are qualified to
answer. One must assume that you are an expert .NET developer and
that you have keen insight into the very foundation of the platform
in order to know unequivocally that it should not be used under any
circumstances. Please give us some code examples of your .NET
projects where it failed so miserably, even given your expertise,
and then provide the "proper" secure solution in your magic TardWare
solution. Certainly someone speaking with such authority on the
matter can come up with examples in no time.
Additionally, you've clearly performed migration engagements for
these people you "advise." Please let us know what the actual
migration plan was, and how you have so brilliantly created a one-
off cost migration path. I'm really interested in the details about
that. I would particularly like to know what authentication
infrastructure you would build to support secure enterprise-based
services, your solution for client access and administration, and
your overall network concepts. Also, what is your preferred
replacement for .NET again? Details on your SDL process would be
fantastic as well.
You've got a great opportunity to really contribute to the industry
by providing us with your qualifications and subsequent solutions to
these problems, so I'm really looking forward to seeing what you
have to say on the matter beyond "Symantec said we'd have this
amount of growth, so I said that too, and I was almost right. And
since I was almost right, it is imperative to drop all Windows
products and re-write all of your .NET code immediately because AV
won't be able to keep up with it."
t
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-
disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of lsi
Sent: Saturday, May 15, 2010 1:07 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Windows' future (reprise)
Is that you, Bill?
I think you misunderstand. 9 months ago, I measured the growth rate
at 243%, using Symantec's stats. 9 months ago I posted that number
here, together with a prediction of this year's stats. Recently, I
got this year's stats and compared them with that prediction. I
found that this prediction was 75.4% accurate. I am now reporting
those results back to the group. And this is trolling how?
My point is that the prediction was not wildly wrong, and so that
leads me to wonder if anything else I said, 9 months ago, was also
not wildly wrong.
My main reason for claiming that Windows is inherently insecure is
because it's closed source. However it's also because of the
sloppy, monolithic spaghetti code that Windows is made of. If
you're claiming Windows is in fact inherently secure, I assume this
means you don't use AV on any of your Windows machines, and advise
everyone you know to uninstall it?
I never said migration would be free or easy. That is why I am
posting this data here, because I see it as a vulnerability, a very
big vulnerability that many companies have not woken up to. The
very fact that migration is hard, lengthy, and expensive, means that
the vulnerability is larger than ever.
Stu
On 15 May 2010 at 14:40, Thor (Hammer of God) wrote:
From: "Thor (Hammer of God)" <Thor@xxxxxxxxxxxxxxx>
To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-
disclosure@xxxxxxxxxxxxxxxxx>
Date sent: Sat, 15 May 2010 14:40:29 +0000
Subject: Re: [Full-disclosure] Windows' future
(reprise)
> I am constantly amazed at posts like this where you make yourself
sound like some sort of statistical genius because you were "able to
predict" that since last year was %243, that this year would be
%243. Wow. Really?
>
> And for the record, these claims of 'inherent insecurity' in
Windows are simply ignorant. If you are still running Windows 95
that's your problem. Do a little research before post assertions
based on 10 or 20 year old issues.
>
> This smacks of the classic troll, where you say things like
"nothing that Microsoft makes is secure and it never will be" and
then go on to say how easy it is to migrate, and how it's free, with
only a one off cost, and how to move off of .NET.
>
> Obvious "predictions," ignorant assumptions, and a total lack of
any true understanding of business computing. Yep, "troll."
>
> t
>
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx [mailto:full-
disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of lsi
> Sent: Saturday, May 15, 2010 6:12 AM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] Windows' future (reprise)
>
> Hi All!
>
> Just a followup from my posting of 9 months ago (which can be found
> here):
>
> http://www.mail-archive.com/full-disclosure@xxxxxxxxxxxxxxxxx/msg37173.html
>
> Symantec have released "Internet Security Threat Report: Volume XV:
> April 2010". My posting from last year was based on the previous
"Internet Security Threat Report: Volume XIV: April 2009". So I
thought it would be interesting to check my numbers. The new
edition of the Threat Report is here:
>
> http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202
>
> You may recall that last year, the average annual growth rate of
new threats (as defined by Symantec) was 243%. This enabled me to
predict that the number of new threats in this year's Symantec
Threat Report would be 243% of last years; eg. I predicted 9 months
ago the number of new threats in this year's Symantec Threat Report
would be 243% * 1656227, or 3840485.87.
>
> The actual number of new threats in this year's Symantec Threat
Report is 2895802, an error on my part of 24.6%.
>
> This is quite a chunk, however it is not that far off. My excuses:
>
> - my number was based on averages, so it will never be exact.
There will be a natural variance in the growth rate, caused by many
factors.
>
> - in the new edition, Symantec have altered the raw data a little
- the number of new threats for 2009, 2008, 2007 etc is slightly
different to those same years, as listed in the previous version of
the report. I have not updated my projection to allow for this.
>
> - Symantec note that "The slight decline in the rate of growth
should not discount the significant number of new signatures created
in 2009. Signature-based detection is lagging behind the creation of
malicious threats..." (page 48).
>
> Am I retreating from my position? Absolutely not. I am now
expecting the number of new threats in next years' report to be
7036798.86. This is 2895802 * 243%. This includes the error
introduced by Symantec's changes to the raw data. I don't think it
matters much.
>
> As this flood of new threats will soon overpower AV companies'
> ability to catalogue them (by 2015, at 243% growth, there will be
> 2.739 MILLION new threats PER DAY (over 1900 new threats per
minute)), and as Symantec admits above that "signature-based
detection is lagging", and as Microsoft are not likely to produce a
secure version of anything anytime soon, I am not at all hopeful of
a clean resolution to this problem.
>
> I continue to advise that users should, where possible, deploy
alternatives; that they should, if they have not already, create and
action a migration strategy; and that they should avoid like the
plague, any software which locks them into a Microsoft platform.
> Business .NET applications, I'm lookin' at you.
>
> Those failing to migrate will discover their hardware runs slower
and slower, while doing the same job as it did previously. They
will need to take this productivity hit, OR buy a new computer,
which will also eventually surcumb to the same increasing slowness.
They will need to buy new machines more and more frequently.
Eventually, they will run out of money - or, for the especially deep-
pocketed, they will find they cannot deploy the new machines fast
enough, before they are already too slow to use. The only
alternative to this treadmill is to dump Windows. The sooner it is
dumped, the less money is wasted buying new hardware, simply to keep
up with security- induced slowness.
>
> Why spend all that time and money on a series of new Windows
machines, without fixing the actual problem, which is the inherent
insecurity of Windows? People can spend the same time and money
replacing Windows, and then they won't need to worry about the
problem any more. The difference is that sticking with Windows
incurs ongoing and increasing costs, while a migration incurs a one-
off cost.
>
> I don't think it takes a genius to see which approach will cost
less.
>
> Notes:
> - see page 10 of the Volume XIV (2009) edition, and page 48 of
Volume XV (2010) edition, for the relevant stats
>
> - since my post of last year, I have also noticed a similar
exponential curve in the number of threats detected by Spybot Search
and Destroy (a popular anti-spyware tool). This curve can be seen
> here:
>
> http://www.safer-networking.org/en/updatehistory/index.html
>
> - my projection of growth rates up to 2016 (written last year) is
> here:
>
> http://www.cyberdelix.net/files/malware_mutation_projection.pdf
>
> Comments welcome..
>
> Stu
>
> ---
> Stuart Udall
> stuart at@xxxxxxxxxxxxxx net - http://www.cyberdelix.net/
>
> ---
> * Origin: lsi: revolution through evolution (192:168/0.2)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
---
Stuart Udall
stuart at@xxxxxxxxxxxxxx net - http://www.cyberdelix.net/
---
* Origin: lsi: revolution through evolution (192:168/0.2)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
www.grantmanagement.co.uk
www.gmhelp.co.uk
Please consider the environment before printing this email and any
attachments.
This message and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you are not the intended recipient please
disregard and delete this message. Please note that any views or
opinions presented in this email do not necessarily represent those
of the company. Whilst this email and any attachment(s) have been
scanned for the presence of viruses, the company accepts no
liability for any damage caused by any virus transmitted by this
email.
Company Registration: SC187301
14 Coates Edinburgh EH3 7AF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/