Last message on previous page:
Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <2g1rbkF3l5crU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
says...
> Then your NAT router _is_ a firewall. And an AV filter on top of that.
> If you're using an appliance, all three of them can be hidden in the box
> without you actually knowing it.

Nope, in the true def, NAT is a possible feature found in firewall
products, but NAT is not a firewall product. NAT does not have to block
inbound, does not really check for anything, just blocks unrequested
inbound.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:
> In article <c7f3h1$mf01@cliff.xsj.xilinx.com>, "Jörn W. Janneck"
> <jwjanneck at yahoo dot com> says...
>> since, surely, nobody in their right mind wants to spend that amount of
>> money for something that they could replace for free, now would they. (on
>> amazon: xp pro 179 to 269 + office 124 to 419 + outlook 86 + nav 59 +
>> quickbooks 139 to 289 = 587 to 1122, and that's USD) but i am sure that
>> there is some feature in, what was it, quickbooks, that is not in
gnucash,
>> and that just happens to be absolutely essential to this "mother-in-law."
>> and if it's just the ability to read quickbook files.
>
> Well, lets take a look at this - since we're talking about people that
> are doing it on their own, we're talking about people that must know
> enough to purchase OEM copies instead of retail. Heck, if they know
> enough to find/download/install Mandrake and Open Office and then find
> GNUCash and install/import they know enough to get OEM.

good spin, i congratulate you!

> Windows XP Prof OEM: $140
> Office 2003 SBE (Access, Word, Excel, Publisher, Outlook) $241
> Total cost $381

so nav and quickbooks are suddenly free? and install themselves, of course?

> Open Source:
> Time to find Mandrake 10 Beta 15 minutes
> Time to download - 2 streams 4 hours each - 8 hours total 3 ISO images

so you mean you expert mother-in-law is canny enough to get oem, but she
actually sits through these downloads, watching the progress bars on the
screen, unable to do anything else? and

> Burn to CD - 4 minutes each
> Wipe computer you just downloaded from - 15 minutes
> Install Mandrake 10 - Guessing 1 hours for first time?
> Install Open Office - Guessing 15 minutes first time?
> Get Travan 40 tape drive working - 2 hours
> Restore backup of data - nope, used Tapeware for backup
> Find Tapeware for nix - download it
> Figure out how to install it - 30 minutes
> Restore backup of data - Yea, (no time since it would be the same on a
> Windows box)
> Find GNUCash - 15 minutes
> Install GNUCash - 15 minutes
> Restore QuickBooks backup file - not sure if we could
> Relearn office tasks - about 30 minutes over the week.
>
> TOTAL TIME 14 hours, 6 hours if we don't count downloads

i have the following questions:

1. how much is a trip to bestbuy that gets you all the software that you
need?
2. why are we no longer discussing the ease of installation, but rather
construct more and more fairy tales to justify the use of proprietary
software?

> Pay rate $25/hr * 14 hours = $350 base cost
> Pay rate $25/hr * 6 hours = $150 base cost
>
> So, if we account for all of her time to download and setup Mandrake 10
> and Open Office it's about a wash, even if we don't count the time she
> takes to be around to monitor the FTP, Mandrake/Office solution is only
> half as cheap as the MS solution.

what do mean "only"? are you saying that you consider a 50% savings
insignificant? i mean, even *if* your "calculations" represented reality.

> In reality, the Mandrake / Open Office solution is going to cost her
> much more in relearning time over the next 6 to 8 months as she learns
> more about it and tries to do the same things she did on Windows base.
>
> Once you look at the cost, it's not much difference, it's about comfort
> and ease of use, and for someone that already knows the Windows base
> it's not worth the effort.

so now it is definitely about lock-in in the form of some menu structure,
and no longer ease of installation, right?

or rather, what this is really about is struggling to find justifications
for using proprietary software instead of perfectly fine, free,
spyware-free, no-home-dialing open source alternatives---which, i think
everybody here understands that, is not an easy job, considering that you
effectively have to convince people that it's a good idea to part with a
thick wad of cash for essentially no good reason whatsoever.

oh well.

-- j

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b058cad40e7816898a50d@news-server.columbus.rr.com...
> In article <2g1rbkF3l5crU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
> says...
> > Then your NAT router _is_ a firewall. And an AV filter on top of
that.
> > If you're using an appliance, all three of them can be hidden in the
box
> > without you actually knowing it.
>
> Nope, in the true def, NAT is a possible feature found in firewall
> products, but NAT is not a firewall product. NAT does not have to
block
> inbound, does not really check for anything, just blocks unrequested
> inbound.

But your mail client does make requests. It asks your mail server if it
has any new mail for you. And then that (possibly infected) mail slips
through your NAT like magic. Or am I wrong?

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:
> In article <2g0tt8F2urajU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
> says...
[snip]
> Funny how the person suggesting Mandrake and Open Office didn't include
> any AV software for it.

indeed. want to speculate why that might be?

-- j

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:
> In article <2g1nlqF3ghpvU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
> says...
>> Removing viruses on Linux is as simple as removing an account of the
>> person who infected it. Assuming it's not woot. ;-)
>
> Ah, but, there's the problem, most home users that don't understand
> computers and security are going to run as root.

maybe on windows they do, since they need to in order to install anything.
on many linux machines, the root account is not even shown in the graphical
login menu, so you would explicitly have to su in order to cause trouble.
most users will simply use the root password when they start some
configuration/installation program that requires it. while remaining logged
on as themselves, of course...

welcome to a real os.

-- j

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

In article <c7ghp5$n121@cliff.xsj.xilinx.com>, "Jörn W. Janneck"
<jwjanneck at yahoo dot com> says...
> Leythos wrote:
> > In article <2g0tt8F2urajU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
> > says...
> [snip]
> > Funny how the person suggesting Mandrake and Open Office didn't include
> > any AV software for it.
>
> indeed. want to speculate why that might be?

Because they believe in security through obscurity?

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Lassi =?iso-8859-1?Q?Hippel=E4inen?= (lahippel@ieee.orgies.invalid) wrote:
: Richard H Miller wrote:
: >
: > Lassi =?iso-8859-1?Q?Hippel=E4inen?= (lahippel@ieee.orgies.invalid) wrote:
: > : Not likely. Unix has been hacked (and attacked) many years longer than
: > : Windows. And Unix architecture is far better than Windows, in the sense
: > : that software modules can be isolated from each other.
: >
: > : -- Lassi
: >
: > This is not correct
: >
: > 1) If you are talking about the kernels of the two systems, the NT OS has
: > a more secure design. The ability to implement security is part of the
: > kernel [This is based on previous disclosures by Microsoft and knowledge
: > of the ancestors of NT]. Security is part of the kernel design. You can
: > design isolation into the software.

: I haven't analyzed it, and I don't believe blindly what Microsoft
: claims. Real life tests show that even if security is available, it
: isn't being used much.

I never disputed that. What I dispute is your claim Unix architexture is
better than Windows. My discussion was on the basis of security architecture.

The NT kernel [including the W2K and W3K] has security designed into the kernel.
Among the concepts are:

The idea of security parameters and user account settings that allow a much finer
granularity than admin/non-admin [or rott/non-root]

A file system design that also allows greater flexibility in designing discretionary
access control

Everything I have seen about the NT code base shows that security was part of the
architecture and *potentially* allows a secure implementation to be developed.

I do not see any indications that the design included mandatory access controls and
I am pretty sure no attmept was made to close covert channels.


: > Security in Unix is a bolt-on. It has not been integrated into the kernel
: > but is an add-on. Module isolation is not part of the design of the kernel
: > and many of the exploits rebut the concept of module isolation.

: There are sandbox versions of Linux. Using them is as fair as calling
: both 9x and NT with the same name...

I have no idea what you meant here. The Unix kernel does not include any security
built into it. Security in Unix is an add-on [a well done add on that does provide
good implementation but it is still an add-on]. The unix user accounts still do not
have the concept of differential authorization [you can grant higher priv's to
individual accounts without giving them root].

: > You can implement a more secure platform using the NT kernel than a Unix
: > kernel. [Bear in mind that you can also design even more secure systems
: > if there are hardware assists for security. The Unisys 1100/2200/[whatever
: > it is now] actually contains hardware elements that aid security]

: If you mean 'rings' in memory protection, the idea goes back to Multics
: (at least). And Unix inherited the basics of memory management from it.
: Also IBM had its own tricks.

Do I do not. I wrote what I meant. Unix inherited the basics of memory management
from Multics but did not have the hardware structure to implement the Multics
model.


: Intel supported hardware memory protection already in 80286, but Windows
: completely ignored it. 80386 had even better memory management features.
: That is why Linus Torvalds started porting Unix to it, which lead to
: Linux.

But this still is not the same has having security designed into the hardware and
using that to assist in your system design


From my standpoint, Unix [and Linux] as well as Windows are not as well developed
and implemented in the terms of security as the systems I worked on. All three
have deficiences in their design and implementation that make them not as secure.

It is highly unlikely that either of these system will achieve anything higher
than C2. The Unisys 2200 [C series] actually got a B2 rating and the M series
was designed to potentially acquire a B3 rating.

I also want to remind people that I have made no claim that Windows NT and above *as
delivered* is more secure than Unix or most Linux distros *as delivered* today. This
is not the case. Hoewever, as has been stated by others, one can harden a Windows machine
so that it can function with certain things open to the net. I would be more prone
to use Unix in this case.

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Luke Tulkas (Luke_Tulkas_88@hotmail.com) wrote:



: a) Is there such a thing as a kernel in Windoze? (I asked the same
: question some time ago and didn't get any relevant answers.)

Yes

: b) When you say NT OS, do you mean just the NT or it's successors (2000,
: 2003, whatever) also?

Everything in the NT code stream NT 3.51 through W3K

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Lars M. Hansen wrote:

>On Thu, 06 May 2004 12:10:53 -0400, Rowland spoketh
>
>
>
>>1. So security patches are a bad thing? In that case, don't install any!
>>
>>
>
>No, the patches are not bad, but there's a correlation between
>vulnerabilities and patches that you're missing. Usually, there's a
>patch for a vulnerability, thus by counting patches one can approximate
>the number of vulnerabilities.
>
>
>
>
I'm not missing the correlation. I'm questioning it. You haven't
controlled for all the variables here. That's my point. All patches
are not equal.

--
Spammers: arero68@hanmail.net business@99peak.com epschao@sogiant.twmail.net
gagq@gagq.com good_day@sendmailforyou.com imc911@netian.com kim@derek.nl
kingoffice@so-net.net.tw sogiant.service@msa.hinet.net succa@roofo.com yahoomelsww@yahoo.com

Check out my Java, SQL and Python samples at http://rowland.blcss.com/
For sale: Unique and energy efficient hobbit home in New Hampshire:
http://www.angelfire.com/ego/rowland/mm.index.html

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:
> In article <c7ghp5$n121@cliff.xsj.xilinx.com>, "Jörn W. Janneck"
> <jwjanneck at yahoo dot com> says...
>> Leythos wrote:
>>> In article <2g0tt8F2urajU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
>>> says...
>> [snip]
>>> Funny how the person suggesting Mandrake and Open Office didn't include
>>> any AV software for it.
>>
>> indeed. want to speculate why that might be?
>
> Because they believe in security through obscurity?

that must be it. i am convinced. i'll take 500 bucks out of the bank, drop
them at bestbuy, and get some xp/nav/ms office for my home machine. right
now.

-- j

Archived from groups: comp.security.firewalls (More info?)

On Fri, 07 May 2004 11:48:43 +0000, Leythos wrote:

> In article <2g0tftF26gsaU1@uni-berlin.de>, Luke_Tulkas_88@hotmail.com
> says...
>>>snipped<<<
> You don't
> consider email, browser, FTP client, etc.. an OS do you - those are
> packages that come with the OS to make the OS easier to use.

That's funny, because Bill Gates *does* consider the browser to be part of
the OS. He even cited that in court during the anti-trust mess over IE as
being the reason IE could not be removed from Windows.

Seeing as how we all know that statement to be completely false, that
makes one think...Can I trust the products from a company that would
knowingly give false information under oath?

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

"Richard H Miller" <rick@bcm.tmc.edu> wrote in message
news:c7gjnc$fc2@gazette.corp.bcm.tmc.edu...
>
> Luke Tulkas (Luke_Tulkas_88@hotmail.com) wrote:
>
>
>
> : a) Is there such a thing as a kernel in Windoze? (I asked the same
> : question some time ago and didn't get any relevant answers.)
>
> Yes

Which part(s) of the actual installation represents it?
Specifically: the Windoze GUI is integrated (whatever that means, if it
means anything at all). Is that "integration" referring to "being part
of the kernel"?

> : b) When you say NT OS, do you mean just the NT or it's successors
(2000,
> : 2003, whatever) also?
>
> Everything in the NT code stream NT 3.51 through W3K

OK.

I'm really curious about a couple of things. NT had drivers in protected
mode. Since the great unification (and one can't have that without kids
being able to play games, can one? ;-)) those drivers are out in the
wild. Any faulty driver (intentionally malicious or not) is a potential
liability.
1. Since M$ honchos are trying to convince us that every new flavour of
Windoze is more secure/stable then the previous one, how does that
"compute"? Specifically: was that protection a part of the kernel or
not?
2. Why would anyone invest anything into (making of) a kernel with such
security potential if one then makes a complete mess out of the
surrounding system?

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

On Fri, 07 May 2004 14:38:04 -0400, Rowland spoketh


>I'm not missing the correlation. I'm questioning it. You haven't
>controlled for all the variables here. That's my point. All patches
>are not equal.

Can we agree on patches marked "security related" on the RH errata list
is a security related patch, and as such would be reasonably equal to
security related patch issued from Microsoft? If so, then that doesn't
change the number of patches I counted. I bet if do a google search,
you'll find my original from 2 years back with the actual numbers in
it...

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

Archived from groups: comp.security.misc,alt.computer.security,comp.security.firewalls,comp.lang.java.advocacy (More info?)

Leythos wrote:
> In article <veLmc.2343$Yc.35576@news4.e.nsc.no>, toreld@netscape.net
> says...
>>
>> I mean instructions that a mother-in-law could follows. (But she would
>> not have to if Windows was properly strapped down by default.)
>
> The number two item on google.com for "How to secure Windows XP" was at
> this link http://www.markusjansson.net/exp.html with instructions that
> even a Linux user could follow

I wonder if you are sober. That link points to a long list of
instructions on how to modify Local Security Poliy, the Registry and
other sensitive part of Windows. Doing that sort of thing would be
suicide for the average PC user.
--
Tore