(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version


Are we ever going to get serious about Security?

2009/04/09



So it turns out that Conficker is awake and may be dangerous. Gosh, it sure is comforting to know that this thing is so complicated and tricky that we still don't even know how it really works or what its intentions are. Peter Szor warned us that this kind of junk was coming a few years ago and it sure looks like his predictions are coming true.

That sealed my plan to switch my wife to Mac. I was going to wait for Snow Leopard, but I feel that things are getting too dangerous in Windows Land. Not that things are all hunky dory in OS X land - if Apple doesn't start getting serious about security, things will soon be just as bad here - and worse, because most Mac users don't run any A/V software at all.

And if Apple does do the things they say are coming, it looks to me like that might be only on the 64 bit machines? If so, where does that leave all the older boxes like my early MacBook Pro? Will I have to replace that to be safe?

Linux users have some reason to be smug, but really the danger for Linux is much the same as it is for Apple. Linux in general is doing a better job, but there has to be eternal vigilance. More important is that app vendors avoid Linux: if I could get Quickbooks on Linux, I wouldn't have bought the Mini . Are you paying attention, Apple?

Frankly, it annoys me greatly that all of this - every damn bit of it - comes from "ease of use". Our browsers just HAVE to be so damn friendly and helpful because it is inconceivable that any user should have to actually LEARN anything, should EVER have to do an extra step, should ever have to be even mildly inconvenienced. No, "user friendly" trumps everything.

Recent findings about cyber attacks on the U.S. power grid are another example of this. Can anyone tell me why systems like this need to be connected to the Internet? I can tell you why: ease of use. It would be so inconvenient not to have access right from your desktop..

On the programming side, it's similar. It's laziness and a desire for speed that leads to shortcuts and optimizations that later turn into exploits. Often when it is later realized that you really can't do things that way, the crap code has to be left in because to take it out would break too many "popular" applications. Wonderful..

My rants aren't going to change anything, of course. Stupid consumers (individuals and businesses alike) will continue to demand "ease of use" and programmers will keep giving it to them. Therefore, we need to get deadly serious about security in the OS. Again, I'd really like to see IBM, Apple, Microsoft and a lot of others create a unified security testing team. If properly funded, a team like that could really help.


;


Click here to add your comments




Thu Apr 9 14:46:15 2009: Subject: GnuCash   sledge

gravatar
I wonder what differences between GnuCash and QuickBooks exist that prevent you from using GnuCash instead. I realize that GIMP is no Photoshop and this may be a similar case. I don't use QuickBooks so I don't know if GnuCash is a drop in replacement. Have you looked at GnuCash?





Thu Apr 9 14:49:13 2009: Subject:   TonyLawrence

gravatar
Oh, yeah, I've looked at GNUCash and everything else: not even close. Not even worth comparing - that far apart.





Thu Apr 9 14:58:11 2009: Subject:   TonyLawrence

gravatar
I am glad you reminded me of that though. I haven't looked at GNUCash in a few years so I really should go get a copy and see what it's like now..



Thu Apr 9 15:03:45 2009: Subject:   sledge

gravatar
Let me know what you think. It would be nice to scratch one thing of the list of apps that make Windows linger.



Thu Apr 9 15:33:27 2009: Subject:   TonyLawrence

gravatar
(shaking my head)

As is unfortunately all too common, GNUCash is leading me down a path of

./configure go find the package it doesn't like ./configure go find the package THAT doesn't like repeat above until you get it to work or get thoroughly sick of it.

It may be a while before I get done with this.



Thu Apr 9 15:42:45 2009: Subject:   TonyLawrence

gravatar
Well, that was fun while it lasted.

GNUCash needed GLIB 2.6 or greater. I brought that down and installed it, configure then wanted a newer "guile". That's when I found that Glib had broken the gui..

Oh, well: maybe another day when I have more patience.



Thu Apr 9 15:48:54 2009: Subject:   sledge

gravatar
Sorry to hear that. I think this is the real reason Linux adoption (on the desktop, really) is slow and not gaining speed. Ubuntu gets around it with its package management, but then you only get the most recent version of which some volunteer made a package.




Thu Apr 9 15:54:25 2009: Subject:   TonyLawrence

gravatar
Ayup. Of course it's always fixable; it just takes patience.. and time I don't have right now.

It also effectively makes you run two machines or run in a vm where you can snapshot before trying to install or upgrade anything. The risk of killing your system is just all too real to ignore.



Thu Apr 9 17:17:31 2009: Subject:   TonyLawrence

gravatar
I see that Michael Calce (Mafiaboy) http://www.internetnews.com/security/article.php/3814371/Mafiaboy+Conficker+Was+a+Ruse.htm thinks that "a government entity needs to step in and certify all code that runs on the Internet".

Um.. that's a lotta code :-)

Our US Guv seems to be agreeing: http://www.webpronews.com/topnews/2009/04/07/bill-lets-obama-turn-off-the-internet

Which sure reminds me of http://aplawrence.com/Opinion/licensedos.html

When I wrote that, I don't think too many people took it seriously. It IS serious, and it is now much closer to being able to come true.



Thu Apr 9 18:50:20 2009: Subject:   jtimberman

gravatar
Conficker exploits a bug that was patched back in October-ish. If your systems are still vulnerable, you deserve to get infected IMO.

Bruce Schneier wrote about the US Power Grid "hacks" today:
http://www.schneier.com/blog/archives/2009/04/us_power_grid_h.html



Thu Apr 9 19:02:20 2009: Subject:   TonyLawrence

gravatar
It's not specifically Conficker that worries me - it's the level of sophistication being reached. Go read what Peter had to say four years ago and imagine how much things have progressed since then.



Thu Apr 9 19:14:43 2009: Subject:   TonyLawrence

gravatar
Just in case anyone is misinterpreting: I'm NOT in favor of the Gov. getting to involved here. That http://aplawrence.com/Opinion/licensedos.html from almost six years ago expressed my concerns about that.

Unfortunately, because Microsoft and Apple have been so slow and stupid, we might just get this.



Thu Apr 9 19:15:56 2009: Subject:   BrettLegree
http://6weeks.ca
gravatar
The two systems in my household that are vulnerable to this are patched of course (my wife's Vista laptop, and the XP VM on my Mac).

This isn't what concerns me though - unpatched systems can affect all of us who *are* patched, or are running systems not affected by this, because we share the internet.

I mean, even if we smile and say, "we run Macs" or "we run Linux and BSD", what if the virus writer is clever and makes the infected systems slow the internet to a crawl?

Then it doesn't matter if my computer is "safe". It is just a typewriter at that point!



Mon Apr 13 17:30:43 2009: Subject:   anonymous

gravatar
Gnucash is very odd.

The double entry system it uses looks like it would be very effective at keeping track of everything, down the penny, and would avoid the vast majority of accounting mistakes that you'd tend to run into. But it seems very labor intensive to use.

Other accounting software is avialable in online versions though. At least consumer stuff. I am surprised that Quickbooks doesn't do it, but Qucken does.

But I was looking into using Gnucash to get my personal finances in order. Never used any other financial software before except Turbotax online version.

--------------------

As for Gnucash on Ubuntu... they should be avialable pre-packaged if you enable the repository.




Mon Apr 13 17:54:22 2009: Subject:   jtimberman

gravatar
We've used GNUcash on Windows and Linux for close to 5 years for our checking/savings accounts. My wife, who is totally nontechnical likes it, but really we just use GNUcash as a checkbook register, nothing more complicated than that.



Tue Apr 14 14:15:00 2009: Subject:   sledge

gravatar
Sorry Tony,

http://oe.quickbooks.com/index.cfm

QuickBooks has an online version but it requires Windows 5, 5.5, or 6, Internet Explorer 6 or 7, Java/JavaScript and cookies enabled, and Adobe Reader 6 or 7. So that won't help eliminate Windows. I have a few customers that are using, have used, and/or are considering using this and they like it. Of course that means they are using Windows and stuff.



Fri Apr 17 08:49:35 2009: Subject:   drag

gravatar
Internet Exploder will work fine in Wine... I don't know about Adobe's stuff, but unless it's a absolute requirement that the pdf must be embedded in the website then Adobe's stuff for Linux and OS X should work fine. It is quite easy to fake the agent strings to let firefox or anything else get past any browser detection situations.

This will get it working quite easily. At least it did last time I needed it. (which was some time ago)
http://www.tatanka.com.br/ies4linux/page/Main_Page

Useful for web developers that want to test the rendering for different systems, but don't want to pay for Windows. I don't know if it will work in OS X that well, but it should.



Fri Apr 17 13:19:50 2009: Subject:   TonyLawrence

gravatar
This week brought news of a Linux root hack: http://www.h-online.com/open/Vulnerabilities-in-Linux-allow-root-privileges--/news/113081 and Mac Botnets: http://arstechnica.com/apple/news/2009/04/evidence-suggests-first-zombie-mac-botnet-is-active.ars

Computers are so much fun now..

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar



ad

numly esn 55606-090409-473198-26
numly barcode

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments



Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.


book graphic unix and linux troubleshooting guide

My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!



 I sell and support
 Kerio Mail server




pavatar.jpg
More:
       - Microsoft
       - Linux
       - MacOSX
       - Security


Unix/Linux Consultants

Skills Tests

Guest Post Here








card_image





My Favorites

Change Congress