Discussion in 'Operating Systems' started by SharpyMerc, Feb 24, 2007.
Off, heck i stripped it with vlite
Don't want to take this thread totally off topic so I'll try to keep it on track.
xrc6 i think we just misunderstood each other a bit and it's not worth it going back and forth arguing about what we said or didn't say. If it's my fault not being clearer so be it, i will try to make my point clearer. And no, please don't think i feel we have to agree with each other on every thing we are just exchanging ideas here.
1. The only reason i mention the reinstalling part was to circle out the type of reckless PC user that instead of deliberately wreaking havoc on their systems, just keeps reinstalling the OS. I think we can agree that it would be better not to have to keep reinstalling all the time. It's just that some people find it so easy to reinstall whenever they hit a snag (which might stem from the fact that they are doing not so smart things on the PC, and keep on doing it) that they never learn. You know what im talking about, you get the call for the one hundred time about someones PC not working (again), you get over there and lo and behold they have some spyware, a few viruses and other goodies on the system (again).
2. Prompting, not only the reckless PC user, but also just normal users by asking questions, especially if it's to many questions, will often not lead to grate results. The prompt as a defense mechanism is really always one step away from disaster, that is the user just clicking yes. It will stop and inform the user about "an action" and ask yes or no, or ask for a password if privileged elevation is needed. For the user to give the correct answer to a prompt, the user must understand the prompt. If the user is prompted to much you often get "prompt fatigue", or "crying wolf syndrome". If the user is annoyed enough by the prompt, it starts to become self-defeating. The state of "prompt fatigue" can get so bad that you can ask the user just about anything and they will still just click yes. No the UAC is not as bad anymore, but this is a well known problem im talking about here.
3. However the inherent weakness of the prompt i just talked about do not completely defeat the purpose of UAC. There is a difference between the UAC prompt itself as just a prompt, and then the privileges a user is running with. UAC (User Account Control) is there to help users run as standard user, and just getting people to run as standard user is a pretty huge thing. Im here especially thinking about the type of exploits that auto-execute payloads without the user ever knowing about it. The type of malware that misuses the admin privileges many users run with today to do this auto-execution (like Shatter Attacks). So if a user is running as standard user, which they now better can thanks to UAC, the idea is that they now get a prompt about the malware installing.
Oh yeah sure and then we are back to the prompt again, but at least malware is not auto installed. I know it sounds a bit contradictory to say that on the one hand the UAC as just a prompt won't help much and then in the same sentence say the UAC as a prompt can help. The distinction that should be made is between, a user running as full admin with UAC turned off and then the user running as standard user getting help from the UAC to do tasks that need admin privileges, i.e. UAC being used as a tool to help the user run as standard user.
Don't want to argue here but what do you mean "research that just to prove me wrong". Am i to understand that you think i did not know about the fact or the article before i said what i did about the NSA ? That is the article most of the other reports are based on, it was the first report about it i believe. Just want to make it clear, you won't usually find me just saying stuff and i really do always try to have some sources to reference. If im not somewhat sure about something i will say so, hell i even throw in disclaimers when i feel like it.
How big a roll the NSA have played remains speculative. The article says that MS did not want to comment on the exact NSA involvement. And the only thing i wanted to make clear was that vista's security is not created by the NSA and yes NSA have been doing stuff for MS and others before.
Anyway, the NSA's and government interest seems pretty obvious to me.
More of the same thing, U.S. government grant called the "Vulnerability Discovery and Remediation Open Source Hardening Project,"
Ok first off the exact definition of a hacker is a matter of...well definition. Hens also the skill level attach to the word hacker. Secondly that's actually why i used the words script kiddies instead of hacker at one point. I used script kiddies to make it clear i was talking more about lowlifes. You know the type that just want to cause havoc or steal peoples money.
My point is that with a lot of malware and exploits you don't necessarily need much hacking skills anyway, at least compared to finding driver bugs etc. flaw finding more akin to doing pro penetration testing. Exploits are really all about attack vectors. With the state of the internet and personal computing unfortunately it's not always so hard to get results. e.g. scripting attacks, windows exploit, making spyware and grayware, getting the latest virus and rely on a few packers to do their job. "Hacking" very broadly speaking don't have to be hard or take much skill, but it most definitely can.
turned it off then went further by activating the main administrator for the computer and deleting my user and just using the system administrator user
One of the first things I turned off....
first thing I do after booting for the first time... then imediatly reboot so it will take affect... p.o.s. feature! uke3:
btw (slightly off topic) the new mac commercial is hilarrious!