MEPIS Community Forum

A Linux operating system based on Debian Stable
View unanswered posts | View unsolved topics | View active topics |



Reply to topic  [ 23 posts ]  Go to page 1, 2, 3  Next
plugging holes in Windows that government was using 
Author Message
MEPIS Enthusiast
MEPIS Enthusiast
User avatar

Joined: Wed Jul 12, 2006 5:54 am
Posts: 10761
Location: Tulsa, Oklahoma U.S.A.
Has thanked: 3524 times
Have thanks: 851 times
Post # 301118
Post plugging holes in Windows that government was using
http://www.dailytech.com/Microsoft+Aims ... e24866.htm

_________________
Yes, even I am dishonest. Not in many ways, but in some. Forty-one, I think it is.
--Mark Twain


Fri Jun 08, 2012 10:40 pm
Profile
MEPIS Guide
MEPIS Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 301124
Post Re: plugging holes in Windows that government was using
i know it always warms my heart to know that the navy invested so much time and effort in their COTS program to incorporate windows into large platform, mission critical weapons systems :frustrated:


Sat Jun 09, 2012 7:30 am
Profile
MEPIS is cool!
MEPIS is cool!
User avatar

Joined: Fri Jul 14, 2006 12:50 am
Posts: 689
Location: Third Stone From The Sun
Has thanked: 74 times
Have thanks: 73 times
Post # 301128
Post Re: plugging holes in Windows that government was using
Or maybe, it is the fake chips from China, put in the mission critical weapons system. :eek:

_________________
Research, Research, Research, Before You Walk The Plank.
Registered Linux User # 398829


Sat Jun 09, 2012 10:10 am
Profile
MEPIS Guide
MEPIS Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 301129
Post Re: plugging holes in Windows that government was using
actually, they're real chips - it's the all the unknown potential backdoors in the firmware that keep security folks up at night


Sat Jun 09, 2012 10:14 am
Profile
MEPIS Enthusiast
MEPIS Enthusiast
User avatar

Joined: Mon Feb 12, 2007 1:45 pm
Posts: 5599
Location: Penn's Woods
Has thanked: 785 times
Have thanks: 632 times
Post # 301130
Post Re: plugging holes in Windows that government was using
Quote:
But Flame illustrated deeper underlying security issues for Windows, in that Microsoft feared that copycats could tamper with the Windows Update process to prevent its potential removal. Some malware authors have been finding ways to literally "turn off" Windows Update, preventing fixes and patches from reach affected machines.


Quote:
The company writes that it plans on "hardening" WU, commenting:

To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment. We will provide more information on the timing of the additional hardening to Windows Update in the near future.


My daughter, who uses Windows 7, recently got one of these on her computer:

Image

She shut down her computer, but it wouldn't shut down completely until Windows Update had installed a bunch of updates, which took over 10 minutes. When she restarted her computer, it completed booting into a screen with just her wallpaper: No desktop icons, no task bar, no start menu, and no way to start any applications. The only thing she could do was re-install Windows from the rescue disk, losing all her data and apps. (No, despite her mom's preaching, she doesn't back up her system.)

So much for the value of Windows Update. She now has it turned off.

_________________
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver


Sat Jun 09, 2012 10:26 am
Profile
MEPIS Guide
MEPIS Guide
User avatar

Joined: Wed Jul 12, 2006 4:30 pm
Posts: 1456
Location: Flinthills of Kansas, USA
Has thanked: 253 times
Have thanks: 139 times
Post # 301131
Post Re: plugging holes in Windows that government was using
GoManutd wrote:
actually, they're real chips - it's the all the unknown potential backdoors in the firmware that keep security folks up at night

I vividly recall much tecno chatter from years back when it was announced by intel that beginning with pentium 4 and all future chips would be made with built-in backdoors. At the time the announcement boosted the sales of amd chips significantly because at least at the time amd had no intentions of building their chips with backdoors.... or so we were told anyway. :bagoverhead:

_________________
http://patentabsurdity.com/
AMD 64x2 2.6GHz 4GB ram M-11.9.92 kernel 3.10-3-amd64 kde 4.11.5 mixed/unstable
"beware a frequent flirt with potential disaster"


Sat Jun 09, 2012 10:51 am
Profile
MEPIS Guide
MEPIS Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 301132
Post Re: plugging holes in Windows that government was using
intel and amd may not knowingly be building backdoors, but it's all the 3d party vendors that supply chips to the likes of intel, amd, ibm, etc. that are of real concern.

there's always going to be vulnerabilities, the difference with firmware/hardware related stuff is being able to test it all. realistically, there isn't a method for doing so. software you can always fingerprint, do pattern recognition, etc. but with firmware/hardware the stuff can lay dormant for years and only be triggered under very specific, unknown inputs.


Sat Jun 09, 2012 10:57 am
Profile
Administrator
User avatar

Joined: Wed Jul 12, 2006 2:17 pm
Posts: 10557
Location: Rochester NY
Has thanked: 808 times
Have thanks: 1370 times
Post # 301133
Post Re: plugging holes in Windows that government was using
joany wrote:
Quote:
But Flame illustrated deeper underlying security issues for Windows, in that Microsoft feared that copycats could tamper with the Windows Update process to prevent its potential removal. Some malware authors have been finding ways to literally "turn off" Windows Update, preventing fixes and patches from reach affected machines.


Quote:
The company writes that it plans on "hardening" WU, commenting:

To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment. We will provide more information on the timing of the additional hardening to Windows Update in the near future.


My daughter, who uses Windows 7, recently got one of these on her computer:

Image

She shut down her computer, but it wouldn't shut down completely until Windows Update had installed a bunch of updates, which took over 10 minutes. When she restarted her computer, it completed booting into a screen with just her wallpaper: No desktop icons, no task bar, no start menu, and no way to start any applications. The only thing she could do was re-install Windows from the rescue disk, losing all her data and apps. (No, despite her mom's preaching, she doesn't back up her system.)

So much for the value of Windows Update. She now has it turned off.

It has been very uneventful for me. Less obtrusive than Vista updates, and no issues.

_________________
Forum Rules
Guide - How to Ask for Help
Link to Wiki
Rich

Acer Laptop V5-572G: Intel i5, 12 GIG mem, nVidia GT720M/Intel integrated graphics
Mx-14 Symbiosis
Kubuntu 13.10, KDE 4.11.2


Sat Jun 09, 2012 11:31 am
Profile
MEPIS Enthusiast
MEPIS Enthusiast
User avatar

Joined: Mon Feb 12, 2007 1:45 pm
Posts: 5599
Location: Penn's Woods
Has thanked: 785 times
Have thanks: 632 times
Post # 301135
Post Re: plugging holes in Windows that government was using
richb wrote:
It has been very uneventful for me. Less obtrusive than Vista updates, and no issues.

Yes, the auto-updates are uneventful most of the time. But some of them can be troublesome, as my daughter found out.

On my WinXP setup I found the safest way to install upgrades was to do them manually: I checked Microsoft's security alerts, made a note of the patches that needed to be installed, waited about 2 weeks until Microsoft worked out all the bugs, and then installed them myself one patch at a time (making sure to back up everything first).

It's true my upgrade method left my system unpatched for some time, but it usually takes Microsoft several weeks to identify and fix zero-day exploits while they're on the loose anyway. In the case of Flame, it took them several years to figure out what had happened, and AFAIK they still don't have a fix.

_________________
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver


Sat Jun 09, 2012 12:11 pm
Profile
MEPIS Enthusiast
MEPIS Enthusiast
User avatar

Joined: Sat Nov 11, 2006 10:42 pm
Posts: 4296
Has thanked: 114 times
Have thanks: 858 times
Post # 301136
Post Re: plugging holes in Windows that government was using
richb wrote:
joany wrote:
So much for the value of Windows Update. She now has it turned off.

It has been very uneventful for me. Less obtrusive than Vista updates, and no issues.


The whole Windows Update mechanism is a cobbled together kludge. When it breaks, it breaks bad.

IMO, the single best thing that Linux has going for it is it's system for package management. I remember being totally blown away by Synaptic, once it finally dawned on me how it worked in a big picture sense -- which did take a bit of a "Eureka" moment.

_________________
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Netbook: Fujitsu Lifebook Pentium M -- MX-14
Laptop: Acer Aspire 5250 AMD Dual -- SolydK 64


Sat Jun 09, 2012 12:12 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 23 posts ]  Go to page 1, 2, 3  Next

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.