Sukhdeep Singh
Host4Cheap.org
^^ Nice suggestion. Request a Mod to split the topic 
Vista is still the most secure OS to date.
- Status
din
Tribal Boy
@mediator
1. That is fight club section, and it is only for fight.
2. We had a thread exclusively for discussing these unwanted fights (that is locked now) and almost all agreed to stop unwanted and unrelated topics but after 1 day, all started again.
3. Please have a look at
*www.thinkdigit.com/forum/showthread.php?t=61518
I mentioned the reasons there.
4. Just coz any other threads goes diverted or unwanted fight going on - does not mean that we should do the same in every thread. Should we ?
5. If you justify the fight and think there is nothing wrong, then why not we change the topic title ? Now all people who didn't go through this thread will be thinking that all replies are related to security in Vista. They do not know we are discussing other subjects (that I mentioned in my previous post), so why not changing the topic title to include that ? So that it will be more beneficial to all members here
1. That is fight club section, and it is only for fight.
2. We had a thread exclusively for discussing these unwanted fights (that is locked now) and almost all agreed to stop unwanted and unrelated topics but after 1 day, all started again.
3. Please have a look at
*www.thinkdigit.com/forum/showthread.php?t=61518
I mentioned the reasons there.
4. Just coz any other threads goes diverted or unwanted fight going on - does not mean that we should do the same in every thread. Should we ?
5. If you justify the fight and think there is nothing wrong, then why not we change the topic title ? Now all people who didn't go through this thread will be thinking that all replies are related to security in Vista. They do not know we are discussing other subjects (that I mentioned in my previous post), so why not changing the topic title to include that ? So that it will be more beneficial to all members here
Hmmm... it seem although I advised praka123 to stay away so the fight may end, but I could not resist to post here,
The intent of DRM is to provide technical means to assure that the creators of content such as artistic works maintain appropriate control of their work, including the ability to obtain compensation for their creative investment.
This becomes controversial because of three main factors: the traditions and culture of the web which include free and open access to all information; unintended consequences of DRM in limiting the fair use of legitimately acquired digital media in ways traditionally not restricted in other media;
another argument against DRM is it affect the personal rights guranteed under the Constitution of India..
See the example.. this computer that I am typing this posting is my personal property .. when a software under the hood of DRM try to modify the settings that I made then it affect my personal rights, I can claim damages for unauthorized trespassing to my territory ( the computer). But you may claim DRM is a legal rights of the software vendors( not in India perhaps in USA) which is enforceable? It is the personal rights of the Individual that any court in India would uphold it..Personal rights is important to every citizen of India.. it can be suspended only during War and emergency ( Smt.Indira Gandhi paid heavy price for it). If you doubt my word pl. consult some legal friends of yours..
Thanking you,
with regards,
Vaithy
The intent of DRM is to provide technical means to assure that the creators of content such as artistic works maintain appropriate control of their work, including the ability to obtain compensation for their creative investment.
This becomes controversial because of three main factors: the traditions and culture of the web which include free and open access to all information; unintended consequences of DRM in limiting the fair use of legitimately acquired digital media in ways traditionally not restricted in other media;
another argument against DRM is it affect the personal rights guranteed under the Constitution of India..
See the example.. this computer that I am typing this posting is my personal property .. when a software under the hood of DRM try to modify the settings that I made then it affect my personal rights, I can claim damages for unauthorized trespassing to my territory ( the computer). But you may claim DRM is a legal rights of the software vendors( not in India perhaps in USA) which is enforceable? It is the personal rights of the Individual that any court in India would uphold it..Personal rights is important to every citizen of India.. it can be suspended only during War and emergency ( Smt.Indira Gandhi paid heavy price for it). If you doubt my word pl. consult some legal friends of yours..
Thanking you,
with regards,
Vaithy
Zeeshan Quireshi
C# Be Sharp !
yups .gx_saurav said:
rocket357
Security freak
Vista...the *most* secure OS to date?!
Seriously, what are you smoking? I'd like to invite you to blow the little flying Windows out of your grape and check out a really secure OS...
*www.openbsd.org
When Vista has been around 10 years and can claim only 2 remote exploit vulnerabilities, I'll believe you that it's up there with OpenBSD.
Now don't get me wrong, I like Linux. I use Linux. But I don't parade around claiming nonsense. Linux has it's share of security problems...this is true. But let's get serious here...Vista might be the most secure *Microsoft* OS to date...but to claim overall? Surely ye jest!
Seriously, what are you smoking? I'd like to invite you to blow the little flying Windows out of your grape and check out a really secure OS...
*www.openbsd.org
When Vista has been around 10 years and can claim only 2 remote exploit vulnerabilities, I'll believe you that it's up there with OpenBSD.
Now don't get me wrong, I like Linux. I use Linux. But I don't parade around claiming nonsense. Linux has it's share of security problems...this is true. But let's get serious here...Vista might be the most secure *Microsoft* OS to date...but to claim overall? Surely ye jest!
rocket357
Security freak
gx_saurav said:
Ahh, the tune changes!
See now, that's funny, because I've used OpenBSD as a desktop. Yeah, I listened to mp3's, surfed the web, check my e-mail, watched movies, (and don't even get me started on OpenBSD's built-in firewall, because nothing that runs on Windows (Microsoft or otherwise) can touch pf), etc...sigh...no l33t games, though, but it sure beats the snot out of running so much (AV/Antispyware/etc...) in the background that I can hardly use my machine! I guess if you consider it only to be a "desktop" if you can play the latest games on it, then OpenBSD isn't a desktop system...
Actually, I like to think of OpenBSD's category as being "secure computing", regardless of what "tag" you apply to it...it makes a killer server, firewall appliance, or secure desktop.
And I would second the motion for PCBSD, but FreeBSD (and derivatives) still can't really touch OpenBSD, desktop or server. If we were talking performance, then FreeBSD/PCBSD would take the cake, but since we're talking security...ahh, well...
edit - oh, I get it...you mean Desktop as in "so easy a caveman could do it"? Yeah, if you're into letting other people make decisions for you, then I could see the issue with OpenBSD...it's not for the faint of heart or the weak of intellect...but it DOES make a killer desktop!
Last edited:
kumarmohit
Technomancer
^^ Hmm I was wondering how many people use BSD. So much for a "Killer Desktop"
BSD is great and all but its not very popular either. Not saying that it because BSD follows the principle of Security but I would really love to meet a non IT guy who uses BSD.
BSD is great and all but its not very popular either. Not saying that it because BSD follows the principle of Security but I would really love to meet a non IT guy who uses BSD.
rocket357
Security freak
You got me there...I've been programming since I was 8 years old...hardly a "typical home user", eh?kumarmohit said:
But if the topic was "Vista is still the most *popular* secure OS to date", then I'd be forced to agree. Unfortunately for your argument, the topic states simply that Vista is the most secure OS...which has already been proven to be incorrect. Also, since this isn't a popularity contest, I am forced to point and laugh at you for attempting to salvage some dignity when proven wrong.
haha@you
Point is, one shouldn't create such an idiotic thread topic without expecting a "Fight Club" style debate...
A trolling I will go, a trolling I will go...heh
edit -
This is a *really* good point, actually. The BSD's aren't typically "market share holders". Why is this, you ask? Because no matter how you cut it, you can't point and click your way to a secure system. I can see why RHE and Ubuntu were chosen to run statistics against...they're both (for the most part) point-and-click systems. Give me this analysis with Hardened Gentoo (none of that SELinux crap...I want PAX/RSBAC or grsecurity), OpenBSD, and Vista, and we might have a reality check in the making...(before you argue that those aren't "mainstream" setups, let me remind you that security was a major focus with Vista...so it would only be right to compare Vista to security-minded Linux and BSD). As for the Ubuntu fans...go get a real Linux distro ya effin noobs!kumarmohit said:
Last edited:
kumarmohit
Technomancer
Naturally this is not a popularity contest, but if BSD despite being great and all, is still not used by a Non IT/Programming user. I think its security features are all a waste.
What is the value of having a highly secure swiss bank (read BSD) if common people still have to keep their money buried in the backyard(Read Vista)
As for the point and click way to secure system, if there is no such way than it must be developed, You dont expect everyone whi can buy a comput er has to learn how it works.
I have a car, All I want to know is how to drive it, not the entire work mechanism of a car. Unless I am give a simple lock and key in the car, I can;t secure it, because not everyone knows how lock engagement can disable fuel being sent to car engine.
What I am saying is that degree of Security varies. It can be different for me becuase I keep on trying new things on PC, But for a common PC user, who does not venture in trying new softwares etc and installing every thing they can lay their hands security is a dfferent concept.
What is the value of having a highly secure swiss bank (read BSD) if common people still have to keep their money buried in the backyard(Read Vista)
As for the point and click way to secure system, if there is no such way than it must be developed, You dont expect everyone whi can buy a comput er has to learn how it works.
I have a car, All I want to know is how to drive it, not the entire work mechanism of a car. Unless I am give a simple lock and key in the car, I can;t secure it, because not everyone knows how lock engagement can disable fuel being sent to car engine.
What I am saying is that degree of Security varies. It can be different for me becuase I keep on trying new things on PC, But for a common PC user, who does not venture in trying new softwares etc and installing every thing they can lay their hands security is a dfferent concept.
Zeeshan Quireshi
C# Be Sharp !
and for how many years do the end-users have to wait for the latest software(majority) to be ported to BSD ?kumarmohit said:
rocket357
Security freak
I have a car. I'm not a mechanic. I've put in the effort to *learn* how to accomplish routine tasks to ensure the safety and security of my car.
Likewise, if I were given the opportunity to use a bank that was more secure, I'd put forth the effort to *learn*.
Point is, I'm not afraid to ask questions and put in effort to expand my knowledge of a given topic. I wasn't born with knowledge of programming, or computer security, or how internal combustion engines operate, or <whatever>. I put in the effort to learn because I realize that businesses are just that: a venue of money making for a couple of people. When corporations start truly caring about their end users, *then* end users can place a bit of trust in the products they produce. Until then (never, I'd argue), people who blindly trust big business are idiots.
So what can be done? Well, if I buy a car and it proves to be more trouble than it's worth (which has happened before, I can assure you), then I check out the competition. Oh, that Ford was a junker? Great...I'll ask around for opinions on Hondas, or Chevys, or whatever. I research. I learn. I don't wait for Service Pack 27 to be released. I move on. Typical Windows user? Been with M$ since day 1, through thick and thin, vulnerability after vulnerability...kinda makes you wonder who the idiot is, huh?
And Zeeshan, your post proves how little you know about open source. There are zero Windows programs that have been ported to *BSD...why? Because no one using BSD wants a buggy program that will introduce gaping security holes to their OS. What if I like xyz program running in Linux? Oh jeez...I install a compatibility package and I run the f*cking program *unmodified* on my BSD system! Or, better yet, I grab the source code and I build it from source (which sounds scary, but I can assure you it's nothing of the sort...) so it'll run native on my BSD machine.
But building from source...that takes KNOWLEDGE!
Bull. It takes this:
$ ./configure
<bunch of output>
$ make
<more output>
(and if I want to install it system wide):
# make install
<more output>
Sigh...I dunno if I can handle that...it's just too complex for even "typical home users".
Likewise, if I were given the opportunity to use a bank that was more secure, I'd put forth the effort to *learn*.
Point is, I'm not afraid to ask questions and put in effort to expand my knowledge of a given topic. I wasn't born with knowledge of programming, or computer security, or how internal combustion engines operate, or <whatever>. I put in the effort to learn because I realize that businesses are just that: a venue of money making for a couple of people. When corporations start truly caring about their end users, *then* end users can place a bit of trust in the products they produce. Until then (never, I'd argue), people who blindly trust big business are idiots.
So what can be done? Well, if I buy a car and it proves to be more trouble than it's worth (which has happened before, I can assure you), then I check out the competition. Oh, that Ford was a junker? Great...I'll ask around for opinions on Hondas, or Chevys, or whatever. I research. I learn. I don't wait for Service Pack 27 to be released. I move on. Typical Windows user? Been with M$ since day 1, through thick and thin, vulnerability after vulnerability...kinda makes you wonder who the idiot is, huh?
And Zeeshan, your post proves how little you know about open source. There are zero Windows programs that have been ported to *BSD...why? Because no one using BSD wants a buggy program that will introduce gaping security holes to their OS. What if I like xyz program running in Linux? Oh jeez...I install a compatibility package and I run the f*cking program *unmodified* on my BSD system! Or, better yet, I grab the source code and I build it from source (which sounds scary, but I can assure you it's nothing of the sort...) so it'll run native on my BSD machine.
But building from source...that takes KNOWLEDGE!
Bull. It takes this:
$ ./configure
<bunch of output>
$ make
<more output>
(and if I want to install it system wide):
# make install
<more output>
Sigh...I dunno if I can handle that...it's just too complex for even "typical home users".
Last edited:
iMav
The Devil's Advocate
may be u could tell me an OS which was released a decade ago and has no update release and is still running strongrocket357 said:
u wont be able to come up with 1 even in the last 3 years ... the thing is an update has to be made nothing in this world was made perfect the first time not even human ... so ur point of vulnerability after vulnerability shows who is the idiot
rocket357
Security freak
First, I never said anything was perfect upon release. Software is created by humans, and as such it has flaws...even OpenBSD has "bugfixes", but only twice in ten years has a bug resulted in a remote exploit. Why? Because OpenBSD is written for *code accuracy* (not security...security just happens to be a side-effect of accurate code).iMav said:may be u could tell me an OS which was released a decade ago and has no update release and is still running strong
Second, Microsoft has released how many revisions of their OS in the past 10 years? How many required Service Packs that re-wrote 1/2 the OS? Sounds to me like someone could use a lesson in *code accuracy*.
How many chances for remote exploit has Microsoft seen in 10 years? Now that we've established that, how many has OpenBSD seen? Oh, that's right...two.
10 years? That's old history, right?
Let's say six months, then...how many for Microsoft in six months? How many for OpenBSD? One.
Vulnerability after vulnerability? Indeed.
Edit - Vista wasn't released a decade ago...A decade ago Microsoft was still pushing the 9x series and we all know how THAT went for security purposes! In 1997, Windows 95 was at the helm of the Microsoft list...and security was so good in Win95 that I could hit escape at the login prompt, append a few characters to another user's password file, and then try to login as that user. Win95 was so kind that when it realized the password file was corrupted, it would ASK ME FOR A NEW PASSWORD for a user I shouldn't have had write access to! A decade ago, OpenBSD was beginning the massive code audit that is still going to this day. I guarantee you that even though bugs existed at that stage in the code, the system was intelligent enough to resist a simple attack such as the one I just described...
Have you read an OpenBSD vulnerability report? What about a Microsoft vulnerability report?
< taken from *www.kb.cert.org/vuls/id/986425 > March, 2007
OpenBSD: Systems connected to public IPv6 networks are particularly at risk from this vulnerability. However, since link-local addresses are part of the IPv6 specification and configured by default on Ethernet interfaces, even systems that have not been explicitly configured to use public IPv6 networks are vulnerable to attack from other systems on the same physical network or multicast network.
That's right...to exploit this bug, someone needs to be on my network already (and using the next generation ipv6, which isn't in widespread use except for Japan and academic institutions). The patch to fix it was available after a few days, and in the mean time a single line modification to one config file was all that it took to nullify this exploit.
< taken from: *www.kb.cert.org/vuls/id/511577 > Feb. 2007
Microsoft: Microsoft Malware Protection Engine contains a vulnerability that could be exploited when it attempts to process specially crafted PDF files. According to Microsoft Security Bulletin MS07-010, an integer overflow vulnerability exists in the way that the Microsoft Malware Protection Engine processes Portable Document Format (PDF) files. An attacker with the ability to supply a specially crafted PDF file could exploit this vulnerability. Note that according to Microsoft the Malware Protection Engine is a coponent of the following:
- Windows Live OneCare
- Microsoft Antigen for Exchange 9.x
- Microsoft Antigen for SMTP Gateway 9.x
- Microsoft Windows Defender
- Microsoft Windows Defender x64 Edition
- Microsoft Windows Defender in Windows Vista
- Microsoft Forefront Security for Exchange Server
- Microsoft Forefront Security for SharePoint
What about a fix for this bug? Oh, an update! Yay.
Last edited:
- Status