« Rev
@reactos   100
Fwd »


Kirn
"do a quick research" I'm familiar, kiddo, but here's the reality... unless you're buying poorly made Chinese drives, or SanDisk/Kingston drives, this isn't a problem. Get a brand that doesn't expose the firmware update ioctls, like PNY.
Kirn
And even Kingston is starting to wisen up and use mask ROM for their controller firmware
Kirn
Good luck overwriting physically encoded firmware.
Rolando. E.R.
Kinda late. There are millions of Kingston drives out there, they are quite popular.
Rolando. E.R.
SanDisk as well.
Kirn
Although, this also begs a question
Kirn
Why are flash drives being used at all anymore? In an era of cloud storage solutions, they seem... Well, like listening to music on cassette.
Rolando. E.R.
And yet you say "Windows does it better".. -_-
Kirn
It does.
Rolando. E.R.
Why are flash drives being used at all anymore? In an era of cloud storage solutions, they seem... Well, like listening to music on cassette.
That's frankly stupid. How the hell am I supposed to take a papaper to printwork? Or carry some big files to an offline machine? Or take a movie for projection on the classroom? Or anything else that using internet would be just idiotic and too expensive/unpractical?
Kirn
After all, if you have malware that exploits macro languages in common word-processing software, whats to stop it from running on Linux?
Rolando. E.R.
It does.
I don't think so.
Rolando. E.R.
You would have to configure and compile it to execute under Linux.
Kirn
Yeah, no, you aren't getting it
Rolando. E.R.
Even if you run malware inside WINE, it will never get passed the fake C drive it creates.
Rolando. E.R.
Unless is prepared to screw the hardware.
Kirn
You would be easier to 0wn than a Windows user because of your total misunderstanding
Eris
1) NTFS
the poll is fucking dead there are better things to do
Kirn
Wine doesn't stop raw filesystem access
Rolando. E.R.
But even then, there's no guarantee, since Windows kernel instructions usually have no equivalent in Linux, and probably require root permission.
Kirn
Sure. -_-
Ready for me to school you?
Rolando. E.R.
What are you waiting for?
Kirn
Even if you run malware inside WINE, it will never get passed the fake C drive it creates.
There's the fake Z drive, and even if that's not mapped, if a Windows program uses file API calls using raw UNIX paths, they work regardless of what's mapped
Rolando. E.R.
On Windows, NT AUTHORITY\SYSTEM privliege is needed
Only at first access, after that the sofware can keep the permission and execute at any level by itself.
Kirn
Only at first access, after that the sofware can keep the permission and execute at any level by itself.
Same on Linux, it's what we call a rootkit. Oh, and you can even get root from the most locked-down sandbox by exploiting dirty copy-on-write pages!
Kirn
You would have to configure and compile it to execute under Linux.
But you implied that malware is more than Win32 executables, so why would this matter unless malware can only be Win32 executables?
Kirn
Adobe Flash exploits don't come as code targeting any specific OS
Rolando. E.R.
Same on Linux, it's what we call a rootkit. Oh, and you can even get root from the most locked-down sandbox by exploiting dirty copy-on-write pages!
I'm sure it is possible, but I can't imagine malware designed for Windows and at the same time prepared to exploit vulnerabilities under Linux.
Kirn
they use e.g. buffer overflows and call tables that work the same under all OSes
Rolando. E.R.
Adobe Flash exploits don't come as code targeting any specific OS
What does that have to do with infected thumbdrives?
Rolando. E.R.
The first proof-of-concept malware that could do that came out in 2004.
Ok. Where are the other implementations?
Rolando. E.R.
I haven't heard of anyone till today.
Kirn
What does that have to do with infected thumbdrives?
The point still stands. If the malware works by exploiting bugs in a document/file viewer, then it stands to reason it can exploit on any OS
Kirn
Ok. Where are the other implementations?
I have no idea; I don't follow malware news often, since it's something of a moot point these past few years
Rolando. E.R.
The point still stands. If the malware works by exploiting bugs in a document/file viewer, then it stands to reason it can exploit on any OS
Not really. If you ever used Linux, then you know that Flash has always been a problem, so is practically inexistent.
Rolando. E.R.
You can force the execution of Flash, but only by forcing it.
Kirn
Google Chrome, LibreOffice, Skype, Firefox...
Rolando. E.R.
Or getting a distro with Flash installed by default.
Kirn
A problem for Windows.
No, also a problem for Linux. If you don't think so, you're seriously ignorant on security issues.
Rolando. E.R.
Still you must admit that components being updated once a week is way safer than a 2 years old Windows intall.
Kirn
You could get in trouble by loading payloaded JavaScript as part of an offline webpage. If it can own your version of Google Chrome, it's going to own it on every OS.
Rolando. E.R.
Or Skype.
Kirn
I don't use Google Chrome.
There's no web browser available for Linux (or more importantly, rendering engine) that's not available for Windows.
Rolando. E.R.
Mostly use Links.
Kirn
That's scary because of how... fragile it is.
Rolando. E.R.
You can easily disable scripts inside the browser. Easy to solve as well.
Kirn
although the rareness provides some protection as it's not going to be targeted, but still.
Kirn
You can easily disable scripts inside the browser. Easy to solve as well.
And then you can go about attacking the HTML parser, the CSS parser, any of the image rendering libraries (if a graphical browser), etc.
Rolando. E.R.
No system is 100% secure, but the popularity of Windows and stupidity of it's users made it a heaven for malware. So you can't just say "it does it better", when they give a shit about your protection.
Rolando. E.R.
Some exploited backdoors are MS's backdoors. 😆
Kirn
Hell, a long time ago, iOS was rooted via an attack on the PDF rendering engine
Rolando. E.R.
Yet, you're arguing security through obscurity when that's not security at all.
There's nothing obscure in the Linux ecosystem. -_-
Kirn
There's nothing obscure in the Linux ecosystem. -_-
True, but, you want to know the best way to stay secure if your goal is to stay safe through unusual software?
Kirn
Take primarily Linux software, and run it on Windows
Kirn
for simplicity's sake, the exploits will target Linux only
Rolando. E.R.
Hell, a long time ago, iOS was rooted via an attack on the PDF rendering engine
Not relevant. Untill an exploit point is discovered, all you can consider is a remote possibility, but there's no certainty.
Rolando. E.R.
And you still never explained how Windows "does it better". :v
Eris
this chat should be named "Windows and Linux Discussion"
Kirn
this chat should be named "Windows and Linux Discussion"
Because you dont like where is it going?
Kirn
You can always leave.
Eris
Because you dont like where is it going?
the derailing is strong with this one
Kirn
the derailing is strong with this one
So why don't you do something about it besides being a passive-aggressive asshole?
Hendrik
So why don't you do something about it besides being a passive-aggressive asshole?
maybe because he doesnt give a shit about random internet peoples opinion like everyone else. if you think windows "does it better" no one will stop you from using it but PLEASE stop trying to patronise people
Hendrik
imho thats still no reason to patronise stupid fanboys over the internet (i use windows and linux and both sides have their highlights and negatives)
Kirn
Meh, wanna talk about routers?
« Rev
@reactos   100
Fwd »