That's right, we had talked about that before.mikeb wrote:security by obscurity is a bit of a common myth....
Regards...
Anti-virus pioneer Alan Solomon thinks anti-virus is dead. H
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
The problem, beyond sheer blunders, is that Windoze is an attempt to force everyone on the Internet to use exactly the same binary code. The result is a monoculture which needs to be defended with the same ruthlessness as agricultural monocultures need to be defended from insects and fungi.
Malware is a business today, and profitability depends on being able to infect large numbers of systems without doing a lot of brain work to figure each one out.
@MikeB,
I do pass pictures, and even videos, via email, but these are sent as attachments which are opened by separate applications with strictly limited capabilities. The advantage of using a text-only email client is that even should malware become active in such a program, (and believe it or not there are such things), it does not have any sort of general computing environment in which to execute scripts.
With present browsers it is hard to say what they cannot do. Currently popular browsers are much larger than early operating systems. In the past, before I reached my present debilitated condition, I have written compilers that were considerably smaller than common browser helper objects. This isn't necessary for malware, with most current machines executing the same binary code, but it shows just how powerful and unpredictable these programs have become. It is more likely a codec used to display images will have a zero-day vulnerability a picture or video can exploit to execute arbitrary raw binary code. Most users have no idea what codecs are in their system, or which ones should be updated to eliminate vulnerabilities.
After thinking about your comment concerning full Adobe Acrobat, (not Adobe Reader) and the current state of relations between Adobe and M$, I've decided the problem originates in M$ software designed to prevent code piracy, not in Adobe corporate policy. M$ has never come up with a means of protecting intellectual property that does not devolve into M$, and its hordes of attorneys, being the effective arbiter in IP disputes. This is a particular problem when any other company has an IP dispute with M$, as I'm sure was intended.
Malware is a business today, and profitability depends on being able to infect large numbers of systems without doing a lot of brain work to figure each one out.
@MikeB,
I do pass pictures, and even videos, via email, but these are sent as attachments which are opened by separate applications with strictly limited capabilities. The advantage of using a text-only email client is that even should malware become active in such a program, (and believe it or not there are such things), it does not have any sort of general computing environment in which to execute scripts.
With present browsers it is hard to say what they cannot do. Currently popular browsers are much larger than early operating systems. In the past, before I reached my present debilitated condition, I have written compilers that were considerably smaller than common browser helper objects. This isn't necessary for malware, with most current machines executing the same binary code, but it shows just how powerful and unpredictable these programs have become. It is more likely a codec used to display images will have a zero-day vulnerability a picture or video can exploit to execute arbitrary raw binary code. Most users have no idea what codecs are in their system, or which ones should be updated to eliminate vulnerabilities.
After thinking about your comment concerning full Adobe Acrobat, (not Adobe Reader) and the current state of relations between Adobe and M$, I've decided the problem originates in M$ software designed to prevent code piracy, not in Adobe corporate policy. M$ has never come up with a means of protecting intellectual property that does not devolve into M$, and its hordes of attorneys, being the effective arbiter in IP disputes. This is a particular problem when any other company has an IP dispute with M$, as I'm sure was intended.
Hmm I would assume thunderbird would use say libjpeg just like any other software... the lack of software to run scripts embedded is a big bonus.
Just to clarify I was describing the adobe reader installer requires Internet Explorer's trident renderer to display the 'License Agreement' and an ok button...without that you cannot install or run the reader...
I mean notepad and a win32 button is incapable of this task after all
Forcing the presence of a major security risk to view a text document is beyond lame.... and quite intentional I would say as alternatives are simple and the vast majority of installers use them.
I tend to look at causes when there is a problem rather than treat the symptoms.... gateways are causes...antivirus is symptom treatment...the latter not so much dead as never really needed or effective in the first place... Otherwise how come I get no infections and antivirus users do?
mike
Just to clarify I was describing the adobe reader installer requires Internet Explorer's trident renderer to display the 'License Agreement' and an ok button...without that you cannot install or run the reader...
I mean notepad and a win32 button is incapable of this task after all
Forcing the presence of a major security risk to view a text document is beyond lame.... and quite intentional I would say as alternatives are simple and the vast majority of installers use them.
I tend to look at causes when there is a problem rather than treat the symptoms.... gateways are causes...antivirus is symptom treatment...the latter not so much dead as never really needed or effective in the first place... Otherwise how come I get no infections and antivirus users do?
mike
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
@MikeB,
Since Adobe Reader turns up in many devices which do not run M$ Windows I'm assuming your discovery is just the result of legacy software developed back in those days when M$ and Adobe were buddies. It never occurred to me that it would not install on Windoze machines if I had removed IE. I typically use Google Chrome on those machines, and had not noticed a problem. I don't try to remove or disable IE because it gets into far too many things connected with M$ software updates.
Legacy software is a real mess. We just found a vulnerability in secure communication going back to W95. ("You mean all those new, improved OSes from M$ were just recycling the same code?") Last night I had to explain a peculiarity in Windows Update to a friend. Why was it applying updates to .NET framework 3.5.1 when we had already installed .NET framework 4.5? Answer: just because it is outdated doesn't mean M$ can remove it. Their new, improved software is not really backwards compatible. They still need those older versions for applications that were written when they were current. Complexity moves in one direction only, until it reaches a level nobody can handle. We might be there right now.
Since we've pretty well disposed of signature analysis in this thread, you might be thinking you could fall back on behavioral analysis to detect malware. The problem is that you can't tell, using only behavior, some really vicious stuff from "legitimate" code that allows a select list of companies to rape and pillage computer users after telling them "we respect your privacy, and we'll still respect it in the morning". Nor can you tell if a coding blunder which opens your machine to exploits is a typical SNAFU or deliberate malice aforethought. Don't assume you have any legal protection unless you can prove criminal intent.
Since Adobe Reader turns up in many devices which do not run M$ Windows I'm assuming your discovery is just the result of legacy software developed back in those days when M$ and Adobe were buddies. It never occurred to me that it would not install on Windoze machines if I had removed IE. I typically use Google Chrome on those machines, and had not noticed a problem. I don't try to remove or disable IE because it gets into far too many things connected with M$ software updates.
Legacy software is a real mess. We just found a vulnerability in secure communication going back to W95. ("You mean all those new, improved OSes from M$ were just recycling the same code?") Last night I had to explain a peculiarity in Windows Update to a friend. Why was it applying updates to .NET framework 3.5.1 when we had already installed .NET framework 4.5? Answer: just because it is outdated doesn't mean M$ can remove it. Their new, improved software is not really backwards compatible. They still need those older versions for applications that were written when they were current. Complexity moves in one direction only, until it reaches a level nobody can handle. We might be there right now.
Since we've pretty well disposed of signature analysis in this thread, you might be thinking you could fall back on behavioral analysis to detect malware. The problem is that you can't tell, using only behavior, some really vicious stuff from "legitimate" code that allows a select list of companies to rape and pillage computer users after telling them "we respect your privacy, and we'll still respect it in the morning". Nor can you tell if a coding blunder which opens your machine to exploits is a typical SNAFU or deliberate malice aforethought. Don't assume you have any legal protection unless you can prove criminal intent.
It would have been something like adobe reader 9 or 10.....
Their buddy system is very fickle....
I disable the update system since most of them seem to be for plugging holes in the things I remove. No IE only affects automatic updates.. they can be done manually and you get to choose what you really need.
If I left mshtml.dll and such in its more for some of the silly configs that want it rather than letting it get near the internet. Running without it altogether still leaves a workable system which I used for some years...and thats how I always run 2000 as it removes more cleanly. I usually have enough removed so that installers that want to take you to their buddies website cannot regardless....
Minor inconvenience as opposed to regularly trashed system I suppose is the trade off.
mike
Their buddy system is very fickle....
I disable the update system since most of them seem to be for plugging holes in the things I remove. No IE only affects automatic updates.. they can be done manually and you get to choose what you really need.
If I left mshtml.dll and such in its more for some of the silly configs that want it rather than letting it get near the internet. Running without it altogether still leaves a workable system which I used for some years...and thats how I always run 2000 as it removes more cleanly. I usually have enough removed so that installers that want to take you to their buddies website cannot regardless...
.Minor inconvenience as opposed to regularly trashed system I suppose is the trade off.
mike
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
@MikeB,
I don't suppose you are maintaining systems for naive users. I'd find it impossible to explain why they couldn't use IE, and why major functions of even Windows Explorer were disabled. The changes you talk about disable all kinds of things naive users are constantly encouraged to use by vendors.
Aside: my last conversation with the user of one system I rescued revolved around 64-bit versus 32-bit software. After several years of using the system he discovered IE was running in 32-bit mode on a 64-bit system. Checking a number of other applications showed they were also 32-bit. There were instructions for enabling 64-bit mode, which carried warnings that stopped him.
Q: why did I pay for a 64-bit system?
I suppose the answer would be that this was primarily a marketing gimmick that wouldn't affect him unless he started running programs using a great deal more memory than he had. When we went to expand RAM we discovered it would not take more than 4 GB. Apparently, the manufacturer had paired a 64-bit processor with support chips carrying a limit of 32-bit physical addresses.
The "marketing gimmick" answer would also apply to any number of highly-touted "features" for which naive users buy new machines and operating systems.
I don't suppose you are maintaining systems for naive users. I'd find it impossible to explain why they couldn't use IE, and why major functions of even Windows Explorer were disabled. The changes you talk about disable all kinds of things naive users are constantly encouraged to use by vendors.
Aside: my last conversation with the user of one system I rescued revolved around 64-bit versus 32-bit software. After several years of using the system he discovered IE was running in 32-bit mode on a 64-bit system. Checking a number of other applications showed they were also 32-bit. There were instructions for enabling 64-bit mode, which carried warnings that stopped him.
Q: why did I pay for a 64-bit system?
I suppose the answer would be that this was primarily a marketing gimmick that wouldn't affect him unless he started running programs using a great deal more memory than he had. When we went to expand RAM we discovered it would not take more than 4 GB. Apparently, the manufacturer had paired a 64-bit processor with support chips carrying a limit of 32-bit physical addresses.
The "marketing gimmick" answer would also apply to any number of highly-touted "features" for which naive users buy new machines and operating systems.
Major functions??? ... well its usually related to settings that yer average user don't even know exist.... one example is the services screen.... the change just means it lacks the totally unnecessary fancy version but still works. Same for the user profiles... the result actually makes more sense and needs a minor shortcut change to get to.
Naive....well I just explained where all the malware and unreliability came from , gave a tour of thee awfully nice alternative software and visited afterwards to see how they got on with a system that did not break every other day...seemed to make them happy. Never found anyone that liked Vista either.... being able to use their computers 20-30 seconds after power on was a great way to gain interest and that involved them 'suffering' XP again....
Actually opening their eyes to the joy of truly free software was perhaps the biggest step..... Most assume that what they have is all there is....and are pleasantly surprised that they don't have to pay for programs that trap them into a cycle of replacement at further cost or wreak their computers all the time.
Those who wanted to hold onto that which was bad for their machines I could do nothing for..... a bit like doctors who advise their patients what they need to do to avoid dying in the near future but they carry on and abuse themselves regardless.
mike
Naive....well I just explained where all the malware and unreliability came from , gave a tour of thee awfully nice alternative software and visited afterwards to see how they got on with a system that did not break every other day...seemed to make them happy. Never found anyone that liked Vista either.... being able to use their computers 20-30 seconds after power on was a great way to gain interest and that involved them 'suffering' XP again....
Actually opening their eyes to the joy of truly free software was perhaps the biggest step..... Most assume that what they have is all there is....and are pleasantly surprised that they don't have to pay for programs that trap them into a cycle of replacement at further cost or wreak their computers all the time.
Those who wanted to hold onto that which was bad for their machines I could do nothing for..... a bit like doctors who advise their patients what they need to do to avoid dying in the near future but they carry on and abuse themselves regardless.
mike
Using a stripped down XP like mikeb describes myself, in the Motorcycle shop.
Dual booter with Macpup 529 Frugal
No Adobe acrobat. xpdf has a Windows version.
fbreader has a Windows version.
I threw in a Comic book reader for the hell of it also.
No online AV. ClamAV makes a Windows version.
SuperAntiSpyware for the browser.
Windows Media Player?
I went with smplayer and winamp instead.
No IE or .NET in my system. Any external software install that says .net needs installing for it to work. I cancel the install and look else where for a
alternative.
I ran into that finding dvd burning software. I went with a custom ImageBurn
install instead.
Browser. IE is gone. Running Slimboat for Windows presently.
This is on a Wireless G IBM M41 Tower with 1 gig of ram and a 1.8 GHZ cpu with a DVDRW and disconnected DVDROM, I needed the IDE cable
for another hard drive I use for storage.
Xp loading bar only crosses the screen twice before Login screen.
It is snappy, and as long as I am careful. I'll be cool.
I use it mostly for for Motorcycle business anyways.
It runs Libreoffice just fine.
t
Next to it is a Slack0 and Carolina Towers. Play toys for Bikers.
Updates disabled. Nothing installs without asking me 1st if it is OK.
So yeah. No real active anti-virus stuff going on on that IBM.
So, Have at it I guess. We straw in the mouth country boys are known as
a naive bunch anyways.
Dual booter with Macpup 529 Frugal
No Adobe acrobat. xpdf has a Windows version.
fbreader has a Windows version.
I threw in a Comic book reader for the hell of it also.
No online AV. ClamAV makes a Windows version.
SuperAntiSpyware for the browser.
Windows Media Player?
I went with smplayer and winamp instead.
No IE or .NET in my system. Any external software install that says .net needs installing for it to work. I cancel the install and look else where for a
alternative.
I ran into that finding dvd burning software. I went with a custom ImageBurn
install instead.
Browser. IE is gone. Running Slimboat for Windows presently.
This is on a Wireless G IBM M41 Tower with 1 gig of ram and a 1.8 GHZ cpu with a DVDRW and disconnected DVDROM, I needed the IDE cable
for another hard drive I use for storage.
Xp loading bar only crosses the screen twice before Login screen.
It is snappy, and as long as I am careful. I'll be cool.
I use it mostly for for Motorcycle business anyways.
It runs Libreoffice just fine.
t
Next to it is a Slack0 and Carolina Towers. Play toys for Bikers.
Updates disabled. Nothing installs without asking me 1st if it is OK.
So yeah. No real active anti-virus stuff going on on that IBM.
So, Have at it I guess. We straw in the mouth country boys are known as
a naive bunch anyways.
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
How do you deal with people whose job requires them to use Outlook to access job-related email from home? The local public school system is one such employer.
My encounters with them, and their IT staff, have been enough to provoke despair. At one time I got several obsolete machines set up so they would only run the programs needed to access a single Internet site used by first-graders. This bypassed all the other networking problems neither kids nor teachers had a chance of understanding. This produced a predictable response. County IT staff declared such machines dangerous, and forbid them from classrooms. The first graders went back to taking turns to access machines that sometimes worked via the county LAN. Last time I heard about the situation the kids were having to type in long passwords (which the teachers could not remember) every day, and even do this twice, for reasons never adequately explained. I find that these first graders already advise each other to "reboot your machine."
One advantage of centralized control was dramatically illustrated when county IT staff pushed network software down the pipe which disabled the drivers allowing teachers to use iPhones or Android phone apps to change slides on projectors. This took place the night before a series of presentations for parents were scheduled, and I got panicked calls which caused me to go out and buy a wireless keyboard with a USB receiver that behaved like a wired keyboard. Teachers at one school got through the day by passing this from one room to another, and using the arrow keys to change slides from across the room. (Another teacher went out and bought an identical keyboard to keep tucked away for later rounds of this conflict.) I have since shown them cheap laser pointers with USB receivers which also require no special driver. These do very well at controlling projectors without any software the IT department controls. I suppose this solution will hold until the IT department blocks all USB ports.
Never mind running Slimboat, the IT department is highly suspicious of Google Chrome, Opera and Firefox. (You can guess where they are getting their advice about which software to trust implicitly.)
The IT department and I happen to agree about the hazards of using Yahoo! and Facebook from school, though so far they have failed to control iPhones. Since I can't stop these people from accessing both from home, I'm forced to run antivirus programs, and do regular scans and backups myself. (I'm still working on getting them to use a decent email client. I've even offered to set up a Gmail account they have to access Yahoo! mail so they can use this instead of going to Yahoo! This is all considered "too complicated".)
This topic was started by the prospect that this approach will shortly collapse. What do I do for these friends then? I don't expect to make IT security experts out of first-grade teachers.
My encounters with them, and their IT staff, have been enough to provoke despair. At one time I got several obsolete machines set up so they would only run the programs needed to access a single Internet site used by first-graders. This bypassed all the other networking problems neither kids nor teachers had a chance of understanding. This produced a predictable response. County IT staff declared such machines dangerous, and forbid them from classrooms. The first graders went back to taking turns to access machines that sometimes worked via the county LAN. Last time I heard about the situation the kids were having to type in long passwords (which the teachers could not remember) every day, and even do this twice, for reasons never adequately explained. I find that these first graders already advise each other to "reboot your machine."
One advantage of centralized control was dramatically illustrated when county IT staff pushed network software down the pipe which disabled the drivers allowing teachers to use iPhones or Android phone apps to change slides on projectors. This took place the night before a series of presentations for parents were scheduled, and I got panicked calls which caused me to go out and buy a wireless keyboard with a USB receiver that behaved like a wired keyboard. Teachers at one school got through the day by passing this from one room to another, and using the arrow keys to change slides from across the room. (Another teacher went out and bought an identical keyboard to keep tucked away for later rounds of this conflict.) I have since shown them cheap laser pointers with USB receivers which also require no special driver. These do very well at controlling projectors without any software the IT department controls. I suppose this solution will hold until the IT department blocks all USB ports.
Never mind running Slimboat, the IT department is highly suspicious of Google Chrome, Opera and Firefox. (You can guess where they are getting their advice about which software to trust implicitly.)
The IT department and I happen to agree about the hazards of using Yahoo! and Facebook from school, though so far they have failed to control iPhones. Since I can't stop these people from accessing both from home, I'm forced to run antivirus programs, and do regular scans and backups myself. (I'm still working on getting them to use a decent email client. I've even offered to set up a Gmail account they have to access Yahoo! mail so they can use this instead of going to Yahoo! This is all considered "too complicated".)
This topic was started by the prospect that this approach will shortly collapse. What do I do for these friends then? I don't expect to make IT security experts out of first-grade teachers.
-
prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
Another insight into exactly how ubiquitous the sources of these problems are in Windoze world.
While chasing down one of the really nasty infections in one machine I discovered that even installing video graphics adapter drivers direct from the chipset manufacturer installed .NET 4.5. This is also true for nVidia, which needs .NET for "the nVidia experience". Even a standard program used to uninstall graphics adapter drivers requires .NET 2.0. The video card I was troubleshooting was designed for gaming several years back. I now find the same instruction sets embedded in processors. AMD includes Radeon GPUs in some APUs, while nVidia has ION drivers in support chips. These will allow you to play World of Warcraft on your netbook. The distinction between gamers and ordinary users is vanishing.
(Did I mention that software for first-graders is heavy on interactive graphics?)
You don't even need to install graphics drivers. You can get similarly "helpful" programs from the motherboard vendor. Naturally, various social media also rely on .NET. (Nobody who knows anything uses social media, right? What happens when you click Like?)
Now, anyone care to explain that policy of avoiding anything requiring .NET to either the first-graders or their teachers?
While chasing down one of the really nasty infections in one machine I discovered that even installing video graphics adapter drivers direct from the chipset manufacturer installed .NET 4.5. This is also true for nVidia, which needs .NET for "the nVidia experience". Even a standard program used to uninstall graphics adapter drivers requires .NET 2.0. The video card I was troubleshooting was designed for gaming several years back. I now find the same instruction sets embedded in processors. AMD includes Radeon GPUs in some APUs, while nVidia has ION drivers in support chips. These will allow you to play World of Warcraft on your netbook. The distinction between gamers and ordinary users is vanishing.
(Did I mention that software for first-graders is heavy on interactive graphics?)
You don't even need to install graphics drivers. You can get similarly "helpful" programs from the motherboard vendor. Naturally, various social media also rely on .NET. (Nobody who knows anything uses social media, right? What happens when you click Like?)
Now, anyone care to explain that policy of avoiding anything requiring .NET to either the first-graders or their teachers?
-
darry1966
I second that Mikeb.mikeb wrote:All I can say is that when it comes to IT teachers are idiots...always have been and probably will continue to be.
We home school so the kids have a chance to actually learn something useful.
I could say more but I am probably preaching to several converted.
Mike
My the way Mike just curious is there a way to hack Windows so that you can use another Window Manager other than windows Explorer so that your hooks as were are lessened even further by the underlying system using something more much in the way you can replace Rox-filer with say thunar or PCMANfm in Linux for everything from wallpaper to file management????
Basically is there an alternative to Explorer shell or Underlying explorer system management?? So you don't get windows explorer is not responding messages.
Hi...darry1966 wrote:Basically is there an alternative to Explorer shell or Underlying explorer system management?? So you don't get windows explorer is not responding messages.
It appears that there are window manager utilities like the ones here and here, but I'm not sure you can remove or uncouple windows explorer from the OS, or at least not easily.
You would also need to check if the EULA permits this for the version of Windows you're using.
Regards...
Last edited by ardvark on Sat 06 Dec 2014, 02:01, edited 1 time in total.
https://windows.kde.org/
https://techbase.kde.org/Projects/KDE_o ... stallationThe KDE on Windows Initiative is an ongoing project to port the KDE applications to MS Windows. Currently supported versions of Windows are XP, Vista and 7.
Well they all use the same apis anyway.
If you truly remove the IE stuff those 'explorer not responding' occurrences disappear anyway....along with undesirable software
I think it was most dramatic on 98 whaich went from hopeless to a stable safe system....by the way that could use the windows 95 windows explorer.
I just use windows explorer.... works the best once decluttered being the native bunny..... browsui is still called up as that became part of it in a non removeable way as are the internet temp/history...but they have no active X/IE/mshtml hooks to do anything bad with.
If you get the fetish you could always change the desktop program in the registry...even use progman!!...I did play with talisman....but they all ended up clumsy compared to native.
By th e way the test for a truly removed IE is to put a web address in the windows explorer address bar and see what happens.... nothing is the aim....
mike
If you truly remove the IE stuff those 'explorer not responding' occurrences disappear anyway....along with undesirable software
I think it was most dramatic on 98 whaich went from hopeless to a stable safe system....by the way that could use the windows 95 windows explorer.
I just use windows explorer.... works the best once decluttered being the native bunny..... browsui is still called up as that became part of it in a non removeable way as are the internet temp/history...but they have no active X/IE/mshtml hooks to do anything bad with.
If you get the fetish you could always change the desktop program in the registry...even use progman!!...I did play with talisman....but they all ended up clumsy compared to native.
By th e way the test for a truly removed IE is to put a web address in the windows explorer address bar and see what happens.... nothing is the aim....
mike
-
bark_bark_bark
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
-
darry1966
Quotemikeb wrote:Well they all use the same apis anyway.
If you truly remove the IE stuff those 'explorer not responding' occurrences disappear anyway....along with undesirable software
I think it was most dramatic on 98 whaich went from hopeless to a stable safe system....by the way that could use the windows 95 windows explorer.
I just use windows explorer.... works the best once decluttered being the native bunny..... browsui is still called up as that became part of it in a non removeable way as are the internet temp/history...but they have no active X/IE/mshtml hooks to do anything bad with.
If you get the fetish you could always change the desktop program in the registry...even use progman!!...I did play with talisman....but they all ended up clumsy compared to native.
By th e way the test for a truly removed IE is to put a web address in the windows explorer address bar and see what happens.... nothing is the aim....
mike
For windows version before Windows 95, you had Calmira has a 3rd party Windows shell. It was actually developed for Windows 3.1 after the year 2000 came.
Thanks Guys for the replies. wow Progman that takes me back to my 3.1 days.
http://www.calmira.de/