Biometrics

[Dan]

Thanks again, Steve. I will focus and post more on this debate after Annie
has been helped in this newsgroup. I just like the idea of having a totally
brand new code which I wonder if it will happen after Windows 7. I am
referring to this article in particular.


http://iht.com/articles/2008/06/29/technology/digi20.php

"Steve Riley [MSFT]" wrote:

> Thanks for reading.
>
> 1. More detail, please. Which ones do you have in mind that we haven't
> implemented?
>
> 2. There is no "internal safety" in the 9x code. If you connect a 9x
> computer to the Internet, it will get attacked. There are plenty of ways to
> boot a computer with an alternate operating system if you need to perform
> some kind of maintenance. (Note that as more and more people move to volume
> and drive encryption, there will be additional steps, especially around key
> archiving and recovery passwords.)
>
> 3. This is a typical recommendation for root certificate servers -- they are
> the sources of authority for identity and they don't need to be online, so
> keeping them disconnected and physically secure is sage advice. (And note
> that you can't really ever "prove" that someone isn't a spy -- you can't
> prove a negative.)
>
> 4. Most organizations achieve huge support cost savings by _standardizing_
> on hardware. Per-machine custom twiddles add unnecessary complexity, which
> increases the likelihood making configuration mistakes, which attackers will
> then exploit. (The TPM chip, a hardware device that can store encryption
> keys among other things, provides a useful machine identity.)
>
> 5. Can't argue with that.
>
> 6. You're talking about honeypots and honeynets. They're interesting for
> learning about attacker behavior and motivations, but they aren't security
> devices.
>
> 7. I'm not sure why you insist that the current version of Windows is the
> same as NT. Over time we have rewritten much of the code. One example is the
> IP stack in Vista/2008 -- it's all new.
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:A415E3B7-1750-44E6-8BDE-707D90A5EDB0@microsoft.com...
> > I looked over your blog and like your points Steve. You certainly have a
> > great grasp of the security aspect of protecting computers. Now here is
> > my
> > view:
> >
> > 1. Please implement all of your security protocols
> >
> > 2. Use Windows 98 Second Edition Machines as a safety internal protocol
> > as
> > Chris Quirke, MVP suggests how the internal safety of 9x is awesome and
> > makes
> > remote hacking difficult thus when someone does manage to hack a network
> > they
> > cannot overcome the internal safety of the 9x operating system that has
> > the
> > maintenance operating system of DOS that Chris Quirke, MVP maintains is
> > sorely lacking in Vista.
> > Consider the possibility of having one 98 Second Edition machine as a
> > Gateway to the Network.
> >
> > 3. Maintain certain machines as off-line only in locked and secure rooms
> > with minimal access and information only given on an as needed basis as is
> > done in the military and at defense companies like Raytheon after full
> > background checks and after enough time has passed that you can prove the
> > person is not a spy.
> >
> > 4. Implement the proper configuration and customize hardware options of
> > all
> > machines so if a certain machine that is released in the market has been
> > compromised the security and safety of your network is not at risk.
> >
> > 5. Inform US-Cert (Department of Homeland Security in the States) of any
> > attempted and seriously probing of your network.
> >
> > 6. Ideally have special catching machines to attract high level hackers to
> > them for highly valued informaion via the proper protocol of bait and
> > catch.
> >
> > 7. Have Fun and See How Many Hackers you can Catch and Remember this is
> > Truly all a Game of being able to one up the hackers --- ideally Microsoft
> > will soon have a 3rd source code that can finally put 9x and NT to rest
> > and
> > have the best of safety and security within one source code but I wonder
> > if
> > this is even possible but certainly Microsoft does need a new source code.
> >
> > Thanks Again for all of your Advice and Your Great Blog and Feel Free to
> > Let
> > Me Know My Shortcomings in the Debate --- I really appreciate your
> > Feedback
>
>

 

[Root Kit]

On Mon, 21 Jul 2008 04:22:00 -0700, Dan
<Dan@discussions.microsoft.com> wrote:

>I just like the idea of having a totally brand new code which I wonder if it will
>happen after Windows 7. I am referring to this article in particular.
>
>http://iht.com/articles/2008/06/29/technology/digi20.php

Brand new code is seldom very stable and mostly buggy. And what would
be the reason for throwing away years of development just for the sake
of starting from scratch?

The article's comparison to Mac OS X is a bit far fetched, since Mac
OS X builds on an "old" Unix code base. Not that this is a bad idea at
all, but talking about "brand new code" in this context may be a
little .......

 

[Dan]

Well, then I join Chris Quirke, MVP as part of the internal safety community.
The multi-leveled security approach must include external security with NT
as well as internal safety of 9x. I have maintained this approach for a
while (since at least 2001) and have not seen compelling enough evidence to
make me change my views despite reading numerous technet articles at
Microsoft, taking computer courses in college, working with PC's since about
1984 when my Dad, Ivan taught me BASIC programming on an IBM PCjr which I
still own and it still runs. I feel that being a gamer as well has helped
expand my mind to see further aspects of the debate and not be too focused on
one side.

For example, Mozilla Firefox supports 256 bit AES encryption with Windows 98
Second Edition but Internet Explorer is so unfocused on security and safety
that it only allows a maximum of 128 bit cipher strength unless users except
Vista which has a great security aspect but still needs work on the
compatibility side as I mentioned the strange issue with my IPOD Mini and not
working with Vista one day and the next day working when I went to the Apple
Store and the music played on Itunes and I felt like a fool although I think
the tech. believed me although that does not matter to much. In addition,
the convenience of ActiveX technology within IE is great for auto-updates but
presents another front for hackers to compromise systems as well as the
remote access within XP as well as not tightening up IE default (stupid and
weak) security settings. I think Microsoft's mistake was in 1998 when they
decided to tie Internet Explorer as an integral part of the Windows operating
system. As I said before, Microsoft is not alone in this because Apple ties
Itunes with Quicktime and if you remove Quicktime then you get an error
message and cannot run Itunes. The whole issue of tying products as one is
stupid and makes computer users much less safe and secure because then the
computer user has to deal with security issues in both products when they may
use only one such as me only using Itunes and not caring about Quicktime but
having to update and maintain it as one. Anyway, I broke my word about not
continuing this debate until Annie's computer issue is fixed and so I am
sorry about that but I tend to be impulsive sometimes.

"Paul Adare - MVP" wrote:

> On Thu, 17 Jul 2008 10:50:01 -0700, Dan wrote:
>
> > Thank you for your feedback, Steve. I was wondering since the Windows 9x
> > source code is now so old and not really useful then would Microsoft be
> > willing to sell it. I can think of some buyers who would be willing to pay
> > good money for the 9x source code and since it is no longer useful to
> > Microsoft because it is so old then why not just get rid of it and be done
> > with this now useless technology.
>
> Intellectual Property is not all about bits and lines of source code. You
> also need to consider the algorithms that are being used. Just because
> Windows 9x is no longer being sold or maintained does not mean that there
> is no IP in the source code that Microsoft needs to protect.
>
> >
> >
> > The NT source code was leaked:
> >
> > http://www.microsoft.com/presspass/press/2004/Feb04/02-12windowssource.mspx
>
> This is pretty much a non-sequitur. Just because some source code was
> leaked, it doesn't follow that Microsoft should sell off old source code.
>
> While Chris Quirke is an MVP that does not mean that his whole "maintenance
> OS" concept is endorsed by Microsoft, nor does it mean that it is endorsed
> by the security community at large.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> No program done by an undergrad will work after she graduates.
>

 

[Dan]

Thank you for your feedback, b_nice but remember to try and follow your
mantra especially regarding Robear, MVP who you were mean to and I have not
forgotten that but I have not plunked anyone yet. You do have a valid point
and thus the need for incorporating the NT, 9x, and potentially Unix/Linux
and/or a new code within one.

I certainly do not have the expertise to accomplish this task but it is at
least food for thought even if it is not possible while I write this feedback
on the 98 Second Edition side of my computer on a Fat32 drive compared to the
NTFS drive with Windows XP Professional on it. I still want to play around
more with Ubuntu Linux but do not have enough time because of work and life.
I had to remove 2 ram sticks and put in a 512 megabyte Sdram module to
replace the 2 gigabytes of ram that are not supported in 98 Second Edition
even despite my attempts at it with the memory management article.

http://www.winsupportcenter.org/win4/a/memmgmt.php

"Root Kit" wrote:

> On Mon, 21 Jul 2008 04:22:00 -0700, Dan
> <Dan@discussions.microsoft.com> wrote:
>
> >I just like the idea of having a totally brand new code which I wonder if it will
> >happen after Windows 7. I am referring to this article in particular.
> >
> >http://iht.com/articles/2008/06/29/technology/digi20.php
>
> Brand new code is seldom very stable and mostly buggy. And what would
> be the reason for throwing away years of development just for the sake
> of starting from scratch?
>
> The article's comparison to Mac OS X is a bit far fetched, since Mac
> OS X builds on an "old" Unix code base. Not that this is a bad idea at
> all, but talking about "brand new code" in this context may be a
> little .......
>

 

[Root Kit]

On Mon, 21 Jul 2008 06:49:04 -0700, Dan
<Dan@discussions.microsoft.com> wrote:

>Thank you for your feedback, b_nice but remember to try and follow your
>mantra especially regarding Robear, MVP who you were mean to

Am I misinterpreting something, or are you actually asking me to be
mean to you?

>and I have not forgotten that

Your memory situation is of no relevance to the topic discussed.

>but I have not plunked anyone yet.

I assume you mean "plonked".

Even if you did, I wouldn't loose one minute of sleep over it. What
makes you believe I'd care? Just stick to the topic.

 

[Dan]

Right, Bye

"Root Kit" wrote:

> On Mon, 21 Jul 2008 06:49:04 -0700, Dan
> <Dan@discussions.microsoft.com> wrote:
>
> >Thank you for your feedback, b_nice but remember to try and follow your
> >mantra especially regarding Robear, MVP who you were mean to
>
> Am I misinterpreting something, or are you actually asking me to be
> mean to you?
>
> >and I have not forgotten that
>
> Your memory situation is of no relevance to the topic discussed.
>
> >but I have not plunked anyone yet.
>
> I assume you mean "plonked".
>
> Even if you did, I wouldn't loose one minute of sleep over it. What
> makes you believe I'd care? Just stick to the topic.
>

 

[Dan]

I ass-ume you mean lose and same to you.

"Root Kit" wrote:

> On Mon, 21 Jul 2008 06:49:04 -0700, Dan
> <Dan@discussions.microsoft.com> wrote:
>
> >Thank you for your feedback, b_nice but remember to try and follow your
> >mantra especially regarding Robear, MVP who you were mean to
>
> Am I misinterpreting something, or are you actually asking me to be
> mean to you?
>
> >and I have not forgotten that
>
> Your memory situation is of no relevance to the topic discussed.
>
> >but I have not plunked anyone yet.
>
> I assume you mean "plonked".
>
> Even if you did, I wouldn't loose one minute of sleep over it. What
> makes you believe I'd care? Just stick to the topic.
>

 

[Root Kit]

On Mon, 21 Jul 2008 11:31:00 -0700, Dan
<Dan@discussions.microsoft.com> wrote:

>Right, Bye

Promise?

 

[Dan]

Courtesy of Chris Quirke, requesting his feedback be copied and copied due to
his inability to view this post. From Chris Quirke posted via Windows Live
Mail (aka Hotmail)

-------------------------------------------------------------------------------

I can't find the thread, but you could paste from this reply if you like...


In summary because 9x was designed as a stand-alone rather than
network client OS, it is indeed potentially safer than NT. But the code
base is too outdated to deal with modern hardware, and what makes it
safer as a stand-alone OS, also makes it less secure as a network OS.

As pro-IT folks will point out 9x has no effective per-user security, as
NT on NTFS can provide. Server-centric networks need this security
to work, to manage users (rather than PCs) and to create artificial
scopes in a pervasively networked environment.

The underlying technologies of this security could be more useful for
consumers, if freed from the user-centric mindset that pervades pro-IT.

If you were to align these technologies according to code, and to
maintain scopes between data vs. code, local vs. remote, etc. then
they could play a meaningful role in keeping stand-alone consumer
PCs safe from web and malware attack.

But as long as the design is based on user accounts and logon,
with the ASSumption that all code running during the user's session
represents the will and intentions of the user who logged in, we aren't
going to get anywhere. As long as all code within even the most
limited of user accounts giving all code the right to see, change and
destroy user data, this system won't protect user's interests.


As long as the Internet is treated as a big network, safety failures
will abound. The core difference between Internet and networking
is that the former requires interaction between untrusted parties
that is in fact the standard interaction in that environment.

It's not helpful to prove a stranger has a particular name, if you have
no template of expectations for that proven identity. Only when a
proven identity can be matched with such expectations, do you
shift into networking between trusted entities.

Instead, you need to limit the potential impact of interactions - and
that boils down to the distinction between data that is safe to view
or edit, vs. code that is dangerous to run.

Pro-IT could not tolerate the inability to scope between users, via
NT's user rights security. As Internet consumers, we need a similar
ability to scope between data safety and code risk.

Both scopes are artificial just as there's no hard line between users,
so it is argued there is no hard line between data and code. However,
just as pro-IT strives to create an artificial line between users, so we
should strive to create and maintain a line between data and code.


------------------------------------------------------------------------------

"Steve Riley [MSFT]" wrote:

> Dan, I recommend you rethink your logic.
>
> The Windows 3.1/9x code was designed and written in an entirely different
> age -- one in which TCP/IP was not the standard networking protocol, one in
> which indeed networks were rare, and one in which everyone (we and our
> customers) assumed that only good guys used computers.
>
> The world no longer lives in that age. If you take any kind of system
> (operating system, engineering system, whatever) and place it in an
> environment that is wildly different than the original assumptions, that
> system will fail catastrophically. There is simply no way we can retrofit
> that very old code to function correctly in today's world of intentional
> attacks.
>
> I'm not exactly sure how you can make the statement that "a 9x machine with
> the proper safeguards such as a wired router that has wireless broadcast
> signal turned off" is more secure than XP or Vista. Firstly, an XP or Vista
> box behind such a router would be equally "safe" from attack. Secondly,
> disabling SSID broadcast in reality does not accord you any security -- see
> my article here:
> http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx.
>
> You quote a specific vulnerability below, about DNS, and you then make the
> argument that this is a reason the military should be using 9x instead of
> XP/Vista. How does that follow? How do you know that 9x doesn't have the
> same vulnerability? No one can know, because we don't test 9x anymore. It's
> simply too old.
>
> And you mention our password checker. Actually, I think its recommendations
> aren't strong enough, and I'm working with the folks who own that feature to
> improve its strength.
>
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:175E7266-E50E-40A2-BE3C-305165779621@microsoft.com...
> > Thank you, Steve. I appreciate your feedback. Another problem we face in
> > computing today is the industry is not fully backing tougher security and
> > safety protocols. An example of this is the American Express website
> > which
> > will only allow me to input a password that is less than optimal according
> > to
> > Microsoft's password checker. Microsoft is doing their part in many ways
> > but
> > the rest of the industry must catch up.
> >
> > http://www.microsoft.com/protect/yourself/password/checker.mspx
> >
> > It is critical in this day and age to have alternatives to just the main
> > Windows operating system that includes Internet Explorer. I am very
> > pleased
> > with Microsoft and their technologies so I will continue to use them
> > frequently. However, as a power user, I am very pleased that users have
> > alternatives such as Mozilla Firefox as an option and it does indeed
> > remain
> > for use with Windows 98 Second Edition at least until December 2008
> > because
> > that is when Mozilla Firefox 2.x support is scheduled to end.
> >
> > http://en.wikipedia.org/wiki/Mozilla_Firefox
> >
> > This is most unfortunate in my view since the 9x source code has definite
> > advantages over the NT business line of source code. 9x computers were
> > meant
> > as stand-a-lone machines and thus are great for consumers who do not need
> > or
> > want the ability to have others tinker with their machines. The many
> > services provided in XP allow for their to many greater points of access
> > to a
> > fully patched XP machine than a fully patched 98 Second Edition machine
> > using
> > Mozilla Firefox compared to Internet Explorer since Internet Explorer
> > patches
> > for Windows 98 Second Edition ended July 11, 2006. The NT source code is
> > at
> > risk as can be seen by the postings of US-Cert which is the computer
> > readiness team and part of the Department of Homeland Security.
> >
> > http://www.us-cert.gov/cas/bulletins/SB08-196.html
> >
> > Microsoft -- windows-nt
> >
> > Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, XP SP2 and
> > SP3, and Server 2003 SP1 and SP2 allows remote attackers to conduct cache
> > poisoning attacks via unknown vectors, aka "DNS Cache Poisoning
> > Vulnerability," a different vulnerability than CVE-2008-1447.
> >
> > unknown
> > 2008-07-08
> > 9.4 CVE-2008-1454 MS
> >
> > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1454
> >
> > http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
> >
> > I know a fair amount about computer security and safety and helped beta
> > test
> > Windows Vista Ultimate 32 bit edition for Microsoft as a volunteer. I got
> > the DVD with the ISO image from a friend named Jeff who was a systems
> > engineer and also testing Vista for Microsoft and then got approval from
> > Microsoft to test it and inputed the given product key that Microsoft gave
> > me
> > for the evaluation version. The problem is that Microsoft has only one
> > line
> > of code and that makes it that much easier for hackers to target many
> > machines and take them over.
> >
> > With Windows 98 Second Edition, a single machine might have been
> > compromised
> > but not the whole network. I have had problems with a workplace that I
> > recently worked at that stupidly switched to all XP machines and did not
> > leave any 98 Second Edition machines in place and that included my own
> > Windows 98 Second Edition machine there. That was a huge mistake that I
> > don't think the business will repeat. With the 98SE machine, I knew and I
> > was right that my machine would be very unlikely to be hacked compared to
> > the
> > compromised machines of the NT (XP Professional) in this case. The
> > incident
> > happened in the summer of 2007. I will give you more details via secure
> > email if you like.
> >
> > I have read in a book about Microsoft that early system engineers
> > complained
> > that NT did not have a true maintenance operating system like DOS. Chris
> > Quirke, MVP. has a good article about the safety and security concerns.
> > Windows 9x is safe at its core compared to Windows NT line which includes
> > 2000, XP and Vista of course. There was also a rumor a while back that
> > parts
> > of the NT source code were leaked over the Internet compared to the 9x
> > source
> > code which was never leaked over the Internet, AFAIK.
> >
> > http://cquirke.blogspot.com/
> >
> > (Note: Chris Quirke's 9x website talks about the 9x compared to NT
> > security
> > and safety discussion)
> >
> > There is also Unix/Linux technologies and I have played around a little
> > bit
> > with Ubuntu Linux but I am in no way proficient with it and have only read
> > a
> > small portion of a big book about Ubuntu Linux.
> >
> > Finally, my question to you is that I know about the economics and how
> > costly it would be for Microsoft to continue the 9x line or even overall
> > it
> > to make it usable in today's environment but wouldn't the economic cost be
> > worth the great reward. I have friends of mine at summer camp who are
> > planning mainly on building 98 Second Edition machines just for the
> > ability
> > to play older games and secondly because these friends feel as I do about
> > how
> > it is harder to hack into a 9x machine with the proper safeguards applied
> > such as a wired router that has the wireless broadcast signal turned off
> > so
> > as not to attract unwanted or uneeded attention from hackers.
> >
> > If Microsoft will not develop the 9x source code then at least sell it to
> > the United States Military so that the Defense Department can more fully
> > protect their military infrastructure from external threats and even
> > better
> > from potential internal threats from their network of computers from a
> > potential spy. The possibilities for 9x are endless and so please I ask
> > you
> > as a professional to have Microsoft sell 9x kernel unless Microsoft is
> > willing which I think would be a smart business move to invest money in
> > the
> > another Windows 9x that would not subtract features such as easy access to
> > DOS and ideally the ability to play old classic games like Windows
> > Millennium
> > (ME) did.
> >
> > I am a gamer who is a Generation X'er who got his start on an IBM PCjr
> > playing King's Quest 1 on a 5.25 inch floppy disk that was made by Sierra
> > On
> > Line and had 16 colors and the speaker on the machine supported 3 sounds
> > at
> > once which was cool. The game had 128 kilobytes on one disk and how is
> > that
> > for compression despite the obvious limitations compared to today's games.
> > I
> > still have this machine in storage and it still works! The interesting
> > thing
> > is that a poster to Game Informer which I read posted about how he was 17
> > and
> > liked older classic games and his friends made fun of him for it and his
> > first name was Daniel too. <grin>
> >
> > I also enjoy reading PC World, 2600 which is a hacker magazine (I must
> > keep
> > up to prevent hackers from compromising all of us), and other computer and
> > network books. I took several computer classes in college and who knows I
> > may go back and get another undergraduate degree but this time in computer
> > science. I know that a dream will allow a little guy like me change the
> > world despite all the challenges life has thrown at me. Please feel free
> > to
> > contact me by email or I can contact you by email. My email address is
> > with
> > Microsoft and on their records. I can also give you an srx number on a
> > recent case with Microsoft if you need to confirm my identity. Thanks
> > again
> > for all you do, Steve and Go Microsoft!
> >
> > "Steve Riley [MSFT]" wrote:
> >
> >> Biometrics can never replace passwords, because they aren't secrets.
> >>
> >> It's me, and here's my proof: why identity and authentication must remain
> >> distinct
> >> http://technet.microsoft.com/en-us/library/cc512578(TechNet.10).aspx
> >>
> >>
> >> --
> >> Steve Riley
> >> steve.riley@microsoft.com
> >> http://blogs.technet.com/steriley
> >> http://www.protectyourwindowsnetwork.com
> >>
> >>
> >>
> >> "Dan" <Dan@discussions.microsoft.com> wrote in message
> >> news:774EE7CB-CA2B-4E7B-82CD-20D2B56C04B4@microsoft.com...
> >> > Bingo! You solved the issue and yes it is one of those cheap
> >> > fingerprint
> >> > scanners where you just swipe your finger so it must have already had
> >> > the
> >> > image of my fingerprint on the scanner. It sounds like someone would
> >> > need
> >> > to
> >> > clean the fingerprint scanner each time and it does indeed seem very
> >> > easy
> >> > to
> >> > fool. So much for the security of Biometrics at least cheap Biometric
> >> > devices
> >> >
> >> > "Juergen Nieveler" wrote:
> >> >
> >> >> Dan <Dan@discussions.microsoft.com> wrote:
> >> >>
> >> >> > How secure and safe is biometric technology? The reason I bring
> >> >> > this
> >> >> > up is because I was able to log in using my finger with a band-aid
> >> >> > attached and this definitely makes me question the security and
> >> >> > safety
> >> >> > of biometric technology at least as far as laptops go. I imagine
> >> >> > there probably is lots of articles on this already but I wanted the
> >> >> > opinions of this newsgroup. Thanks in advance for the replies.
> >> >>
> >> >> If this was one of those fingerprint readers where you simply put your
> >> >> finger on (as opposed to those where you rub your finger along the
> >> >> contact plate in a swipe motion), chances are that the camera inside
> >> >> picked up the latent fingerprint that was still on the glass - this is
> >> >> a common vulnerability of those cheap camera-based readers. All they
> >> >> do
> >> >> is notice "Oh, something is pushing on the glass, and I recognise the
> >> >> pattern" - if the person who last used it had greasy fingers, the
> >> >> fingerprint would still be on the glass, so putting something on the
> >> >> glass that doesn't have OTHER fingerprints will force the camera to
> >> >> use
> >> >> the weak fingerprint image still visible to it...
> >> >>
> >> >> The swipe-type readers are safer in that there can't be an image left
> >> >> on the reader... but many of them still can be fooled by a fake
> >> >> fingerprint made by taking the fingerprint off something somebody
> >> >> touched (lots of how-to's available for that...).
> >> >>
> >> >> Juergen Nieveler
> >> >> --
> >> >> A feature is a bug with seniority.
> >> >>

 

[Dan]

No <smile>

"Root Kit" wrote:

> On Mon, 21 Jul 2008 11:31:00 -0700, Dan
> <Dan@discussions.microsoft.com> wrote:
>
> >Right, Bye
>
> Promise?
>

 

[Steve Riley [MSFT]]

A standalone telephone certainly is secure, and keeps its users safe. For
such a phone will never receive or transmit unwanted conversations, and the
users of such phones will never be bothered with advertisements, thoughts
that challenge their perceptions, or interesting and surprising
opportunities.

A standalone computer certainly is secure, and keeps its users safe. For
such a computer will never receive or transmit unwanted software, and the
users of such computers will never be bothered with advertisements, thoughts
that challenge their perceptions, or interesting and surprising
opportunities.

No risk = no reward.

The value of a networked system increases as the square of the number of
elements in that system. A single system has a value of 1^2=1 a two-element
network has a value of 2^2=4 a three element network has a value of 3^2=9
and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May
2007: http://www.forbes.com/forbes/2007/0507/052.html.)

Chris's distinction between the Internet and "a network" (presumably
private, for Chris doesn't specify) isn't useful today. The network effect
is clearly evident on the Internet I'd argue that in a private network, the
network effect is diminished. Why else would we all be rushing headlong into
the eventual recognition that private corpnets truly belong on the Internet,
and that continuing to make the distinction means a loss of real business
value? (Scott Charney, "Creating a more trusted Internet,"
http://download.microsoft.com/downl...to_End_Trust_Statement_of_Purpose_Charney.pdf
Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"
http://blogs.technet.com/steriley/a...nect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)

I quote our own materials here as evidence of the demand from
forward-thinking customers that the industry envision new practices and
develop new technologies that allow for the full realization of the network
effect. Chris's argument that per-user security "creates artificial scopes"
doesn't reflect reality. On the contrary, _stronger_ per-user (and
per-machine) identity and authentication are critical for allowing the
network effect to flourish. Indeed, the lack of strong identity and
authentication has been a hindrance, and that's why you see technologies
like smart cards and TPM chips becoming more common. When we reach the point
where all communications are in the context of validated identities, carried
in transactions with integrity and confidentiality protection, between
endpoints that mutually authenticate their identities and their
configurations, then who cares whether the underlying network is trusted or
not?

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Dan" <Dan@discussions.microsoft.com> wrote in message
news:64852B3D-D174-4D66-8F12-36323BC788D2@microsoft.com...
> Courtesy of Chris Quirke, requesting his feedback be copied and copied due
> to
> his inability to view this post. From Chris Quirke posted via Windows
> Live
> Mail (aka Hotmail)
>
> -------------------------------------------------------------------------------
>
> I can't find the thread, but you could paste from this reply if you
> like...
>
>
> In summary because 9x was designed as a stand-alone rather than
> network client OS, it is indeed potentially safer than NT. But the code
> base is too outdated to deal with modern hardware, and what makes it
> safer as a stand-alone OS, also makes it less secure as a network OS.
>
> As pro-IT folks will point out 9x has no effective per-user security, as
> NT on NTFS can provide. Server-centric networks need this security
> to work, to manage users (rather than PCs) and to create artificial
> scopes in a pervasively networked environment.
>
> The underlying technologies of this security could be more useful for
> consumers, if freed from the user-centric mindset that pervades pro-IT.
>
> If you were to align these technologies according to code, and to
> maintain scopes between data vs. code, local vs. remote, etc. then
> they could play a meaningful role in keeping stand-alone consumer
> PCs safe from web and malware attack.
>
> But as long as the design is based on user accounts and logon,
> with the ASSumption that all code running during the user's session
> represents the will and intentions of the user who logged in, we aren't
> going to get anywhere. As long as all code within even the most
> limited of user accounts giving all code the right to see, change and
> destroy user data, this system won't protect user's interests.
>
>
> As long as the Internet is treated as a big network, safety failures
> will abound. The core difference between Internet and networking
> is that the former requires interaction between untrusted parties
> that is in fact the standard interaction in that environment.
>
> It's not helpful to prove a stranger has a particular name, if you have
> no template of expectations for that proven identity. Only when a
> proven identity can be matched with such expectations, do you
> shift into networking between trusted entities.
>
> Instead, you need to limit the potential impact of interactions - and
> that boils down to the distinction between data that is safe to view
> or edit, vs. code that is dangerous to run.
>
> Pro-IT could not tolerate the inability to scope between users, via
> NT's user rights security. As Internet consumers, we need a similar
> ability to scope between data safety and code risk.
>
> Both scopes are artificial just as there's no hard line between users,
> so it is argued there is no hard line between data and code. However,
> just as pro-IT strives to create an artificial line between users, so we
> should strive to create and maintain a line between data and code.
>
>
> ------------------------------------------------------------------------------
>
> "Steve Riley [MSFT]" wrote:
>
>> Dan, I recommend you rethink your logic.
>>
>> The Windows 3.1/9x code was designed and written in an entirely different
>> age -- one in which TCP/IP was not the standard networking protocol, one
>> in
>> which indeed networks were rare, and one in which everyone (we and our
>> customers) assumed that only good guys used computers.
>>
>> The world no longer lives in that age. If you take any kind of system
>> (operating system, engineering system, whatever) and place it in an
>> environment that is wildly different than the original assumptions, that
>> system will fail catastrophically. There is simply no way we can retrofit
>> that very old code to function correctly in today's world of intentional
>> attacks.
>>
>> I'm not exactly sure how you can make the statement that "a 9x machine
>> with
>> the proper safeguards such as a wired router that has wireless broadcast
>> signal turned off" is more secure than XP or Vista. Firstly, an XP or
>> Vista
>> box behind such a router would be equally "safe" from attack. Secondly,
>> disabling SSID broadcast in reality does not accord you any security --
>> see
>> my article here:
>> http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx.
>>
>> You quote a specific vulnerability below, about DNS, and you then make
>> the
>> argument that this is a reason the military should be using 9x instead of
>> XP/Vista. How does that follow? How do you know that 9x doesn't have the
>> same vulnerability? No one can know, because we don't test 9x anymore.
>> It's
>> simply too old.
>>
>> And you mention our password checker. Actually, I think its
>> recommendations
>> aren't strong enough, and I'm working with the folks who own that feature
>> to
>> improve its strength.
>>
>>
>> --
>> Steve Riley
>> steve.riley@microsoft.com
>> http://blogs.technet.com/steriley
>> http://www.protectyourwindowsnetwork.com

 

[Dan]

I see your point Steve but US-Cert maintains that all NT source code is
vulnerable thus my point being valid about having 98 Second Edition machines
within a network for internal safety reasons and potentially to act as
gateways. How can we allow our military and top secrets to be leaked.
Please see the United States Computer Readiness Team at the Department of
Homeland Security and so you can see how I am getting at the true value of a
source code that is flexible enough to offer external security, internal
safety, and more. Thus we have a source code matrix as presented below. I
am not skilled enough to write the code for this yet but I bet Microsoft and
others are.

--------------------------------------------------------------------------

NT= New Technology --- outer defense network

9x = Internal Safety --- based upon DOS as maintenance operating system --
lacking in XP and Vista --- no true maintenance operating system according to
Chris Quirke, MVP --- Vista is indeed great on security issues but still
lacks in compatibility as the FAA has mentioned only using Windows 2000
(which I like as well --- totally old-school reminds me of Windows 98 Second
Edition) as well XP machines (which are good but too vulnerable in this day
and age due to the large surface area created by too many services and not
having strong enough default settings within Internet Explorer -- another
reason to separate the browser from Windows like the Justice Department
mentioned rightly in the 1998 case although Apple should be investigated now
for the practice of tying Quick time with Itunes and I feel this practice of
tying software must be banned for safety and security reasons in the future.)

Unix/Linux/Mozilla/etc. --- third party programs and open source
technologies mingling as one with closed proprietary software which is
protected by IP. Thank you for continuing this discussion.


-------------------------------------------from us
cert------------------------

Vulnerability Note VU#800113
Multiple DNS implementations vulnerable to cache poisoning
Overview
Deficiencies in the DNS protocol and common DNS implementations facilitate
DNS cache poisoning attacks.


http://www.kb.cert.org/vuls/id/800113

http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x
vulnerable)


http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)

http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether vulnerable)

I am sure you know see that 3 dans --- 2 on that website and myself another
Dan have helped bring this issue to light about how critical it is --- kind
of boggles the mind doesn't it ---- good reason to bring 98 Second Edition
and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft is
the only one that has the resources to do this and the whole world now needs
your help -- Thank You for seeing the Light of our current situation within
the Defense Network.

----------------------------------------------------------------------------



"Steve Riley [MSFT]" wrote:

> A standalone telephone certainly is secure, and keeps its users safe. For
> such a phone will never receive or transmit unwanted conversations, and the
> users of such phones will never be bothered with advertisements, thoughts
> that challenge their perceptions, or interesting and surprising
> opportunities.
>
> A standalone computer certainly is secure, and keeps its users safe. For
> such a computer will never receive or transmit unwanted software, and the
> users of such computers will never be bothered with advertisements, thoughts
> that challenge their perceptions, or interesting and surprising
> opportunities.
>
> No risk = no reward.
>
> The value of a networked system increases as the square of the number of
> elements in that system. A single system has a value of 1^2=1 a two-element
> network has a value of 2^2=4 a three element network has a value of 3^2=9
> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May
> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)
>
> Chris's distinction between the Internet and "a network" (presumably
> private, for Chris doesn't specify) isn't useful today. The network effect
> is clearly evident on the Internet I'd argue that in a private network, the
> network effect is diminished. Why else would we all be rushing headlong into
> the eventual recognition that private corpnets truly belong on the Internet,
> and that continuing to make the distinction means a loss of real business
> value? (Scott Charney, "Creating a more trusted Internet,"
> http://download.microsoft.com/downl...to_End_Trust_Statement_of_Purpose_Charney.pdf
> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"
> http://blogs.technet.com/steriley/a...nect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)
>
> I quote our own materials here as evidence of the demand from
> forward-thinking customers that the industry envision new practices and
> develop new technologies that allow for the full realization of the network
> effect. Chris's argument that per-user security "creates artificial scopes"
> doesn't reflect reality. On the contrary, _stronger_ per-user (and
> per-machine) identity and authentication are critical for allowing the
> network effect to flourish. Indeed, the lack of strong identity and
> authentication has been a hindrance, and that's why you see technologies
> like smart cards and TPM chips becoming more common. When we reach the point
> where all communications are in the context of validated identities, carried
> in transactions with integrity and confidentiality protection, between
> endpoints that mutually authenticate their identities and their
> configurations, then who cares whether the underlying network is trusted or
> not?
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:64852B3D-D174-4D66-8F12-36323BC788D2@microsoft.com...
> > Courtesy of Chris Quirke, requesting his feedback be copied and copied due
> > to
> > his inability to view this post. From Chris Quirke posted via Windows
> > Live
> > Mail (aka Hotmail)
> >
> > -------------------------------------------------------------------------------
> >
> > I can't find the thread, but you could paste from this reply if you
> > like...
> >
> >
> > In summary because 9x was designed as a stand-alone rather than
> > network client OS, it is indeed potentially safer than NT. But the code
> > base is too outdated to deal with modern hardware, and what makes it
> > safer as a stand-alone OS, also makes it less secure as a network OS.
> >
> > As pro-IT folks will point out 9x has no effective per-user security, as
> > NT on NTFS can provide. Server-centric networks need this security
> > to work, to manage users (rather than PCs) and to create artificial
> > scopes in a pervasively networked environment.
> >
> > The underlying technologies of this security could be more useful for
> > consumers, if freed from the user-centric mindset that pervades pro-IT.
> >
> > If you were to align these technologies according to code, and to
> > maintain scopes between data vs. code, local vs. remote, etc. then
> > they could play a meaningful role in keeping stand-alone consumer
> > PCs safe from web and malware attack.
> >
> > But as long as the design is based on user accounts and logon,
> > with the ASSumption that all code running during the user's session
> > represents the will and intentions of the user who logged in, we aren't
> > going to get anywhere. As long as all code within even the most
> > limited of user accounts giving all code the right to see, change and
> > destroy user data, this system won't protect user's interests.
> >
> >
> > As long as the Internet is treated as a big network, safety failures
> > will abound. The core difference between Internet and networking
> > is that the former requires interaction between untrusted parties
> > that is in fact the standard interaction in that environment.
> >
> > It's not helpful to prove a stranger has a particular name, if you have
> > no template of expectations for that proven identity. Only when a
> > proven identity can be matched with such expectations, do you
> > shift into networking between trusted entities.
> >
> > Instead, you need to limit the potential impact of interactions - and
> > that boils down to the distinction between data that is safe to view
> > or edit, vs. code that is dangerous to run.
> >
> > Pro-IT could not tolerate the inability to scope between users, via
> > NT's user rights security. As Internet consumers, we need a similar
> > ability to scope between data safety and code risk.
> >
> > Both scopes are artificial just as there's no hard line between users,
> > so it is argued there is no hard line between data and code. However,
> > just as pro-IT strives to create an artificial line between users, so we
> > should strive to create and maintain a line between data and code.
> >
> >
> > ------------------------------------------------------------------------------
> >
> > "Steve Riley [MSFT]" wrote:
> >
> >> Dan, I recommend you rethink your logic.
> >>
> >> The Windows 3.1/9x code was designed and written in an entirely different
> >> age -- one in which TCP/IP was not the standard networking protocol, one
> >> in
> >> which indeed networks were rare, and one in which everyone (we and our
> >> customers) assumed that only good guys used computers.
> >>
> >> The world no longer lives in that age. If you take any kind of system
> >> (operating system, engineering system, whatever) and place it in an
> >> environment that is wildly different than the original assumptions, that
> >> system will fail catastrophically. There is simply no way we can retrofit
> >> that very old code to function correctly in today's world of intentional
> >> attacks.
> >>
> >> I'm not exactly sure how you can make the statement that "a 9x machine
> >> with
> >> the proper safeguards such as a wired router that has wireless broadcast
> >> signal turned off" is more secure than XP or Vista. Firstly, an XP or
> >> Vista
> >> box behind such a router would be equally "safe" from attack. Secondly,
> >> disabling SSID broadcast in reality does not accord you any security --
> >> see
> >> my article here:
> >> http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx.
> >>
> >> You quote a specific vulnerability below, about DNS, and you then make
> >> the
> >> argument that this is a reason the military should be using 9x instead of
> >> XP/Vista. How does that follow? How do you know that 9x doesn't have the
> >> same vulnerability? No one can know, because we don't test 9x anymore.
> >> It's
> >> simply too old.
> >>
> >> And you mention our password checker. Actually, I think its
> >> recommendations
> >> aren't strong enough, and I'm working with the folks who own that feature
> >> to
> >> improve its strength.
> >>
> >>
> >> --
> >> Steve Riley
> >> steve.riley@microsoft.com
> >> http://blogs.technet.com/steriley
> >> http://www.protectyourwindowsnetwork.com
>
>

 

[Steve Riley [MSFT]]

You are asserting that one single vulnerability allows "military and top
secrets to be leaked" and thus requires the use of some other operating
system. You simply cannot make this assertion, for two reasons.

1. NO ONE KNOWS whether your suggested operating system has the same
vulnerability.

2. ALL software has vulnerabilities, many of which allow attackers to take
control of a system. Establishing good security practices (patch when we
release, install only the services you need, apply the principle of least
privilege to data, and so on) is MORE important than the particular piece of
technology you've chosen to deploy. And the older the software is, the more
difficult it is to manage and the more likely it is to get attacked --
because older software was not written to be centrally-managed (no group
policy and no machine identity in 9x, for instance) and was not written with
resiliency in mind.

And this talk of "internal safety" regarding 9x is really nonsensical. Vista
and even XP+SP3 are FAR more difficult to attack than 9x was. We at
Microsoft have the benefit of about 10 years of historical data from Watson
reports (online crash analysis, Windows error reporting). We can divine a
lot of information about attacks from this data. Whereas in the past most
attacks were targeted at the operating system, this is no longer true. The
majority of crashes we see now come from third-party software installed on
the box. And in this case, crashes are good: various features in the
operating system (DEP, ASLR, SRP, and more) have detected that something
malicious is happening, and stop it before the attack succeeds. You could
never do that with an OS as simple as 9x.


--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Dan" <Dan@discussions.microsoft.com> wrote in message
news:1D0AF19C-B164-450F-92D3-96F6E1E9FDA6@microsoft.com...
> I see your point Steve but US-Cert maintains that all NT source code is
> vulnerable thus my point being valid about having 98 Second Edition
> machines
> within a network for internal safety reasons and potentially to act as
> gateways. How can we allow our military and top secrets to be leaked.
> Please see the United States Computer Readiness Team at the Department of
> Homeland Security and so you can see how I am getting at the true value of
> a
> source code that is flexible enough to offer external security, internal
> safety, and more. Thus we have a source code matrix as presented below.
> I
> am not skilled enough to write the code for this yet but I bet Microsoft
> and
> others are.
>
> --------------------------------------------------------------------------
>
> NT= New Technology --- outer defense network
>
> 9x = Internal Safety --- based upon DOS as maintenance operating system --
> lacking in XP and Vista --- no true maintenance operating system according
> to
> Chris Quirke, MVP --- Vista is indeed great on security issues but still
> lacks in compatibility as the FAA has mentioned only using Windows 2000
> (which I like as well --- totally old-school reminds me of Windows 98
> Second
> Edition) as well XP machines (which are good but too vulnerable in this
> day
> and age due to the large surface area created by too many services and not
> having strong enough default settings within Internet Explorer -- another
> reason to separate the browser from Windows like the Justice Department
> mentioned rightly in the 1998 case although Apple should be investigated
> now
> for the practice of tying Quick time with Itunes and I feel this practice
> of
> tying software must be banned for safety and security reasons in the
> future.)
>
> Unix/Linux/Mozilla/etc. --- third party programs and open source
> technologies mingling as one with closed proprietary software which is
> protected by IP. Thank you for continuing this discussion.
>
>
> -------------------------------------------from us
> cert------------------------
>
> Vulnerability Note VU#800113
> Multiple DNS implementations vulnerable to cache poisoning
> Overview
> Deficiencies in the DNS protocol and common DNS implementations facilitate
> DNS cache poisoning attacks.
>
>
> http://www.kb.cert.org/vuls/id/800113
>
> http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x
> vulnerable)
>
>
> http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)
>
> http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether
> vulnerable)
>
> I am sure you know see that 3 dans --- 2 on that website and myself
> another
> Dan have helped bring this issue to light about how critical it is ---
> kind
> of boggles the mind doesn't it ---- good reason to bring 98 Second Edition
> and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft is
> the only one that has the resources to do this and the whole world now
> needs
> your help -- Thank You for seeing the Light of our current situation
> within
> the Defense Network.
>
> ----------------------------------------------------------------------------
>
>
>
> "Steve Riley [MSFT]" wrote:
>
>> A standalone telephone certainly is secure, and keeps its users safe. For
>> such a phone will never receive or transmit unwanted conversations, and
>> the
>> users of such phones will never be bothered with advertisements, thoughts
>> that challenge their perceptions, or interesting and surprising
>> opportunities.
>>
>> A standalone computer certainly is secure, and keeps its users safe. For
>> such a computer will never receive or transmit unwanted software, and the
>> users of such computers will never be bothered with advertisements,
>> thoughts
>> that challenge their perceptions, or interesting and surprising
>> opportunities.
>>
>> No risk = no reward.
>>
>> The value of a networked system increases as the square of the number of
>> elements in that system. A single system has a value of 1^2=1 a
>> two-element
>> network has a value of 2^2=4 a three element network has a value of
>> 3^2=9
>> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May
>> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)
>>
>> Chris's distinction between the Internet and "a network" (presumably
>> private, for Chris doesn't specify) isn't useful today. The network
>> effect
>> is clearly evident on the Internet I'd argue that in a private network,
>> the
>> network effect is diminished. Why else would we all be rushing headlong
>> into
>> the eventual recognition that private corpnets truly belong on the
>> Internet,
>> and that continuing to make the distinction means a loss of real business
>> value? (Scott Charney, "Creating a more trusted Internet,"
>> http://download.microsoft.com/downl...to_End_Trust_Statement_of_Purpose_Charney.pdf
>> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"
>> http://blogs.technet.com/steriley/a...nect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)
>>
>> I quote our own materials here as evidence of the demand from
>> forward-thinking customers that the industry envision new practices and
>> develop new technologies that allow for the full realization of the
>> network
>> effect. Chris's argument that per-user security "creates artificial
>> scopes"
>> doesn't reflect reality. On the contrary, _stronger_ per-user (and
>> per-machine) identity and authentication are critical for allowing the
>> network effect to flourish. Indeed, the lack of strong identity and
>> authentication has been a hindrance, and that's why you see technologies
>> like smart cards and TPM chips becoming more common. When we reach the
>> point
>> where all communications are in the context of validated identities,
>> carried
>> in transactions with integrity and confidentiality protection, between
>> endpoints that mutually authenticate their identities and their
>> configurations, then who cares whether the underlying network is trusted
>> or
>> not?
>>
>> --
>> Steve Riley
>> steve.riley@microsoft.com
>> http://blogs.technet.com/steriley
>> http://www.protectyourwindowsnetwork.com
>>

 

[Dan]

1. True

2. That is true but XP and even Vista are totally focused on external
security. Can Microsoft remotely work on a Microsoft Windows 98 Second
Edition computer via India like Microsoft can work on a Windows XP
Professional computer? Microsoft has done remote access work on the XP side
of my dual-boot computer which is in NTFS. My computer has a Western Digital
Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP
Professional.

3. I have tried out Ubuntu Linux within a Windows environment within XP
Professional. I have run Windows Virtual PC 2007 within Windows XP
Professional. It is great but it does not fully meet my needs as a consumer.
Consumers want to play games. My friend Chris from camp is going to build a
98 Second Edition computer with my old motherboard. He wants to play old dos
games that he enjoys. The nice thing about 98 Second Edition is that you can
exit to MS-DOS mode. This allows gamers to play games. It is all in the
Microsoft articles about compatibility.

http://www.aumha.org/win4/a/resource.php

http://support.microsoft.com/?kbid=146418

---------------------------------------------------------------------------------

"Steve Riley [MSFT]" wrote:

> You are asserting that one single vulnerability allows "military and top
> secrets to be leaked" and thus requires the use of some other operating
> system. You simply cannot make this assertion, for two reasons.
>
> 1. NO ONE KNOWS whether your suggested operating system has the same
> vulnerability.
>
> 2. ALL software has vulnerabilities, many of which allow attackers to take
> control of a system. Establishing good security practices (patch when we
> release, install only the services you need, apply the principle of least
> privilege to data, and so on) is MORE important than the particular piece of
> technology you've chosen to deploy. And the older the software is, the more
> difficult it is to manage and the more likely it is to get attacked --
> because older software was not written to be centrally-managed (no group
> policy and no machine identity in 9x, for instance) and was not written with
> resiliency in mind.
>
> And this talk of "internal safety" regarding 9x is really nonsensical. Vista
> and even XP+SP3 are FAR more difficult to attack than 9x was. We at
> Microsoft have the benefit of about 10 years of historical data from Watson
> reports (online crash analysis, Windows error reporting). We can divine a
> lot of information about attacks from this data. Whereas in the past most
> attacks were targeted at the operating system, this is no longer true. The
> majority of crashes we see now come from third-party software installed on
> the box. And in this case, crashes are good: various features in the
> operating system (DEP, ASLR, SRP, and more) have detected that something
> malicious is happening, and stop it before the attack succeeds. You could
> never do that with an OS as simple as 9x.
>
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:1D0AF19C-B164-450F-92D3-96F6E1E9FDA6@microsoft.com...
> > I see your point Steve but US-Cert maintains that all NT source code is
> > vulnerable thus my point being valid about having 98 Second Edition
> > machines
> > within a network for internal safety reasons and potentially to act as
> > gateways. How can we allow our military and top secrets to be leaked.
> > Please see the United States Computer Readiness Team at the Department of
> > Homeland Security and so you can see how I am getting at the true value of
> > a
> > source code that is flexible enough to offer external security, internal
> > safety, and more. Thus we have a source code matrix as presented below.
> > I
> > am not skilled enough to write the code for this yet but I bet Microsoft
> > and
> > others are.
> >
> > --------------------------------------------------------------------------
> >
> > NT= New Technology --- outer defense network
> >
> > 9x = Internal Safety --- based upon DOS as maintenance operating system --
> > lacking in XP and Vista --- no true maintenance operating system according
> > to
> > Chris Quirke, MVP --- Vista is indeed great on security issues but still
> > lacks in compatibility as the FAA has mentioned only using Windows 2000
> > (which I like as well --- totally old-school reminds me of Windows 98
> > Second
> > Edition) as well XP machines (which are good but too vulnerable in this
> > day
> > and age due to the large surface area created by too many services and not
> > having strong enough default settings within Internet Explorer -- another
> > reason to separate the browser from Windows like the Justice Department
> > mentioned rightly in the 1998 case although Apple should be investigated
> > now
> > for the practice of tying Quick time with Itunes and I feel this practice
> > of
> > tying software must be banned for safety and security reasons in the
> > future.)
> >
> > Unix/Linux/Mozilla/etc. --- third party programs and open source
> > technologies mingling as one with closed proprietary software which is
> > protected by IP. Thank you for continuing this discussion.
> >
> >
> > -------------------------------------------from us
> > cert------------------------
> >
> > Vulnerability Note VU#800113
> > Multiple DNS implementations vulnerable to cache poisoning
> > Overview
> > Deficiencies in the DNS protocol and common DNS implementations facilitate
> > DNS cache poisoning attacks.
> >
> >
> > http://www.kb.cert.org/vuls/id/800113
> >
> > http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x
> > vulnerable)
> >
> >
> > http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)
> >
> > http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether
> > vulnerable)
> >
> > I am sure you know see that 3 dans --- 2 on that website and myself
> > another
> > Dan have helped bring this issue to light about how critical it is ---
> > kind
> > of boggles the mind doesn't it ---- good reason to bring 98 Second Edition
> > and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft is
> > the only one that has the resources to do this and the whole world now
> > needs
> > your help -- Thank You for seeing the Light of our current situation
> > within
> > the Defense Network.
> >
> > ----------------------------------------------------------------------------
> >
> >
> >
> > "Steve Riley [MSFT]" wrote:
> >
> >> A standalone telephone certainly is secure, and keeps its users safe. For
> >> such a phone will never receive or transmit unwanted conversations, and
> >> the
> >> users of such phones will never be bothered with advertisements, thoughts
> >> that challenge their perceptions, or interesting and surprising
> >> opportunities.
> >>
> >> A standalone computer certainly is secure, and keeps its users safe. For
> >> such a computer will never receive or transmit unwanted software, and the
> >> users of such computers will never be bothered with advertisements,
> >> thoughts
> >> that challenge their perceptions, or interesting and surprising
> >> opportunities.
> >>
> >> No risk = no reward.
> >>
> >> The value of a networked system increases as the square of the number of
> >> elements in that system. A single system has a value of 1^2=1 a
> >> two-element
> >> network has a value of 2^2=4 a three element network has a value of
> >> 3^2=9
> >> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7 May
> >> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)
> >>
> >> Chris's distinction between the Internet and "a network" (presumably
> >> private, for Chris doesn't specify) isn't useful today. The network
> >> effect
> >> is clearly evident on the Internet I'd argue that in a private network,
> >> the
> >> network effect is diminished. Why else would we all be rushing headlong
> >> into
> >> the eventual recognition that private corpnets truly belong on the
> >> Internet,
> >> and that continuing to make the distinction means a loss of real business
> >> value? (Scott Charney, "Creating a more trusted Internet,"
> >> http://download.microsoft.com/downl...to_End_Trust_Statement_of_Purpose_Charney.pdf
> >> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"
> >> http://blogs.technet.com/steriley/a...nect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)
> >>
> >> I quote our own materials here as evidence of the demand from
> >> forward-thinking customers that the industry envision new practices and
> >> develop new technologies that allow for the full realization of the
> >> network
> >> effect. Chris's argument that per-user security "creates artificial
> >> scopes"
> >> doesn't reflect reality. On the contrary, _stronger_ per-user (and
> >> per-machine) identity and authentication are critical for allowing the
> >> network effect to flourish. Indeed, the lack of strong identity and
> >> authentication has been a hindrance, and that's why you see technologies
> >> like smart cards and TPM chips becoming more common. When we reach the
> >> point
> >> where all communications are in the context of validated identities,
> >> carried
> >> in transactions with integrity and confidentiality protection, between
> >> endpoints that mutually authenticate their identities and their
> >> configurations, then who cares whether the underlying network is trusted
> >> or
> >> not?
> >>
> >> --
> >> Steve Riley
> >> steve.riley@microsoft.com
> >> http://blogs.technet.com/steriley
> >> http://www.protectyourwindowsnetwork.com
> >>
>
>

 

[Paul Adare - MVP]

On Tue, 22 Jul 2008 14:51:02 -0700, Dan wrote:

> 2. That is true but XP and even Vista are totally focused on external
> security. Can Microsoft remotely work on a Microsoft Windows 98 Second
> Edition computer via India like Microsoft can work on a Windows XP
> Professional computer? Microsoft has done remote access work on the XP side
> of my dual-boot computer which is in NTFS. My computer has a Western Digital
> Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP
> Professional.

You really need to stop parroting Chris Quirke. As a single source for your
arguments he leaves a lot to be desired.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
This system will self-destruct in five minutes.

 

[Dan]

Thank you for your feedback Paul so I guess your system will self-destruct in
less than 5 minutes. <grin --- just kidding and giving you a hard time> I
have realized that I cannot take life very seriously and must laugh at myself
from time to time.

"Paul Adare - MVP" wrote:

> On Tue, 22 Jul 2008 14:51:02 -0700, Dan wrote:
>
> > 2. That is true but XP and even Vista are totally focused on external
> > security. Can Microsoft remotely work on a Microsoft Windows 98 Second
> > Edition computer via India like Microsoft can work on a Windows XP
> > Professional computer? Microsoft has done remote access work on the XP side
> > of my dual-boot computer which is in NTFS. My computer has a Western Digital
> > Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP
> > Professional.
>
> You really need to stop parroting Chris Quirke. As a single source for your
> arguments he leaves a lot to be desired.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> This system will self-destruct in five minutes.
>

 

[Steve Riley [MSFT]]

Dan, how in the world have you conflated remote assistance with file
systems? They have zero relationship.

Besides, the presence of a remote assistance capability does not at all
indicate that the underlying operating system is inherently less secure --
just like the absence of such ability does not indicate that the underlying
operating system is inherently more secure. The remote assistance feature:

* is disabled by default
* requires you to enable it before any connections are permitted
* requires you to invite someone else to connect
* encrypts the communications path with 128-bit RC4
* allows you to disconnect the session at will

Using your terminology, these steps provide sufficient "internal safety."
There is no way that someone from anywhere in Microsoft (not just India) can
or would connect to your computer without your knowledge and consent.

Linking back to file systems -- you do understand, of course, that your
FAT-formatted C: drive is accessible to any remote assistance session. Say
you have Windows 98 on that drive. A malicious remote assistance user could
easily replace those files and -- if you weren't watching -- you'd have no
idea until you next booted it. Compare this Windows Vista: if someone
replaced parts of the non-booted operating system, then next time it's
booted, Windows integrity protection and system file protection alerts you
to this the system either refuses to boot or reverts to its original state
(depending on what was maliciously overwritten). Again, Vista's "internal
safety" is vastly improved over that of any previous version of Windows.

I don't know what else I can say to help you understand.

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Dan" <Dan@discussions.microsoft.com> wrote in message
news:2EB67198-4ACB-4437-A17C-3CA42D5C342C@microsoft.com...
> 1. True
>
> 2. That is true but XP and even Vista are totally focused on external
> security. Can Microsoft remotely work on a Microsoft Windows 98 Second
> Edition computer via India like Microsoft can work on a Windows XP
> Professional computer? Microsoft has done remote access work on the XP
> side
> of my dual-boot computer which is in NTFS. My computer has a Western
> Digital
> Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP
> Professional.
>
> 3. I have tried out Ubuntu Linux within a Windows environment within XP
> Professional. I have run Windows Virtual PC 2007 within Windows XP
> Professional. It is great but it does not fully meet my needs as a
> consumer.
> Consumers want to play games. My friend Chris from camp is going to build
> a
> 98 Second Edition computer with my old motherboard. He wants to play old
> dos
> games that he enjoys. The nice thing about 98 Second Edition is that you
> can
> exit to MS-DOS mode. This allows gamers to play games. It is all in the
> Microsoft articles about compatibility.
>
> http://www.aumha.org/win4/a/resource.php
>
> http://support.microsoft.com/?kbid=146418
>
> ---------------------------------------------------------------------------------
>
> "Steve Riley [MSFT]" wrote:
>
>> You are asserting that one single vulnerability allows "military and top
>> secrets to be leaked" and thus requires the use of some other operating
>> system. You simply cannot make this assertion, for two reasons.
>>
>> 1. NO ONE KNOWS whether your suggested operating system has the same
>> vulnerability.
>>
>> 2. ALL software has vulnerabilities, many of which allow attackers to
>> take
>> control of a system. Establishing good security practices (patch when we
>> release, install only the services you need, apply the principle of least
>> privilege to data, and so on) is MORE important than the particular piece
>> of
>> technology you've chosen to deploy. And the older the software is, the
>> more
>> difficult it is to manage and the more likely it is to get attacked --
>> because older software was not written to be centrally-managed (no group
>> policy and no machine identity in 9x, for instance) and was not written
>> with
>> resiliency in mind.
>>
>> And this talk of "internal safety" regarding 9x is really nonsensical.
>> Vista
>> and even XP+SP3 are FAR more difficult to attack than 9x was. We at
>> Microsoft have the benefit of about 10 years of historical data from
>> Watson
>> reports (online crash analysis, Windows error reporting). We can divine a
>> lot of information about attacks from this data. Whereas in the past most
>> attacks were targeted at the operating system, this is no longer true.
>> The
>> majority of crashes we see now come from third-party software installed
>> on
>> the box. And in this case, crashes are good: various features in the
>> operating system (DEP, ASLR, SRP, and more) have detected that something
>> malicious is happening, and stop it before the attack succeeds. You could
>> never do that with an OS as simple as 9x.
>>
>>
>> --
>> Steve Riley
>> steve.riley@microsoft.com
>> http://blogs.technet.com/steriley
>> http://www.protectyourwindowsnetwork.com
>>
>>
>>
>> "Dan" <Dan@discussions.microsoft.com> wrote in message
>> news:1D0AF19C-B164-450F-92D3-96F6E1E9FDA6@microsoft.com...
>> > I see your point Steve but US-Cert maintains that all NT source code is
>> > vulnerable thus my point being valid about having 98 Second Edition
>> > machines
>> > within a network for internal safety reasons and potentially to act as
>> > gateways. How can we allow our military and top secrets to be leaked.
>> > Please see the United States Computer Readiness Team at the Department
>> > of
>> > Homeland Security and so you can see how I am getting at the true value
>> > of
>> > a
>> > source code that is flexible enough to offer external security,
>> > internal
>> > safety, and more. Thus we have a source code matrix as presented
>> > below.
>> > I
>> > am not skilled enough to write the code for this yet but I bet
>> > Microsoft
>> > and
>> > others are.
>> >
>> > --------------------------------------------------------------------------
>> >
>> > NT= New Technology --- outer defense network
>> >
>> > 9x = Internal Safety --- based upon DOS as maintenance operating
>> > system --
>> > lacking in XP and Vista --- no true maintenance operating system
>> > according
>> > to
>> > Chris Quirke, MVP --- Vista is indeed great on security issues but
>> > still
>> > lacks in compatibility as the FAA has mentioned only using Windows 2000
>> > (which I like as well --- totally old-school reminds me of Windows 98
>> > Second
>> > Edition) as well XP machines (which are good but too vulnerable in this
>> > day
>> > and age due to the large surface area created by too many services and
>> > not
>> > having strong enough default settings within Internet Explorer --
>> > another
>> > reason to separate the browser from Windows like the Justice Department
>> > mentioned rightly in the 1998 case although Apple should be
>> > investigated
>> > now
>> > for the practice of tying Quick time with Itunes and I feel this
>> > practice
>> > of
>> > tying software must be banned for safety and security reasons in the
>> > future.)
>> >
>> > Unix/Linux/Mozilla/etc. --- third party programs and open source
>> > technologies mingling as one with closed proprietary software which is
>> > protected by IP. Thank you for continuing this discussion.
>> >
>> >
>> > -------------------------------------------from us
>> > cert------------------------
>> >
>> > Vulnerability Note VU#800113
>> > Multiple DNS implementations vulnerable to cache poisoning
>> > Overview
>> > Deficiencies in the DNS protocol and common DNS implementations
>> > facilitate
>> > DNS cache poisoning attacks.
>> >
>> >
>> > http://www.kb.cert.org/vuls/id/800113
>> >
>> > http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x
>> > vulnerable)
>> >
>> >
>> > http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)
>> >
>> > http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether
>> > vulnerable)
>> >
>> > I am sure you know see that 3 dans --- 2 on that website and myself
>> > another
>> > Dan have helped bring this issue to light about how critical it is ---
>> > kind
>> > of boggles the mind doesn't it ---- good reason to bring 98 Second
>> > Edition
>> > and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft
>> > is
>> > the only one that has the resources to do this and the whole world now
>> > needs
>> > your help -- Thank You for seeing the Light of our current situation
>> > within
>> > the Defense Network.
>> >
>> > ----------------------------------------------------------------------------
>> >
>> >
>> >
>> > "Steve Riley [MSFT]" wrote:
>> >
>> >> A standalone telephone certainly is secure, and keeps its users safe.
>> >> For
>> >> such a phone will never receive or transmit unwanted conversations,
>> >> and
>> >> the
>> >> users of such phones will never be bothered with advertisements,
>> >> thoughts
>> >> that challenge their perceptions, or interesting and surprising
>> >> opportunities.
>> >>
>> >> A standalone computer certainly is secure, and keeps its users safe.
>> >> For
>> >> such a computer will never receive or transmit unwanted software, and
>> >> the
>> >> users of such computers will never be bothered with advertisements,
>> >> thoughts
>> >> that challenge their perceptions, or interesting and surprising
>> >> opportunities.
>> >>
>> >> No risk = no reward.
>> >>
>> >> The value of a networked system increases as the square of the number
>> >> of
>> >> elements in that system. A single system has a value of 1^2=1 a
>> >> two-element
>> >> network has a value of 2^2=4 a three element network has a value of
>> >> 3^2=9
>> >> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7
>> >> May
>> >> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)
>> >>
>> >> Chris's distinction between the Internet and "a network" (presumably
>> >> private, for Chris doesn't specify) isn't useful today. The network
>> >> effect
>> >> is clearly evident on the Internet I'd argue that in a private
>> >> network,
>> >> the
>> >> network effect is diminished. Why else would we all be rushing
>> >> headlong
>> >> into
>> >> the eventual recognition that private corpnets truly belong on the
>> >> Internet,
>> >> and that continuing to make the distinction means a loss of real
>> >> business
>> >> value? (Scott Charney, "Creating a more trusted Internet,"
>> >> http://download.microsoft.com/downl...to_End_Trust_Statement_of_Purpose_Charney.pdf
>> >> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"
>> >> http://blogs.technet.com/steriley/a...nect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)
>> >>
>> >> I quote our own materials here as evidence of the demand from
>> >> forward-thinking customers that the industry envision new practices
>> >> and
>> >> develop new technologies that allow for the full realization of the
>> >> network
>> >> effect. Chris's argument that per-user security "creates artificial
>> >> scopes"
>> >> doesn't reflect reality. On the contrary, _stronger_ per-user (and
>> >> per-machine) identity and authentication are critical for allowing the
>> >> network effect to flourish. Indeed, the lack of strong identity and
>> >> authentication has been a hindrance, and that's why you see
>> >> technologies
>> >> like smart cards and TPM chips becoming more common. When we reach the
>> >> point
>> >> where all communications are in the context of validated identities,
>> >> carried
>> >> in transactions with integrity and confidentiality protection, between
>> >> endpoints that mutually authenticate their identities and their
>> >> configurations, then who cares whether the underlying network is
>> >> trusted
>> >> or
>> >> not?
>> >>
>> >> --
>> >> Steve Riley
>> >> steve.riley@microsoft.com
>> >> http://blogs.technet.com/steriley
>> >> http://www.protectyourwindowsnetwork.com
>> >>
>>
>>

 

[Root Kit]

On Tue, 22 Jul 2008 19:03:28 -0700, "Steve Riley [MSFT]"
<steve.riley@microsoft.com> wrote:

>Dan, how in the world have you conflated remote assistance with file
>systems?

Dan, the novel writer, can conflate anything.

>They have zero relationship.

Please don't confuse Dan with facts.

 

[Dan]

My mistake. Thanks for the corrections. Here is Chris Quirke's, MVP reply
to some of this stuff. He has trouble viewing this newsgroup.


Chris Quirke, MVP replies:


At 10:56 23/7/2008, you wrote:

>It would be nice if you could post to the microsoft.public.security
>newsgroup where this heated debate is going on in biometrics.

Newsgroups are tricky for me right now :-/

> > "Steve Riley [MSFT]" wrote:

> >> 1. NO ONE KNOWS whether your suggested operating system
> >> has the same vulnerability.

Or different problems with similar impact. Consider the years of "safe" RPC
in NT up until the patch, and the mass exploits shortly thereafter...
for all we
know, folks may have been quietly exploiting that vulnerability for years.

> >> 2. ALL software has vulnerabilities, many of which allow attackers to
> >> take control of a system. Establishing good security practices (patch
> >> when we release, install only the services you need, apply the principle
> >> of least privilege to data, and so on) is MORE important than the
> >> particular piece of technology you've chosen to deploy.

Yup - and I'd love to apply the principle of ripping out risk surfaces
that I don't need, but that's hard when they are welded into the OS.

I take Steve's point that a supported and patched code base is more
likely to get defects discovered and fixed, but as a stand-alone user,
I'd feel safer on an OS designed as such, not as a network client -
especially when these networking surfaces are exposed to the Internet.

> >> And the older the software is, the more difficult it is to manage

True

> >> and the more likely it is to get attacked --

Possibly false, if the older OS has shrunk its market share and is
different enough to avoid being cross-exploited by attacks made on
newer and more popular OSs. IOW, much of Win9x's present
safety (in terms of less often being attacked) may be similar to that
for MacOS and Linuxen it's now a minority OS.

> >> because older software was not written to be centrally-managed
> >> (no group policy and no machine identity in 9x, for instance)

That's relevant to managed, network-centric IT, but that's not where
we live. That mindset is part of our problem, because in our world,
there is NO remote entity who should control our PCs under any
circumstances. The presence of such facilities is needed so pro-IT
can manage network clients, but it's all risk and no benefit to us.

> >> and was not written with resiliency in mind.

The design briefs were different, so we don't expect 9x to be as
stable as NT. It wasn't too bad, in my experience over the years.

> >> Whereas in the past most attacks were targeted at the
> >> operating system, this is no longer true. The majority of
> >> crashes we see now come from third-party software installed
> >> on the box. And in this case, crashes are good:

IKWYM - "Error messages are your friends"...

> >> various features in the operating system (DEP, ASLR, SRP,
> >> and more) have detected that something malicious is
> >> happening, and stop it before the attack succeeds. You
> >> could never do that with an OS as simple as 9x.

There are several factors that come in here, not just how easy it is
to attack a system. Opportunity, i.e. are exploitable surfaces
exposed? How easy or difficult is it for the user to find the malware
files, or their integration points? Can the user get "air superiority"
over the malware, e.g. by tackling it without running it first? IOW,
concerns go beyond infectability or attackability, and on to the ability
to non-destructively get the system back from an infected state.

> >> > 9x = Internal Safety --- based upon DOS as maintenance
> >> > operating system -- lacking in XP and Vista --- no true
> >> > maintenance operating system according to Chris Quirke

That's certainly not true as at 2008, if you define maintenance OS
as an OS (that runs arbitrary apps) that can access and manage a
HD installation without running any code from it.

DOS can't work safely over 137G, nor is it effective on NTFS - so that
kills it for Vista, and for anything > 137G.

The best mOS I've used so far, has been Bart, which builds a bootable
CDR environment based on the XP/2003 family (SP2 and later) code
base. This can handle NTFS and Win2000/XP/2003 (not Vista) registry
hives, so that registry-aware tools can act on these hives as if they were
active. It also supports the best range of tools, in my experience, and
can work in 64M RAM. Limitations: Can see USB storage only at boot
time, not on the fly no firewall hard to patch beyond SP baselines, and
can't "see" many modern S-ATA hard drive interfaces.

WinPE 2.0 is now available to the public, is based on Vista, and is in
many ways a promising mOS. Compared to Bart, it has better USB
support, allows boot CDR to be ejected and replaced, has built-in
firewall, but requires 512M RAM and fails to run many of the tools
that work in Bart. I find it harder to integrate tools into WinPE than
Bart, and there's no ability to transparently map the HD installation's
registry hives into place for registry-aware tools.

Linux can now natively read NTFS, so qualifies as a mOS too... but
there's no ability to access the HD installation's registry, either in a
transparent manner, or as a crude binding of hives via a Regedit (which
breaks expected registry paths, thus not transparent).


So right now, formally accessing XP and Vista isn't really the problem
that limits post-infection malware management. A bigger limitation is
the quality of the scanners that one can bring to bear via these mOSs.

I find the best mOS-supported solution right now, is XP + Bart. Next
best would be Vista and 9x, both suffering from the inability to run
registry-aware tools against the inactive HD registry hives. Ironically,
I now manage infected 9x PCs by scanning their HDs from Bart

> >> > "Steve Riley [MSFT]" wrote:
> >> >
> >> >> A standalone computer certainly is secure, and keeps its users safe.
> >> >> For such a computer will never receive or transmit unwanted software

USB can be a problem, if the OS is stupid enough to clicklessly
autorun code off such storage. That may be more likely in the
newer OSs, which don't have a good track record there.

> >> >> The value of a networked system increases as the square
> >> >> of the number of elements in that system.

I don't find that case too compelling

: >> >> Chris's distinction between the Internet and "a network"
: >> >> (presumably private, for Chris doesn't specify) isn't useful

I'd say it's essential, and not "getting" this is a critical safety failure.

Yes, by "network" I do mean "private network", with LANs and
secured WAN (e.g. VPN) in mind. In these network contexts,
membership is limited to trusted entities the whole thrust of
pro-IT is maintaining those limits, managing identities, and
what these identities are trusted to do.

In contrast, the Internet is a world of strangers. It's meaningless
to prove a particular identity if the user knows nothing about that
identity (and thus has no basis to assess trustworthiness). Only
once you prove an identity that is known, can one think in terms
of networking, rather than generic Internet access.

Yes, it's possible to expose business networks to the Internet,
and to manage user identities and permissions on large networks.
However, it may be a highly-skilled full-time job to do so, and that
too will escalate with the number of systems on the network.

So the value equation that works so well for corporations, works
far less well for end users. That didn't matter to big business in
the old days, but now that end user systems collectively wield
significant bandwidth and computational power, it matters more.

> >> >> Chris's argument that per-user security "creates artificial
> >> >> scopes" doesn't reflect reality. On the contrary, _stronger_
> >> >> per-user (and per-machine) identity and authentication
> >> >> are critical for allowing the network effect to flourish.

That was a statement, not an argument - IOW, the fact that per-user
scopes are artificial, does not mean they are not worthwhile. It should
perhaps inform as to how reliable they can be expected to be, though.

My point was that the objection that "the difference between data and
code is artificial and blurred" will equally apply to the difference between
user identities, user accounts and login sessions. Both may be seen
as artificial and leaky, but IMO both are worthwhile concepts to design
in and to attempt to enforce.

This has been done fairly intensively for user identity management in
the world of pro-IT, where it is highly relevant. I would argue that we
should do the same for data/code separation and risk management,
particularly in consumerland, where it is more relevant than identity.

How many consumerland infections were caused by identity failures?
How many were caused by the correct user identity triggering code
that did things the user would not have wanted to happen?

> >> >> When we reach the point where all communications
> >> >> are in the context of validated identities, carried
> >> >> in transactions with integrity and confidentiality
> >> >> protection, between endpoints that mutually
> >> >> authenticate their identities and their configurations,
> >> >> then who cares whether the underlying network is
> >> >> trusted or not?

The point of failure there is not so much the network (though DNS
vulnerabilities may be relevant there) but in the assumption that an
authenticated system acts only within the intentions of the supposed
user of that system. You may really be talking to my PC, but what
it's doing may not represent my will it may be acting under the direct
control of some other entity, or I (or the system) may have been
spoofed into initiating something I did not want.




"Steve Riley [MSFT]" wrote:

> Dan, how in the world have you conflated remote assistance with file
> systems? They have zero relationship.
>
> Besides, the presence of a remote assistance capability does not at all
> indicate that the underlying operating system is inherently less secure --
> just like the absence of such ability does not indicate that the underlying
> operating system is inherently more secure. The remote assistance feature:
>
> * is disabled by default
> * requires you to enable it before any connections are permitted
> * requires you to invite someone else to connect
> * encrypts the communications path with 128-bit RC4
> * allows you to disconnect the session at will
>
> Using your terminology, these steps provide sufficient "internal safety."
> There is no way that someone from anywhere in Microsoft (not just India) can
> or would connect to your computer without your knowledge and consent.
>
> Linking back to file systems -- you do understand, of course, that your
> FAT-formatted C: drive is accessible to any remote assistance session. Say
> you have Windows 98 on that drive. A malicious remote assistance user could
> easily replace those files and -- if you weren't watching -- you'd have no
> idea until you next booted it. Compare this Windows Vista: if someone
> replaced parts of the non-booted operating system, then next time it's
> booted, Windows integrity protection and system file protection alerts you
> to this the system either refuses to boot or reverts to its original state
> (depending on what was maliciously overwritten). Again, Vista's "internal
> safety" is vastly improved over that of any previous version of Windows.
>
> I don't know what else I can say to help you understand.
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:2EB67198-4ACB-4437-A17C-3CA42D5C342C@microsoft.com...
> > 1. True
> >
> > 2. That is true but XP and even Vista are totally focused on external
> > security. Can Microsoft remotely work on a Microsoft Windows 98 Second
> > Edition computer via India like Microsoft can work on a Windows XP
> > Professional computer? Microsoft has done remote access work on the XP
> > side
> > of my dual-boot computer which is in NTFS. My computer has a Western
> > Digital
> > Hard Drive in Fat 32 on C: and a separate hard drive on D: with Windows XP
> > Professional.
> >
> > 3. I have tried out Ubuntu Linux within a Windows environment within XP
> > Professional. I have run Windows Virtual PC 2007 within Windows XP
> > Professional. It is great but it does not fully meet my needs as a
> > consumer.
> > Consumers want to play games. My friend Chris from camp is going to build
> > a
> > 98 Second Edition computer with my old motherboard. He wants to play old
> > dos
> > games that he enjoys. The nice thing about 98 Second Edition is that you
> > can
> > exit to MS-DOS mode. This allows gamers to play games. It is all in the
> > Microsoft articles about compatibility.
> >
> > http://www.aumha.org/win4/a/resource.php
> >
> > http://support.microsoft.com/?kbid=146418
> >
> > ---------------------------------------------------------------------------------
> >
> > "Steve Riley [MSFT]" wrote:
> >
> >> You are asserting that one single vulnerability allows "military and top
> >> secrets to be leaked" and thus requires the use of some other operating
> >> system. You simply cannot make this assertion, for two reasons.
> >>
> >> 1. NO ONE KNOWS whether your suggested operating system has the same
> >> vulnerability.
> >>
> >> 2. ALL software has vulnerabilities, many of which allow attackers to
> >> take
> >> control of a system. Establishing good security practices (patch when we
> >> release, install only the services you need, apply the principle of least
> >> privilege to data, and so on) is MORE important than the particular piece
> >> of
> >> technology you've chosen to deploy. And the older the software is, the
> >> more
> >> difficult it is to manage and the more likely it is to get attacked --
> >> because older software was not written to be centrally-managed (no group
> >> policy and no machine identity in 9x, for instance) and was not written
> >> with
> >> resiliency in mind.
> >>
> >> And this talk of "internal safety" regarding 9x is really nonsensical.
> >> Vista
> >> and even XP+SP3 are FAR more difficult to attack than 9x was. We at
> >> Microsoft have the benefit of about 10 years of historical data from
> >> Watson
> >> reports (online crash analysis, Windows error reporting). We can divine a
> >> lot of information about attacks from this data. Whereas in the past most
> >> attacks were targeted at the operating system, this is no longer true.
> >> The
> >> majority of crashes we see now come from third-party software installed
> >> on
> >> the box. And in this case, crashes are good: various features in the
> >> operating system (DEP, ASLR, SRP, and more) have detected that something
> >> malicious is happening, and stop it before the attack succeeds. You could
> >> never do that with an OS as simple as 9x.
> >>
> >>
> >> --
> >> Steve Riley
> >> steve.riley@microsoft.com
> >> http://blogs.technet.com/steriley
> >> http://www.protectyourwindowsnetwork.com
> >>
> >>
> >>
> >> "Dan" <Dan@discussions.microsoft.com> wrote in message
> >> news:1D0AF19C-B164-450F-92D3-96F6E1E9FDA6@microsoft.com...
> >> > I see your point Steve but US-Cert maintains that all NT source code is
> >> > vulnerable thus my point being valid about having 98 Second Edition
> >> > machines
> >> > within a network for internal safety reasons and potentially to act as
> >> > gateways. How can we allow our military and top secrets to be leaked.
> >> > Please see the United States Computer Readiness Team at the Department
> >> > of
> >> > Homeland Security and so you can see how I am getting at the true value
> >> > of
> >> > a
> >> > source code that is flexible enough to offer external security,
> >> > internal
> >> > safety, and more. Thus we have a source code matrix as presented
> >> > below.
> >> > I
> >> > am not skilled enough to write the code for this yet but I bet
> >> > Microsoft
> >> > and
> >> > others are.
> >> >
> >> > --------------------------------------------------------------------------
> >> >
> >> > NT= New Technology --- outer defense network
> >> >
> >> > 9x = Internal Safety --- based upon DOS as maintenance operating
> >> > system --
> >> > lacking in XP and Vista --- no true maintenance operating system
> >> > according
> >> > to
> >> > Chris Quirke, MVP --- Vista is indeed great on security issues but
> >> > still
> >> > lacks in compatibility as the FAA has mentioned only using Windows 2000
> >> > (which I like as well --- totally old-school reminds me of Windows 98
> >> > Second
> >> > Edition) as well XP machines (which are good but too vulnerable in this
> >> > day
> >> > and age due to the large surface area created by too many services and
> >> > not
> >> > having strong enough default settings within Internet Explorer --
> >> > another
> >> > reason to separate the browser from Windows like the Justice Department
> >> > mentioned rightly in the 1998 case although Apple should be
> >> > investigated
> >> > now
> >> > for the practice of tying Quick time with Itunes and I feel this
> >> > practice
> >> > of
> >> > tying software must be banned for safety and security reasons in the
> >> > future.)
> >> >
> >> > Unix/Linux/Mozilla/etc. --- third party programs and open source
> >> > technologies mingling as one with closed proprietary software which is
> >> > protected by IP. Thank you for continuing this discussion.
> >> >
> >> >
> >> > -------------------------------------------from us
> >> > cert------------------------
> >> >
> >> > Vulnerability Note VU#800113
> >> > Multiple DNS implementations vulnerable to cache poisoning
> >> > Overview
> >> > Deficiencies in the DNS protocol and common DNS implementations
> >> > facilitate
> >> > DNS cache poisoning attacks.
> >> >
> >> >
> >> > http://www.kb.cert.org/vuls/id/800113
> >> >
> >> > http://www.kb.cert.org/vuls/id/MIMG-7DPJ7W (Microsoft NT but not 9x
> >> > vulnerable)
> >> >
> >> >
> >> > http://www.kb.cert.org/vuls/id/MIMG-7ECLCY (Ubuntu vulnerable)
> >> >
> >> > http://www.kb.cert.org/vuls/id/MIMG-7ECL5Z (Apple unknown whether
> >> > vulnerable)
> >> >
> >> > I am sure you know see that 3 dans --- 2 on that website and myself
> >> > another
> >> > Dan have helped bring this issue to light about how critical it is ---
> >> > kind
> >> > of boggles the mind doesn't it ---- good reason to bring 98 Second
> >> > Edition
> >> > and/or another variant 9x/NT/Unix source code --- on-line --- Microsoft
> >> > is
> >> > the only one that has the resources to do this and the whole world now
> >> > needs
> >> > your help -- Thank You for seeing the Light of our current situation
> >> > within
> >> > the Defense Network.
> >> >
> >> > ----------------------------------------------------------------------------
> >> >
> >> >
> >> >
> >> > "Steve Riley [MSFT]" wrote:
> >> >
> >> >> A standalone telephone certainly is secure, and keeps its users safe.
> >> >> For
> >> >> such a phone will never receive or transmit unwanted conversations,
> >> >> and
> >> >> the
> >> >> users of such phones will never be bothered with advertisements,
> >> >> thoughts
> >> >> that challenge their perceptions, or interesting and surprising
> >> >> opportunities.
> >> >>
> >> >> A standalone computer certainly is secure, and keeps its users safe.
> >> >> For
> >> >> such a computer will never receive or transmit unwanted software, and
> >> >> the
> >> >> users of such computers will never be bothered with advertisements,
> >> >> thoughts
> >> >> that challenge their perceptions, or interesting and surprising
> >> >> opportunities.
> >> >>
> >> >> No risk = no reward.
> >> >>
> >> >> The value of a networked system increases as the square of the number
> >> >> of
> >> >> elements in that system. A single system has a value of 1^2=1 a
> >> >> two-element
> >> >> network has a value of 2^2=4 a three element network has a value of
> >> >> 3^2=9
> >> >> and so on. (Bob Metcalfe, "It's all in your head," Forbes Magazine, 7
> >> >> May
> >> >> 2007: http://www.forbes.com/forbes/2007/0507/052.html.)
> >> >>
> >> >> Chris's distinction between the Internet and "a network" (presumably
> >> >> private, for Chris doesn't specify) isn't useful today. The network
> >> >> effect
> >> >> is clearly evident on the Internet I'd argue that in a private
> >> >> network,
> >> >> the
> >> >> network effect is diminished. Why else would we all be rushing
> >> >> headlong
> >> >> into
> >> >> the eventual recognition that private corpnets truly belong on the
> >> >> Internet,
> >> >> and that continuing to make the distinction means a loss of real
> >> >> business
> >> >> value? (Scott Charney, "Creating a more trusted Internet,"
> >> >> http://download.microsoft.com/downl...to_End_Trust_Statement_of_Purpose_Charney.pdf
> >> >> Steve Riley, "Directly connect your corpnet with IPsec and IPv6,"
> >> >> http://blogs.technet.com/steriley/a...nect-to-your-corpnet-with-ipsec-and-ipv6.aspx.)
> >> >>
> >> >> I quote our own materials here as evidence of the demand from
> >> >> forward-thinking customers that the industry envision new practices
> >> >> and
> >> >> develop new technologies that allow for the full realization of the
> >> >> network
> >> >> effect. Chris's argument that per-user security "creates artificial
> >> >> scopes"
> >> >> doesn't reflect reality. On the contrary, _stronger_ per-user (and
> >> >> per-machine) identity and authentication are critical for allowing the
> >> >> network effect to flourish. Indeed, the lack of strong identity and
> >> >> authentication has been a hindrance, and that's why you see
> >> >> technologies
> >> >> like smart cards and TPM chips becoming more common. When we reach the
> >> >> point
> >> >> where all communications are in the context of validated identities,
> >> >> carried
> >> >> in transactions with integrity and confidentiality protection, between
> >> >> endpoints that mutually authenticate their identities and their
> >> >> configurations, then who cares whether the underlying network is
> >> >> trusted
> >> >> or
> >> >> not?
> >> >>
> >> >> --
> >> >> Steve Riley
> >> >> steve.riley@microsoft.com
> >> >> http://blogs.technet.com/steriley
> >> >> http://www.protectyourwindowsnetwork.com
> >> >>
> >>
> >>

 

[Dan]

Steve, this is getting deep. Please can I request a secure channel to
continue this discussion in private. Thank you and have a great day.

"Steve Riley [MSFT]" wrote:

> Thanks for reading.
>
> 1. More detail, please. Which ones do you have in mind that we haven't
> implemented?
>
> 2. There is no "internal safety" in the 9x code. If you connect a 9x
> computer to the Internet, it will get attacked. There are plenty of ways to
> boot a computer with an alternate operating system if you need to perform
> some kind of maintenance. (Note that as more and more people move to volume
> and drive encryption, there will be additional steps, especially around key
> archiving and recovery passwords.)
>
> 3. This is a typical recommendation for root certificate servers -- they are
> the sources of authority for identity and they don't need to be online, so
> keeping them disconnected and physically secure is sage advice. (And note
> that you can't really ever "prove" that someone isn't a spy -- you can't
> prove a negative.)
>
> 4. Most organizations achieve huge support cost savings by _standardizing_
> on hardware. Per-machine custom twiddles add unnecessary complexity, which
> increases the likelihood making configuration mistakes, which attackers will
> then exploit. (The TPM chip, a hardware device that can store encryption
> keys among other things, provides a useful machine identity.)
>
> 5. Can't argue with that.
>
> 6. You're talking about honeypots and honeynets. They're interesting for
> learning about attacker behavior and motivations, but they aren't security
> devices.
>
> 7. I'm not sure why you insist that the current version of Windows is the
> same as NT. Over time we have rewritten much of the code. One example is the
> IP stack in Vista/2008 -- it's all new.
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:A415E3B7-1750-44E6-8BDE-707D90A5EDB0@microsoft.com...
> > I looked over your blog and like your points Steve. You certainly have a
> > great grasp of the security aspect of protecting computers. Now here is
> > my
> > view:
> >
> > 1. Please implement all of your security protocols
> >
> > 2. Use Windows 98 Second Edition Machines as a safety internal protocol
> > as
> > Chris Quirke, MVP suggests how the internal safety of 9x is awesome and
> > makes
> > remote hacking difficult thus when someone does manage to hack a network
> > they
> > cannot overcome the internal safety of the 9x operating system that has
> > the
> > maintenance operating system of DOS that Chris Quirke, MVP maintains is
> > sorely lacking in Vista.
> > Consider the possibility of having one 98 Second Edition machine as a
> > Gateway to the Network.
> >
> > 3. Maintain certain machines as off-line only in locked and secure rooms
> > with minimal access and information only given on an as needed basis as is
> > done in the military and at defense companies like Raytheon after full
> > background checks and after enough time has passed that you can prove the
> > person is not a spy.
> >
> > 4. Implement the proper configuration and customize hardware options of
> > all
> > machines so if a certain machine that is released in the market has been
> > compromised the security and safety of your network is not at risk.
> >
> > 5. Inform US-Cert (Department of Homeland Security in the States) of any
> > attempted and seriously probing of your network.
> >
> > 6. Ideally have special catching machines to attract high level hackers to
> > them for highly valued informaion via the proper protocol of bait and
> > catch.
> >
> > 7. Have Fun and See How Many Hackers you can Catch and Remember this is
> > Truly all a Game of being able to one up the hackers --- ideally Microsoft
> > will soon have a 3rd source code that can finally put 9x and NT to rest
> > and
> > have the best of safety and security within one source code but I wonder
> > if
> > this is even possible but certainly Microsoft does need a new source code.
> >
> > Thanks Again for all of your Advice and Your Great Blog and Feel Free to
> > Let
> > Me Know My Shortcomings in the Debate --- I really appreciate your
> > Feedback
>
>