Please turn on javascript in your browser to play chess.
Science Forum

Science Forum

  1. Standard member sonhouse
    Fast and Curious
    10 Sep '10 05:15
    I just read a wiki about Linux AV's and the gist of it was Linux was much less prone to be attacked by rootkits, trojans, worms, viruses and the like because for one thing, there are so many flavors of Linux, Red Hat, Ubuntu, Xbuntu, etc.

    Because each one has slight differences in source code, a virus written for Red hat can't infect Ubuntu, and so forth.

    The problem with windows viruses is windows comes in only a few flavors, XP, Vista, 2000, 7, etc., and therefore gives a common target.

    So here is my big idea: (don't ask ME how to do this, I am just the idea man here
    In real life, bio viruses have to learn to infect the second generation all over again because sexual reproduction stirs the genetic pot to a certain extent and tends to neutralize viruses that endangered earlier generations of humans.


    So how bout something like that for OS's? Linux X meets Linux Y, they temporarily get married, have somewhat different source code. They meld the OS's together and come up with a unique code that works for that computer, the daughter of X and Y, now Generation Z. Get the idea here? Linux continuously automatically rewrites itself to stay ahead of shyteware. It would only engender the exchange of certain key bits, probably less than a kilobyte of actual data changed from gen X to gen Z. Then a virus that attacked Gen X would not be able to attack Gen Z.

    I'll bet a version could be thought up for windows too.

    Any comments?
  2. 10 Sep '10 07:25
    Originally posted by sonhouse
    Any comments?
    The problem is that anything that can defeat a virus that way, will defeat user software in the exact same way. Although the many flavors of Linux are a protection against malware, they also make it much harder for desired software too. When you download software for Linux, you often have to look for a version specifically written for your flavor of Linux. Sometimes you can avoid that issue by compiling the software on your system, but that doesn't always work.
    The many flavors also makes it harder for us users. There must be documentation for each flavor and if you need help with anything you must look for help on your particular flavor.

    Windows' success can partly be attributed to its general openness to software including backward compatibility, low security requirements etc. Servers have different requirements from user PCs so Linux was able to capitalize on its security aspects. also servers can often live with running on software that is several years old and has been tested and tailored to work with the specific version you are using.

    There is always a balance that must be struck between allowing a piece of software to do what it wants and trying to keep that software within well defined limits. Generally it is better to give more freedom to software on the desktop and less freedom on the server. But still, I would estimate that over 75% of the problems I have had with software have been because the software needed more freedom than the OS was allowing.
  3. 10 Sep '10 07:43
    Originally posted by sonhouse
    Any comments?
    I must add that you are not the first to think of using software that is different in every instance to confuse possible attacks. I have certainly come across the concept before.

    But it is only useful when you want absolutely nobody to touch your stuff, whereas virus's typically do things that legitimate software needs to do in specific circumstances.

    Take the case of the early boot sector virus' or the modern memory stick virus' that rely on auto-play.
    In both cases simply stopping the PC from booting from floppy disks or auto-playing memory stick provides guaranteed protection against such virus'. But it comes at a usability cost. In these two cases, I believe it is worth the cost, and will often disable auto-play for memory sticks.
  4. Standard member sonhouse
    Fast and Curious
    11 Sep '10 03:17
    Originally posted by twhitehead
    I must add that you are not the first to think of using software that is different in every instance to confuse possible attacks. I have certainly come across the concept before.

    But it is only useful when you want absolutely nobody to touch your stuff, whereas virus's typically do things that legitimate software needs to do in specific circumstances. ...[text shortened]... o cases, I believe it is worth the cost, and will often disable auto-play for memory sticks.
    When you say worth the cost with thumb drives, what are you saying exactly? Not sure what you meant by that statement. BTW, in the general section, there is a nice and sarcastic discussion of AV's. They are all in agreement to depend on one AV and I say nuts to that, I have tested that concept and found if I use 2 or 3 each one finds stuff the other one doesn't. I think they have their head in the sand and told them so and issued a challenge to use their fav AV and then download something like Ad Aware or Superantispyware and run another AV run and see what new crudware they find. They seem extremely complacent and smug about the issue. Statments like 'I have used one AV for years and only got one virus'. If that isn't head in the sand I don't know what is. What do you think?
  5. 12 Sep '10 08:42
    Originally posted by sonhouse
    When you say worth the cost with thumb drives, what are you saying exactly? Not sure what you meant by that statement.
    Windows by default, has thumb drives set to autoplay when inserted. This essentially means the moment you insert your thumb drive, windows tries to run whatever program is installed on that drive and set to autorun. This method of propagation accounts for over 90% of the virus' that I have personally seen.
    Simply disabling autoplay on your thumb drive prevents this type of infection. The cost, is that if you do have a program that you want to automatically run when you insert your thumb drive, it wont automatically run, and also, when you put your thumb drive in it wont automatically open explorer. But its worth it to prevent virus'.

    Statments like 'I have used one AV for years and only got one virus'. If that isn't head in the sand I don't know what is. What do you think?
    I have in the past run for many years without any antivirus at all. I currently run one on some of my pcs, but they only actually catch something about once every six months.
    I think that it is a matter of trade off. Virus' are an annoying waste of time, and so are antivirus'. Its all a question of which annoys you more.
    In my case, I am skilled enough to avoid most virus', and I recognize the signs when I do have an infection that is likely to cause problems and can take action then.
    But the main thing is I do not swop files a whole lot, and thus have very few potential sources of infection.
    I would never run two antivirus' at once.
    Sure, no antivirus will catch every possible virus, but who cares? Most virus' are very common and will be detected by most antivirus'.
    In my personal experience of sorting out computer problems for other people, supposed anti-virus or other 'security' software such as firewalls etc cause nearly as many problems as virus' themselves.
  6. Standard member sonhouse
    Fast and Curious
    12 Sep '10 11:19 / 1 edit
    "In my case, I am skilled enough to avoid most virus', and I recognize the signs when I do have an infection that is likely to cause problems and can take action then.
    But the main thing is I do not swop files a whole lot, and thus have very few potential sources of infection.
    I would never run two antivirus' at once."

    How do you avoid virus attacks, trojans, rootkits and the like? Some of them you don't see any outward sign, like keyloggers, the whole idea there is for you not to know it is present so how do you go about detecting the fact you have one? What do you mean by 'I don't swap files a whole lot'? I don't RUN two AV's at once, but have them LOADED and ready to go, run them one after another.

    What about tracking adware? How can you stop that? You get that kind of thing just going to CNN or other news sites. Do you never visit news sites then? I don't know of any site that doesn't at least load you up with adware.
  7. 12 Sep '10 19:32
    Originally posted by sonhouse
    How do you avoid virus attacks, trojans, rootkits and the like?
    Mostly by not copying files onto my computer whose source is suspect.
    I don't open attachments from people who don't say they sent me something, but then I haven't actually received any such emails for years.
    I do not often put my thumb drive into other peoples computers, and when I do, I check it for suspicious files when I get it back. (I recently took it to a printer and a virus did get onto it, but it didn't infect my pc because autorun is turned off).

    Some of them you don't see any outward sign, like keyloggers, the whole idea there is for you not to know it is present so how do you go about detecting the fact you have one?
    That may be true, but software finds it really hard to stay completely hidden. Mostly I avoid getting them in the first place.

    What do you mean by 'I don't swap files a whole lot'?
    I don't often get files from other people. Most of the files that go on my pc are from commercial games, or related to my work. I am fairly careful about what I download.

    What about tracking adware?
    I am not sure what you mean. Do you mean cookies, or do you mean software that installs itself then starts popping up adds?
    I am not to concerned about cookies. Something that installs itself without your permission, should never happen if you use a good browser. I use Chrome and I have never experienced that. I also use AdBlock so I don't see most adverts anyway.

    How can you stop that? You get that kind of thing just going to CNN or other news sites. Do you never visit news sites then? I don't know of any site that doesn't at least load you up with adware.
    I don't believe any large commercial site is deliberately downloading adware to your PC. CNN most definitely should not be doing so. If you are talking about cookies, then I think you just don't understand the concepts and have been mislead by your antivirus'.
    Besides, most browsers can be set to reject cookies if you really want to, but then the site wont work so good. Or you could delete them regularly if you are that concerned about privacy.
  8. Standard member sonhouse
    Fast and Curious
    15 Sep '10 18:28
    Originally posted by twhitehead
    Mostly by not copying files onto my computer whose source is suspect.
    I don't open attachments from people who don't say they sent me something, but then I haven't actually received any such emails for years.
    I do not often put my thumb drive into other peoples computers, and when I do, I check it for suspicious files when I get it back. (I recently too ...[text shortened]... good. Or you could delete them regularly if you are that concerned about privacy.
    That last is not true. They ALL put crap on your pc, they get a cut from the revenue.
  9. 16 Sep '10 06:18
    Originally posted by sonhouse
    That last is not true. They ALL put crap on your pc, they get a cut from the revenue.
    Can you give me more details?

    The only thing websites are allowed to put on your PC are cookies (which are used for keeping track of visitors) and the website they are displaying. Anything else and they must ask you first and you explicitly download it.
    The only way to break out of the browser and put stuff on your PC is either with your permission, or through security holes in the browser. I don't believe respectable websites like CNN would be using security holes.

    I for one have never got any adware from browsing the web.

    I am a programmer, and my programs all use websites as a front end, so I do know how websites and browsers work.
  10. Standard member sonhouse
    Fast and Curious
    17 Sep '10 01:37
    Originally posted by twhitehead
    Can you give me more details?

    The only thing websites are allowed to put on your PC are cookies (which are used for keeping track of visitors) and the website they are displaying. Anything else and they must ask you first and you explicitly download it.
    The only way to break out of the browser and put stuff on your PC is either with your permission, o ...[text shortened]... , and my programs all use websites as a front end, so I do know how websites and browsers work.
    I am going to do a repeat experiment, will get back with results.
  11. 18 Sep '10 21:16
    Originally posted by sonhouse
    I just read a wiki about Linux AV's and the gist of it was Linux was much less prone to be attacked by rootkits, trojans, worms, viruses and the like because for one thing, there are so many flavors of Linux, Red Hat, Ubuntu, Xbuntu, etc.

    Because each one has slight differences in source code, a virus written for Red hat can't infect Ubuntu, and so fort ...[text shortened]... attack Gen Z.

    I'll bet a version could be thought up for windows too.

    Any comments?
    Redhat and Ubuntu use the same linux kernels and probably a lot of the same software. they have different package formats. Ubuntu is based on Debian Linux and uses the .deb format. Redhat uses .rpm. the same software could be used in both systems, installed with different packages.

    http://en.wikipedia.org/wiki/Package_management_system

    A software package management system (PMS) is a collection of software tools to automate the process of installing, upgrading, configuring, and removing software packages for a computer's operating system in a consistent manner. It typically maintains a database of software dependencies and version information to prevent software mismatches and missing prerequisites.

    http://en.wikipedia.org/wiki/Alien_%28software%29

    Alien is a computer program that converts between different Linux package formats ... Alien supports conversion between Linux Standard Base, RPM, deb, Stampede (.slp), Solaris (.pkg) and Slackware (.tgz) packages. It is also capable of automatically installing the generated packages, and can try to convert the installation scripts included in the archive as well. The latter feature should be used with caution since Linux distributions may vary significantly from one another, and using install scripts automatically converted from an Alien format may break the system.
  12. 18 Sep '10 21:21 / 1 edit
    also, the DNA idea sounds off. programs are deterministic. not based on random combinations of DNA. malware is based on targeted attacks at known vulnerabilities that may happen to exist in a given O/S or apps. having the operating systems sexually reproduce is not going to magically strengthen them by casting out anti-survival traits.
  13. 18 Sep '10 21:24
    and i'm getting the idea that Windows is so vulnerable because it's written by one organization. look at their history and how many times they've had outside organizations picking up the slack for their bad designs, lack of manpower, one-track purpose, stupid ideas (running embedded email apps automatically!!!!), etc.

    Norton Utilities
    Norton AV
    McAfee AV
    AdAware
    etc etc etc etc
  14. Standard member sonhouse
    Fast and Curious
    19 Sep '10 05:49
    Originally posted by twhitehead
    Can you give me more details?

    The only thing websites are allowed to put on your PC are cookies (which are used for keeping track of visitors) and the website they are displaying. Anything else and they must ask you first and you explicitly download it.
    The only way to break out of the browser and put stuff on your PC is either with your permission, o ...[text shortened]... , and my programs all use websites as a front end, so I do know how websites and browsers work.
    Ok, here are the tests I ran: I had gone to several normal sites, like CNN, RHP, IT Pro, a couple of physics sites, BBC nature, New Scientist, Reuters.
    Then did a spybot run, found 20 events of adware, 7 varieties, Adbrite, Burstmedia, Doubleclick, Mediaplex, Webtrendslive, Hitbox.

    Got rid of those and then ran just CNN, went to one report, backed out and retested, this time found just one Adware: Doubleclick.

    Then on the general forum there was a post about one handed guitarists and the link was to You tube. So I visited a bunch of Youtube sites of the same variety including some body builder sites.

    Ran Spybot again (BTW, it is up to 1.28 million definitions!, it started out in '04 with about 5,000 and this time, to my surprise, only found the one adware, again Doubleclick. I thought Youtube would have generated a lot of scumware but only found the one, doubleclick.

    Before the first test, I ran malwarebytes which found zero bad guys, just as a control. Spybot found those 7 kinds but only the one after just going to CNN. But it showed going to CNN definitely stuck in adware.
  15. 19 Sep '10 21:15 / 1 edit
    Originally posted by sonhouse
    Ok, here are the tests I ran: I had gone to several normal sites, like CNN, RHP, IT Pro, a couple of physics sites, BBC nature, New Scientist, Reuters.
    Then did a spybot run, found 20 events of adware, 7 varieties, Adbrite, Burstmedia, Doubleclick, Mediaplex, Webtrendslive, Hitbox.

    Got rid of those and then ran just CNN, went to one report, backed out a ut only the one after just going to CNN. But it showed going to CNN definitely stuck in adware.
    Got rid of those and then ran just CNN, went to one report, backed out and retested, this time found just one Adware: Doubleclick.

    I did not think that doubleclick actually downloaded malware and indeed, Looking at Wikipedia's page on DoubleClick (obviously this should be confirmed through more trustworthy sources), it just uses cookies to track people's web-browsing. The only thing downloaded onto your computer is a small text file (cookie) that is not executable. It is not a virus, trojan or malware or adware and is reported by your AV software simply because it could be considered an invasion of privacy.

    You could turn off cookies entirely, breaking many websites in the process; use an anonymising service like Tor; or use an adblocking product (though I don't know if this stops the cookies or just the ads).

    I personally don't think it is a huge problem running multiple AV products. Have one running permanently and others that you run now and again.

    But the best thing to do is:
    - Turn off auto-run
    - Never open an un-verified attachement
    - Never download 'cracked' software
    - Don't download any software without researching it first.Sticking to open source will help but is not guaranteed to keep you safe.
    - Educate yourself

    --- Penguin