Re: windows future

["Elazar Broad" <elazar () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Like them or not, M$ has done quite a bit with its SDL[1], and
though quite late in the game, the memory protection mechanism's in
Vista and Windows 7. As far as anti-virus software goes, it's
mostly useless[2][there was a recent article on signature lead
time, I can't find it for some reason] already.

[1]http://www.pcworld.com/businesscenter/blogs/bizfeed/167111/opinio
n_pigs_fly_microsoft_leads_in_security.html?tk=rss_news
[2]http://pcworld.about.com/od/virusesphishingspam/Botnets-Defeat-
Most-Anti-Virus.htm

On Sat, 29 Aug 2009 20:09:55 -0400 lsi <stuart () cyberdelix net>
wrote:
> I'm saying that the world's malware authors, in their race to stay
>
> ahead of AV, are engaging in an uncoordinated, slow-motion DDOS of
>
> the world's AV systems.  They are flooding the blacklists, and
> this
> flooding is accelerating.  If it continues, the world's AV systems
>
> will be useless, as will be the machines they are protecting.
>
> Note, I have NOT gone off and compiled some stats, I've just noted
> an
> existing trend, and extrapolated it.  Here's an article from 2005,
>
> again, the numbers suggest an exponential curve.
> http://www.theregister.co.uk/2005/01/05/mcafee_avert_report/
>
> The biological metaphor does suggest that Microsoft would take
> some
> kind of evasive action, and I think their only option is to
> license
> unix, just as Apple did (although Apple did it for different
> reasons).  Doing this will solve many problems, they can keep
> their
> proprietary interface and their reputation, and possibly even
> their
> licensing and marketing models, while under the hood, unix saves
> the
> day.  They will need to eat some very humble pie, a few diehards
> might jump from Redmond's towers, and the clash of cultures will
> toast some excellent marshmellows... but they will save their
> business.  Do they have a choice?  Malware numbers are suggesting
> they don't.
>
> Licensing the solution suits Microsoft's business model (much
> easier
> for them to buy in a fix than build one, they tried that already),
>
> they did in fact do it many times previously, starting with a
> certain
> product called MS-DOS, and it means they can keep their customer
> base, they just sell them an upgrade which is in fact a completely
>
> new system - again, just as Apple did with OSX.
>
> Actually, I think the simplest thing for them to do would be to
> buy
> Apple, then they can rebadge OSX, instead of reinventing it.
>
> Stu
>
> On 28 Aug 2009 at 10:24, Rohit Patnaik wrote:
>
> Date sent:             Fri, 28 Aug 2009 10:24:25 -0500
> From:                  Rohit Patnaik <quanticle () gmail com>
> To:                    full-disclosure () lists grok org uk
> Subject:               Re: [Full-disclosure] windows future
>
> > I'm not sure I agree with the basic premise of this scenario.
> You're
> > suggesting that getting exposed to malware is some kind of
> > inevitability, and that eventually there will be enough
> different kinds
> > of malware that filtering them all will be impossible. I don't
> think
> > that's valid. Good browsing habits, running a firewall, and
> keeping your
> > machine updated will prevent almost all malware from even
> getting access
> > to your machine. Then all we have to worry about are the few
> bits of
> > code that are capable of getting through our defenses.
> >
> > To reiterate the biological analogy, we don't rely on
> antibiotics to
> > stop infection. We rely on good hygiene. In the same way, just
> as
> > increased biological infection rates led to a push for greater
> public
> > hygiene (e.g. indoor plumbing, closed sewers, etc.) we'll see a
> push for
> > greater computer hygiene as malware infection rates rise.
> Windows
> > already includes a firewall to prevent automated worm
> infections, and
> > Microsoft is working to harden network facing applications, as
> evidenced
> > by their recent decision to have IE run with limited privileges.
> As
> > malware becomes more virulent, the "immunity" of Windows will
> likewise
> > grow, putting a damper on any sort of exponential growth curve.
> >
> > --Rohit Patnaik
> >
> > lsi wrote:
> > > Thanks for the comments, indeed, the exponential issue arises
> due to
> > > use the of blacklisting by current AV technologies, and a
> switch to
> > > whitelisting could theoretically mitigate that, however, I'm
> not sure
> > > that would work in practice, there are so many little bits of
> code
> > > that execute, right down to tiny javascripts that check you've
> filled
> > > in an online form correctly, and the user might be bombarded
> with
> > > prompts.  Falling back on tweaks to user privileges and UAC
> prompts
> > > is hardly fixing the problem.  The core problem is the
> platform is
> > > inherently insecure, due to its development, licensing and
> marketing
> > > models, and nothing is going to fix that.  Even if fixing it
> became
> > > somehow possible, the same effort could be spent improving a
> > > competing system, rather than fixing a broken one.
> > >
> > > Just to complete the extrapolation, the below.
> > >
> > > Assuming that mutation rates continue to increase
> exponentially,
> > > infection rates will reach a maximum when the average computer
>
> > > reaches 100% utilisation due to malware filtering.  Infection
> rates
> > > will then decline as vulnerable hosts "die off" due to their
> > > inability to filter.  These hosts will either be replaced with
> new,
> > > more powerful Windows machines (before these themselves
> surcumb to
> > > the exponential curve), OR, they will be re-deployed, running
> a
> > > different, non-Windows platform.
> > >
> > > Eventually, the majority of computer owners will get the idea
> that
> > > they don't need to buy ever-more powerful gear, just to do the
> same
> > > job they did yesterday (there may come a time when the fastest
>
> > > machine available is unable to cope, there is every
> possibility that
> > > mutation rates will exceed Moore's Law).  The number of
> vulnerable
> > > hosts will then fall sharply, as the platform is abandoned en-
> masse.
> > > At this time, crackers who have been depending upon a certain
> amount
> > > of cracks per week for income, will find themselves short.
> They will
> > > then, if they have not already, refocus their activities on
> more
> > > profitable revenue streams.
> > >
> > > If every computer is running a diverse ecosystem, crackers
> will have
> > > no choice but to resort to small-scale, targetted attacks, and
> the
> > > days of mass-market malware will be over, just as the days of
> the
> > > mass-market platform it depends on, will also be over.
> > >
> > > And then, crackers will need to be very good crackers, to
> generate
> > > enough income from their small-scale attacks.  If they aren't
> very
> > > good, they might find it easier and more profitable to get a 9-
> to-5
> > > job.  The number of malware authors will then fall sharply.
> > >
> > > The world will awaken from the 20+ year nightmare that was
> Windows,
> > > made possible only by manipulative market practices, driven by
> greed,
> > > and discover the only reason it was wracked with malware, was
> because
> > > it had all its eggs in one basket.
> > >
> > > Certainly, vulnerabilities will persist, and skilled cracking
> groups
> > > may well find new niches from which to operate.  But
> diversifying the
> > > ecosystem raises the barrier to entry, to a level most garden-
> variety
> > > crackers will find unprofitable, and that will be all that is
> > > required, to encourage most of them to do something else with
> their
> > > lives, and significantly reduce the incidence of cybercrime.
> > >
> > > (now I phrase it like that, it might be said, that by buying
> > > Microsoft, you are indirectly channelling money to organised
> crime
> > > gangs, who most likely engage in other kinds of criminal
> activity, in
> > > addition to cracking, such as identity theft, money
> laundering, and
> > > smuggling. That is, when you buy Microsoft, you are propping
> up the
> > > monoculture, and that monoculture feeds criminals, by way of
> its
> > > inherent flaws.  Therefore, if you would like to reduce
> criminal
> > > activity, don't buy Microsoft.)
> > >
> > > -EOF
> > >
> > > On 27 Aug 2009 at 13:45, lsi wrote:
> > >
> > > From:              "lsi" <stuart () cyberdelix net>
> > > To:                full-disclosure () lists grok org uk
> > > Date sent:         Thu, 27 Aug 2009 13:45:01 +0100
> > > Priority:          normal
>
> > > Subject:           [Full-disclosure] windows future
> > > Send reply to:     stuart () cyberdelix net
> > >    <full-disclosure.lists.grok.org.uk>
>
> > >    <mailto:full-disclosure-
> > > request () lists grok org uk?subject=unsubscribe>
> > >    <mailto:full-disclosure-
> request () lists grok org uk?subject=subscribe>
> > > > [Some more extrapolations, this time taken from the fact that
> malware
> > > > mutation rates are increasing exponentially. - Stu]
> > > >
> > > > (actually, this wasn't written for an FD audience, please
> excuse the
> > > > bit where it urges you to consider your migration strategy, I
> know
> > > > you're all ultra-l33t and don't have a single M$ box on your
> LAN)
> > > > http://www.theregister.co.uk/2009/08/13/malware_arms_race/
> > > >
> > > > If this trend continues, there will come a time when the
> amount of
> > > > malware is so large, that anti-malware filters will need more
> power
> > > > than the systems they are protecting are able to provide.
> > > >
> > > > At this time, those systems will become essentially
> worthless, and
> > > > unusable.
> > > >
> > > > You can choose to leave now, or later.  But you cannot choose
> to
> > > > stay...
> > > >
> > > > (I mean, that the Windows platform seems destined to fill,
> > > > completely, with malware, such that your computer will spend
> ALL its
> > > > time on security matters, and will have no CPU, RAM etc left
> for
> > > > actual work.  At the end of the day, the ability of malware
> to infect
> > > > Windows machines is due to the fact that Windows is a
> monoculture, a
> > > > monolith, built by a single company, with many
> interconnections and
> > > > hidden alleyways.  It's hard to imagine a platform LESS
> vulnerable -
> > > > compare with open-source efforts, which are diverse,
> homogenous and
> > > > connect via open protocols.  Malware finds life hard in the
> sterile,
> > > > purified world of RFCs, where one of many different programs
> may
> > > > process your malicious payload, all of which have been peer-
> reviewed.
> > > >  In Windows, malware knows that a specific Microsoft EXE will
> process
> > > > its data, knows that the code has not been thoroughly
> checked, and
> > > > can make use of undocumented mechanisms.
> > > >
> > > > So basically Microsoft, by hoarding their source, by tightly
> > > > integrating functionality, and by seeking to monopolise the
> various
> > > > markets created by the platform (browser, media player,
> office
> > > > software), have doomed Windows, and everything that runs on
> it.  The
> > > > lack of diversity in the Windows ecosystem means that it is
> highly
> > > > vulnerable to attack by predators.  The fact that malware
> mutation
> > > > rates are accelerating is a clear indicator that the foxes
> are
> > > > circling.  This is the beginning of a death spiral; the
> malware
> > > > numbers we've seen in the past 20 years were the low end of
> an
> > > > exponential curve, and we're now getting to the steep part.
> > > >
> > > > The problem is that any given computer is only capable of so
> much
> > > > processing.  It has an upper limit to the amount of malware
> it can
> > > > filter, those limits being related to CPU speed, RAM,
> diskspace,
> > > > network bandwidth.  This upper limit looks like a horizontal
> line, on
> > > > the chart that shows the exponential curve mentioned above.
> > > >
> > > > So my point, is that eventually, the exponential curve is
> going to
> > > > cross that horizontal line, for any given computer, and when
> that
> > > > happens, that computer will no longer be able to filter
> malware.  It
> > > > will only be able to filter a subset, and thus be vulnerable
> to the
> > > > rest. Consequently it will not be usable, for instance, on
> the web,
> > > > and will essentially become a doorstop...
> > > >
> > > > The only escape from this inevitability is to ditch the
> platform that
> > > > is permitting the malware - that is, the only escape is to
> ditch
> > > > Windows. It is being eaten alive, by predators that only have
> a
> > > > foothold because there are weaknesses in the platform.
> > > >
> > > > Given that it can take years to migrate to a new operating
> system, I
> > > > do recommend, if you have not already done so, that you
> commence
> > > > planning to ditch Windows.  I might be wrong about the
> exponential
> > > > curve, but if I'm not, then there may not be a lot of time in
> between
> > > > when malware levels seem managable, and the time when they
> are not.
> > > > If your business depends on Windows machines and they all
> become
> > > > unusable, you will have no business.  What you definitely
> must NOT
> > > > do, is assume that Windows is going to be around for a long
> time.  It
> > > > is a dead man walking.
> > > >
> > > > - Of course, there might be a few years yet.  You can spend
> those
> > > > years running up your IT bill, with lots of new computers
> that are
> > > > required to filter all that malware while still performing at
> a
> > > > useful speed.  Or, you can ditch Windows, and keep your
> existing
> > > > hardware - it runs perfectly well, when it's not weighed down
>
> > > > defending the indefensible.
> > > >
> > > > [If Microsoft dooming Windows isn't ironic enough, consider
> that
> > > > every time malware authors pump out another set of mutations,
> they
> > > > are nailing one more nail in the coffin of the platform that
> they
> > > > depend on to make their living! Ahh, there is justice in the
> world
> > > > after all.]
> > > >
> > > > [And the end game?  Well, M$ could open-source Windows, but
> frankly,
> > > > why would anyone bother trying to fix it?  As the old saying
> goes,
> > > > don't flog a dead horse...]
> > > >
> > > > ---
> > > > Stuart Udall
> > > > stuart at () cyberdelix dot net - http://www.cyberdelix.net/
> > > >
> > > > ---
> > > >  * Origin: lsi: revolution through evolution (192:168/0.2)
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-
> charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > >
> > >
> > > ---
> > > Stuart Udall
> > > stuart at () cyberdelix dot net - http://www.cyberdelix.net/
> > >
> > > ---
> > >  * Origin: lsi: revolution through evolution (192:168/0.2)
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ---
> Stuart Udall
> stuart at () cyberdelix dot net - http://www.cyberdelix.net/
>
> ---
> * Origin: lsi: revolution through evolution (192:168/0.2)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAkqaNgcACgkQi04xwClgpZizFAP9EtndE4QUApbFpOoasdJW0Ymc1BF3
uMLNlwe5Fud8hDNAaArsdHgN8wj3hXtWeJkg3O/cuG9IImaYrRb9R9rE5R+sYs/wQNjI
yueqWcidj4v0UY1F/GmhKj9U5JiPZw2yHrCo1Y+ePddNhxefZgHlop3NUOpfUWmL1fgO
q3vE3OE=
=GPMR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/