[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: Re: PHP coder needs Tor details

To: <or-talk@xxxxxxxxxxxxx>
Subject: RE: Re: PHP coder needs Tor details
From: "Tony" <Tony@xxxxxxxxxxxxx>
Date: Tue, 13 Feb 2007 15:26:55 -0000
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 13 Feb 2007 10:28:15 -0500
In-reply-to: <20070213103354.GX21677@leitl.org>
References: <20070212223801.GV85971@falcon.eff.org> <741862.71287.qm@web51613.mail.yahoo.com> <F8482B9C6D41834E87B725F614890DB50407A4@mailgate.tdrmail.co.uk> <20070213103354.GX21677@leitl.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
Thread-index: AcdPWxqHz0JIuW9hSyKjA4YaHgquywAJf3oA
Thread-topic: Re: PHP coder needs Tor details

Windows hasn't rendered active content by default since XP SP2. It has never rendered it by default in Vista or Windows 2003.

Windows also no longer runs as administrator by default (I guess you havnt used Vista yet).

Its not just in theory. For instance IIS is now so improved that many sites fed up with the constant hacking, exploits, defacements and patching regime dependency compatibility issues that they experience on Linux are migrating over to Windows server 2003. This has been a consistent trend for some time now and Apache just dropped below 60% market share for the first time since 2002 as a direct result of cumulative migrations from Linux to Windows.

As you say 'most installations are now secure by default'. Touché. 

-----Original Message-----
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of Eugen Leitl
Sent: 13 February 2007 10:34
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Re: PHP coder needs Tor details

On Tue, Feb 13, 2007 at 10:25:54AM -0000, Tony wrote:

This is offtopic, but...

> Actually Windows does exactly the same thing. e.g. the 'Network 
> Service' and 'Local Service' accounts. See 
> http://www.microsoft.com/technet/security/midsizebusiness/topics/netwo
> rksecurity/securingaccounts.mspx

The point is that rendering active content is default, and running everything as administrator is default (in fact, most Windows userland software needs to be installed and run as administrator) -- the technology and the culture conspire to give us the 250 Mzombie Internet experience we love.

> People seem to forget that the original and worst worm outbreak ever - that efffectively shut down the internet for days was on UNIX...

That was a long time ago. Unix is diverse, and most installations are now secure by default. The technology and the culture work together, and lower profile is one of the key points that diversity is good, monoculture is bad.

> Windows might have its problems but they are not unique.

You're correct only in theory.

--
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Follow-Ups:
- Re: Re: PHP coder needs Tor details
  - From: Eugen Leitl

References:
- Re: PHP coder needs Tor details
  - From: Seth David Schoen
- Re: PHP coder needs Tor details
  - From: Mr. Blue
- RE: Re: PHP coder needs Tor details
  - From: Tony
- Re: Re: PHP coder needs Tor details
  - From: Eugen Leitl

Prev by Author: RE: Re: PHP coder needs Tor details
Next by Author: RE: Re: PHP coder needs Tor details
Previous by thread: Re: PHP coder needs Tor details
Next by thread: Re: Re: PHP coder needs Tor details
Index(es):
- Author
- Thread