Someone's Hacking Google...

Say that to Apache (versus IIS)… Or maybe you really think IIS got more market share than Apache?[/quote]

On the contrary, I don’t know WTF you’re talking about. Sorry.

Once I saw a page that documented security holes in various software, and Linux had many, many flaws. It’s open source and there are probably tons of those little holes out for the finding. Usually major Windows viruses/trojans won’t affect you if you have updated regularly.

On browsers: Lower integration with the OS is a big plus and probably far more safe than IE’s route, but in general, there are always going to be security holes. Would it really be that hard to mod the program to log passwords if there was a glitch? My point isn’t that they are more flawed or that IE is flawless, just that they aren’t the lockboxes some people would make them out to be.

I have no intention of starting a flame war

the exact same is true in linux, why does that make linux any worse?

I hope that isn’t what you intended to say

a web browser should not ever be at the low level of a operating system, because the standards change so frequently and because it is not fundamental for the operation of a computer

I guess that part is well put, somewhat

now, as for the differnces between the two systems, you can pretty much just look at the focus

in windows, everything has a spiffy multi-tabbed settings panel and windows has numerous features which can make many things easier [active directory for one]. These features often come at the cost of standards.

in linux most things are configured [at least on the back end] by text configuration files, most of which have their own format. The configuration options are stunning but it takes a lot of time and a lot of effort to learn more than the necescary parts.

windows isn’t made for users who read the documetation. Unfortunately users like this can’t be expected to update anything.

[oh, and ActiveX is evil. particularly because there isn’t a way to deny only particular activex controls all times, just to accept them all times and to deny this time or to deny all [disable instalation of activex controls]]

I hope that isn’t what you intended to say

a web browser should not ever be at the low level of a operating system, because the standards change so frequently and because it is not fundamental for the operation of a computer[/quote]

I think he meant “less integration”

My theory is that Windows can be made very secure (discounting bugs causing holes), with the right settings. But out-of-the-box it is insecure.
Linux can also be made very secure (discounting bugs causing holes), with the right settings. Out-of-the-box these settings are in place, and if something is open it’s because you opened it.

Opensource can be a double-edged sword at times. If there is a security hole, the source is avaliable for someone to take and find the hole. But, it’s also avaliable for anyone to take and patch to fix the hole.
When there’s a problem with Windows, only M$ can fix it.

A couple of years ago I heard about a opensource firewall (I can’t remember which one) that offered $1000 (might have been $10000) to the first person who could break into it. The source was avaliable to the prospective hackers. No-one could.
Having the source is only helpful if there are holes there to find.

As for windows update, most linux distributions have automatic updators too. Debian has apt-get. Gentoo has emerge. Mandrake has urpmi. Others probably have their own too.

If you feel like being hackish you can create a dud control with the same name and CLS-ID and register it so IE thinks it’s already installed… I think this is what spybotsd’s immunisation feature does.
But it is a lot of effort to do something IE should be able to do by itself.

Incidentally, “Always trust products from …” is evil.

Just to note, the (semi-dreaded) XP SP2 release addresses many (possibly most) of these security issues. Of course it only took Microsoft about 5 years to come to grips with the fact that the default security settings for Windows were pretty bad!

Yeah and when talking browsers I say this:
If you are not computer savvy enough to see the advantages of FireFox over IE except the security you are probably not able to make IE secure either!
So either you use FF because you realize the advantages, or you use it because you you are not able to make IE safe.

Back on topic, my DNS turns 69.50.170.20 into 69.50.170.20-reverse.atrivo.com
atrivo.com seems to be a webhost, but their main page seems to be down pending new design ATM, only an acceptable use policy remains, which doesn’t disallow legal porn.
Contacting [email protected] may be worth doing anyway, if your hosts file was hijacked someone did it intentionally, and it was more likely to be this site than any other…

shbaz: No offense but your perspective is contradicted by CERT.

Go here:

or here:

https://blenderartists.org/forum/viewtopic.php?t=26935&postdays=0&postorder=asc&start=0

to read about it. There really isn’t any comparison. The reason open source is safer is because it is open. Any vulnerability is seen by the community and squashed.

hmmm u might have a scrambler virus wich will scramble up your internet sites

Good luck getting me to change browsers… I know the flaws and I work around them. I use a firewall, I have a virus scanner, I check for spyware, disable Java… I’ve had rare problems that were quick fixes, never related to IE unless it was a download.

Well, that statement seems to be contradicted by a quick Google for “Linux flaws,” which as I already stated, do exist. If what you are saying is true, then why isn’t Blender better (more full of features) than the big commercial apps? Why are there still bugs in Blender? (don’t answer, rhetorical questions)

Also, I don’t think Linux is worse, I just don’t think it is the holy grail, that’s all.

A couple of years ago I heard about a opensource firewall (I can’t remember which one) that offered $1000 (might have been $10000) to the first person who could break into it. The source was avaliable to the prospective hackers. No-one could.
Having the source is only helpful if there are holes there to find.

Might anyone else know the name of this? Sounds interesting.

There’s really no question that Linux is just as complex as Windows, if not more so, and that it can and does contain flaws. But an important difference between the two is that users around the world search for, and find, those problems while Windows users are dependent upon the resources of a single company. Naturally, another difference between the two is that the flaws in Linux are there for anyone to see, in source-code form. So it behooves you to keep your Linux system as up-to-date as yuo can.

The integration between IE and Windows was a serious gaffe because, by design of course, you can’t turn it off. And you can’t even see how integrated it is! In many respects you can’t stop trouble even if you wanted to.

All browsers, imho, take far too many liberties and are far too trusting. Furthermore, many users (esp. Windows) run their systems from an ‘Administrator’ level user-ID. So when the virus-code asks to do something, the OS says, “du-uh… okey-dokey.” There’s no doubt that the virus game depends upon introducing their code to huge numbers of systems in hope that many or most will prove to be vulnerable. None have to be, but the odds are in their favor.

Yeah, I don’t run from my admin account for this reason. Besides IE, there are other ways you can run into problems, be it hacking or viruses.

I am not saying there is no vulnerability in linux BUT take the case for browser attacks. When an attack hits windows it has immediate “root” access. If files are corrupted in linux it is usually only the home directory unless the individual surfs the net as “root” which is REAL BAD

Google’s real I.P. (for my area, anyway) is 64.68.82.173… The other one might be another I.P., but I really doubt it.

An interesting read on a related topic

http://www.windowsdevcenter.com/pub/a/windows/2004/06/22/Spyware.html

Open source demands interest from programmers. If blender were more known, had a better interface, and easier api, there would be more programmers interested in it and we would see more interesting features.
The facts is that as I’ve heard one of the advantages of blender is that it is very bug-free. Although it crashes some times it is not often compared to some other applications, were you have to buy an upgrade to fix the bugs.

im sorry but that is just a stupid thing to do %|

im sorry but that is just a stupid thing to do %|[/quote]

It would be funny if someone tried it tho… (altho I bet they wouldn’t share the comedy with the rest of us)

I’ve switched to firefox over the last few days, and admittingly, I like it better than IE. Less clutter and more webpage while maintaining the features that I use very often. It imported all of my bookmarks and settings to make the switch seamless. I wasn’t ever worried about security, but I guess that’s an added plus too.

-100 points for me.

RipSting,
It sounds like you may have gotten hit by CoolWebSearch, a very clever series of trojans. You might try CWSshredder, you can find it at:
http://www.spywareinfo.com/~merijn/index.html

IIRC hijack This can also be found there, hopefully one of them can help. CWS is particularly hard to remove, and Spybot, Adaware, and Pest Patrol can’t get rid of it. There’s dozens of variant’s, the author of CWSshredder is giving up on trying to keep up with it.

Sbaz says:

Once I saw a page that documented security holes in various software, and Linux had many, many flaws. It's open source and there are probably tons of those little holes out for the finding. Usually major Windows viruses/trojans won't affect you if you have updated regularly

Sounds like you read the Forrester Report, which has been contested by Security experts. It doesn’t take into account the severity of the exploits, and when it count’s Windows Exploits it only counts the ones in the OS (including IE) but when it counts Linux exploits it counts dozens of seperate packages, most of which are NOT installed on most Linux boxes.

Linux fixes critical exploits at a higher priority than non critical exploits. Severe exploits in Linux are almost always fixed the day they are discovered, while with Windows you will wait a couple weeks for the fix to be developed, then wait longer untill the fix is available since MS is on a monthly release plan. A fix is only usefull if you can get it.

Since 1998 Windows/IE has had AT LEAST 8 critical vulnerabilities at any given time. The latest exploit (the Russian one involving exploited II2 servers infecting visitors using IE) takes advantage of “non-critical” (according to MS) exploits, some of which have been known for OVER 4 YEARS and STILL aren’t fixed. MS calls them non-critical because by themselves non can do any real damage. Used together they can open your Windows PC to remote takeover.

While XP Pro (but NOT WP Home) has the ability to use “advanced” file permissions (standard on *nix) they are not enabled by default, and won’t be even with SP2. Setting them up is beyond the ability of most users.

This means anyone (or any malware) that gets into a Windows box will own the entire PC. With Linux, even if something gets in, it has very limited access to anything beyond the users Home directory. Other users, and the OS itself will remain unaffected. Windows, even with advanced file permissions, isn’t really capable of fully separating user space from local space.

An exploit that affects one XP box will affect ALL XP boxes (unless a boatload of extra, third party, security sofware is installed. An Exploit that affexts one Linux distro doesn’t ussually affect other distros. A vulnerability in Red Hat probably won’t affect me, since I’m using Gentoo.

PS, congrats on the switch to Firefox. I have a hard time getting people to try it, but everyone I’ve convinced to try it likes it better than IE (and is suprised at how much better it is) Most don’t consider security (the fools) but the Pop-up blocking alone (not to mention tabbed browsing) makes their day!

No, Linux isn’t bulletproof. It’s not even the most secure OS, BSD has it beat. It is more secureable than Windows, though. Certainly more secure “out-of-the-box” After all, the US National Security Agency even developed it’s own Linux kernel (Selinux, available to all and open source), Windows won’t ever have that.

Tommy