Security in the obscurity of a product.
- Thread starter mrdinkel
- Start date
- Status
OIDanTheManIO
Fully Optimized
- Messages
- 1,847
I've actually never thought of it that way before. Maybe you're right.
-Dan The Man
-Dan The Man
ShoobieRat
Fully Optimized
- Messages
- 2,932
Properly patched, firewalled, and AV'ed, XP is secure. 
Anyway, the concept is basically true. The bigger the presence of a program, the more potential there is for it to be attacked.
It's kinda like playing beer-pong. (Well, kinda...) The more cups you have, the easier it is for the ball to make a score. Conversely, the less cups you have, the harder it is.
If you've got an obscure little group of users on an application, the chances that a virus will be developed for that is small. Also, most people devloping viruses aren't going to waste their time coding for small apps when they can try to knock down bigger fish.
So if you have a big application, which we'll call "Sodwin SPOX" for example, with 90%+ computers running that application, the chances of a new virus being developed for Sodwin-SPOX and getting picked up, are great.
You could have an application built like Fort Nox, and given enough installations, the potential for it to get blasted is still present (and high).
However, the logic of going to older builds of an application to avoid viruses isn't always sound. Older applications tend to be much easier to hack than newer ones, and older applications still suffer from viruses circling from the ages when it was popular. Remember, viruses don't go away, they just get avoided.
Anyway, the concept is basically true. The bigger the presence of a program, the more potential there is for it to be attacked.
It's kinda like playing beer-pong. (Well, kinda...) The more cups you have, the easier it is for the ball to make a score. Conversely, the less cups you have, the harder it is.
If you've got an obscure little group of users on an application, the chances that a virus will be developed for that is small. Also, most people devloping viruses aren't going to waste their time coding for small apps when they can try to knock down bigger fish.
So if you have a big application, which we'll call "Sodwin SPOX" for example, with 90%+ computers running that application, the chances of a new virus being developed for Sodwin-SPOX and getting picked up, are great.
You could have an application built like Fort Nox, and given enough installations, the potential for it to get blasted is still present (and high).
However, the logic of going to older builds of an application to avoid viruses isn't always sound. Older applications tend to be much easier to hack than newer ones, and older applications still suffer from viruses circling from the ages when it was popular. Remember, viruses don't go away, they just get avoided.
Qiranworms
Fully Optimized
- Messages
- 1,635
Interesting thought...I do know someone who's using 95 and uses IE, and claims to have absolutely no spyware problems because a lot of it's not compatable with the older system. Hmm...
)
MORE secure perhaps...definitely acceptable for most people. But the reality of computer security, is that if you're computer is online, and a skilled hacker really wants to get in, they are going to get it, no matter what operating system or form of protection you have. Now in a more practical sense, usually the targets of these types of specific hardcore attacks are corporations, not individual users (unless you've done something to merit a hacker seeking revenge...
)Most security breaches involve social engineering of some form or fashion, rarely these days does someone actually get away with just exploiting an open port unless its one thats vulnerable to begin with.
For example, windows isnt multiuser so it doesnt have a telnet server, or an ftp server running usually, or SSH or anything else for that matter.Its biggest security problem is that IE is both a filemanager and a shell as well as a browser, hijack that and since its got root priveleges at all times, you can do what you want.Todays kernels in most OS's are robust enough to usually handle DoS attacks without crashing.One of the biggest myths about linux and OS X is security, reality is they arent any more secure, and in some ways less secure.Both are multiuser and have remote login capabilities, they may be less prone towards getting a virus, but they are highly vulnerable to stolen passwords.With windows you have to install a program to gain remote access, linux and OS X or any other multiuser systems are setup by default with it, they just have layered setups and separate user and system space, once your in though its an easy matter to crash an app and get root.The virus craze has helped many a company sell firewall software that with windows doesnt help much if at all in reality, do a fresh install and then do a port check, you'll see what I mean.Then use it as a victim box and start doing various tcp/ip attacks on it, it will hold up fairly well without any firewall.Third party programs with buggy software is another issue entirely.
For example, windows isnt multiuser so it doesnt have a telnet server, or an ftp server running usually, or SSH or anything else for that matter.Its biggest security problem is that IE is both a filemanager and a shell as well as a browser, hijack that and since its got root priveleges at all times, you can do what you want.Todays kernels in most OS's are robust enough to usually handle DoS attacks without crashing.One of the biggest myths about linux and OS X is security, reality is they arent any more secure, and in some ways less secure.Both are multiuser and have remote login capabilities, they may be less prone towards getting a virus, but they are highly vulnerable to stolen passwords.With windows you have to install a program to gain remote access, linux and OS X or any other multiuser systems are setup by default with it, they just have layered setups and separate user and system space, once your in though its an easy matter to crash an app and get root.The virus craze has helped many a company sell firewall software that with windows doesnt help much if at all in reality, do a fresh install and then do a port check, you'll see what I mean.Then use it as a victim box and start doing various tcp/ip attacks on it, it will hold up fairly well without any firewall.Third party programs with buggy software is another issue entirely.
Some of the problem that we might be used be seeing on Windows XP boxes have been showing up on Win 98 boxes too.mrdinkel said:
I had a few problems last week on some client's PCs with sound like your typical XP security breach / virus issue. I was a suprised when I found out that it was a Win 98 SE PC.
DITTO. Like how common was the blue screen of death in Win 98 compaired to Win Xp. Okay, XP we get that other windows showing up saying that some thing that failed. But 9 times out of 10, it's not taking the rest of your system down with it.ShoobieRat said:Properly patched, firewalled, and AV'ed, XP is secure.
Plus Xp is easier to use for typical Joe End-User as I am spending less time on the phone explain to Joe End-User how to do things.
- Status
Similar threads
