Re: [NF] Clarification on web security

Author: Ken Dibble

Posted: 2014-07-30 at 11:23:00

>This is happening today, every day. Even if you refuse to believe it.

All of which is equally applicable to every other Windows OS, and is a

greater threat because there are more of them in use today, in toto, than

there are of XP. People don't patch Vista or Win 7 or Win 8 either. They

don't patch IE on those OSes, and idiots keep writing new web-based

software that won't work on more secure browsers. They don't keep their

anti-malware software up to date on those new OSes either. Nothing has

magically changed about this going from Win XP to a newer OS.

MS OS security is not "improving" as a whole; they just continue to fix

what they can identify as broken as a result of demo or real attacks. Every

day somebody figures out a new way to attack a new OS, and then that has to

be fixed. The newer the OS, the more people are trying to attack it.

Relatively fewer people are figuring out new attacks for old OSes. How many

people do you think are working on new ways to attack Windows 2000 today?

How many people will be working on new ways to attack Windows XP in 2

years, as compared to today?

Anything can be hacked; any security can be broken (just ask the NSA);

nothing is safe. That is true today, and it will be true five, ten, and

twenty years from now, for Windows and any other OS. The fact that some OS

designs are harder to crack than others is irrelevant. If the motivation to

crack it is high enough, it will be cracked. There is no magic design "fix"

that entirely removes the danger. It can't be done.

Today the bad guys aren't script kiddies goofing around to impress their

friends. They are organized criminals, rogue governments, and terrorist

organizations. They are principally looking to steal money, and

secondarily, to develop options to damage or destroy critical IT

infrastructure. Malware development costs them money, and they play the

percentages. If a "hack" doesn't offer those opportunities in a big way,

they don't spend time on it.

Older OSes are safer from current malware development than newer OSes,

because the motivation to break newer OSes is much greater, because it is

more remunerative in those two ways, than the motivation to attack older

OSes. This isn't rocket science; it's common sense.

And the extent to which people do not keep their OS, browser, and

anti-malware software up to date does not vary between OSes. So this source

of problems is constant; it is not greater for XP than for 8.1. And there

is more Vista, 7, and 8.1 combined running today than XP. Again, common sense.

Last time we had this discussion, I cited overwhelming evidence from the

web that Android phones are the biggest target for current malware. I don't

remember what the percentage was then, but as of January of this year, it

was 99%:

http://www.v3.co.uk/v3-uk/news/2323418/android-and-java-top-security-targets-for-malware-and-hacks

Java applications are also strong targets according to this article, but

that's not OS-dependent.

Ken Dibble

www.stic-cil.org

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/5.2.1.1.1.20140730120127.01f06498@POP-Server.stny.rr.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2014 Ken Dibble