Operating System Security(the joke is on us) part 2

1 Comment

Oh boy oh boy here we go again yet another round of Microsoft patches. Why must we the small business owners have to deal with this stuff. For those business owners whom don’t have the time to research everyone of these patches, meaning what they will or will not break as in other software within the Windows system. If you are running a server this can be very daunting although there are those whom simply don’t care and just go on about their business because they don’t have any crucial software that needs to be up and running 99.9 percent of the time. But for those who do such as their office servers running either Small Business Server, Windows Server 2003 or SQL Servers this can be a total pain in the butt.

You come in to work the next morning and find that you can’t connect to your network printer or oops you can’t find that share drive you’ve always connected to and the database connection to Sharepoint server is no longer available; Not saying that these patches can cause any of this to happen although Microsoft has not confirm that they would not either.

Regardless our recommendation is to actually get a test machine running such Windows servers or Windows operating system just to make sure that everything is working correctly before you go an update all of the workstations/servers and break something.

Microsoft while trying to help patch their security holes actually go about breaking other things which you might need. So again the “joke is on us”. Why? You may ask; because we can’t get away from this even if we tried(only if you are using a windows system environment). Some of you may disagree and say that this happens on all operating system but no your wrong it does not. And I’m not bashing Microsoft here I truly think that they are doing a great job at trying to patch their software which is so insecure. But I don’t blame them I blame you the users because just like those people in bad relationships you guys keep coming back for more or stick around for yet another round of abuse.

Windows will never be secure simply because it is just a badly designed and flawed operating system. If you are going to use Windows servers for your business please get a testing machine to test all your software deployments and patches which may come from all of your software vendors including Microsoft, it is just good practice.

Here is some resources which give you some information about these patches.

Oh and just for those of you whom don’t or just won’t believe what I’m saying here is a bit of some bad news. The Windows 32sys flaw has been carried on to Windows 7 and Windows Server 2008.

http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx

Man having Windows servers is a total pain in the butt… But hey we support them too.

Dell to upgrade its Ubuntu OS

1 Comment

On our last post we discussed operating system security and how Linux is much better at handling user permissions and its complexities. Well Dell also thinks that Ubuntu/Linux is more safe to use than Windows for regular home user and business users alike.

This page http://www.dell.com/content/topics/segtopic.aspx/ubuntu?c=us&cs=19&l=en&s=dhs&~ck=anavml shows you what you can and can’t do with Ubuntu and it also gives you a comparison between Windows and Ubuntu. Looking at the comparison it looks like your average home user can use Ubuntu with no problems. So why aren’t more of you using the system.

Lets see we can think of several reasons:

  • Windows Specific software requirements
  • Don’t know about Ubuntu
  • PC accessories incompatibilities such as web cams, microphones, scanners, wireless routers or digital cameras
  • PC hardware not supported

All of these reasons are invalid with the exception of two. Unless you require Windows specific software then you have an excuse not to switch over or use it in a virtualized environment such as VMWare (http://www.vmware.com/) or Virtual Box (http://www.virtualbox.org/).

With Ubuntu you can use your PC accessories as they have drivers available for them in fact on most of those items we mentioned above you can just plug them in and they work. Unless the item has just been released within the past 48hrs then we say you might have an issue due to the fact that the developers have not had a chance to implement the driver into the operating system or is a very obscure product. But we say is pretty safe to say that your accessories will work say about 80% of the time out of the box.

As far as PC hardware is concern Ubuntu works with most market hardware in fact the darn thing works on a MAC and that is truly an accomplishment; try installing Windows on a MAC hardware and your in for a world of hurt as Windows drivers are not available for MAC hardware components.

Now we think is pretty safe to say that the reason as to why most people don’t try Ubuntu besides the Windows only software requirement is because they don’t know about it. Well if this is the case head on over to the Ubuntu web site (http://www.ubuntu.com) and see what it has to offer. We think that if Dell which is the third largest PC manufacturer in world offers it then it means that is pretty good. Looking at those Dell comparison it makes no sense for home or even business users to spend a ton of money on software for Windows when they can get the operating system and its 20,000 plus catalog of software for free right from the OS it self. This means no need to run out and get and install cd/dvd or download software from some obscure site. We have been using it for a couple of years now and we recommend it to our clients all the time as it is safer and more reliable than Windows.

Operating System Security(the joke is on us)

2 Comments

Recently with the debacle of the Gentoo Linux distribution falling prey to a Trojan due to negligence on the part of the repositories administrators(see here: http://www.theregister.co.uk/2010/06/14/linux_game_backdoor/ and here http://www.gentoo.org/security/en/glsa/glsa-201006-21.xml) . The Windows crowd has been spreading all kinds of dis-information or rather some severe FUD(Fear Uncertainty and Doubt) with regards to this event. The truth is that NO operating system is safe be a desktop computer or server running Windows, Linux, MAC OSX or Unix and its variants.

The reason why these folks are getting all crazy about it is because when it comes to Linux this rarely happens. Since Linux advocates put security as the main reason to switch from Windows to Linux now that this has happen they can point the finger back at them and say “uh huh you see I told you Linux security was nonsense”. The absolute truth is that Linux is safer than Windows by leaps and bounds due to the nature of how the Linux OS is built. The Linux OS is built with multi-user from the ground up meaning that every user runs in its own separate space within the system with its own set of processes and have no root or administrative access to critical system processes. Which means that if a particular user were to ever get an infected file (virus) or a trojan or any other malware it would only live within that particular user space and can’t affect anything else. Windows on the other hand was not built this way and no matter how many versions of it they release they are still not built that way. Yes they now have a UAC (User Account Control http://www.neowin.net/news/main/09/01/07/windows-7-whats-up-with-the-uac) but this is still not built the same as most Linux distributions are. The Windows system relies on a central registry so if something goes wrong with one part of the system it most likely affects the rest of the system. So these folks apparently either don’t or can’t comprehend this or they just turn a deaf ear to it; which is fine but then they should not get upset when their systems get compromised and its all over the news.

When using any OS one should make sure that secure practices are in place to install software and that these softwares are coming from a reputable vendor. In the case of a Windows system a Network Administrator should make sure that all the software has been signed by the vendor with a digital certificate and that Microsoft has verified such said certificate. On the Desktop side for home user this is not as easy as most home users have no clue as to what this is. So they just download everything and anything that has an .MSI or .EXE extension which is the reason why they get all kinds of malware and viruses and soon their PCs become part of Botnets (http://en.wikipedia.org/wiki/Botnet).

On the Linux side software is distributed through repositories which are verified by the company who distributes the OS such as Ubuntu and Canonical. Canonical makes sure that all their software in their repositories are verified and that they have a GPG signature(http://www.gnupg.org/). Which means that all the software distributed on the repositories are safe and can be installed. Now if a user decides to go outside of this repository then it is up to the user to make sure that the software is reputable and that it too has a digital signature and it can be verified. And the same thing can be said for MAC users as well. Although we are not 100% sure if MAC OSX users actually have repositories or even have digital signatures for their software. But Apple applies this concept to the iPhone/iTunes through their application store.

The best thing to do for Windows users is to install a good anti-virus and software that can check for rootkits within the system (What is a rootkit? See here: http://en.wikipedia.org/wiki/Rootkit). You can also set strong passwords for your user(s) accounts and try to be very careful where you download software from. In the case of web infections this is a tough one to deal with; our best advice is to use FireFox or Google Chrome instead of Internet Explorer regardless of the stupid commercials Microsoft has been displaying on TV about IE.  It is not safe no matter what they say. And keep your system up to date with the latest software. Although this can be a bit tricky as Microsoft can sometimes break your system on patch Tuesday so here you take your chances.

For Linux folks they have wrote a good article here on ZDNET (http://www.zdnet.com/blog/btl/five-tips-for-improving-linux-security/35798).

MAC OSX users pay close attention to Apple updates and install them as soon as they are available.

Remember if you are going to go outside of a trusted software vendor or repositories please make sure you can verify who they are.

iPad Security Issues! Say what…

Leave a comment

Another day and yet another iPad commercial of how great it is, well tell that to the 114,000 email owners who’s emails where hijacked by a brute force attack on ATT’s network. Apparently a poorly written script was the culprit. I know your saying well what’s this got to do with the iPad. Ah hello it only happened to iPad 3G owners which means because the iPad 3G has essentially a sim card to connect to the 3G network they were able to hijack customers personal information.ipad

So far the reports are only saying that they were emails but who knows what else they got from these iPads. The worst part about it is that consumers think that these devices are secure when they are not. Yet they make you enter your personal information right from the device instead of having you go to a secure web site to do so or better yet doing it right from an ATT / Apple Store, who cares if consumers are lazy these companies should make them. Convenience over security these criminals love every minute of it.

This is only one of the issues with this device. There are other security issues such as Safari XPS attacks (http://support.apple.com/kb/HT4196) which not only affects the iPad but also the iPhone, iPod Touch, MAC OSX and yes you guessed it Safari running on Windows as though Windows does not have its own security issues to deal with.

Sure the device is great to show your friends and for you to say “hey look at this cool device, is a big version of my iPod touch, I can’t get enough of these things” – pathetic. People please get it together identity theft is very real and can bring you some serious headaches. For you small business owners stay away from it sure is great for presentations and such but there are other more secure devices coming which will run the Android OS; have more bang for the buck and will be more secure such as the Notion Ink’s Adam Tablet (http://www.notionink.in/adamoverview.php) and the current WePad (http://tinyurl.com/y9x7joj).

Consumers need to start thinking before going out there and spending their hard earned money. They need to look at all aspects of the devices they are looking to purchase. Specially if such a device deals with making digital Internet connections over wireless networks.

For more on this story continue reading: