I'm going to ignore the obvious comments about knowledge os OS's (or lack
of) and just make one little comment on some parts of this.
>Most OS are secure if you take the effort to lock them down. The trouble is,
>not many people know how to lock down the OS, or that they have to lock it
>down in the first place (I still see world readable personal files on Unix
>boxes everywhere). The problem is not that Windows is insecure, but that
>Windows defaults to an insecure condition when installed, and increasing the
>security to an effective level involves technical know-how and (for Win95)
>some extra software - though it can be argued that everyone needs extra
>software (a good virus scanner and firewall).
The big problem is, how many average computer users know this? As you
said, someone requires some technical know-how and possibly extra
software. How many first time computer buyers know what to do? We
require a liscence to drive, but not one to use a computer. People go to
the store, buy a computer, bring it home, set it up, and dial in, not
realizing that when it comes out of the box, it may or may not be open to
attack (depending on which computer you buy) Sure, it's fine and dandy
to have a computer which has all these features to protect you, but what
good are they if you don't even know how to turn them on? And saying
things like "stupid people shouldn't own computers" is a very bad
statement. How else are people going to learn about them? I'm not sure
how ratings go for licences where you are, but here in Canada, if
computers were cars, your UNIX variants would be a class 1 (big rigs),
Wintel would be about a class 4 (busses) and a Mac would be a class 7
(your average car) Obviously, like the cars, each OS has it's place.
After all, not everyone should be driving big rigs or busses. Enough
analogies though. I just wanted to make the point that if an OS requires
you have some technical knowledge to make it secure (as you said Windows
does) then maybe it's not the best system for a beginner's network.
After all, you don't want someone to be able to steal your MUD code off
your own machine, now do you?
>However, install it straight out of
>the box and even I can get in.
Exactly my point in the previous article. I take a Mac right out of the
box, and you couldn't break in with a team of the best hackers on the
planet. Why? Because right out of the box only one person has access to
your computer: the person at the keyboard/mouse. Unless you change that,
which means it's not in the same condition as right out of the box, and
you can let people in. Otherwise, it's as effective as a well set up
firewall.
>Back Orifice is a user education issue (actually a sysop education issue).
>There are scanners that pick it up and clean it off, though I don't know
>whether Norton or Dr Solomon's do yet. And what are you or your users doing
>downloading binary executables in the first place if you have no virus
>scanner?
You would be suprised. Maybe you used the Saran Wrap or Silk Rope
extensions for BackOrifice and attached it to a self-running joke demo.
You know, maye an .exe of the dancing baby all drunk and smoking.
Perhaps that coke.exe that has been making the rounds, or one of the
numerous other joke .exe's that is going around in e-mail. The other
problem is, that BackOrifice can be re-configured to hide itself from
those scanners. A smart cracker can make the program look like something
that should exists on your system, and you won't even know it's there.
The problem is, as soon as the detection programs are updated, generally,
the exploit programs are also updated. Like the never-ending cycle of
copy-protection crackers and the copy-protection makers of the software
industry, one may be a step ahead, but the other will always catch up,
only to be overtaken again.
>I think Win98 is immune to Winnuke, and NT is definately so, if you have the
>Security Pack... oops, Service Pack 3. If you run Windows 95 you're asking
>for
Actually, they aren't. I've personally tested various nuking programs
that can take out both of them. Guess whch OS ran the nuking software?
<grin> Admitedly, 98 is more secure than 95, but only in the way that a
cheap steering wheel club is more secure than nothing. It won't stop a
determined attacker.
>It should be called
>Wintendo on account of the only reason for its existence is games.
He heh.....I like that one. Never heard it before. Although, I don't
think running the server of your MUD is the kind of game you want to
run...unless you keep your code on another location, secure from anyone
else (which is the BEST way to protect your code, keep it somewhere where
NO ONE can get it but you...of course that requires that you are the only
coder)
>My desktop
>runs NT. With NT, at least I can keep the bad guys out (not that it matters
>that much on a dial-up connection) and it only falls over once a month or so,
>which is fine by me since I reboot my desktop once a week, so basically, it
>never falls over.
You hear about the story of the US Navy Ageis (sp?) class missle boat
that was disabled when someone entered a 0 into it's Windows NT operating
system? They had to tow it back to port. I have the URL somewhere, but
it's quite scary.
Ok, now for an ObCircle! (yeah)
This is a security tip for all people with their MUD's on Linux. Ask
your sysadmin a few questions:
Is the ../ directory in the FTP directory protected from non-registered
users?
Are the home directories of users and created folders within it set to
user only as standard?
Am I in any user group that I should know about? (important for
determining if you should give group privs to various directories)
Are there any symbolic links to my home directory?
Do I have complete control over everything in my home directory?
As suggested by another person, you should learn what the permissions are
all about, and how to change them. They may just save your code from
prying eyes. As I said before, here is the best strategy for handling
your directories.:
home (yours) -> Circle (MUD directory) -> src, bin, lib, and so
on
leave view prefs protect this from all use the recursive
protection
prefs on. Generally but yourself (and maybe mentioned before,
it gets all
there is little of your group if all your of these without
having to do
value here and coders are in it and use them individually.
your web page directory separate accounts)
is probably located here
Let's just suffice to say that running a MUD is not something a first
timer to unix should be doing. <grin>
---
In days long gone, the captain used to go down with his ship. Now that
Windows NT is running Navy warships, the ships go down all by themselves.
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/15/00 PST