 mrgrock1
join:2003-06-05
Port Charlotte, FL | Interesting A bidirectional approach to keep clean, but not sure if I would want to be scanned without my own control. | |
|
 | 
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs: | Re: Interesting Keep throwing more software at the problem.
Rather than addressing the true issue.
Hurried MS code. | |
|
| | 
toadlife
Premium
join:2004-05-03
Coalinga, CA | Re: Interesting How does hurried MS code cause people to open up and execute attachments from unknown sources?
--
Security is a process, not a Penquin. | |
|
| | |
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs: | Re: Interesting Think about it.. IF Ms did their due diligence we would be able to open any attachment with out fear of contracting something.
Does the Term Exploit code mean anything to you?
That is the Point that you fail to see. | |
|
| | | | 
oliphant
I Have 8 Boobies
Premium
join:2004-11-26
Corona, CA | Re: Interesting There is no exploit when you have stupid users just opening everything willy-nilly. | |
|
| | | | | voyager6868
join:2003-01-29
Waterloo, ON | Re: Interesting Everytime I visit my bank, it's going to scan my computer for viruses? LOL. How long does a typical virus scan take? At least 10 minutes... | |
|
| | | | | | 
sapo
Computer Love
Premium
join:2002-09-16
Sacramento, CA
| Re: Interesting said by voyager6868  :Everytime I visit my bank, it's going to scan my computer for viruses? LOL. How long does a typical virus scan take? At least 10 minutes... I'm assuming your thinking of a full system scan, I'm suspecting that it will be a quick memory scan and such for Keyloggers, trojans, etc...
--
"Insert Dramatic Quote Here" - Your Mother | |
|
| | | | 
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
 ·Site5.com
 ·AT&T Midwest
 ·Comcast
| said by packetscan :Think about it.. IF Ms did their due diligence we would be able to open any attachment with out fear of contracting something. Does the Term Exploit code mean anything to you? That is the Point that you fail to see. As long as humans are writing the code, there will be exploits. There are exploits in every software application that is used today. To say it is MS' fault is a flawed statement.
--
My Domain
Nightfall's Hockey and Life Journal | |
|
| | | | |
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs:
·Optimum Online
edit:
December 8th, @02:27PM
| Re: Interesting As Long as what?
That is a flawed Statement!
Keep believing the world is Flat.. That's your opinion.
Also if you don't know please don't post non sense.
People want to be informed with correct information.
--
Yes i'm an Arogent Prick - however i'm educated. | |
|
| | | | | |
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·Site5.com
·AT&T Midwest
·Comcast
edit:
December 8th, @02:30PM
| Re: Interesting said by packetscan :As Long as what? That is a flawed Statement! Keep believing the world is Flat.. That's your opinion. Also if you don't know please don't post non sense. People want to be informed with correct information. When you wake up from your fantasy world, let us know. Maybe then we can have an intelligent discussion. 
--
My Domain
Nightfall's Hockey and Life Journal | |
|
| | | | | | |
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs: | Re: Interesting Dude what ever your wrong.. Move on
--
Who do you want to pay off today? | |
|
| | | | | | | | 
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| Re: Interesting Wow, what an argument. Perhaps the professor with 4000 years admin-ing an abacus could extrapolate a bit.
Sure didn't take you long to change your sig did it.
--
Never tease a weasel
Not even once or twice
A weasel will not like it
And teasing isn't nice. | |
|
| | | | | | | | |
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs: | Re: Interesting you like that | |
|
| | | | | | | | |
| | | | | | | | |
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs:
·Optimum Online
| Re: Interesting i didn't say all software except ms was immune to exploits.
That was your assumption that you used to um get arrogant and start blabbering non sense..
At least i know what I'm talking about.
--
Who do you want to pay off today? | |
|
| | | | | | | | |
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·Site5.com
·AT&T Midwest
·Comcast
| Re: Interesting said by packetscan :i didn't say all software except ms was immune to exploits. That was your assumption that you used to um get arrogant and start blabbering non sense.. At least i know what I'm talking about. It wasn't my intention to show that all software except microsoft was immunte to exploits. ALL software, reguardless of the company or person who made it, has exploits. The bigger the software, the more security holes or exploits it has goes up. Just because they haven't been found doesn't mean they don't exist. You must have misread my statement.
Oh well, I guess this isn't worth it because you seem to be just shooting from the hip instead of coming out with any actual data to defend your position. So far, your 3 sentence replies belitting people or being combative doesn't prove you are right.
Just some gentle advice.
--
My Domain
Nightfall's Hockey and Life Journal | |
|
| | | | | | | | |
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs:
edit:
December 8th, @03:31PM
| Re: Interesting If a security researcher can find it, why can't the developer?
Because they are rushing to market.
It happens over and over again. | |
|
| | | | | | | | | 
Dan
Professor Lava Hot
Premium
join:2002-12-17
Eh?
·Rogers Hi-Speed
| Re: Interesting Because that would mean we as the consumer would never see an end product. We would never see new innovation.
Bugs and Exploits happen, it comes down to responsible computing, which most of the non-geeky world can't handle.
PacketScan, here's my analogy:
If I don't know how to drive a car (My Computer), and don't put a seatbelt on (Precautionary measures like AV), and don't learn how my vehicle works (Learning how to use a PC), and get in a car accident, do I sue Ford? No. It was my own fault.
Same applies to computing. Companies can't hold it's customers hands forever.
--
My name is Dan.
You want more.
I get it.
| |
|
| | | | | | | | | 
Nanoprobe
Wandering in subspace
Premium
join:2003-05-11
Orlando, FL
clubs:
| said by packetscan :i didn't say all software except ms was immune to exploits. That was your assumption that you used to um get arrogant and start blabbering non sense.. At least i know what I'm talking about. Just for the record Mr."At least I know what I'm talking about," nonsense is one word not two.;)
--
Never look back.Something might be gaining on you. | |
|
| | | | | | | | | 
JamesPC
join:2005-10-12
Orange, CA | your the only one arrugent | |
|
| | | | | | | | | 
morbo
Complete Your Transaction
join:2002-01-22
00000
clubs: | Re: Interesting don't you mean "Arogent Prick"?
--
no sig | |
|
| | | | | |
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| said by packetscan :As Long as what? That is a flawed Statement! Keep believing the world is Flat.. That's your opinion. Also if you don't know please don't post non sense. People want to be informed with correct information. You keep waiting for perfect code and an infinite energy machine. The rest of us will continue our lives in the real world where the laws of Thermodynamics and the reality that humans aren't perfect exist.
PS: you aren't fooling anyone by pretending you have credentials.
--
Never tease a weasel
Not even once or twice
A weasel will not like it
And teasing isn't nice. | |
|
| | | | | | |
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs:
·Optimum Online
| Re: Interesting The Facts are there..
Not my fault that you can not comprehend them.
Also I'm not saying code would be error free..
But if Every coder took the extra time it would make for less exploits.
--
Who do you want to pay off today? | |
|
| | | | | | | |
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| Re: Interesting said by packetscan :The Facts are there.. Not my fault that you can not comprehend them. What facts? Site them.
said by packetscan :Also I'm not saying code would be error free.. You aren't? What are you saying then. That the errors would never be security threats? Errors are errors and generally coders don't get to choose what kinds of errors they get to make.
said by packetscan :But if Every coder took the extra time it would make for less exploits. When do you stop? You can spend millions of man hours going over your code and still not catch everything. The only solution is dirt simple software that can do very little, at which point we might as well just go back to our calculators.
--
Never tease a weasel
Not even once or twice
A weasel will not like it
And teasing isn't nice. | |
|
| | | | | | | | |
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs:
·Optimum Online
edit:
December 8th, @04:07PM
| Re: Interesting Site what?
Like i say over and over:
I'm not here to educate anyone..
You want proof get over to google and start looking.
It's There I've found and read it.
Anyone that says show me proof knows they are wrong but they have a hope that someone will do the leg work and educate them. Sorry that isn't me.
When do i stop? You right you can spend millions of man hours going over the code and not catch everything. However that extra time is what is needed.. And Simple Non useful software is not the answer..
Stop Rushing! | |
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | |
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| said by packetscan :Site what? Like i say over and over: I'm not here to educate anyone.. Where? Post a link to a thread, it's not hard. If you aren't willing to support your supposition why do you even post other than to jump on the cool kids bandwagon?
said by packetscan :You want proof get over to google and start looking. Why should I look for evidence of your claims. Even if you telling me to do so was an honest statement, having someone else who doesn't believe what you are stating find evidence of your argument is like asking the bank robber to collect evidence for his prosecution.
said by packetscan :Anyone that says show me proof knows they are wrong but they have a hope that someone will do the leg work and educate them. Sorry that isn't me. And you expect people to think that you went to college and aren't just some high schooler pretending that flinging cred around a message board makes people think you're cool. If you had gone to college and said what you've said here in a paper you would have seen "SUPPORT YOUR STATEMENT!!!!" in big red letters.
said by packetscan :When do i stop? You right you can spend millions of man hours going over the code and not catch everything. However that extra time is what is needed.. And Simple Non useful software is not the answer.. Stop Rushing! Again I say, you don't get to choose your errors (ie: whether they cause the software to just not work or to be a major security issue). What you seem to be implying is that there is some magical period of time where if you go over your code for said amount of time all or most security issues just go away. There is no point in time, deciding when a product is ready for prime time isn't an exact science it's at best an educated guess, some times you're right some times you're wrong. Do a lot of products go out the door too soon...yes... but I would argue that the flaws that are going to be found by the company by waiting to release for whatever amount of time are going to be found fairly quickly by the public in that case.
--
Never tease a weasel
Not even once or twice
A weasel will not like it
And teasing isn't nice. | |
|
| | | | | | | | | 
cork1958
Cork
join:2000-02-26
Fruitport, MI
·Charter Pipeline
| Re: Interesting said by Combat Chuck :said by packetscan :Site what? Like i say over and over: I'm not here to educate anyone.. Where? Post a link to a thread, it's not hard. If you aren't willing to support your supposition why do you even post other than to jump on the cool kids bandwagon? said by packetscan :You want proof get over to google and start looking. Why should I look for evidence of your claims. Even if you telling me to do so was an honest statement, having someone else who doesn't believe what you are stating find evidence of your argument is like asking the bank robber to collect evidence for his prosecution. said by packetscan :Anyone that says show me proof knows they are wrong but they have a hope that someone will do the leg work and educate them. Sorry that isn't me. And you expect people to think that you went to college and aren't just some high schooler pretending that flinging cred around a message board makes people think you're cool. If you had gone to college and said what you've said here in a paper you would have seen "SUPPORT YOUR STATEMENT!!!!" in big red letters. said by packetscan :When do i stop? You right you can spend millions of man hours going over the code and not catch everything. However that extra time is what is needed.. And Simple Non useful software is not the answer.. Stop Rushing! Again I say, you don't get to choose your errors (ie: whether they cause the software to just not work or to be a major security issue). What you seem to be implying is that there is some magical period of time where if you go over your code for said amount of time all or most security issues just go away. There is no point in time, deciding when a product is ready for prime time isn't an exact science it's at best an educated guess, some times you're right some times you're wrong. Do a lot of products go out the door too soon...yes... but I would argue that the flaws that are going to be found by the company by waiting to release for whatever amount of time are going to be found fairly quickly by the public in that case. The other person is simply talking out their a**. Doesn't have a clue and is trying to prove that to everyone else. Good job. You definitely did that!!
--
Spread Free Opera. Fastest browser on Earth or in Cyberspace!! | |
|
| | | | | | | | | wilburyan
join:2002-08-01
| An interesting example... take Nagravision... a swedish company that makes the access cards for Bell Express Vu and Dish Network (and many european providers)
The primary role of the card they create is to protect the data on it (encryption keys and algorithms to decrypt the signal) Security IS what they do.
Alas, there are people out there with great mathematical knowledge, a strong curiousity, and an advanced knowledge of assembly programming. They work at it long enough and eventually someone finds a way in. The contents of the card is dumped and within months people are getting free satlite.
The provider (Dish Netowrk... Bell Express Vu) eventually swaps out all of the cards for newer, better, cards from Nagravision. The data stream from the satelite is changed so that only the newer "unhackable" cards work, and the cycle repeats itself.
My point... no matter how many people you have working on it, and how many times you go over it... someone will eventually find a way to exploit it. To say that they should "take more time" is pure hogwash. Fact is you can't possibly predict every single thing someone will do to try and exploit your code.
I have programmed before... and experienced similiar situations. No matter how well your application is created... there will always be some way to make it not function as you would have liked it to. | |
|
| | | | | |
JamesPC
join:2005-10-12
Orange, CA
| As Long as what?
That is a flawed Statement!
Keep believing the world is Flat.. That's your opinion.
Also if you don't know please don't post non sense.
People want to be informed with correct information.
This is all non-sense. | |
|
| | | |
toadlife
Premium
join:2004-05-03
Coalinga, CA
·AT&T Yahoo
| Wow. That's a nice troll I made. I knew a fanboy like you would bite hard.
In my initial post, I was not talking about exploits at all. I was talking about ignorant users opening up attachments and EXECUTING THEM ON PURPOSE.
This happens to be how 98% of viruses on Windows spread nowadays.
So now that I have made myself clear I must ask again...What does flawed code have to do with people being dummies?
Is an operating system supposed to know good code from malicious code? If so how does this work? In Linux, when you intentionally run some malicious code, is there a Penguin that pops up on your desktop and says "Hi There! It looks like you are trying to install a backdoor. Would like some help with that?".
--
Security is a process, not a Penquin. | |
|
| | 
VikingBob
join:2004-06-05
Ste Anne, MB
·MTS
| The majority of vulnerablities out there are not MS products. The majority are web applications that run on servers... So to pick on MS for "hurried code" is ludicrous. If you don't believe that, visit www.sans.org and look for the newsletters link, and look for the @RISK newsletter. This week there is 1 for MS products, 2 for Linux, 3 for Unix, and 58 for web applications. Flawed code is everywhere.
The majority of home PC users use MS. Thus the bad guys spend most of their time picking away at MS products looking for holes. Now that Firefox has gained popularity, that is the new target. And holes are being discovered in that, too.
The bulk of malware out there attempts to exploit vulnerabilities that MS already has patches for. The trouble is there are too many PC users who have not turned on Automatic Update and don't even have XP Home SP 2 installed.
Too many home users don't have AV scanners, or firewalls, or the sense to not open that attachment, or click that nasty link. P2P file-sharing is another great way to get a PC infected. A large part of the problem is not the computer or the software, it's that thing between the keyboard and the chair.
Secure software is needed, but so is an educated user. | |
|
mazhurg
Premium
join:2004-05-02
Trenton, ON
·TekSavvy Solutions..
| right... First we waited after the long lines,
Then came freedom of 24hr banking with instant access; so...
Now we get the combined 24hr wait for the scan access...
Seriously, bad idea:
1 - What if one does not want to infect their systems with the so called ActiveX viruslike content of the bank choice?
2 - What if one does not (or is unable to) use ActiveX junk (Linux, OSX.. etc)
3 - Your site want to charge ME to verify that I am honest (virus free) before letting me access MY data????
4 - My having an infected computer accessing the bank will affect who else other than my account? (if it does, then perhaps the bank(s) should not be online in the first place, or their IS and IT staff be replaced for incompetence?
Bah, can't even begin to comprehend where those so called AV nuts pulls those ideas from (and it ain't sunny there either). | |
|
| B
Premium,MVM
join:2000-10-28
| Re: right... said by mazhurg :4 - My having an infected computer accessing the bank will affect who else other than my account? That's a compelling argument. The exploitation of your PC affects no one else but you insofar as communications with that bank.
Sure, you're probably actively infecting others as part of a botnet and your communications are logged, but that doesn't affect the bank servers or any other customers, directly.
It's more of a mommy-approach. The bank is protecting you from yourself. Not necessarily evil or anything, but annoying to many.
-- B
--
In a realm outside causality and function | |
|
| |
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| Re: right... said by B :That's a compelling argument. The exploitation of your PC affects no one else but you insofar as communications with that bank. Actually fraud costs the banks quite a bit of money even if they aren't paying you directly when you're a victim.
--
Never tease a weasel
Not even once or twice
A weasel will not like it
And teasing isn't nice. | |
|
|
| 
phxmark
What Country Are We Living In?
join:2000-12-27
Glendale, AZ | Re: Switching from product to service - more $'s DING! DING! DING! DING! Congrats, you got the correct answer and have won........NOTHING!!!
--
High speed is dangerous. Too many MP3s, not enough time. | |
|
| |
wilburyan
join:2002-08-01
edit:
December 8th, @02:18PM
| Useless A properly written piece of virii code would ensure that these activeX controls didn't run.. especially if the virus was specificly trying to get banking information.
The virus could show a page similiar to a spoof site, user enters login data... from there it's all over :S.
Most virii I'v seen disable (or attempt to disable) the virus scanner before anything else. | |
|
| |
cableties
Premium
join:2005-01-27
Levittown, PA
| ahem When banks strayed from AS/400 to MS products, they got what they deserved.
You release a product that has wannabe/vendictive/exploitive programmers phishing for free money, bots, virii, etc., then you get what you pay for.
Never saw such attacks to AS/400, Case deployments...
"Dear customer, please excuse the delay accessing your 512bit superduper MS-approved, Symantec programmed, account login secure ... 30 more minutes..." | |
|
| |
JamesPC
join:2005-10-12
Orange, CA | Intelligence PocketScan is an argumentative idiot. | |
|
Yowzaaah
Ours Go To Eleven
join:2000-12-14
DamnFlat, OH
clubs:
| Oh Sure... Just let me install this little Active X security doohickey from Symantec via my bank that makes everything safe and perfect. I trust them not to do ANYTHING but make sure I'm squeaky clean and safe when viewing my account on line, NOTHING will phone home EVER, there will be no browser "enhancements" (hijacks) that push affiliated products and services into my every web search AND the code that they've installed on ALL their web banking customers' machines that now have a big fat hacker bulls-eye on them was expertly written with copious funding and nary a line of sloppy code ready for an exploit.
I think not. Go sell this crap elsewhere, if I've got to install an applet and have my computer scanned by your software in order to keep tabs on my money in your bank....I'll find another place to keep my money.
--
Don't suspect your friends...turn them in. Brazil (if you haven't seen it, you should) | |
|
|
Nanoprobe
Wandering in subspace
Premium
join:2003-05-11
Orlando, FL
clubs:
| Re: Oh Sure... said by Yowzaaah :Just let me install this little Active X security doohickey from Symantec via my bank that makes everything safe and perfect. I trust them not to do ANYTHING but make sure I'm squeaky clean and safe when viewing my account on line, NOTHING will phone home EVER, there will be no browser "enhancements" (hijacks) that push affiliated products and services into my every web search AND the code that they've installed on ALL their web banking customers' machines that now have a big fat hacker bulls-eye on them was expertly written with copious funding and nary a line of sloppy code ready for an exploit. I think not. Go sell this crap elsewhere, if I've got to install an applet and have my computer scanned by your software in order to keep tabs on my money in your bank....I'll find another place to keep my money. BINGO,we have a winner. Something from Symantec (or anyone else) scanning my machine while I'm trying to access my accounts? Not in this lifetime.
--
Never look back.Something might be gaining on you. | |
|
Fatal Vector
join:2005-11-26
edit:
December 9th, @12:32AM
| Bottom line Just like with anything, is money and control. If you have to run the a |
|
Broadband and Anti-Virus Evolution
Switching from product to service - more $'s
Out of Memory again....