Practical Technology

for practical people.

February 23, 2010
by sjvn01
4 Comments

Chuck Norris is not a Linux virus

Get a grip people. A recent story about the so-called Chuck Norris botnet implies that it breaks Linux’s security. Wrong.

Windows malware, whether it comes in the form of a Trojan, virus, or worm, works by exploiting security holes in either the operating system itself or an application like Adobe Reader or Internet Explorer. Whatever the bug or the method it uses to arrive on a Windows PC, the fundamental way it uses to exploit the system is that Windows itself is inherently insecure.

While Chuck Norris runs on Linux-based DSL modems and routers, it doesn’t actually attack Linux at all. Instead, it runs as a normal Linux application. So how does it get there if it doesn’t try to crack Linux? It infects routers by trying common and default passwords. That’s it. That’s all there is to it.

More >

February 23, 2010
by sjvn01
4 Comments

Amazon pays Microsoft for Linux

What was Jeff Bezos, Amazon’s CEO, thinking? Amazon just signed a patent cross-licensing deal that pays Microsoft intellectual property fees for, among other things, patents that cover Amazon’s Linux-based Kindle e-reader and its Linux servers. Too bad Microsoft has never, ever been able to show that its patents cover anything to do with Linux.

Mind you, Microsoft has been trying to make people believe that Linux violates its patents for years now. Only an idiot would believe them though since Microsoft has never even tried to demonstrate that any of its patents actually apply to Linux.

Yes, Microsoft claims that Linux and other open-source programs violate its patent rights. They’ve been making those claims for years. What’s always been missing is proof.

Microsoft’s biggest lie, first made by Steve Ballmer back in 2004, is that Linux violates more than 200 of Microsoft’s patents. There’s one little problem with this assertion which has underlaid every Microsoft attack on Linux’s intellectual property since then: it’s not true.

More >

February 19, 2010
by sjvn01
2 Comments

Is Windows 7 really a memory hog?

I’m no Windows fan. But, I use Windows 7 every day and I’ve deployed it on several dozen PCs and I’ve never seen Windows 7 misuse memory like Devil Mountain Software’s claims that it does.

While it’s doubtlessly true that, as Craig Barth, Devil Mountain’s CTO, is reported to have claimed, that “Everyone thinks that they’re a [Windows] performance expert,” and that “They look at their PC and say, ‘My PC doesn’t do that.'”

Well, while I can’t claim to be a Windows performance expert, I can justifiably claim to be an operating system expert, and that I’ve recently done a lot of detailed analysis and work with Windows 7. I’ve never seen Windows 7, in and of itself, on the approximately sixty systems I’ve either used it on or installed it on exhaust its memory resources to the point where I saw any performance problems.

More >

February 19, 2010
by sjvn01
2 Comments

Who’s really to blame for the Windows XP Patch BSOD?

More than a week after Microsoft released an XP patch that seemed to cause BSODs (Blue Screen of Death), Microsoft announced that the immediate cause was the Alureon rootkit. Fair enough, but what about the 17-year old Windows security hole that the rootkit was exploiting?

I mean, come on. This bug dates back to 1993 when Windows for Workgroups 3.11 and Windows NT 3.1 instead of Windows 7 were the hot new versions of Windows. Many of you have never even seen those operating systems much less used them. Since Microsoft has left this security hole open almost long enough for it to be old enough to vote, shouldn’t they get some of the blame?

After all, the hackers behind Alureon, aka TDSS, Tidserv and TDL3, botnet were able to fix their malware to work around the Windows’ fix before Microsoft finally figured it out. Maybe Microsoft should hire them to work on Windows security instead of relying on their own in-house software engineers. Nah. They’re probably making more money from their botnets than Microsoft is willing to pay them.

More >

February 18, 2010
by sjvn01
0 comments

It’s not just Twitter

A recent Washington Post story observed that Twitter loves open source. Twitter’s not the only ones. Most, if not all, social networks are built on top of Linux and open-source software.

When the writer wrote that Twitter loves open source he wasn’t exaggerating. He was quoting from Twitter’s About Open-Source page. There, Twitter states that, “Twitter is built on open-source software-here are the projects we have released or contribute to.”

It’s quite a list of C++. Java, Ruby, Ruby on Rails, and Scala programs. If you dig deeper, by looking at Twitter’s job postings, you’ll see Twitter also makes great use of the standard LAMP (Linux, Apache, MySQL, and Perl/PHP/Python) stack. In particular, being able to demonstrate that you’ve been open-source contributor is a big plus for many Twitter jobs.

More >

February 18, 2010
by sjvn01
0 comments

Computer Breaking and Entering is a Business

Most of the attention on a recent report from ScanSafe, a Cisco-owned security company, has been on the fact that attacks on Adobe PDF Reader vulnerabilities comprise up to 80% of PC attacks. That’s actually not quite right. The ScanSafe threat report doesn’t cover programs that work directly with the Internet like Web browsers and e-mail clients. Instead, it only covers programs that can be successfully attacked after files have arrived in a PC over the Internet. For my money, the important news in the report is just how totally computer hacking has become a business aimed at other businesses.

Don’t get me wrong. It’s vital to update your copies of Adobe Flash Player, Acrobat and Reader with the latest patches. But, what caught my attention in this report is that by focusing so much on the trees of individual security problems and patches we may be missing the forest of a parasitic industry.

According to ScanSafe, “Few victim companies choose to self report. Instead, the breaches that get acknowledged publicly are generally only those which involve theft of consumer or employee data – and only then because the laws require it. This selective disclosure fuels the misconception that cybercriminals are only intent on stealing data intended for credit card fraud and identity theft. In reality, cybercriminals are casting a much wider net.”

More >