Saturday, April 3, 2010

A few words about safety.

Today, an unknown attacker infiltrated the computer network of the corporation "Horns and Hoofs. According to company representatives, the damage a hacker, is equal to two million kosmokreditov. Law enforcement authorities began investigating the incident. According to preliminary data, blames carelessness administrator and the operating system "Hinged Window-Pane for Ventilation" from the company Microdumb.

Some titles such replete with computer and one click press the last two years. Hackers, all-powerful rulers of the Internet, do not leave the poor user to rest for a minute, and the only way not to fall victim to another attack - this is off the Internet. And no one thinks that under the latest "sensational" article is advertising an anti-virus laboratory. Old-timers should remember the year 2000 problem. Where not only the exaggerated rumors of imminent decline of the computer industry: the press, on television, the Internet. The predicted end did not come, but the shark pen once invented a new problem, they say, the end of World Wide Web is ever close, but experts do not even think to warn users about the poor.

From the emptiness does not arise, as they teach us treatises on physics. The trouble is that such rumors are spreading not only to journalists who write for the money you everything your heart desires, but also representatives of quite respectable anti-virus companies. They've got something to promote their products to the people, and marketing, you know, too, is different. That's frightening users imaginary threats.

I'm not going to argue that computer viruses over the past five years have begun to spread with terrifying speed and is not amenable to any account. New strains of regular Malvar appear almost every minute, with changes made in the body of the virus are minimal, but large companies are more often report the millions in losses. And the fault does not even reversery - any man simply not physically able to disassemble and explore the malicious code in seconds. That's why there are false alarms anti-virus, when a seemingly innocuous Notepad + +, for example, is a terrible virus Win32 Neshtaa, and it would be nice to remove it in order to prevent loss of confidential information. Of course, global epidemics sometimes occur (everyone remembers Conficker?), But... Any business based on risk, and perfectly secure systems does not happen in nature, and all that he wrote a man can only be defeated by it.

If we look at the statistics, kindly provided to us by antivirus companies, in the depths of the soul arise very mixed feelings. Someone assured that we're safe, and pandemics do not happen (which I am personally a little surprised), and others, however, warn about the company developed in the bowels of proof-of-concept exploit'e able to pass any of the protective mechanisms in seconds. Hackers stop only the ubiquitous security services, is actively fighting cybercrime. Knowing the level of current custody order (except me, nobody was surprised the story of thirteen Orsha hacker?), We can conclude that the attackers did not stop the fear of punishment, and lack of sharpness to the invention of new ways to circumvent protection mechanisms.

During the entire existence of human civilization was born a lot of myths. It is now in the twenty-first century, we can confidently say that warlocks and witches - tales of the Holy Inquisition, but in the fifteenth century, people did not. In my opinion, the same thing is happening now - namely, the mass obscuring the public consciousness in fear of the unknown. Few users will be able to explain how computer viruses work, even fewer people to disassemble. Experienced reverser will tell you that writing a long-lived virus - a task which can cope with, not every virus writers. Often, all limited by the fact that the virus enters the base of any company, and specially trained people are studying algorithms for the invasion used by the virus.

So what prevents large companies to commission free software, for example, operating systems based on xBSD or Linux? The answer is simple and concise: "These systems are not designed for desktop solutions." Bullshit! And arrogant. Many Western companies are successfully using PCs Mac, which is the same xBSD, only with a beautiful "face." Moreover, all popular office solutions to long-ported to Mac: either Microsoft Office or Adobe Photoshop. But even in the West, many managers are afraid to replace Windows on something more secure, since support for computers with * nix on board differs significantly from the same computer running Windows. In defense of want to say only one thing: It's all in the habit. The man, ten years worked in the operating systems from well-known corporations, just not physically able to get used to the "new" interfaces such as GNOME or KDE. Since nothing can be done.

The main advantage of UNIX is that the system calls it - about a hundred, actually used about forty of them. For comparison, Windows has something like 100 thousand API-functions called by the kernel of the thousands of seats, with hundreds of disparate settings. The programmer, even a very experienced, forced to carry a bunch of textbooks to somehow navigate the chaos of the operating system. And if the guys from the Microsoft listened to the lectures in their universities, the problems in their OS would be much less. It was at university on the fingers explain the principle of Keep It Simple Stupid (leave it simple, stupid), if you follow that, the majority of design errors as a hand shoots. If you're still not sure, check with the operating system OpenBSD.

Linux in the past few years does not cause terror in the eyes of the townsfolk. Wearing a nice interface (hello, KDE!), Got a graphical wizard, in general, a close second to Windows. And that's what scares me: trying to teach the system what to do admin, have been, and most successful of them - Windows 7, where the OS knows best what and how it should work. Microsoft has stubbornly insisted that freedom and security - are mutually exclusive concepts. Automation, of course, a good thing, but not when it comes to security. Artificial intelligence is still far from perfect, and all of his "invention" - edge heuristic mechanisms to cost just a couple of hours of work, and stop Malvar, written by Guru virusopisatelstva, they are not able to. The same can be said of today's firewalls and antivirus. My girlfriend, for example, is unlikely to ponder over the message the firewall, which tells her to change the checksum of the executable file. Any inexperienced user, do not hesitate to clicks "Yes" and continue. So maybe the creators of security software is worth considering the introduction of some automation to their products? An experienced user will receive a full account of the events recorded by the firewall, and a newcomer will receive mode "autopilot" in which the program itself decides whether to regard a certain action as a threat to security. But it is - an ideal which can not be achieved, and the average user should not fall into stupor, hearing the word "protocol" or "port". But, as I can judge, the qualifications of teachers of informatics, in schools, in institutions of higher education leaves much to be desired, and the only thing capable of such "teachers" - tell us how you build a table in Excel.

Wisdom, proven over the years: "How does not restrict the user in Windows, it nevertheless, skunk, can hurt". It would be a desire, as they say. Moreover, even in the business sector, there are thousands (if not millions) of programs, just do not work in that case, if not give them administrator rights. And this wine is not a developer, and most of Microsoft, which prohibits the "left" the program to install their drivers in the system from under-privileged user. As a result - the administrator sets the ten/hundred/thousand (underline) third-party modules, one of which, by law, meanness, always will be vulnerable.

The reader must have the impression that I was trying to dissuade him from using Microsoft products and switch to open source software. I assure you, it is not. In my humble opinion, proprietary software is not worse than open, and all the security problems are Precisely between the user and a keyboard. Any operating system consists of millions of lines of code, some are not changed for decades (in Windows Server 2008 R2 is the number of components, written as early as 88-90 years of last century), and rewrite from scratch "applies only in rare cases. Often, the code imposed more and more layers of abstraction, ultimately forming a very delicate structure. Eliminating just one component, the programmer runs the risk of "break" a whole program, which is very negative impact on him, the programmer salary. So it turns out that some pieces of code, designed back in the eighties, are now faced with conditions in which they operate is very problematic.

And if the world were the evangelists, who firmly believe in the fact that their beloved Linux was written from scratch, then... they are happy people! Linus Torvalds wrote the operating system, based on learning operating system Minix, and, subsequently, not just "licked" pieces of code from xBSD. Herein lies the fundamental problem of programming: the constant improvement of the old code reduces the number of layers and, accordingly, the number of errors. Take, for example, two systems of family xBSD: OpenBSD and FreeBSD. The first decade sorted out their code and has achieved impressive results: only two critical vulnerabilities in its lifetime, and the second is... In general, the case where situation is much worse. And as for the Windows family of operating systems, even to say do not want to - just look at how much weight by the distribution of Windows 7, compared with Windows XP. As far as the Linux - in its quest to lure some of the creators of user distributions gradually deprive us of any possibility of self-tuning system, replacing the command line, graphical user interface. For professionals such "gestures" too much, forgive me, disgusted, and for beginners Linux still has not reached a level which enables the user to "painless" way to migrate from Windows. And they say that 2010 - the year of Linux on desktops. And I smile, knowing that somewhere I've already heard. Ultimately, in my opinion, Linux in its desire to embrace the boundless grow into a monster worse than that now offers us a Microsoft. Or return to our roots, to the role of the operating system for the enthusiast and drummers of the proletariat.

Submit Footage Clips to Shutterstock and make $$$!

No comments:

Post a Comment