> I believe that the issue was Internet Explorer being integrated with the
> OS.
> I like quite a few people see no issue with that.
Then you fail to understand how exploit code works, and why vulnerabilites
on other o/s components are linked and exploited in IE.
> Now, I never said that either. What I said is that with Vista they are
> making a better effort than before, yet people are claiming this will
> stifle
> competition.
Of course it will. Why would a user pay for another AV/firwall/Spyware/SPAM
filter if one is built in. From a user perspective, having this built in is
a good thing, since they abdicate any responsibilty to having to protect
themselves, and pay extra to someone else for the privelidge. From a vendor
perspective, if your job is to sell AV/firwall/Spyware/SPAM filter, you are
going to scream anti-competition rules. HOwever, their market is based on
filling a void left by Microsoft. Tough shit they have to change their
marketplace when Microsoft fills the gap themselves.
The vendors will still exist - but in far fewer numbers and selling far
fewer products, to specialists, techies, and those in-the-know.
Microsoft are win-win here. They get to bundle these as security features
which are sold as a good thing, and re-bill you time and again for OneCare
style services to keep it useful.
> Well I with a lot of others would rather see Microsoft secure their OS, as
> we do not see why we need a 3rd party solution to secure the OS.
Because an independant product can take a different approah than the one
proposed by M$. It may be more feature rich and better at the job than the
M$ tool.
XP SP2 has a built in firewall. Compare and contrast this to Outpost - I
know which i respect and trust more.
> So those 3rd party companies will lose future business if microsoft
> secures
> their OS, well they better start looking at what else than may be able to
> produce to make up for that projected loss.
Agreed.
> No one said they were quick
The point is, their design principles must be flawed, since NT3.51 thro 98,
ME, 2000, 2003... they continue to suffer from the same type of code
exploits and vulnerabilites they were expieriencing on the first version.
They should have learnt something during that time.
> It is Microsoft's OS, they are not locking out competition. Those other
> companies can come out with their own OS.
A consequence of built in features resulted in losing Netscape in favour of
Internet Explorer. Given the number of holes in it, I know which I prefer.
"erewhon" <sminkypinky@nowhere.net> wrote in message
news:ehuq0h$a8v$1@bananasplit.info...
> > I believe that the issue was Internet Explorer being integrated with the
> > OS.
> > I like quite a few people see no issue with that.
>
> Then you fail to understand how exploit code works,
> Dana wrote:
> > "ArtDent" <p...@noyd.invalidname> wrote in message
> > news:0Q80h.271$zf.247@newsread3.news.pas.earthlink .net...
> > > On 25-Oct-2006, comph...@toddh.net (Todd H.) wrote:
> > > > "Dana" <raff...@yahoo.com> writes:
> > > To the OP, get your 'facts' right.
> > My facts are right.
> If your facts are right, prove them as already been asked before. Your
> arguments are pure nonsense unless you can provide proof. What the EU
> is doing, should have been done decades ago.
> Yep, another socialist calling for more tyranny of the state.
LOL. I am just another one of those "proud Europeans" who is looking a
bit further than just over the corner of my plate, like it seems you
are doing...
> MS has no right what so ever to force us into a particular decision.
> They do not.
LOL. On what planet are you living? They do not? What about MS IE and
MS Media player?You cannot even uninstall Internet Explorer without
further hassles and you call that not forcing us in decisions.
- Hide quoted text -
- Show quoted text -
> Dana wrote:
> > "JAB" <nocha...@nohope.com> wrote in message
> > news:dZh0h.14487$j4.11524@newsfe1-win.ntli.net...
>It has been well documented. Airbus is pretty much a state run business
>receiving all kinds of protections from the state. I will add that the Airbus jets are quite nice though.
Mhhm, which state then? If you had googled you would be aware that this
is a company operating Europe wide and a joint-venture of several
governments. Also a state run business does not imply being subsidized
by the state itself! Especially since you have here more than one state
involved...
>Yes, but with the new world order of suitcase nukes, and deadly germs that
>can be carried by a person, you have to accept that security measures are
>needed, especially when states like Germany or France would be more than
>happy to fund an Arab to come over to America and release a weapon like that.
>
>Not only do we have to be concerned about the intentions of radical moslems,
>we need to watch our so called friends like Germany and France.
>The facts are that radical islamists are bent on causing harm to America and her citizens.
>If you want to avoid this truth, knock yourself out.
Speechless, since this is the dumbest thing I have heard you say so
far. It gives me a good picture of yourself tho and prolly would fall
under all those cliches some Europeans have of americans...
>I recognize the threat coming from those so called Islamic religious leaders
>who are encouraging their ignorant followers to engage in violence against
>western interests, especially American people.
Ha, I dont think you are religious, I think you are paranoid!
> "Ron Lopshire" <notron@ovbl.org> wrote in message
> news:UUp0h.13711$Lv3.13364@newsread1.news.pas.eart hlink.net...
>
>>Dana wrote:
>
>>Even MS fanboys such as you have to admit that there is a _serious_
>>conflict of interest involved when Microsoft sells a defective,
>>unsecure product (XP, Vista), and then offers to secure it for $50.00
>>USD per year.
>
> First off, I would like to restate that I am no fan of MS, yes I use their
> products, but that does not mean I am a fan. Being that so many apps are
> done with windows i.e. like office procucts, you need to run office
> yourself. Yes there is some open source stuff out there. But to look at an
> office doc or spreadsheet, it is best to use office.
> I myself at work only use Unix servers and workstations, and would not trust
> MS in the job I do.
> MS cannot really say they have decent server products, as they do not on all
> counts MS servers suck.
> But yet we see many companies using MS servers, all because of the excellent
> marketing that MS has.
>
>>You are /correct/ about the socialists at the US DOJ. The only thing
>>that came out of the anti-trust lawsuit against MS, and the only thing
>>that could have come out of it, was that a tremendous amount of money
>>was taken from consumers and put into the pockets of lawyers,
>>politicians, bureaucrats, and other ne'er-do-wells.
>
> Granted that MS has positioned itself to be a dominant force in the home,
> and business for computer use, pretty much ensuring that you have to use MS
> products.
> That is why I say let MS bundle all these security apps into windows, as
> hopefully it will be done in the kludge like way we know MS to do, and when
> it fails and security is still an issue, if not worse, people will finally
> say enough is enough.
> I would love to see HP or SUN come up with a Unix based distro for home and
> small business users, that is affordable to those users. Of course
> applications would also be needed to enable users to get away from windows,
> but until that happens windows really has the market by the balls.
Giving a choice between sticking with MS or getting into bed with HP
or Sun, I will stick with MS, thank you very much. Sun cannot even
develop a decent installer. And I have never used any HP software that
was not a total POS.
You are correct about Unix, though. Even the bullheaded dweebs at
Apple gave up on their POS file system/kernel, and switched to a Unix
kernel with Mac OS X.
> Taking MS to court over anti trust and monopoly issues will always fail,
> because it is the market that put MS where it is. The people knowing about
> the security holes, knowing that windows is a resource hog and not very
> stable when used as a server, still went out and bought the product.
> I have to admitt that MS marketing is top notch, and that has done wonders
> for MS.
As they say,
1) Follow the money.
2) Money talks, and bullshit walks.
I don't begrudge MS one bit for their market position. They didn't
hold a gun to anyone's head.
Ron Lopshire wrote:
> As they say,
>
> 1) Follow the money.
> 2) Money talks, and bullshit walks.
>
> I don't begrudge MS one bit for their market position. They didn't hold
> a gun to anyone's head.
>
> Ron :)
Can't remember who this was an exchange between but it was something
like this:
Customer: When are you going to stop putting out such buggy crap?
Vendor When you stop buying it.
> Ron Lopshire wrote:
>
>> As they say,
>>
>> 1) Follow the money.
>> 2) Money talks, and bullshit walks.
>>
>> I don't begrudge MS one bit for their market position. They didn't
>> hold a gun to anyone's head.
>
> Can't remember who this was an exchange between but it was something
> like this:
>
> Customer: When are you going to stop putting out such buggy crap?
> Vendor When you stop buying it.
> On Fri, 27 Oct 2006 12:21:35 -0800, "Dana" <raff242@yahoo.com> wrote:
>
>>Religion is not the issue here. And I am not stuck on any religious dogma.
>>I recognize the threat coming from those so called Islamic religious leaders
>>who are encouraging their ignorant followers to engage in violence against
>>western interests, especially American people.
>
> Do you watch fox news a lot ?
>
> As they say,
>
> 1) Follow the money.
> 2) Money talks, and bullshit walks.
>
> I don't begrudge MS one bit for their market position. They didn't hold a
> gun to anyone's head.
>
I would disagree with that statement.
As I recall, back in the days of Geoworks, MS was convicted of monopoly
activity in their licencing agreements with hardware vendors. In effect, if
you wanted to sell with MS pre-installed, you have to agree to sell only MS,
and not allow any other products on any equipment you sold.
At that time, other OS vendors has superior products and were a real threat
to MS. By the time the court action was settled, MS had illegally obtained
marker dominance. They may have had to pay a fine and agree to stop doing
that, but for the competition, the gun was in place and the trigger had been
pulled.
"erewhon" <sminkypinky@nowhere.net> wrote in news:ei05m2$j0q$1
@bananasplit.info:
> Abso-fucking-lutely!
>
>
In the interests of pedantry, I feel obliged to tell you that the
rhetorical device you used above - inserting a word between parts of
another word - is an example of tmesis.
> In the interests of pedantry, I feel obliged to tell you that the
> rhetorical device you used above - inserting a word between parts of
> another word - is an example of tmesis.
In the interest of pedantry - it wasn't rhetorical, since I wasn't asking a
question to which no answer was being requested, I was making a statement
demonstrating support for the previous the assertions.
"erewhon" <sminkypinky@nowhere.net> wrote in
news:ei0ocn$57p$1@bananasplit.info:
>
>>> Abso-fucking-lutely!
>
>> In the interests of pedantry, I feel obliged to tell you that the
>> rhetorical device you used above - inserting a word between parts of
>> another word - is an example of tmesis.
>
> In the interest of pedantry - it wasn't rhetorical, since I wasn't
> asking a question to which no answer was being requested, I was making
> a statement demonstrating support for the previous the assertions.
You mustn't challenge a pedant about pedantry unless you are very sure of
yourself. A rhetorical question, to which you refer above, is only one of
many rhetorical devices (i.e. methods, tricks, stratagems) used in
rhetoric: the art of effective (some would say pursuasive) speaking (and
writing). And tmesis is, as I said, one of those rhetorical devices.
Rhetoric was one of the three arts of the medieval trivium (the others
being grammar and dialectic). I can rightly, if not always flatteringly,
be called a master of things trivial :-)
And I am not just acquainted, but positively intimate, with things
quadrivial :-)
on 10/27/2006 1:54 PM Dana said the following:
> "Jim Watt" <jimwatt@aol.no_way> wrote in message
> news:omp4k25n7p7hppt3qhr0tr1nvr90f9ihbn@4ax.com...
>> On Fri, 27 Oct 2006 03:21:39 -0800, "Dana" <raff242@yahoo.com> wrote:
>>
>>> You posted nothing to change my view.
>> Then read this link
>>
>> http://quotes.liberty-tree.ca/quote/...ler_quote_3044
>> --
>
> Yes, yes, that is all very good.
> But the fact remains that the procedures that the government is putting in
> place has no effect on those that DO NOT WANT TO KILL MANY PEOPLE.
> The only people worried about the direction of government in the war against
> terror, is those that have something to hide.
>
Hi, I'm from the <redacted name of secret "three initial" agency>.
We've traced a terrorist person across the vastness of usenet, and we
believe that he posts to Alt.computer.security. We'd like to examine
your harddrive. You don't need top send it in, we'll just come by the
house and clone a copy, you can have the copy while we do forensic
analysis on your original(s). Oh, by the way, we'll be searching your
house to be sure that you have not hid any computers or hard drives from
us. Naturally, anything else we find in the search will be fair game.
But you don't mind, right? After all, you have nothing to hide.
==============
Of course you'll never get such a letter, they'll assume that you will
start hiding stuff. They'll just come by unannounced, the first while
you're not there to install the keylogger, the second time will be
calculated to make sure you are home and docile, 2:00 am usually works.
But you don't mind, you have nothing to hide . . .
"B. Nice" <b__nice@hotmail.com> wrote in message
news:8jq7k215gsbi8t7p23r07ujglpmggf8cjj@4ax.com...
> On Sat, 28 Oct 2006 10:12:26 +0100, "erewhon"
> <sminkypinky@nowhere.net> wrote:
>
>>Can you give a link to demonstrate the Outpost bugs of this nature?
>
> http://seclists.org/fulldisclosure/2006/Jul/0481.html
>
> And please also have a look at this:
>
> http://www.securitytracker.com/alert...n/1008755.html
>
> I find that one very interresting since it deals with the exact same
> problem. But note the date of this bug report: January 2004. And look
> under solution: "The vendor reportedly plans to issue a fix shortly".
> I don't want to go into a discussion of the term "shortly" - but it
> seems to me like more than two and a half years is kinda streching it
> :-)
Both of these exploits no longer work. It is not possible to drag-drop, and
the exploit to file-load configuration appears to do format checking to
prevent cmd.exe from being loaded.
However, the underlying 'gui as local system' certainly is piss poor design.
> In the interests of pedantry, I feel obliged to tell you that the
> rhetorical device you used above - inserting a word between parts of
> another word - is an example of tmesis.
>
> The Greeks really do have a word for it :-)
>
> Regards,
>
Hey Nemo. I've been wracking my brain trying to recall the proper name of
the rhetorical device wherin one refers to one's opponent's defects by
claiming to be 'too good' to do such a sordid thing...I won't mention
Senator Jones's penchant for cavorting around in bra and panties as it
would diminish from the seriousness of our purpose here...
Can you help me?
-raincoater
>> In the interest of pedantry - it wasn't rhetorical, since I wasn't
>> asking a question to which no answer was being requested, I was making
>> a statement demonstrating support for the previous the assertions.
>
> You mustn't challenge a pedant about pedantry unless you are very sure of
> yourself. A rhetorical question, to which you refer above, is only one of
> many rhetorical devices (i.e. methods, tricks, stratagems) used in
> rhetoric: the art of effective (some would say pursuasive) speaking (and
> writing). And tmesis is, as I said, one of those rhetorical devices.
I am right in this matter.
You are confused in that not all rhetoric is a rhetorical QUESTION. It was
not a question of any form, hence whilst it may be rhetoric, it is certainly
not a rhetorical question.
"erewhon" <sminkypinky@nowhere.net> wrote in
news:ei2p39$371$1@bananasplit.info:
>
>>> In the interest of pedantry - it wasn't rhetorical, since I wasn't
>>> asking a question to which no answer was being requested, I was
>>> making a statement demonstrating support for the previous the
>>> assertions.
>>
>> You mustn't challenge a pedant about pedantry unless you are very
>> sure of yourself. A rhetorical question, to which you refer above,
>> is only one of many rhetorical devices (i.e. methods, tricks,
>> stratagems) used in rhetoric: the art of effective (some would say
>> pursuasive) speaking (and writing). And tmesis is, as I said, one of
>> those rhetorical devices.
>
>
> I am right in this matter.
>
> You are confused in that not all rhetoric is a rhetorical QUESTION. It
> was not a question of any form, hence whilst it may be rhetoric, it is
> certainly not a rhetorical question.
>
> You can confirm my statement here if you wish:
>
> http://dictionary.reference.com/brow...cal%20question
Dear, dear, you keep digging yourself a deeper hole.
It was you who, as the first paragraph above clearly shows, disclaimed
being rhetorical because you weren't asking a question without expecting
an answer (i.e., weren't asking a rhetorical question). And in saying
that you were just plain wrong, since, even though you made a statement
(more accurately, a mostly phatic interjection) and did not ask a
question, you were nonetheless using a rhetorical device: tmesis.
The very fact that I pointed out your use of tmesis, a different
rhetorical device than a rhetorical question, clearly shows I know
rhetoric is hardly confined to the latter.
Sebastian Gottschalk wrote:
> kurt wismer wrote:
>
>> there are a variety of kernel level events and conditions that cannot be
>> trapped without access to the kernel...
>
> Uhm... what exactly beside RtlPrefetchMemory and RltFlushTLBEntry are
> actually needed?
ssdt hooking is the popular example...
> And why should they be security relevant?
for one thing it's used to prevent tampering with the security app's
processes...
> I'd think it's
> rather quite risky to manipulate internal kernel objects.
risky i the sense that you don't know what might happen... i assume the
security vendors have spent a considerable amount of time (since these
technologies aren't something they cooked up overnight) and money (since
these technologies are attempts at gaining/retaining a competitive
advantage) researching what could happen and making allowances for that...
frankly, i don't think hooking into the system service dispatch table
should be any more risky than hooking onto the interrupt vector table
was back in the days of dos...
>> a wide variety of the more
>> proactive security technologies (of which microsoft have none because
>> they're a newbie in this field) depend on being able to trap those things...
>
> Huh? Name some of these, so I can avoid trying and especially buying them
> in the future.
well, from what i gather both symantec and checkpoint have tamper
resistance techniques that are based on ssdt hooking...
>> if you think sacrificing behaviour based security technologies in order
>> to kill off kernel mode 'rootkits' and precious little else is a fair
>> trade off then i've got this bridge i've been trying to sell...
>
> Huh? Behaviour based security technologies hooking up kernel functions are
> utterly broken and useless. I'd sacrifice them for just one cookie (with
> strawberry taste, of course).
and what would you suggest as an alternative means of monitoring
everything applications do on a system? the security vendors would be
more than happy to use an officially sanctioned alternative if one
existed, however nobody, not even those vendors who disagree with
symantec and mcafee over what a big deal this is, has pointed to any
such existing alternative... additionally, the fact that microsoft has
agreed to create an API allowing access into the kernel for security
vendors (but one that we probably shouldn't expect before vista sp1 is
released) seems to further indicate that no such alternative currently
exists...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
>And tmesis is, as I said, one of those rhetorical devices.
I know. But I keep trying to tell you, but you seem to stupid to understand.
Whilst it is clearly a rhetorical device, it is in no way a rhetorical
question.
You just keep banging your gums. You're only making yourself look stupid.
> Dear, dear, you keep digging yourself a deeper hole.
> It was you who, as the first paragraph above clearly shows, disclaimed
> being rhetorical because you weren't asking a question without expecting
> an answer (i.e., weren't asking a rhetorical question). And in saying
> that you were just plain wrong, since, even though you made a statement
> (more accurately, a mostly phatic interjection) and did not ask a
> question, you were nonetheless using a rhetorical device: tmesis.
So why can you not accept you were wrong to claim it was a rhetorical
question, when it quite clearly was not.
> The very fact that I pointed out your use of tmesis, a different
> rhetorical device than a rhetorical question, clearly shows I know
> rhetoric is hardly confined to the latter.
> So why can you not accept you were wrong to claim it was a rhetorical
> question, when it quite clearly was not.
He didn't; he claimed it was a rhetorical device.
Earlier you said: "it wasn't rhetorical, since I wasn't asking a
question". He then pointed out that a rhetorical question was: "only
one of many rhetorical devices".
on 10/29/2006 4:44 PM erewhon said the following:
>> And tmesis is, as I said, one of those rhetorical devices.
>
> I know. But I keep trying to tell you, but you seem to stupid to understand.
>
> Whilst it is clearly a rhetorical device, it is in no way a rhetorical
> question.
>
> You just keep banging your gums. You're only making yourself look stupid.
>
<SNIP>
>
> So why can you not accept you were wrong to claim it was a rhetorical
> question, when it quite clearly was not.
>
Because he never did!!! RTFP Read the first post:
Here is the original post that first included the word "Rhetorical"
on 10/28/2006 1:19 PM nemo_outis said the following:
> "erewhon" <sminkypinky@nowhere.net> wrote in news:ei05m2$j0q$1
> @bananasplit.info:
>
>> Abso-fucking-lutely!
>>
>>
>
> In the interests of pedantry, I feel obliged to tell you that the
> rhetorical device you used above - inserting a word between parts of
> another word - is an example of tmesis.
>
> The Greeks really do have a word for it :-)
>
> Regards,
>
>
>
Please point out where, precisely, the phrase "rhetorical question"
appears?? I see "device", but not "question." If not this post, then
which one, I've reviewed the entire thread and find no evidence at all
of "nemo" using referring to your statement as a rhetorical question
Help me out, inquiring minds want to know . . .
Sebastian Gottschalk wrote:
> kurt wismer wrote:
>> Sebastian Gottschalk wrote:
>>> kurt wismer wrote:
>>>
>>>> there are a variety of kernel level events and conditions that cannot be
>>>> trapped without access to the kernel...
>>> Uhm... what exactly beside RtlPrefetchMemory and RltFlushTLBEntry are
>>> actually needed?
>> ssdt hooking is the popular example...
>
> SSDT hooking is exactly what has been replaced with the kernel hooking API
> in Windows Vista.
were that entirely true (ie if the new kernel hooking API replaced *all*
the functionality could get through ssdt hooking) then why do security
vendors still complain about not having a way to perform those functions
and why has microsoft promised to open up further access with additional
API's?
[snip]
>> additionally, the fact that microsoft has agreed to create an API allowing
>> access into the kernel for security vendors (but one that we probably
>> shouldn't expect before vista sp1 is released) seems to further indicate
>> that no such alternative currently exists...
>
> Or maybe you're just misinterpreting this step.
[sarcasm]
oh yes, that must be it... the security vendors are wasting time and
money (not to mention risking public humiliation) complaining about not
having access to something they already have access to and microsoft,
rather than carry out that humiliation against competitors who must
clearly be trying to make microsoft look bad, chose to promise to give
the security vendors what they need at some future date even though
they've already given them what they need...
so then the only real question is, what is microsoft going to give them
in the future?
[/sarcasm]
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
> Hello, nemo_outis!
> You wrote:
>
>> In the interests of pedantry, I feel obliged to tell you that the
>> rhetorical device you used above - inserting a word between parts of
>> another word - is an example of tmesis.
>>
>> The Greeks really do have a word for it :-)
>>
>> Regards,
>>
> Hey Nemo. I've been wracking my brain trying to recall the proper name
> of the rhetorical device wherin one refers to one's opponent's defects
> by claiming to be 'too good' to do such a sordid thing...I won't
> mention Senator Jones's penchant for cavorting around in bra and
> panties as it would diminish from the seriousness of our purpose
> here... Can you help me?
> -raincoater
>
It doesn't leap to mind (although I must admit I'm distracted - I'm busy as
an expert witness all this week and am focussed on that).
One great place to dig (chop?) is the Forest of Rhetoric:
> He didn't; he claimed it was a rhetorical device.
>
> Earlier you said: "it wasn't rhetorical, since I wasn't asking a
> question". He then pointed out that a rhetorical question was: "only
> one of many rhetorical devices".
Re: Why does every one hate Microsoft 
Linear Mode
