June 6, 2003 - Friday

Feh! You and your one button mice!

[^o0Kynger0o^] - 12:25 AM PDT

Then again...if as many people used macs as do pcs, there would probably be just as many viruses scripted for mac users. That said...I despise Outlook (and not just because I once did tech support for it *shudder*) so many other good email programs out there. I actually like macs and pcs equally, if money permitted I'd own one of each. Esp since I've always lusted in my heart for a shiiiiny candy colored iMAC *^^* Also the "Golly! I tend to get emails with viruses after rants like this" just might be because of the tone you take. Some people tend to react rather immaturely when they think they are being gloated at. You know...something like that ^_^

[^Natsuki^] - 1:05 AM PDT

I spent my day relaxing and drawing today, so I didn't really do a comic =} Instead, I'll show everyone part of what I've been up to. This is one sample of 4 Mizuhos I'm drawing =} I've wanted to draw her from Onegai Teacher for a while now... finally got the free time (kinda) to do it! Still got a few drawings to do for Fanime and a bunch of t-shirts to make, but for the most part, I'm freeeee~ So, yeah, go out and buy the Onegai Teacher manga... it's cool! And only 2 volumes! That's like.. 20 dollars. Easy on the pocket book. =}

[^Young^] - 2:53 AM PDT

Actually, I wouldn't doubt there would be more Mac viruses if there were more Mac users :) But the viruses I do get after I post aren't intentionally sent. They're characterized by spoofed email addresses (sent by Erin, Kingsley, Young, George, etc) with headers like 'I send this resume...' 'Elkhorn removal tools...', 'I ask for your advice...' which are the kind that normally harvest emails from IE caches and then use Outlook to propogate. As per my immature post... I guess I get frustrated because I get maybe 10 emails aday, 40 spam, and 10 viruses. That means I'm paying pacbell $60 a month, and I get more spam and viruses than I do messages from friends. It's very sad. Really though, there are architectural differences between Mac and PC that make Outlook viruses a little harder; instead we'd need Quicktime-Applescript viruses; embed a Quicktime container inside an email with an Applescript payload, such that when the Quicktime gets played, the script gets executed. The specifics of this attack elude me, since I am neither a master of virii, Quicktime, or Applescript, but it would have to rely on fixed known locations of programs, some sort of rootkit (which doesn't exist yet as far as I know), and holes in the Quicktime specification which allows for execution of arbitrary code (which I don't know actually is possible). On the PC side, we do know Outlook has the ability to execute arbitrary code, thanks to Javascript and ActiveX, we know Outlook has buffer overflows to allow this kind of thing, we know that Outlook uses mshtml.dll which means that all IE holes also exist simultaneously in Outlook, IIS, and in Windows Explorer, and that due to the nature of integration, an exploit that is taken advantage of in Outlook automagically becomes taken advantage of in IIS, IE, and Windows Explorer. Macs aren't immune of course: Apple is developing it's own HTML rendering framework, called WebCore, based off of KHTML rendering technology, and JavaScriptCore, based off similar open source scripting technology. Any vulnerabilities in the JavaScriptCore or WebCore also leave Apple vulnerable if they aren't designed properly to be independent and isolated from each other. Add to that the fact that the Mac is heavily scripted with OSA (Open Scripting Architecture) and is accessible with the CLI, then any rogue program that is executed on a Mac more or less has full user access to the system, remotely; the ability to start and stop programs, delete data, install programs, etc. The saving grace in that situation is the fairly strict Unix based multi-user setup, wherein Root is disabled by default and Admin access requires the user to type a password before any system level changes can occur. Without Admin access, the worst a program can do is delete non critical programs and user data. All the system stuff is further separated into three levels, /System/Library, /Library, and /Users/~Library, and each require a different level of security. Only Apple has access to /System, the Admin has access to /Library, and the users have access to each their own copy of /Users/~Library, to use and abuse as they see fit. A rootkit would make this all moot, but this would require that the user intentionally enable the root account on the machine in the first place, since it comes factory disabled by default. Macs are by no means invulnerable, and it is arrogance to think otherwise; and I know I'm arrogant, so please accept my apologies for being this way, but a Mac default install vs a PC default install, right now, is more secure by design, and more safe by situation; a PC can be equally safe, but only if the user intentionally goes out of his or her way to make it so, by not using Outlook or IE, by disabling preview panes and script execution, by locking down unused services and ports, by carefully following patches and installing security updates, and by reading the latest news on the latest viruses, worms, and trojans. Every time I install a program on my machine that asks for admin access, I am scared, a leftover bit of paranoia from my previous life as a PC user. Any program that captures the admin password then has nearly full access to my machine. I guess a solution to that would be to have an Apple approved interface, so that any third party program looking for the admin password never actually touches it, but instead only asks the system, and the system asks you... But even more paranoia exists. What if you grant the access, and then the program does a 'scorched earth' event, even accidentally? A program doesn't need persistent Admin access to mess up. Just deleting one core file is enough. Ah well... I guess that's a problem for a different time, since it's unrelated to viruses, and is instead wholely in the domain of trojans (aka Trojan Horse).

[^Louis^] - 9:09 AM PDT

For the record, other than not using Outlook, I've never done any of the things Louis says is needed to make a windows pc equally safe and I've never gotten a virus on my home computer. I don't keep up with patches or virus bulletins and I don't disable any windows default features or ports. Exercising a little caution in what you download and/or execute on your computer can probably save you a bit of trouble. Oh, and just to keep this on at the front so people will see it, here's my post from yesterday: So... I was at E3 this year and managed to pick up nifty little video card that nvidia was giving away in a contest.... You know, that new one they're doing that doesn't come out till the end of the month... Anyway, it's nifty and all but I don't play as many computer games as I used to and it seems a waste that I'm not using it to play games when someone else could be the early adopter and getting the frames they want from Battlefield 1942 or their game of choice before anyone else so I'm selling the nifty card... If your interested or just curious go ahead and check out the auction.

[^SEan^] - 10:36 AM PDT

The curse of the windshield wiper has ended in 300 bucks! I can finally drive my car in the rain and not worry about my driver side wiper getting air borne going pass 50 MPH. Today after picking up my Tracer I went around town with my wiper blades on. Sure, drivers looked at me funny but I wanted to savor the moments of a working driver side wiper. Next time I'm fuckin' gonna buy a Honda or Toyota. I've gone through two US cars, the Tracer being my third that already has a replaced engine and a rebuilt transmission. I coulda saved myself a whole lotta time and money if I bought a Japanese car in the first place but my friggin' parents never let me have a say in it. Anyway, I'm gonna try to drive to some places where it's rainning and turn on my wiper blades. Kinda hard though since it's summer. Maybe I'll go up to Seattle or something. By the way, whatever happened to that Bachelor thing with Jase? Was there a winner? Did he pick up some chick? Maybe I should give it a shot. Anyone wanna date a pr0n downloadin' ninja?

[^o0Kynger0o^] - 2:15 PM PDT

June 7, 2003 - Saturday

[^o0Kynger0o^] - 2:29 AM PDT

First

Prev

Next

Today