Page 3 of 3 FirstFirst 123
Results 31 to 38 of 38

Thread: INFECTED FILE: LordPE download on the Collaborative RCE Tool library

  1. #31
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Yes, but any well-funded government agency could get one of their spies hired by a company like Microsoft to steal the code to a given product.

  2. #32
    Quote Originally Posted by disavowed View Post
    I'm paranoid too, which is why I use Microsoft's software as opposed to most open source software. I have never seen any evidence at all (in the form of peer-reviewed studies, etc.) to show that open-source code is more secure than Microsoft's code. If you know of any such studies though, please feel free to provide links.
    I'm afraid I'm not too up on the "studies," but I speak specific to OS-level, not individual software pieces like OneCare (which is actually pretty nice). If you mean to compare IE vs. Firefox, I'd say you need to not look at the Windows version of FF - a 'nix user on nightly builds (like I am with Google Chrome) IS way safer than a Windows user on IE8 or even on FF. The whole Windows OS is simply not designed with 0-day in mind. Rather than studies, I'd point you to the dev-branch hosting of either FF or Chrome, where you can read the nightly patches, then compare them to how quickly they propagate the fix log on Windows Update. Even a fairly security conscious windows user is hardly going to completely update his browser every day (too much of a pain)...but on 'nix it's one button click away, along with all the other nightly patches for the system.

    If you want to compare vulns between any Posix OS and MS Windows, I'm happy to chat about it. PacketStorm alone gives a great daily picture, as well as just browsing over Metasploit's SVN framework. Symantec's semi-annual whitepapers are always good reading, as well.

    Granted, there's always the very, very logical argument that Linux/Unix is all of about 10% of market share (and that's quite generous), so nobody codes much in the way of malware for them, at least on the end-user level. Though security by obscurity (as we all know from reversing) is hardly a form of protection, opening up an infected webpage in Linux (even in a VM) is simply not the same threat as that of a Windows system. And threats that do target Linux are largely closed up in short order.

    Of course, your mileage may vary. Run an Ubuntu 8.10 build and never do your updates, and you're in just the same boat as every other person out there. But I don't think anyone on THIS forum is quite that silly.

  3. #33
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by sabbato753 View Post
    If you mean to compare IE vs. Firefox, I'd say you need to not look at the Windows version of FF - a 'nix user on nightly builds (like I am with Google Chrome) IS way safer than a Windows user on IE8 or even on FF.
    I know it's a couple of years old, but here's a somewhat recent study comparing security vulnerabilities in IE on Windows to security vulnerabilities in Firefox on Ubuntu: http://blogs.technet.com/cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-02-59-48-22/ie_2D00_firefox_2D00_vuln_2D00_analysis.pdf

    This one's a bit more recent: http://secunia.com/gfx/Secunia2008Report.pdf

  4. #34
    Quote Originally Posted by disavowed View Post
    I know it's a couple of years old, but here's a somewhat recent study comparing security vulnerabilities in IE on Windows to security vulnerabilities in Firefox on Ubuntu: http://blogs.technet.com/cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-02-59-48-22/ie_2D00_firefox_2D00_vuln_2D00_analysis.pdf

    This one's a bit more recent: http://secunia.com/gfx/Secunia2008Report.pdf
    Good reads, indeed. And should be taken quite seriously that NOTHING is secure without good updating, particularly "stable" branches.

    Personally, though, I use the nightly dev branch of chrome. And for an idea of why I feel more secure...
    http://news.cnet.com/8301-30685_3-20011736-264.html

    Actually, that's probably a fun way for some of the malware reversers on this board to make a few bucks!

    (For the record, I still don't think my way is foolproof or that one should live life on windows without adequate common sense and virus protection...just that there are "safer" ways to do things!)

  5. #35
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    I agree with everything you said in your comment above and am *shocked* this didn't turn into a flame-war

  6. #36
    Quote Originally Posted by disavowed View Post
    I agree with everything you said in your comment above and am *shocked* this didn't turn into a flame-war
    hehe I figure that I'm here to learn. Can't do that if I'm too busy thinking I'm right all the time and know more than everyone!

  7. #37
    Man.......

    As I kept reading this I was thinking,
    "shit this aint gonna end good".

    Nice thread

    Woodmann
    Learn Or Die.

  8. #38
    Quote Originally Posted by disavowed View Post
    any well-funded government agency could get one of their spies hired by a company like Microsoft to steal the code to a given product.
    Alexey Karetnikov, are you there ?
    Please consider donating to help Woodmann.com staying online (here is why).
    Any amount greatly appreciated. Thank you.

Similar Threads

  1. Collaborative RCE Tool Library - official discussion thread
    By dELTA in forum Tools of Our Trade (TOT) Messageboard
    Replies: 60
    Last Post: August 15th, 2012, 01:12
  2. Replies: 10
    Last Post: July 6th, 2008, 08:21
  3. Replies: 1
    Last Post: February 24th, 2008, 18:27
  4. Collaborative RCE Tool Library contents so far
    By dELTA in forum Blogs Forum
    Replies: 7
    Last Post: January 5th, 2008, 12:06
  5. The Collaborative RCE Tool Library
    By Ring3 Circus in forum Blogs Forum
    Replies: 1
    Last Post: December 30th, 2007, 09:13

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •