About Microsoft vs. LINUX security
Last few days i sat in a strategy conference. I was invited to show some exploits, how NSA or other 'forces' could get behind a firewall, opening a channel, transporting data into the internet.
Took my old notebook - Windows XP installed from scratch during the session (all M$ original software from recovery DVD), surfed to some porn sites. A parallel network sniffer connected, showing the traffic between this M$ machine and internet (via firewall). Suddenly, shortly after downloading some "pretty girls pictures" magically a data stream opened from this M$ machine towards the internet. Even closing the browser didn't help. Target server - unknown, no forward, no reverse DNS. "traceroute" blocked after a few hops!
Opening same homepage with my Google Android 4.4.2 Nexus tablet, nothing happened. Network sniffer quiet. Then i downloaded these pics - opened 'gallery', the Android pic viewer - black pics. No image.
Then we surfed again with a brand new Windows 8.1 notebook to these sites. Network traffic showed up again transporting data from the intranet - over the firewall - directly into the internet. Target - different IP.
Of course i have analysed these 'magic jumping images'
. I call them 'jumping images', because in some image viewers, the image suddenly pops up, becomes bigger, for just a fraction of a second.
There are many image formats out there, which show animation. When you insert a larger image between smaller frames, typically a buffer or heap overflow occurs. Since most graphic libraries, expecially the "animation routines" are highly speed optimized, like everything, that is 'time/cpu critical', programmers mostly leave away security checks, like checking array bounds ...There attackers hide their code. Any code.
This way, they, in fact, do transport root kits onto hosts (admins hosts!?) behind any firewall, also hidden e.g. in Outlook links/embedded images/attachments.
Remember: "The sum of users in a company finally have access to all enterprise resources, independent of any security mechanisms implemented!"
Google, according to their mailing lists and several press articles, since long time now know about these 'jumping images' (how i call them) and Google systematically filters/deletes/converts these. On tablets, in the cloud, in mails (by automatically filtering, not by looking into private mails!!!) - simply everywhere.
Surfing with LINUX and Firefox, Google Chrome - no problem so far.
Now i installed several virus scanners, one by one. Symantec, Intel,..."No virus found!" Just one virus scanner by a small company coming from Finnland, directly found this trojan horse. And this scanner even found a virus on my Android tablet during this session, which rather looked a 'false positive', but ok...
Ok, lets sum up facts:
One US company, despite knowing about this security hole, doesn't remove it. Not even in their latest incarnation of software.
The second US company is not willing to detect this security hole, despite knowing about it.
The third US company routes traffic world wide directly into the NSA HQ.
The fourth US company produces 'silent proxies'
, which, put just behind a providers dial in routers, dramatically reduces network traffic on servers, e.g. at 'patch day', where million of OS'es download at the same time. But these 'silent proxies' also can work as 'Man In The Middle'
for helping with SSLv2 MITM attacks
Now about their respective owners/shareholders. If you please would direct your attention to the 'Top institutional holders'
Draw your own conclusions!
P.S.: After surfing just a few days with Windows XP i found 117!!! different viruses/trojans. Windows 8.1 just 9 till now, Linux - 0!
I've heard, Microsoft stops support for Windows XP in 2014. What support!!!???