hippy
Posts: 6107
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: NHS attack on WinXP; would an RP be safer?

Thu May 25, 2017 8:55 am

http://www.theregister.co.uk/2017/05/25 ... a_security

"a remote code execution bug that applies to all versions newer than Samba 3.5.0"

That may affect Pi users; my Samba reports it is version 4.2.14

hortimech
Posts: 323
Joined: Wed Apr 08, 2015 5:52 pm

Re: NHS attack on WinXP; would an RP be safer?

Thu May 25, 2017 6:10 pm

Then upgrade Samba, patches to fix this have been supplied to Debian and new version of Samba is in Debian Jessie security, so should be in Raspbian, if it isn't, complain to Raspbian, not Samba.

hippy
Posts: 6107
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: NHS attack on WinXP; would an RP be safer?

Thu May 25, 2017 7:20 pm

Sorry I wasn't clear; I wasn't complaining as such, more noting that Pi's as well as Windows, and anything else, may have bugs which, when unpatched, may leave them as vulnerable as anything else.

Some had suggested Linux was safe because it didn't have the Windows SMBv1 bug. That's very true, but as noted, Samba can have its own vulnerabilities.

hortimech
Posts: 323
Joined: Wed Apr 08, 2015 5:52 pm

Re: NHS attack on WinXP; would an RP be safer?

Fri May 26, 2017 8:08 am

You are correct, but only as far as saying unpatched systems may be vulnerable to attack, this goes for any OS.

I cannot speak for anything other than Samba,, but I am sure that other packages have similar set ups. If a possible security problem is reported to Samba, it is checked and if found to be a valid concern, a CVE number is obtained and a fix quickly worked on. Until the fix is ready, this is all done in secret, no need to give the bad hats an head up. Once the fix is ready, anybody who needs to provide updated packages is informed and a release date is decided and the patches are released on that date.

So, yes, unpatched systems are vulnerable, but only if the vulnerability is well known and Samba tries its best to make sure this doesn't happen.

User avatar
bensimmo
Posts: 4184
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: NHS attack on WinXP; would an RP be safer?

Fri May 26, 2017 10:39 am

I think the point is, it's unpatched Windows that where mainly hit (Win7).
A patch and fix had been made and put out to the patching system.
w.r.t. the topic of this thread, would the Pi be safer, hence showing it may not be if people do not patch.

mredig
Posts: 1
Joined: Sat May 27, 2017 8:06 pm

Re: NHS attack on WinXP; would an RP be safer?

Sat May 27, 2017 8:09 pm

https://www.debian.org/security/2017/dsa-3860

Debian was patched and the Raspbian version numbers match.

stderr
Posts: 2178
Joined: Sat Dec 01, 2012 11:29 pm

Re: NHS attack on WinXP; would an RP be safer?

Sun May 28, 2017 2:16 am

hortimech wrote:You are correct, but only as far as saying unpatched systems may be vulnerable to attack, this goes for any OS.
So you aren't really saying anything. Of course something that is vulnerable to something and isn't patched against it is vulnerable. The relevant question between Windows whatever and Linux whatever, if people want to argue it, is whether one or the other is more vulnerable, either with or without patches. I think it should be clear though that Linux has fewer exploits that are actually being exploited.

hortimech
Posts: 323
Joined: Wed Apr 08, 2015 5:52 pm

Re: NHS attack on WinXP; would an RP be safer?

Sun May 28, 2017 3:02 pm

I was stating a fact, any un-patched system is vulnerable to whatever a patch is meant to fix. With reference to the Samba update, there have been reports of a ransomware spreading, so if you haven't upgraded Samba, I would do it now.

Heater
Posts: 13701
Joined: Tue Jul 17, 2012 3:02 pm

Re: NHS attack on WinXP; would an RP be safer?

Sun May 28, 2017 9:12 pm

Extrapolating that we can say that "Any patched system is vulnerable".

It's just that we have not found the vulnerabilities yet.

Or perhaps your new updated versions of whatever software introduced vulnerabilities it did not have before!
Memory in C++ is a leaky abstraction .

runboy93
Posts: 352
Joined: Tue Feb 28, 2017 1:17 pm
Location: Finland
Contact: Website

Re: NHS attack on WinXP; would an RP be safer?

Sun May 28, 2017 10:01 pm

There should be hack team unique only to RPi, linux is linux but RPi has own problems too.

Heater
Posts: 13701
Joined: Tue Jul 17, 2012 3:02 pm

Re: NHS attack on WinXP; would an RP be safer?

Sun May 28, 2017 11:41 pm

runboy93,
There should be hack team unique only to RPi, linux is linux but RPi has own problems too.
What problems are you referring to there?

If you know of any security vulnerabilities in Raspian I hope you can notify the relevant package maintainers or divulge them here perhaps.
Memory in C++ is a leaky abstraction .

User avatar
ab1jx
Posts: 868
Joined: Thu Sep 26, 2013 1:54 pm
Location: Heath, MA USA
Contact: Website

Re: NHS attack on WinXP; would an RP be safer?

Mon May 29, 2017 2:44 am

Have you looked into Peoplesoft? They have at least hospital management software, with patient records, HR, purchasing, I'm fairly sure. They're flexible in that they do customizations and send out consultants to help you convert over. They're comfortable in a multi-platform environment. Their databases are mostly Oracle which I think is also available under Linux. They have a web front end to just about everything which of course every one can log into and use. There's a highly evolved system of permissions that are usually assigned on a need-to-know basis. They control rights to fields in tables or options in interfaces.

I worked for a large state university in the US which replaced a literally pre-Windows in-house system on IBM mainframes with Peoplesoft. It took a few years and had many snags, I don't know how many million $ were spent. It was worthwhile, it's an impressive system. They have different packages for different industries.

One of the strengths of Unix in general is that it's been around for decades and has been hacked by hundreds of college students, which in the end made it stronger and more secure. Microsoft sticks security band-aids over their holes as they're found but inside it's still a single-user operating system. Too often they sacrifice security for convenience and profit. You can examine and update your system through a web browser? That's pretty scary. Convenient and a big selling point but safe? Mostly not. For 16 years I chased viruses as part of a living, I'm glad to be retired from that.

User avatar
DavidS
Posts: 4334
Joined: Thu Dec 15, 2011 6:39 am
Location: USA
Contact: Website

Re: NHS attack on WinXP; would an RP be safer?

Mon May 29, 2017 1:13 pm

Yes more Windows PC's are attacked than Linux PC's. Yes there are differences in the level and regiment of security across OS sources. Yes there are well known holes in just about every system. Yes keeping up to date is extremely important for any system. Yes Windows is the most used system in many applications. Yes had MS stuck to OS/2 there is a large probability we would have something better today.

These things said, I would keep an eye on ReactOS. Windows is one of the most used desktop/server/laptop operating systems, especially in commercial settings. ReactOS is the first open source solution that stands a chance of truly being capable of replacing many Windows installations, once it becomes complete enough (which it really is getting close now). This because ReactOS is a Windows NT clone that is open source.

So rather than complain do something. How ever little, get things closer to being able to do something about the situation, get ReactOS to be able to stably and reliably run the applications that are needed, so that ReactOS can be recommended as a replacement to the Windows NT installations that are currently having difficulty being kept up. Make sure to include a way to make keeping ReactOS up to date on these installations simple.
RPi = The best ARM based RISC OS computer around
More than 95% of posts made from RISC OS on RPi 1B/1B+ computers. Most of the rest from RISC OS on RPi 2B/3B/3B+ computers

Heater
Posts: 13701
Joined: Tue Jul 17, 2012 3:02 pm

Re: NHS attack on WinXP; would an RP be safer?

Mon May 29, 2017 3:52 pm

ReactOS is brilliant and all but it's not going anywhere. As far as I can tell ReactOS is written in x86 assembler. It's never going to work on ARM or RISC V or anything else. Looks like a step back to the stone age of computing to me.
Memory in C++ is a leaky abstraction .

User avatar
DavidS
Posts: 4334
Joined: Thu Dec 15, 2011 6:39 am
Location: USA
Contact: Website

Re: NHS attack on WinXP; would an RP be safer?

Mon May 29, 2017 4:14 pm

Heater wrote:ReactOS is brilliant and all but it's not going anywhere. As far as I can tell ReactOS is written in x86 assembler. It's never going to work on ARM or RISC V or anything else. Looks like a step back to the stone age of computing to me.
ReactOS is written mostly in C with some C++. ReactOS has already been ported to ARM, and a few others, just not the official branch yet.

So ReactOS is going to go somewhere, it is already attracting more and more attention.
RPi = The best ARM based RISC OS computer around
More than 95% of posts made from RISC OS on RPi 1B/1B+ computers. Most of the rest from RISC OS on RPi 2B/3B/3B+ computers

User avatar
DavidS
Posts: 4334
Joined: Thu Dec 15, 2011 6:39 am
Location: USA
Contact: Website

Re: NHS attack on WinXP; would an RP be safer?

Mon May 29, 2017 4:23 pm

Heater wrote:ReactOS is brilliant and all but it's not going anywhere. As far as I can tell ReactOS is written in x86 assembler. It's never going to work on ARM or RISC V or anything else. Looks like a step back to the stone age of computing to me.
ReactOS is written mostly in C.

The ARM port, some information:
https://www.reactos.org/wiki/ARM_Port

Other ports, a little information:
https://reactos.org/wiki/ReactOS_ports

These ports may not currently be actively maintained, though it is proof that ReactOS is quite portable.

Also Russia has an simi-official interest in ReactOS:
https://reactos.org/project-news/reacto ... dom-effort
AND:
http://www.bristolwireless.net/blog/201 ... ternative/

And there are a lot of other references I could use to show how much ReactOS is going to make some level of splash. ReactOS is already going places, and the development pace is improving, now that they have resources to keep paid developers on staff.

Though I figure that the above is enough of a dip into the world of ReactOS to show that it is a very capable system that is making a significant dent in the future Win32 OS market already.
RPi = The best ARM based RISC OS computer around
More than 95% of posts made from RISC OS on RPi 1B/1B+ computers. Most of the rest from RISC OS on RPi 2B/3B/3B+ computers

hippy
Posts: 6107
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: NHS attack on WinXP; would an RP be safer?

Mon May 29, 2017 6:16 pm

I'd forgotten ReactOS. Last time I looked it must have been a decade ago when it seemed it had a long way to go. Looks like it still has given my Live CD hangs on "Loading system hive..." and needed a power-cycle reboot on a PC which I use to test Live systems which works fine with PIXEL X86, various other Debians and RPM-based systems, 32-bit and 64-bit. YMMV.

ReactOS was an interesting idea when floated back in the day, might still be for people who want a non-Microsoft 'XP experience' on an X86, but I suspect it's only going to have niche appeal. I think they missed the boat.

Only if it ran on a Pi and had some transparent means to run Windows X86 binaries would I jump up and take notice of it. I don't have a problem with Raspbian on Pi and, even if I did, I am not sure ReactOS would be the solution.
Last edited by hippy on Mon May 29, 2017 6:20 pm, edited 1 time in total.

User avatar
DavidS
Posts: 4334
Joined: Thu Dec 15, 2011 6:39 am
Location: USA
Contact: Website

Re: NHS attack on WinXP; would an RP be safer?

Mon May 29, 2017 6:20 pm

hippy wrote:I'd forgotten ReactOS. Last time I looked it must have been a decade ago when it seemed it had a long way to go. Looks like it still has given my Live CD hangs on "Loading system hive..." and needed a power-cycle reboot on a PC which I use to test Live systems which works fine with PIXEL X86, various other Debians and RPM-based systems, 32-bit and 64-bit. YMMV.

ReactOS was an interesting idea when floated back in the day, might still be for people who want a non-Microsoft 'XP experience' on an X86, but I suspect it's only going to have niche appeal. I think they missed the boat.

Only if it ran on a Pi and had some transparent means to run Windows X86 binaries would I jump up and take notice of it. I don't have a problem with Raspbian on Pi, and even if I did, I am not sure ReactOS would be the solution.
There are HW support issues with some systems for ReactOS. It will run on many systems, others it will hang. If it runs though it already runs a lot of stuff, and is more stable than I remember XP being.

Give it some time, I think a Raspberry port is likely. Though it will not run x86 PE binaries, it will be for ARM native PE binaries. Someone may figure out a simple x86 emulation layer for it one day.
RPi = The best ARM based RISC OS computer around
More than 95% of posts made from RISC OS on RPi 1B/1B+ computers. Most of the rest from RISC OS on RPi 2B/3B/3B+ computers

Heater
Posts: 13701
Joined: Tue Jul 17, 2012 3:02 pm

Re: NHS attack on WinXP; would an RP be safer?

Tue May 30, 2017 6:32 am

Ah, David, yes, it seems I have my wires crossed somewhere. ReactOS is not written in x86 assembler.

Looks like a lot of brilliant work by many people to reproduce Windows.

Still not sure I get the point of it all though.
Memory in C++ is a leaky abstraction .

Return to “Off topic discussion”