Is it possible to stop hacking?

[moejoe15]

Is it theoretically possible to make software and hardware that is completely hacker proof? Why do we have this problem? Is it the architecture of the hardware that allows hacking or is it purely software? I don't understand why this problem is allowed to continue. Hackers cause immense damage and yet we tolerate their activities.

 

[I like Serena]

Hi moejoe15!

Yes, there is a way.
Discconnect the computer, put it in a tamper proof box, and throw the key away. ;)

Seriously, that's close to what military personnel usually tries to do.

However, most people want access to the internet, and make use of various services on the internet.
That's what makes them vulnerable, but what can you do?
The cure is worse than the problem.

 

[Dembadon]

A computer is only as secure as its end-user allows. In other words, the most secure system in the world is vulnerable to some nincompoop allowing/installing malicious software and escalating its privileges (intentionally or not) to allow it to do anything it wants.

As an aside: Not to be overly pedantic, but "hacking" or "hackers" can be benign or malicious.

 

[Pengwuino]

It IS possible to make security so difficult that it takes far too much computing power to realistically hack certain systems.

 

[DavidSnider]

You know what the most common computer exploit is? SQL Injection attacks due to software not properly cleaning user inputs before passing it to a commonly shared database.

This isn't due to 'user error'. It's just good old fashion bad programming.

 

[I like Serena]

Note that the SQL injection attack effectively bypasses any security encryption scheme (usually RSA nowadays).

 

[DaveC426913]

Is it theoretically possible to make software and hardware that is completely hacker proof? Why do we have this problem? Is it the architecture of the hardware that allows hacking or is it purely software? I don't understand why this problem is allowed to continue. Hackers cause immense damage and yet we tolerate their activities.

That's like saying I don't understand why inflation is allowed to continue.

It is part of the give and take of life. Consider it to be a form of of - as someone put it - civil disobedience.

 

[Ivan92]

Is it theoretically possible to make software and hardware that is completely hacker proof? Why do we have this problem? Is it the architecture of the hardware that allows hacking or is it purely software? I don't understand why this problem is allowed to continue. Hackers cause immense damage and yet we tolerate their activities.

A quote from Numb3rs: "Anything is hackable." First off, we should not classify all hackers as bad and criminals. There are 3 different types of hackers: White Hat (Ethical) hackers, Black Hat hackers, and a Grey Hat hackers. White Hat hackers are the good guys in which they hack to improve security of software. Black Hat hackers are those who are doing it for criminal activities, personal gains, etc. Grey hats are a mix of both. So hacking is not a problem, but it is how certain people hack that causes mayhem. Also, I for one, do not tolerate black hat hackers. The thing is though White hat and Black hat hackers use the same techniques to hack systems.

 

[Pengwuino]

A quote from Numb3rs: "Anything is hackable." First off, we should not classify all hackers as bad and criminals. There are 3 different types of hackers: White Hat (Ethical) hackers, Black Hat hackers, and a Grey Hat hackers. White Hat hackers are the good guys in which they hack to improve security of software. Black Hat hackers are those who are doing it for criminal activities, personal gains, etc. Grey hats are a mix of both. So hacking is not a problem, but it is how certain people hack that causes mayhem. Also, I for one, do not tolerate black hat hackers. The thing is though White hat and Black hat hackers use the same techniques to hack systems.

"I broke into your house to show you that your windows aren't properly secured."

Shut up Ivan.

Naa jk, but really, my quote stands.

And don't quote TV shows.

 

[Ivan92]

"I broke into your house to show you that your windows aren't properly secured."

LOL! That reminds me of a TV show that followed that same concept. It was called "It Takes a Thief" in the Discovery Channel. There were these former theives who, by permission, rob people's houses to show them how secure they are. They would give them some upgrades in security then they would come back a 2nd time to see if they can rob it again. It was an entertaining show.

Naa jk, but really, my quote stands

I agree with your quote. Some systems are harder to hack than others. However there will always be that person who can figure it out.

And don't quote TV shows.

I say it is a true quote. x)

 

[-Job-]

There are flaws in perhaps most products, but software programs are subject to automation at a large scale.

If hackers had to physically walk within the vicinity of a computer in order to interact with it, they would be a lot less successful. :)

 

[moejoe15]

That's like saying I don't understand why inflation is allowed to continue.

It is part of the give and take of life. Consider it to be a form of of - as someone put it - civil disobedience.

I don't believe it's that simple. It isn't a safe which, since it can be opened by the owner, must theoretically be able to be opened by anyone. A computer has to be accessed remotely to be hacked. It also needs to have its software modified remotely.

 

[DaveC426913]

"I broke into your house to show you that your windows aren't properly secured."

No. "Your house" is a bad analogy.

It's more like "I broke a balcony panel on the building you built to show that the buildings you are putting up - that everyone needs and must trust - aren't safe."

See the diff?

 

[jhae2.718]

As long as Windows is the primary operating system, crackers will continue to have a field day. Security was bolted on as an afterthought to Windows. To their credit, Microsoft has made significant improvements in security in Vista/7, but Windows is still by far the easiest OS to exploit, and the backwards compatibility with earlier versions certainly doesn't help. Most people simply lack the knowledge to properly secure a Windows computer (or http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf"), and even if they did, the effects of a zero-day vulnerability would be much greater given that on Windows platforms (unlike *nix) most users run as an administrator. Once a cracker gets administrative privileges (whether by the user running as admin or through privilege elevation--I recall that 7 still has a bug where malicious code can be used to elevate privileges, but I don't recall if it was fixed.) they in effect "own" the computer. Here adding UAC was an improvement (though sudo is much better implemented), but most people don't want to be bothered and disable it.

-------------------------------------------------

Discconnect the computer, put it in a tamper proof box, and throw the key away. ;)

Would the box be TEMPEST secure?

 

[Dembadon]

... A computer has to be accessed remotely to be hacked. It also needs to have its software modified remotely.

No, it doesn't.

... Once a cracker gets administrative privileges (whether by the user running as admin or through privilege elevation--I recall that 7 still has a bug where malicious code can be used to elevate privileges, but I don't recall if it was fixed.) they in effect "own" the computer. ...

How is it different in Linux? Does a user with root privileges not "own" the computer? Once a cracker gets root privileges: rm -rf /

I'm by no means a Microsoft fanboy, but to imply that Linux doesn't share the same vulnerabilities is fallacious. A system is only as secure as you make it.

 

[I like Serena]

Would the box be TEMPEST secure?

No, only hacker proof.

How is it different in Linux? Does a user with root privileges not "own" the computer? Once a cracker gets root privileges: rm -rf /

I'm by no means a Microsoft fanboy, but to imply that Linux doesn't share the same vulnerabilities is fallacious. A system is only as secure as you make it.

In Windows you basically have to have administrative privilege to do things you want.
It's too much hassle to switch user and some programs do not work properly without administrative privilege.

In Linux, the regular mode of operation is without root privilege.
Only if you need it, you temporarily (and easily) run something with root privilege (nowadays with sudo) and then you have to supply a password.
This is not fool proof, but it is safer.

Beyond that, Windows seems to be the main target of hackers, so there are many more viruses for Windows than for Linux.

 

[moejoe15]

I would like to know how you are going to hack my computer if you don't have remote access. You sure don't have physical access to it.

 

[I like Serena]

I would like to know how you are going to hack my computer if you don't have remote access. You sure don't have physical access to it.

I'll just put a nifty program on the internet that you just have to have.
Or I might infect such a program.
Or else I'll just send my nifty program to you in an email telling you that it's a nifty program you just have to have.

Sooner or later, you will install one of my nifty programs yourself!

 

[Tosh5457]

I would like to know how you are going to hack my computer if you don't have remote access. You sure don't have physical access to it.

If you're connected to the internet, and your operating system or any of the programs you use has vulnerabilities you can get hacked. If you don't have a firewall you can get attacked by pings, which can make your internet connection very slow or even dead.

There is also a technique whose name I can't remember, that sniffs the packets going to a certain IP. That would be very dangerous.

 

[Dembadon]

I would like to know how you are going to hack my computer if you don't have remote access. You sure don't have physical access to it.

You said a computer, not your computer.

I don't believe it's that simple. It isn't a safe which, since it can be opened by the owner, must theoretically be able to be opened by anyone. A computer has to be accessed remotely to be hacked. It also needs to have its software modified remotely.

 

[Evo]

I'll just put a nifty program on the internet that you just have to have.
Or I might infect such a program.
Or else I'll just send my nifty program to you in an email telling you that it's a nifty program you just have to have.

Sooner or later, you will install one of my nifty programs yourself!

But the person gained access to your computer remotely, via download, e-mail whatever, and the information they want is received remotely, so, moejoe is correct. The only way it is not remote is if the hacker is on premise, which many times in a business they may be attacked internally by an employee or contractor.

Personal home computers, rarely an inside job from inside the person's home.

 

[jhae2.718]

How is it different in Linux? Does a user with root privileges not "own" the computer? Once a cracker gets root privileges: rm -rf /

By default in *nix systems, the user is not root, so it's harder to gain the administrative rights. In Windows, the default user is an administrator. Of course, once you have root access the computer is of course "owned". That's true for any platform.

I'm by no means a Microsoft fanboy, but to imply that Linux doesn't share the same vulnerabilities is fallacious. A system is only as secure as you make it.

Where did I imply that Linux doesn't share the same vulnerability? I wrote:

Most people simply lack the knowledge to properly secure a Windows computer, and even if they did, the effects of a zero-day vulnerability would be much greater given that on Windows platforms (unlike *nix) most users run as an administrator.

Of course it's going to be easier to exploit a system where the user is running as root as their primary account. This is commonplace in Windows environments (and it's something that MS has been trying to stop, but there's too many applications that would break if they forced the change.) but very rare with Unix-like operating systems.

But the person gained access to your computer remotely, via download, e-mail whatever, and the information they want is received remotely, so, moejoe is correct. The only way it is not remote is if the hacker is on premise, which many times in a business they may be attacked internally by an employee or contractor.

Personal home computers, rarely an inside job from inside the person's home.

Drop flash drives with Autorun malware in public locations. People pick up, thinking either, "Free flash drive!" or try and see what's on it to return. A lot of people will have Autorun turned on, so there should be a good return of infections. Still it's much easier to just host a drive-by download site or similar.

 

[Dembadon]

By default in *nix systems, the user is not root, so it's harder to gain the administrative rights. In Windows, the default user is an administrator. Of course, once you have root access the computer is of course "owned". That's true for any platform.

I don't believe the administrator user in Windows offers the same permissions as the root user in Linux. I'm not sure though, so I'll have to look it up and provide a link.

That said, I guess I'm not sure I understand the point you were trying to make with:

... Once a cracker gets administrative privileges ... they in effect "own" the computer. ...

When discussing the vulnerabilities of an operating system, I don't see a reason to mention the above unless you believe that the situation is exclusive to one of them, in this case: Windows. If you were referring to hacking in general, then your statement makes sense, but I assumed you were trying to support your stance that Windows is the more vulnerable operating system, so that's why I was confused with the use of an argument that doesn't really show a unique vulnerability between the two.

In the end, I think we can agree that neither OS is safe from a user/cracker/hacker with "admin" privileges. How easy it is to gain those privileges is highly dependent upon how the system was set up and how well it's monitored.

 

[jhae2.718]

If I was ambiguous, I apologize.