Re: Tor server using Vista?
On Fri, Jan 04, 2008 at 07:23:38AM -0500, Ringo Kamens wrote: This is certainly not adviseable because of the lack of security built into windows and the possible backdoors. Anonymity systems like Tor are designed to be resistant to bad nodes, even when the operator of the node is a bad guy. Working on this premise, how can the security weakness of Windows be sufficient justification for not running a Tor node on it? Certainly some degree of caution and careful monitoring would be advisable but this holds true when opening any public service. Running a Tor server on Vista seems like a very good idea, if only to provide the developers with feedback on how well it works. Steve -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments signature.asc Description: Digital signature
Re: Tor server using Vista?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ringo Kamens wrote: This is certainly not adviseable because of the lack of security built into windows and the possible backdoors. I ain't no Windows-advocate but I find this argument a bit weak. Nowadays all the modern operating systems have the same problems: To much installed services by default, weak administration and the general reluctance of users to pay attentions to security-updates and best-practise when it comes to using common sense. Though there's a technical problem with Windows which Roger explained on his talk at 24C3 [1], it eventually runs out of sockets due to the way Windows allocates non-pageable memory-areas. Comrade Ringo Kamens Alex. [1] http://outpost.h3q.com/fnord/24c3-torrents/24c3-2325-en-current_events_in_tor_development.mkv.torrent -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR34+ChYlVVSQ3uFxAQJcQwP+IuGKXu1XCpruFPGOk4J62wBvH/5X575E z0Bf/ubzBQTckD31kBa/fxGezk4pnWW8GfR++viBfNefV3R15/ZFK6pwn51vR+3v RbUDyeLLZuUrrI0e8niHwxVS2EFW7ZmvlPiBgJK4heLenGjnQge2Gom9zd+Cen10 4ypC2Z9SpAQ= =wdZT -END PGP SIGNATURE-
Re: Tor server using Vista?
On Fri, Jan 04, 2008 at 03:09:16PM +0100, Alexander W. Janssen wrote: I ain't no Windows-advocate but I find this argument a bit weak. Nowadays all the modern operating systems have the same problems: To http://openbsd.org/ is not a modern operation system? FreeBSDs? Even modern Linux distros, with security hardening? much installed services by default, weak administration and the general reluctance of users to pay attentions to security-updates and best-practise when it comes to using common sense. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: Tor server using Vista?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eugen Leitl wrote: On Fri, Jan 04, 2008 at 03:09:16PM +0100, Alexander W. Janssen wrote: I ain't no Windows-advocate but I find this argument a bit weak. Nowadays all the modern operating systems have the same problems: To http://openbsd.org/ is not a modern operation system? FreeBSDs? Even modern Linux distros, with security hardening? That's not what I said. OpenBSD might be a rare exception, but you need to take into account that it's mostly used by people who know what they're doing. As for Linux, even though some distributions have SELinux enabled by default, most of the people seem to shut it down for convenience reasons. much installed services by default, weak administration and the general reluctance of users to pay attentions to security-updates and best-practise when it comes to using common sense. That's my explanation which is still valid. Alex. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR35MnBYlVVSQ3uFxAQLkTAQAnTAChoaCg6L6KRN81vW7UP7Za/0zDlyp 97W1Fj6W9ig1KdjrbMY0NJdhLTUOKOGxkG2nFW2sQq5YBzFxG5FYViU3ruuf8cqQ mdJYmY4A8aVDUvWekceLhzPDV8M8lfuZlwhUmo7exdARKszgD2rGBmAHqCrlXmdd l6WBqVGwD2o= =SzTM -END PGP SIGNATURE-
Re: Tor server using Vista?
Algenon, I agree with Steve. I recommend running tor server on Vista, so that You can report bugs to the developers. About security: Ringo thinks running Tor on Windows is a security risk because of backdoors. But every OS has bugs, including linux, unix, bsd, mac OS. And probably almost every program running on any OS isn't programmed in an optimal way, and probably a majority contains bugs. There is no perfect program, and there is no perfect OS. Ask any engineer/programmer you know, and he will confirm this. When running Tor+Vidalia+Privoxy on Vista, the biggest security risk will probably be one of these three programs, rather than Vista itself. Tor+Vidalia+Privoxy will probably contain bugs that create security risks on your computer. So in my opinion, you should only run a Tor server on a Vista computer without important documents. I wouldn't myself run a Tor server on a computer that I use to access banks, or a computer where I store my digital pictures, work/school documents, and other important things. I run my server on a computer only used for unimportant programs that don't need a secure environment. If a hacker would format the hard drive, or delete files it wouldn't matter much. (I have a backup of everything of any importance on my server, but 99% is of low importance.) Others run a Tor server on a dedicated server. This is of course the best solution, but not a very effective use of a computer's resources. When running a dedicated Tor server you have the possibility to run a very secure OS, like a minimalistic ultra secure version of linux or bsd. So the only reason to run a dedicated Tor server on Vista is for testing purposes. If you want to run a Tor server on a PC that contain your digital pictures and other important things, make backups often. If you use your computer to access your bank(s) don't run: a Tor server, file sharing program, web-server, ftp-server, or other server programs that are accessible from the outside. Those programs are probably a bigger security risk than Windows itself, as Microsoft almost weekly update their security problems through windows updates. /Vikingserver Steve Crook skrev: On Fri, Jan 04, 2008 at 07:23:38AM -0500, Ringo Kamens wrote: This is certainly not adviseable because of the lack of security built into windows and the possible backdoors. Anonymity systems like Tor are designed to be resistant to bad nodes, even when the operator of the node is a bad guy. Working on this premise, how can the security weakness of Windows be sufficient justification for not running a Tor node on it? Certainly some degree of caution and careful monitoring would be advisable but this holds true when opening any public service. Running a Tor server on Vista seems like a very good idea, if only to provide the developers with feedback on how well it works. Steve
Re: Tor server using Vista?
Alexander W. Janssen wrote: I ain't no Windows-advocate but I find this argument a bit weak. Nowadays all the modern operating systems have the same problems: To much installed services by default, weak administration and the general reluctance of users to pay attentions to security-updates and best-practise when it comes to using common sense. Amen to that. Out of all the systems I've administered, I've had zero Windows boxes compromised and one Linux box. And that isn't because Linux is less secure - it's because I knew Windows a lot better by the time I started doing stuff online, and I didn't know enough Linux at the time to realize I was making a horrible security vulnerability with one bad decision. The most secure operating system in the world will be insecure in the hands of someone who doesn't understand it. The least secure operating system - which is probably Windows at the moment - can still be run quite securely if you keep on top of it. I use Windows as a desktop system, and keep it behind an OpenBSD firewall/router. If for some reason I felt like this was the system I had to run a Tor server on, I'd run it on this system with little worry of compromise. -Ben
