The perfect operating system....

Anyway, the perfect OS for me for now would be the "Perfect Hypervisor", that enables me to convey what hardware under the hypervisor without giving it a full control. I prefer a Hypervisor that doesn't virtualize everything 100%, so by this case, if my underlying 3D accelerator hardware is made by NVIDIA, then all of my guest OS running on top of my Hypervisor MUST install Nvidia display driver and including the hypervisor it self (by installing nvidia hypervisor display driver of somekind). Everything runs at close to native speed yet still enabled me to run multiple OS using bare metal approach... The base of this technology is already there, it's called IOMMU, I don't know when Intel/AMD/Nvidia will enable users to exploit it...

zzz2496

Edit: If I can't have a perfect OS now, I'd be glad to be able to run many close to perfect OS side by side...

zzz2496 said:

Lordbob75, unless you know what/how Firewalls work, please don't say anything like "Second, firewalls can be by-passed.". There are MANY Different types of firewalls. Microsoft gave you the basic form of firewall. If you use an enterprise grade firewall and make it "super safe", as in nothing from "Internet" can go in, and everything that wants to go out are always checked, there is virtually NO WAY you can "bypass" it... Most of enterprise grade firewalls can even shutdown the connection if "something happens", which is not great for hackers... Some of them even have Deep Packet Inspection module. It could actually see what's coming and going... Unless you know what you're talking about, don't say a foolish things about firewall... Please.

CommonTater said:

Microsoft has people so totally brainwashed... it's sad really.

When on Win2000 --before there were automatic updates-- I would get up in the morning, turn on my computers, go grab a coffee, flip through my email, maybe catch up with a forum ot two... and then fire up one of my programming languages and start pounding code... No Firewalls, No Automatic Updates, No System Restore... and here I am creating programs that well could have mangled my system through my own error... and you know what? In all those years... Not one problem that I didn't cause for myself... Not one.

Now the scernario has change radically... We all NEED our Auto-this and Reversible-that... or we think we're going to die... So some dumbass programmer at microsoft makes a change in a DLL, sends it out on Automatic Updates because he's miles behind his quota... We all very obediently install this latest and greatest update to our systems and within a few minuts about half the world starts having problems with their machines... It CAN'T be the OS... it's perfect. It CAN'T be this update, they're good for us... So why is my computer --the one that worked right for years-- suddenly giving me all this grief.

In point of fact... Once your system is stable and working... Automatic updates are far more likely to cause problems than they are to fix them.

Really... think about it... You're saying "What if I did something with my software that caused problems"... but you are perfectly willing to let a huge corporation on the far side of the continent do exactly that, without your consent and possibly without your knowledge...

Ok, so two things:
1) You are really going to argue that you can make a firewall 100% unhackable, 100% sercure?
Seriously?

2) I never once said that an Update had no chance of doing something bad, I merely said that they can fix things that you may not have known were broke.

~Lordbob

Lordbob75 said:

zzz2496 said:

Lordbob75, unless you know what/how Firewalls work, please don't say anything like "Second, firewalls can be by-passed.". There are MANY Different types of firewalls. Microsoft gave you the basic form of firewall. If you use an enterprise grade firewall and make it "super safe", as in nothing from "Internet" can go in, and everything that wants to go out are always checked, there is virtually NO WAY you can "bypass" it... Most of enterprise grade firewalls can even shutdown the connection if "something happens", which is not great for hackers... Some of them even have Deep Packet Inspection module. It could actually see what's coming and going... Unless you know what you're talking about, don't say a foolish things about firewall... Please.

CommonTater said:

Microsoft has people so totally brainwashed... it's sad really.

When on Win2000 --before there were automatic updates-- I would get up in the morning, turn on my computers, go grab a coffee, flip through my email, maybe catch up with a forum ot two... and then fire up one of my programming languages and start pounding code... No Firewalls, No Automatic Updates, No System Restore... and here I am creating programs that well could have mangled my system through my own error... and you know what? In all those years... Not one problem that I didn't cause for myself... Not one.

Now the scernario has change radically... We all NEED our Auto-this and Reversible-that... or we think we're going to die... So some dumbass programmer at microsoft makes a change in a DLL, sends it out on Automatic Updates because he's miles behind his quota... We all very obediently install this latest and greatest update to our systems and within a few minuts about half the world starts having problems with their machines... It CAN'T be the OS... it's perfect. It CAN'T be this update, they're good for us... So why is my computer --the one that worked right for years-- suddenly giving me all this grief.

In point of fact... Once your system is stable and working... Automatic updates are far more likely to cause problems than they are to fix them.

Really... think about it... You're saying "What if I did something with my software that caused problems"... but you are perfectly willing to let a huge corporation on the far side of the continent do exactly that, without your consent and possibly without your knowledge...

Ok, so two things:
1) You are really going to argue that you can make a firewall 100% unhackable, 100% sercure?
Seriously?

2) I never once said that an Update had no chance of doing something bad, I merely said that they can fix things that you may not have known were broke.

~Lordbob

YES.

zzz2496

Lordbob75, I have several reading material for you:
1. NAT
2. PAT
3. IDS
4. IPS
5. DPI
6. Stateful firewall

These are technologies that are used for keeping a network safe. If you want 100% safety, stack these technologies several layers deep, it won't miss anything, but... it'll cost you 5 to 6 digit figures, maybe more and each month will cost you quite some money to pay the network administrator and several log analyzers. But it will give you 100% bulletproof network defense.

zzz2496

P.s: To compare this kind of setup with regular "modem/router/firewall box that came from ISP" setup -> Little box from ISP = "a door made from piece of thin paper" defense equipment, the setup above is a nuclear/ICBM proof self sustaining underground facilities complete with multi level security checks with multi level monitoring (audio/visual/thermal/motion/weight) system.

CommonTater said:

Lordbob75 said:

1) You are really going to argue that you can make a firewall 100% unhackable, 100% sercure?
Seriously?

You have to understand how these things work...

Before you are going to gain access to anything you have to be able to connect to a PORT on the firewall. A Port is merely a software contrivance consisting of a channel number inside a TCP/IP packet. Now... even if you do manage to connect to a port, you've accomplished nothing unless there is something LISTENING to that port. Listening simply means repeatedly checking the buffers for a port to see if there's anything there. Even then you still have to pass commands "Send File", "Format C:" whatever, that the listener (or client) knows how to execute. This by itself is extremely secure...

TCP connects are not simple processes either. There is an entire protocal defined for connecting to a port. Get it wrong and it won't connect. Opening a port in Winsock networking (as defined in the Windows Software Development Kit) is a process of about 15 to 20 software steps involving half a dozen procedure calls. Connecting to that port is almost as complex again. Merely knowing someone's IP address gets you nothing... You can't simply stuff commands into their address and watch their system melt no matter how hard you try.

Now add in a Firewall that basically takes packets from the WAN side and drops them unless a listener is holding the target port open and you've got a pretty much impenitrable barrier. Opening a port on a router's firewall is a whole protocal of it's own as well... I can set up a listener on my computer, opening as many ports as I want to and the router is happy to simply ignore them unless I complete a set of commands sent to --and here we go-- a specific port on the router's admin IP, following it's own listener's protocals for opening an outide port for incomming connections...

The net result of this is that when correctly set up your attempts to bypass the firewall will simply result in whatever packets you send to that IP address disappearing into thin air. No connection, no entry... no listener, no entry... no protocal, no entry... and on and on.

In fact, as I commented earlier most hacking is opportunistic. Some "just smart enough to be dangerous" IT guy leaves a system admin port open AND the router is not protecting it AND you happen to know the protocals... MAYBE you could get inside and try some telnet...

Really, I kid you not... This TV show stuff where some guy gets into a computer in 20 seconds or less, wrecks havoc on it and then leaves no trace... it simply that... TV show stuff. In real life it's as simple as "If you can't connect to it, you are crap out of luck."

CommonTater... really? You really typed it all? I have to commend your generosity, supplying all that info... I've had my time - all I do now is link them to some materials that I know... You are one good person, CommonTater
zzz2496

CommonTater said:

Really, I kid you not... This TV show stuff where some guy gets into a computer in 20 seconds or less, wrecks havoc on it and then leaves no trace... it simply that... TV show stuff. In real life it's as simple as "If you can't connect to it, you are crap out of luck."

Never once have I said it was easy or plausible.
I merely said it could be done.

I still maintain that no firewall can be 100% secure, no matter what. There will always be a way past it.

CommonTater, that was a well written explanation, thank you. Still, no matter how secure you believe it can be, there are 2 problems:
1) Whether it is possible to actually combine them all (I don't actually know)
2) There will still be a way around it.

While I may sound paranoid or something saying all this, I am just saying that it is impossible for anything to be 100% secure.
Also, I am only in High School (senior) and I will be going to college as a Computer Engineer starting this September. I have zero experience working in the real world, and have yet to learn a lot of what most members on here already know.
That said, I don't mean that I don't know anything either...

~Lordbob

CommonTater said:

Lordbob75 said:

1) You are really going to argue that you can make a firewall 100% unhackable, 100% sercure?
Seriously?

You have to understand how these things work...

Thank you for taking the time to explain this. I learned.