Is it possible to stop hacking?

  • Thread starter Thread starter moejoe15
  • Start date Start date
  • Tags Tags
    Hacking
Click For Summary

Discussion Overview

The discussion revolves around the theoretical possibility of creating software and hardware that is completely hacker-proof. Participants explore the reasons behind persistent hacking issues, questioning whether the vulnerabilities stem from hardware architecture or software design. The conversation touches on the implications of hacking, the classification of hackers, and the challenges of achieving security in computing systems.

Discussion Character

  • Debate/contested
  • Conceptual clarification
  • Technical explanation

Main Points Raised

  • Some participants propose that complete security is theoretically possible but may require extreme measures, such as disconnecting systems from the internet.
  • Others argue that the security of a computer is heavily dependent on the end-user's actions, suggesting that even the most secure systems can be compromised through user error.
  • A participant notes that SQL injection attacks are a common exploit due to poor programming practices, rather than user error.
  • There is a viewpoint that while some systems can be made very difficult to hack, there will always be individuals capable of finding vulnerabilities.
  • Some participants discuss the classification of hackers into categories such as White Hat, Black Hat, and Grey Hat, emphasizing that not all hacking is malicious.
  • Concerns are raised about the security of operating systems, particularly Windows, which is perceived as more vulnerable compared to others like Linux.
  • One participant challenges the analogy of hacking to physical break-ins, arguing that the nature of computer access is fundamentally different.
  • There is a discussion on the implications of administrative privileges and how they affect system security across different operating systems.

Areas of Agreement / Disagreement

Participants express a range of views on the nature of hacking and security, with no clear consensus on whether complete hacker-proof systems are achievable or on the effectiveness of current security measures. Multiple competing views remain regarding the classification of hackers and the security of different operating systems.

Contextual Notes

Participants highlight various assumptions about user behavior, programming practices, and the inherent vulnerabilities of different operating systems. The discussion reflects a complex interplay of technical and conceptual issues without resolving the underlying uncertainties.

moejoe15
Messages
8
Reaction score
0
Is it theoretically possible to make software and hardware that is completely hacker proof? Why do we have this problem? Is it the architecture of the hardware that allows hacking or is it purely software? I don't understand why this problem is allowed to continue. Hackers cause immense damage and yet we tolerate their activities.
 
Computer science news on Phys.org
Hi moejoe15! :smile:

Yes, there is a way.
Discconnect the computer, put it in a tamper proof box, and throw the key away. ;)

Seriously, that's close to what military personnel usually tries to do.

However, most people want access to the internet, and make use of various services on the internet.
That's what makes them vulnerable, but what can you do?
The cure is worse than the problem.
 
A computer is only as secure as its end-user allows. In other words, the most secure system in the world is vulnerable to some nincompoop allowing/installing malicious software and escalating its privileges (intentionally or not) to allow it to do anything it wants.

As an aside: Not to be overly pedantic, but "hacking" or "hackers" can be benign or malicious.
 
It IS possible to make security so difficult that it takes far too much computing power to realistically hack certain systems.
 
You know what the most common computer exploit is? SQL Injection attacks due to software not properly cleaning user inputs before passing it to a commonly shared database.

This isn't due to 'user error'. It's just good old fashion bad programming.
 
Note that the SQL injection attack effectively bypasses any security encryption scheme (usually RSA nowadays).
 
moejoe15 said:
Is it theoretically possible to make software and hardware that is completely hacker proof? Why do we have this problem? Is it the architecture of the hardware that allows hacking or is it purely software? I don't understand why this problem is allowed to continue. Hackers cause immense damage and yet we tolerate their activities.

That's like saying I don't understand why inflation is allowed to continue.

It is part of the give and take of life. Consider it to be a form of of - as someone put it - civil disobedience.
 
moejoe15 said:
Is it theoretically possible to make software and hardware that is completely hacker proof? Why do we have this problem? Is it the architecture of the hardware that allows hacking or is it purely software? I don't understand why this problem is allowed to continue. Hackers cause immense damage and yet we tolerate their activities.
A quote from Numb3rs: "Anything is hackable." First off, we should not classify all hackers as bad and criminals. There are 3 different types of hackers: White Hat (Ethical) hackers, Black Hat hackers, and a Grey Hat hackers. White Hat hackers are the good guys in which they hack to improve security of software. Black Hat hackers are those who are doing it for criminal activities, personal gains, etc. Grey hats are a mix of both. So hacking is not a problem, but it is how certain people hack that causes mayhem. Also, I for one, do not tolerate black hat hackers. The thing is though White hat and Black hat hackers use the same techniques to hack systems.
 
Ivan92 said:
A quote from Numb3rs: "Anything is hackable." First off, we should not classify all hackers as bad and criminals. There are 3 different types of hackers: White Hat (Ethical) hackers, Black Hat hackers, and a Grey Hat hackers. White Hat hackers are the good guys in which they hack to improve security of software. Black Hat hackers are those who are doing it for criminal activities, personal gains, etc. Grey hats are a mix of both. So hacking is not a problem, but it is how certain people hack that causes mayhem. Also, I for one, do not tolerate black hat hackers. The thing is though White hat and Black hat hackers use the same techniques to hack systems.

"I broke into your house to show you that your windows aren't properly secured."

Shut up Ivan.

Naa jk, but really, my quote stands.

And don't quote TV shows.
 
  • #10
"I broke into your house to show you that your windows aren't properly secured."
LOL! That reminds me of a TV show that followed that same concept. It was called "It Takes a Thief" in the Discovery Channel. There were these former theives who, by permission, rob people's houses to show them how secure they are. They would give them some upgrades in security then they would come back a 2nd time to see if they can rob it again. It was an entertaining show.

Naa jk, but really, my quote stands
I agree with your quote. Some systems are harder to hack than others. However there will always be that person who can figure it out.

And don't quote TV shows.
I say it is a true quote. x)
 
  • #11
There are flaws in perhaps most products, but software programs are subject to automation at a large scale.

If hackers had to physically walk within the vicinity of a computer in order to interact with it, they would be a lot less successful. :)
 
  • #12
DaveC426913 said:
That's like saying I don't understand why inflation is allowed to continue.

It is part of the give and take of life. Consider it to be a form of of - as someone put it - civil disobedience.

I don't believe it's that simple. It isn't a safe which, since it can be opened by the owner, must theoretically be able to be opened by anyone. A computer has to be accessed remotely to be hacked. It also needs to have its software modified remotely.
 
  • #13
Pengwuino said:
"I broke into your house to show you that your windows aren't properly secured."

No. "Your house" is a bad analogy.

It's more like "I broke a balcony panel on the building you built to show that the buildings you are putting up - that everyone needs and must trust - aren't safe."

See the diff?
 
  • #14
As long as Windows is the primary operating system, crackers will continue to have a field day. Security was bolted on as an afterthought to Windows. To their credit, Microsoft has made significant improvements in security in Vista/7, but Windows is still by far the easiest OS to exploit, and the backwards compatibility with earlier versions certainly doesn't help. Most people simply lack the knowledge to properly secure a Windows computer (or http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf"), and even if they did, the effects of a zero-day vulnerability would be much greater given that on Windows platforms (unlike *nix) most users run as an administrator. Once a cracker gets administrative privileges (whether by the user running as admin or through privilege elevation--I recall that 7 still has a bug where malicious code can be used to elevate privileges, but I don't recall if it was fixed.) they in effect "own" the computer. Here adding UAC was an improvement (though sudo is much better implemented), but most people don't want to be bothered and disable it.

-------------------------------------------------
I like Serena said:
Discconnect the computer, put it in a tamper proof box, and throw the key away. ;)

Would the box be TEMPEST secure? :wink:
 
Last edited by a moderator:
  • #15
moejoe15 said:
... A computer has to be accessed remotely to be hacked. It also needs to have its software modified remotely.

No, it doesn't.

jhae2.718 said:
... Once a cracker gets administrative privileges (whether by the user running as admin or through privilege elevation--I recall that 7 still has a bug where malicious code can be used to elevate privileges, but I don't recall if it was fixed.) they in effect "own" the computer. ...

How is it different in Linux? Does a user with root privileges not "own" the computer? Once a cracker gets root privileges: rm -rf /

I'm by no means a Microsoft fanboy, but to imply that Linux doesn't share the same vulnerabilities is fallacious. A system is only as secure as you make it.
 
Last edited:
  • #16
jhae2.718 said:
Would the box be TEMPEST secure? :wink:

No, only hacker proof. :wink:


Dembadon said:
How is it different in Linux? Does a user with root privileges not "own" the computer? Once a cracker gets root privileges: rm -rf /

I'm by no means a Microsoft fanboy, but to imply that Linux doesn't share the same vulnerabilities is fallacious. A system is only as secure as you make it.

In Windows you basically have to have administrative privilege to do things you want.
It's too much hassle to switch user and some programs do not work properly without administrative privilege.

In Linux, the regular mode of operation is without root privilege.
Only if you need it, you temporarily (and easily) run something with root privilege (nowadays with sudo) and then you have to supply a password.
This is not fool proof, but it is safer.

Beyond that, Windows seems to be the main target of hackers, so there are many more viruses for Windows than for Linux.
 
  • #17
I would like to know how you are going to hack my computer if you don't have remote access. You sure don't have physical access to it.
 
  • #18
moejoe15 said:
I would like to know how you are going to hack my computer if you don't have remote access. You sure don't have physical access to it.

I'll just put a nifty program on the internet that you just have to have.
Or I might infect such a program.
Or else I'll just send my nifty program to you in an email telling you that it's a nifty program you just have to have.

Sooner or later, you will install one of my nifty programs yourself! :wink:
 
  • #19
moejoe15 said:
I would like to know how you are going to hack my computer if you don't have remote access. You sure don't have physical access to it.

If you're connected to the internet, and your operating system or any of the programs you use has vulnerabilities you can get hacked. If you don't have a firewall you can get attacked by pings, which can make your internet connection very slow or even dead.

There is also a technique whose name I can't remember, that sniffs the packets going to a certain IP. That would be very dangerous.
 
  • #20
moejoe15 said:
I would like to know how you are going to hack my computer if you don't have remote access. You sure don't have physical access to it.

You said a computer, not your computer.

moejoe15 said:
I don't believe it's that simple. It isn't a safe which, since it can be opened by the owner, must theoretically be able to be opened by anyone. A computer has to be accessed remotely to be hacked. It also needs to have its software modified remotely.
 
  • #21
I like Serena said:
I'll just put a nifty program on the internet that you just have to have.
Or I might infect such a program.
Or else I'll just send my nifty program to you in an email telling you that it's a nifty program you just have to have.

Sooner or later, you will install one of my nifty programs yourself! :wink:
But the person gained access to your computer remotely, via download, e-mail whatever, and the information they want is received remotely, so, moejoe is correct. The only way it is not remote is if the hacker is on premise, which many times in a business they may be attacked internally by an employee or contractor.

Personal home computers, rarely an inside job from inside the person's home.
 
  • #22
Dembadon said:
How is it different in Linux? Does a user with root privileges not "own" the computer? Once a cracker gets root privileges: rm -rf /

By default in *nix systems, the user is not root, so it's harder to gain the administrative rights. In Windows, the default user is an administrator. Of course, once you have root access the computer is of course "owned". That's true for any platform.

Dembadon said:
I'm by no means a Microsoft fanboy, but to imply that Linux doesn't share the same vulnerabilities is fallacious. A system is only as secure as you make it.

Where did I imply that Linux doesn't share the same vulnerability? I wrote:
jhae2.718 said:
Most people simply lack the knowledge to properly secure a Windows computer, and even if they did, the effects of a zero-day vulnerability would be much greater given that on Windows platforms (unlike *nix) most users run as an administrator.

Of course it's going to be easier to exploit a system where the user is running as root as their primary account. This is commonplace in Windows environments (and it's something that MS has been trying to stop, but there's too many applications that would break if they forced the change.) but very rare with Unix-like operating systems.

Evo said:
But the person gained access to your computer remotely, via download, e-mail whatever, and the information they want is received remotely, so, moejoe is correct. The only way it is not remote is if the hacker is on premise, which many times in a business they may be attacked internally by an employee or contractor.

Personal home computers, rarely an inside job from inside the person's home.

Drop flash drives with Autorun malware in public locations. People pick up, thinking either, "Free flash drive!" or try and see what's on it to return. A lot of people will have Autorun turned on, so there should be a good return of infections. Still it's much easier to just host a drive-by download site or similar.
 
  • #23
jhae2.718 said:
By default in *nix systems, the user is not root, so it's harder to gain the administrative rights. In Windows, the default user is an administrator. Of course, once you have root access the computer is of course "owned". That's true for any platform.

I don't believe the administrator user in Windows offers the same permissions as the root user in Linux. I'm not sure though, so I'll have to look it up and provide a link.

That said, I guess I'm not sure I understand the point you were trying to make with:

jhae2.718 said:
... Once a cracker gets administrative privileges ... they in effect "own" the computer. ...

When discussing the vulnerabilities of an operating system, I don't see a reason to mention the above unless you believe that the situation is exclusive to one of them, in this case: Windows. If you were referring to hacking in general, then your statement makes sense, but I assumed you were trying to support your stance that Windows is the more vulnerable operating system, so that's why I was confused with the use of an argument that doesn't really show a unique vulnerability between the two.

In the end, I think we can agree that neither OS is safe from a user/cracker/hacker with "admin" privileges. How easy it is to gain those privileges is highly dependent upon how the system was set up and how well it's monitored.
 
Last edited:
  • #24
If I was ambiguous, I apologize.
 

Similar threads

Anyone sick and tired of all the fancy techy stuffs?
  • · Replies 22 ·
Replies
22
Views
3K
Why doesn't public key encryption stop hackers?
  • · Replies 3 ·
Replies
3
Views
2K
Curious questions about comptuer hacking
  • · Replies 19 ·
Replies
19
Views
4K
Will there ever be a new CPU manufacturer?
  • · Replies 29 ·
Replies
29
Views
5K
Laptop screen flickering/moving up and down with pink tint
  • · Replies 20 ·
Replies
20
Views
16K
Graduate Zemax raytracing and which lens element is the STOP
  • · Replies 10 ·
Replies
10
Views
2K
How do encrypted USB flash drives work and how can we make them more secure?
  • · Replies 7 ·
Replies
7
Views
3K
Schematic capture / wiring diagram software
  • · Replies 18 ·
Replies
18
Views
3K
A service to buy/sell custom hardware projects?
  • · Replies 5 ·
Replies
5
Views
2K
AlphaEvolve - The Future of Math?
  • · Replies 5 ·
Replies
5
Views
2K