| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: full-disclosure at royds.net (Bill Royds) Subject: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Actually the file type tag (.exe) has very little to do with whether a files is executable or not. Executable files have a header that describes whether it is executable or not. The first two characters of the file must be "MZ" (the initials of an early MS developer). That is one reason that it is a futile quest to only block attachments by the .exe extension and many viruses use other extensions such as .scr .pif .com ... On Windows NT and later systems, there is metadata attached to each file which includes whether it has execute permission or not. If you run a hardened windows NT, 2000 or XP system with executables in a readonly directory with execute set and all other directories blocking execute, you have the same ability as on Unix to prevent executable file drop. The problem is that Windows NT+ sets the group everyone to have write and execute access to all directories by default (to avoid support calls by people not able to install those games). This is a configuration problem, not an inherent problem. Windows inherent problem is that its Access Control features are so convoluted and flexible that it is hard for an administrator to know the result of any changes so most use the most flexible (and insecure) default. As well the Windows file sharing paradigm (SMB/CIFS) is even more arcane than NFS, if that is possible, and is not at all well documented with the Samba group documenting it much better than Microsoft. SMB has no easy way to restrict access by interface or by hardware/networking addresses but only uses Windows users and groups so any enterprise that needs to share files makes them reachable by any machine that can spoof the users with permissions. One can actually harden a Windows system fairly easily by running the Orange book C2 security level tools that can be run on OS install. Of course this blocks the machine from using a network and being much use. But it can be done. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of David F. Skoll Sent: January 18, 2004 7:12 PM To: Wes Noonan Cc: full-disclosure@...ts.netsys.com Subject: RE: Religion... was RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause > Microsoft is only un-securable for those who don't know how to secure it No. The fundamental problem with Windows is the problem that lead to the creation of the anti-virus industry: Encoding of metadata in filenames. The fact that ".exe" on Windows means the same thing as turning on the execute bit in UNIX has cost the world economy billions. And it's impossible to change this without fundamentally changing Windows. (Even this flaw isn't a Microsoft innovation; it was first revealed in 1987 in the infamous CHRISTMA EXEC worm at IBM on the VM/370 system.) This flaw, the readiness of a Windows system to enable execute permission depending on the filename, makes every single Windows box a ticking time bomb. Someone just has to be clever enough to deposit an .exe on a system and trick someone into running it. The social engineering required to do the same on Linux is an insurmountable hurdle; not only do you have to deposit the file, but you have to convince someone to turn on the execute bit, which no Linux mail clients currently do, and which the average office worker is unlikely to even know how to do. (That's why I have a warm feeling when our sales people use Linux; they don't know enough to be dangerous. :-))
Powered by blists - more mailing lists