lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 23 Nov 2008 22:17:41 +0200
From: "James Matthews" <nytrokiss@...il.com>
To: "Bipin Gautam" <bipin.gautam@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
	imipak <imipak@...il.com>
Subject: Re: [inbox] Re: Fwd: Comment on: USB devices
	spreading viruses

bit9 and kaspersky offer this new service. Companies should make use of it.

On Sun, Nov 23, 2008 at 10:05 PM, Bipin Gautam <bipin.gautam@...il.com>wrote:

> On 11/23/08, Mike C <mike.cartall@...il.com> wrote:
>
> >> Of course, blindly thwacking people / dragging them to HR by the hair
> >> when they're really just trying to do their jobs is
> >> counter-productive. The calls also show us where we, security, are
> >> falling down. Perhaps it's poor awareness training (if the user didn't
> >> know that they shouldn't run unapproved software, or why we have that
> >> rule, or how to get a new app approved); or could be that the official
> >> route is being seen as too slow or bureaucratic, in which case it
> >> needs fixing. And so on.
> >>
> >
> > All I hope is we can fix the issue. Hopefully in the near future.
> >
>
>
> Yeah!
> Here is my prospective to a possible solution that wouldn't compromise
> usability.
>
> But, first lets all agree on "banning execution of any binary from
> removable media" is the only straightforward solution this decades old
> problem of virus infection/propagation from removable media.
>
> See, if a web-page tries to install an activeX / browser plugin, your
> browser (non intrusively) waits for user interaction with a security
> warning message on "if you really intend to install the plugin (Which
> may be harmful!)" or .......may choose to ignore the dialog and
> continue browsing.
>
> Here, it is assumed "user understands" the security impact of
> executing untrusted programs from internet and let the execution
> decision left to the end user with manual interaction. If the plugin
> installation behavior is not intended user can simply ignore the
> manual interaction request for execution and instead continue.
>
> In similar way, anti virus company or Microsoft should create similar
> for "My Computer Zone" where the first execution of a binary "from
> removable media" is denied by default and prompt for user interaction
> to execute, white list&execute or terminate/ban the request for
> execution from removable media like the way internet explorer (non
> intrusively) handles installation of activeX like in IE. Binary
> execution from removable media should be treated that way ( untrusted
> ! )
>
> Pen drive / SD have unique serial numbers which can be used to
> identify and permanently whitelist or blacklist the media from
> execution.
>
> Windows already has a feature for prompting if user tries to execute
> binary from intranet/shared folder or execution of binary marked as
> downloaded from "Internet Zone"
>
> Why not have similar for binary execution from removable media as well!?
>
> What better could be the solution to stopping virus to propagate from
> removable medias with (default) FAT file system. (lacking ACL's)
>
> For corporate environment let there be feature to sync these white
> listed/blacklisted hashes of executable or removable media UID from
> anti virus server/domain controller to anti virus clients/related
> service running in user end.
>
> Will this work :)?
>
> -thanks,
> bipin
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/

http://www.jewelerslounge.com/luxury-insurance

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ