lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <BAY105-F39595ED374FC8C64470791E8960@phx.gbl>
Date: Fri, 23 Sep 2005 10:10:22 -0400
From: "Jose Morales" <mrjoemango2@...mail.com>
To: ratter@...as.cz, jose@...stopearth.com
Cc: vuln-dev@...urityfocus.com, bugtraq@...urityfocus.com
Subject: Re: PocketPC exploitation





Ratter, thank you for your comments, everything you say is true. Now I think 
that real life experience has taught us that it is better to protect from 
possible future attacks similar to those seen in the past and avoid an 
outbreak then to wait for a major vx outbreak to react and protect from it 
happening a second time.

Nobody wants another nimda, codered, slammer, welchia, mydoom and bagle plus 
others that have cost billions in losses and productivity time plus unknown 
numbers of computers rendered useless and in need of repair.  the technology 
exists to protect pocket pc's againts the types of viruses seen in the 
desktop world it should be incorportated into current solutions as a 
preemptive guard against possible future attacks.  Your logic is good until 
a major virus outbreak occurs on PPC and people start to complain "why wasnt 
I proctected" there is no answer for it.    In the hacker world some 
significant articles have already come out no PPC vulnerabilities it is only 
a matter of time before a major virus strike hits, the time to give better 
protection for PPC is now and not after an outbreak.

As for overhead on PPC placed by better antivirus solutions, this will very 
soon go away, handhelds keep being releases with bigger hard drives (upto 4 
gigabytes last time i hear) more RAM more CPU power and overall better 
performance, clearly the bottlenecks of current embedded system security 
will very soon dissipate and in its current state they can handle stronger 
AV solutions that was is currently out there.

im sure airscanner.com, norton, kaspersky avast and the others can improve 
their products now given current ppc and help prevent possible major vx 
outbreaks in the future.

proactive defense is better than reactive defense that is the best real life 
experience we have learned from the past to help prepare for the future.

Yours in Success,

Jose.


********************************************************************************************
Jose Andre Morales
Computer Specialist
Master of Science in Computer Science, FIU 2004

********************************************************************************************


>From: Ratter <ratter@...as.cz>
>Reply-To: Ratter <ratter@...as.cz>
>To: Jose Morales <jose@...stopearth.com>
>CC: vuln-dev@...urityfocus.com, bugtraq@...urityfocus.com
>Subject: Re: PocketPC exploitation
>Date: Fri, 23 Sep 2005 14:34:31 +0200
>
>JM> I would like to contribute to the list a paper i just had published 
>that
>JM> discusses the vulnerabilities of current virus detectors for pocket 
>pc's, it
>JM> is scary to think that such simplistic detectors are the current state 
>of
>JM> the art for such powerfull devices, it leads one to think that the 
>lessons
>JM> of the past have not been learned, feedback on the paper is appreciated 
>and
>JM> welcomed, i hope it helps those interested in this area of research 
>feel
>JM> free to contact me.
>OK, here's the feedback. You're creating unnecessary havoc. There are
>AFAIK two or three pocket PC viruses/trojans. One is done by me,
>second is probably a modification of mine and third is a trojan done
>by some russian writer. All are very easy nonencrypted code, so what
>else than a simplistic detector you would like to have? Yes, there
>exists polymorfic generator written by Vecna/29A (published in last
>29A magazine) and a Dust version that uses it. But this virus is on my
>disk only, it will probably never be published as I'm retired.
>
>So the question stands - for what you want to add detection for
>encrypted/polymorfic/epo/metamorfic/whatever viruses to PPC detectors,
>when there is _no_ virus, that uses them? Can you see the overhead it
>would cause? The antivirus size increase? The time increase spent on
>detection? This really is ridiculous.
>
>When the time comes (and it probably will come), adding advanced
>detection techniques to given PPC antiviruses is a matter of very
>little time, because as you say all of these techniques are relatively
>well elaborated in the PC world. When there will be people out there
>that will take every ITW virus/worm and modify by few bytes, then the
>time comes to add more advanced scanning techniques. Now it's simply
>waste of resources on both sides - antivirus companies and _mainly_
>user's devices.
>
>You have very nice equations in the paper, very academic approach, but
>well, the paper lacks one thing. Real life experience.
>
>--
>Best regards,
>Ratter
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ