lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.33.0212201239140.30355-100000@stratigery.local>
From: eballen1 at qwest.net (Bruce Ediger)
Subject: Trustworthy Computing Mini-Poll

On Fri, 20 Dec 2002, Simon Richter wrote:

> On Fri, Dec 20, 2002 at 02:47:59AM +0100, yossarian wrote:
> > What
> > features will my new computer have, that will convince me to lose certain
> > options I have right now - playing music, copying what I like, etc?.
>
> I'd say protection from binary viruses and stack overflows, plus if
> someone breaks into your computer and you have stored your key in a safe
> place you can tell what she modified. So this would be a definitve must
> if you're builing a server, and I'm asking now whether you would like
> those features on your home box as well, even if you had to give up DVD
> copying or get special illegal hardware for it.

I'm sorry, maybe I was sleeping in class...  can somebody explain to me
how a TCPA machine (as currently hypothesized) would keep stack overflows
from happening?  Is this a facet of having a "nub" check each and every
memory access, and having a stack marked "read/write/no execute"? Or is
my vision not far enough?

I'm serious here - I'm not trying to be argumentative, I just want to
figure this out so I can evaluate it.

I see that you qualified "protection from *binary* viruses" - the "nub"
sure wouldn't allow a file that a file virus (Staog or something like
that) had tinkered with to execute.  But file viruses were never a serious
threat as far as I can tell (see http://news.com.com/2009-1001-254061.html).
The really widespread viruses were boot sector (basically BIOS infectors)
and macro (code for "Word" macro) viruses - right?  Not to say that other
viruses don't exist, just that those were by far the greatest number
in the wild. Now, Outlook viruses (Klez, SirCam, etc) seem like the real
problem.  Windows 98/ME seem to have enough reliability that people don't
reboot with a floppy in place often enough to spread boot sector viruses.

Can someone explain how TCPA might prevent "Word" macro viruses?  It's
my understanding that (unlike some Outlook viruses) macro viruses do
exactly what a user might do - they don't take advantage of bugs to
do their work.  The automatic execution of macros in a "Word" document
is the feature that enables macro viruses to spread.  How does a TCPA
computer prevent that?  Users modify "Word" doc files all the time -
TCPA can't stop users from tampering with .doc files and still retain
any use for the computer in question.

Outlook viruses seem to either spread via bugs in Outlook or the HTML
engine used to render HTML email (part of IE?).  How is a TCPA
computer supposed to prevent that?  A signed application has a bug
that allows the signed application's scripting language to do things
automatically that the application should only do at a user's behest.

Very honestly, I don't see how a TCPA-crippled computer will help
the macro virus or email virus situation.  Maybe someone can explain,
and I'd really appreciate that.  Cause right now I get immunity from
"Word" macro viruses and Outlook viruses by running AbiWord and Pine
respectively.  I don't need to trade in my Turing-capable machine for
something that's crippled in ways that will cause problems we haven't
yet forseen.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ