lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000001c3680e$3f40d470$2b02a8c0@dcopley>
From: dcopley at eeye.com (Drew Copley)
Subject: Re: Administrivia: Testing Emergency Virus Filter..


> -----Original Message-----
> From: Gary E. Miller [mailto:gem@...lim.com] 
> Sent: Wednesday, August 20, 2003 5:38 PM
> To: Drew Copley
> Cc: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Re: Administrivia: Testing 
> Emergency Virus Filter..
> 
> 
> Yo Drew!
> 
> On Wed, 20 Aug 2003, Drew Copley wrote:
> 
> > I don't know how that guy thought that the smtp client 
> portion of this 
> > code was an OS issue... How that is OS design. I don't know 
> why such 
> > people would be offering their opinion on this.
> 
> The difference is this between and secure OS and an insecure one.
> 
> On an Insecure OS, the virus gets in. glues itself on 
> anywhere in the machine.  Maybe it attaches to a boot sector, 
> maybe appends itself to a system file, edits registry, maybe 
> all the above and a lot more, whatever.  User logs out, the 
> virus still runs as admin or root.
> 
> Some virii even have hooks to turn off personal firewalls in 
> an insecure OS.
> 
> On a Secure OS, the virus can only write to the (normal) 
> users home directory.  Easy to find.  Easy to delete.  Virus 
> can not write to registry, boot sector, system directories, 
> etc.  Then when the user logs out his processes are 
> terminated or he is warned of something still running.  So 
> virus does not continue after log out.
> 
> On a secure OS, the (normal) user can not edit the personal 
> firewall setting so the cirus can not bypas that easily.
> 
> Very secure OS can add even more restrictions on what a user 
> can do.  Like prevent the user from running daemons, bots, etc...
> 
> The makes a huge difference in how easy it is to be infected, 
> how easy it is to detect infection and how easy to disinfect.

Yes, now, in these regards, this is true and accurate, thanks.

As far as software goes, I would not argue that the personal firewall
could be not bypassed, as there really is not such a system yet which
protects against process injection and other hooking techniques... Well,
except for some linux tools like systrace. (Granted, tools on Windows
like securewave could, but that prevents anything untrusted from
running).

So, it is difficult to separate, but I believe the OS should be
seperated from the software which runs on it... Which brings us back to
secure class ratings, which your post hints at and which I believe is an
excellent standard as to "how secure our OS" is. (Common Criteria
ratings: http://www.commoncriteria.org/docs/aboutus.html).




> 
> RGDS
> GARY
> --------------------------------------------------------------
> -------------
> Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
> 	gem@...lim.com  Tel:+1(541)382-8588 Fax: +1(541)382-8676
> 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ