lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200310131831.47854.chill@herber-hill.com>
From: chill at herber-hill.com (Charles E. Hill)
Subject: Friendly and secure desktop operating system

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I read it, and have a couple comments.

1. The UNIX model does more than protect users from other users, it also 
protects the system from users.  In a Windows world, it is possible for any 
user to trash the entire system -- not just their data.  This is mitigated 
with Win2K and WinXP where you can create non-admin users, but my experience 
has been most non-admin users end up getting stuck in the local admin group 
for convenience and that defeats the purpose.

2. Software application packages -- the stuff users run -- should be 
installable by non-root users by default.  Only if something needs to be 
installed systemwide should it be done by a "sudo".  Most single-users only 
want to install and run software for themselves, not a group.  That software 
can be run as the user -- protecting the system itself.  Yes, this still 
leaves the user's data vulnerable.

3. Honor, like Unix/Linux does, the priviledged port concept and only allow 
the admin to open ports below 1024.  Make it painfully clear whenever any 
program tries to listen on upper ports on non-localhost.  Bells and whistles 
should go off if anything wants to run as a server service.

4. Make firewalls be included and ON by default.  Lock out damn near 
everything except DNS, DHCP, POP, IMAP, FTP, NNTP and NTP from making it in 
(and their SSL-variants).  If a user knows what SSH or any other service is, 
then they are probably smart enough to be able to explicitly turn it on.  
Keep LAN (SMB, NETBIOS, etc.) services off unless turned on by an admin.

5. Make a list of services allowed to make network connections to the outside 
world.  Have all sorts of sirens go off if something attempts to get out and 
isn't on the list.

6. Educate users about patching and keeping antivirus software up to date.  
The systems should automatically check daily for new patches/av updates and 
have a "one click" install. 

The problem is, other than a list of trusted programs that each have a list of 
trusted functions, there is no way for the system to know what is "allowed" 
and what is not.

However, there may be a way to apply bayesian logic to program activity.  Just 
like spam filters can learn what is and what isn't spam by what spam "looks 
like", a bayesian program filter could (theoretically) learn what virus and 
malware activity "acts like" and quarrantine it.  I remember Norton Antivirus 
trying this a while ago, but it wasn't very successful.  However, that was a 
few years back (5?).

- -- 
Charles E. Hill
Technical Director
Herber-Hill LLC
http://www.herber-hill.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/i1IBeljutq/VnacRAjkVAKCP+R00VQi0Tj9JoC/oVV5ziizJCwCcDGfw
6NCh8f+Kgg61NdmG0DG75zg=
=FrRv
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ