[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040119023857.YZIU23685.fep01-mail.bloor.is.net.cable.rogers.com@BillDell>
From: full-disclosure at royds.net (Bill Royds)
Subject: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause
Actually the file type tag (.exe) has very little to do with whether a files
is executable or not. Executable files have a header that describes whether
it is executable or not. The first two characters of the file must be "MZ"
(the initials of an early MS developer).
That is one reason that it is a futile quest to only block attachments by
the .exe extension and many viruses use other extensions such as .scr .pif
.com ...
On Windows NT and later systems, there is metadata attached to each file
which includes whether it has execute permission or not. If you run a
hardened windows NT, 2000 or XP system with executables in a readonly
directory with execute set and all other directories blocking execute, you
have the same ability as on Unix to prevent executable file drop.
The problem is that Windows NT+ sets the group everyone to have write and
execute access to all directories by default (to avoid support calls by
people not able to install those games). This is a configuration problem,
not an inherent problem.
Windows inherent problem is that its Access Control features are so
convoluted and flexible that it is hard for an administrator to know the
result of any changes so most use the most flexible (and insecure) default.
As well the Windows file sharing paradigm (SMB/CIFS) is even more arcane
than NFS, if that is possible, and is not at all well documented with the
Samba group documenting it much better than Microsoft. SMB has no easy way
to restrict access by interface or by hardware/networking addresses but only
uses Windows users and groups so any enterprise that needs to share files
makes them reachable by any machine that can spoof the users with
permissions.
One can actually harden a Windows system fairly easily by running the Orange
book C2 security level tools that can be run on OS install. Of course this
blocks the machine from using a network and being much use. But it can be
done.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of David F. Skoll
Sent: January 18, 2004 7:12 PM
To: Wes Noonan
Cc: full-disclosure@...ts.netsys.com
Subject: RE: Religion... was RE: [Full-Disclosure] Re: January 15 is
Personal Firewall Day, help the cause
> Microsoft is only un-securable for those who don't know how to secure it
No. The fundamental problem with Windows is the problem that lead to
the creation of the anti-virus industry: Encoding of metadata in filenames.
The fact that ".exe" on Windows means the same thing as turning on the
execute bit in UNIX has cost the world economy billions. And it's
impossible
to change this without fundamentally changing Windows. (Even this flaw
isn't a Microsoft innovation; it was first revealed in 1987 in the infamous
CHRISTMA EXEC worm at IBM on the VM/370 system.)
This flaw, the readiness of a Windows system to enable execute permission
depending on the filename, makes every single Windows box a ticking
time bomb. Someone just has to be clever enough to deposit an .exe on
a system and trick someone into running it.
The social engineering required to do the same on Linux is an insurmountable
hurdle; not only do you have to deposit the file, but you have to convince
someone to turn on the execute bit, which no Linux mail clients currently
do, and which the average office worker is unlikely to even know how
to do. (That's why I have a warm feeling when our sales people use Linux;
they don't know enough to be dangerous. :-))
Powered by blists - more mailing lists