lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <49F8AF51.5000507@thearistocrats.org>
Date: Wed, 29 Apr 2009 12:49:37 -0700
From: Adam Chesnutt <icetre@...aristocrats.org>
To: T Biehn <tbiehn@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu
Subject: Re: Anti virus installations on Windows servers

T Biehn wrote:
> VK
> What do you suggest to use on a server that must accept uploads of
> binaries from users?
> Should these binaries be scanned by an anti-virus? Can we trust that
> end users have competent Anti-Virus?
> We aren't worried about the server being susceptible to viruses, we're
> concerned about the users who could fall anywhere in proficiency
> range. This scenario is equally applicable across any OS.
> Because of the relative infancy of non-windows-based anti-virus
> software would it be advisable to host a windows virtual machine that
> shares a 'virtual disk' that is monitored by a robust a/v software to
> use to host the binaries? Which antivirus software would you
> recommend?


I think he's trying to say, that if the system is designed well enough, 
the users shouldn't be able to do any lasting damage to the system.

This is because the users are segregated from the system functions.

Many OSes are like this; for example Unix and Linux, even MacOS.

The reason Windows requires antivirus, is because it's exceedingly easy 
for a userland program to damage the system without the troublesome 
bother of having to escalate privs. Seeing as the user is already more 
or less Admin anyways (even if they're not there's still lots of damage 
you can do)

So the point still is: If the system is well designed, you don't need it 
in the first place. You've fixed the design problem that allowed the 
damage, rather than worrying about what the damage is or who caused it.

Yes you should call the cops if there's a robber in your home, but it 
you didn't fix the window they broke the first time they came in, the 
police aren't going to be real understanding to your plight the second 
time.

Windows in general is a big broken window; allowing access to the entire 
systems resources. There's a big neon sign and valet parking next to 
this window. It's been this way for years and MS (and worse yet, users) 
have done nothing to fix it.

Yes that's correct, I'm also blaming the users. How many vista upgrade 
stories did you hear about the priv escalation notification and users 
whining about it. How many turned it off. That's right, pretty much 
everyone except Me-maw and Pe-pop.

So the point, albeit snarky, is very valid. Honestly choosing a better 
operating system is a more efficient solution than the cat and mouse 
game that is antivirus.

Adam


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ