[LINK] Security: from a different direction

Tue Dec 14 17:56:11 EST 2004

Craig Sanders wrote:

>On Tue, Dec 14, 2004 at 07:17:28AM +1100, rchirgwin at ozemail.com.au wrote:
>  
>
>>>>What happens to an unprotected machine on the Internet after 20 minutes 
>>>>is of no relevance to a protected machine.
>>>>        
>>>>
>
>wrong.  
>
>1. even "protected" machines can be brought down by a DDoS attack from
>unprotected machines.  or be unable to reach a site because that site (or one
>of the routers in the path) is under DDoS attack.\
>  
>
OK. Amendment: someone else's infection doesn't change MY security 
status. It changes my accessibility status.

>2. there is no such thing as a "protected machine".  there is only a machine
>that is protected against the security holes you currently know about.
>  
>
That's equally true of all OSs.

>  
>
>>>>So here's the security setup I have; pick holes.
>>>>        
>>>>
>
>yes, it's a very good security setup.  it's probably proof against most
>known attacks and many currently-unknown ones too.
>
>now wait until there's a new worm or virus that can only be fixed with Service
>Pack 10 from Microsoft.  and SP10, like SP2 breaks some existing
>applications....strangely, it only breaks mozilla firefox and thunderbird.  you
>will have a choice between closing the hole or running mozilla (until the
>mozilla people work around it, of course).
>  
>
I would only plead that in 17 years of owning computers, I have not 
suffered a virus attack.

>>>Don't forget that _if_ you get compromised the virus will have its own
>>>email server so won't need T'bird.
>>>      
>>>
>>However, the virus/worm's mail server won't be allowed to use (say) Port 
>>125, because that's only permitted to T'bird.
>>    
>>
> <>
> unless the virus checks for and disables ZoneAlarm or reconfigures it for
> wide-open access.
> many already check for and disable common anti-virus programs. if 
> there aren't
> any that also disable personal firewall software yet, then it's only a 
> matter
> of time.

But you have to fail the IQ test to activate the virus. Here, I'm not 
talking about Joe Sixpack, who regularly fails the test. I'm saying that 
if I can secure Windows, then "it can be done".

> <>BTW, to make it worse, some *games* of all things will only run if 
> you are
> logged in as (or have the same privs as) Administrator. this 
> encourages users
> to just run as Administrator so that they can be sure they can run the 
> games
> they want without annoyance. so, what little protection is there is often
> bypassed by the users themselves, who are following the instructions 
> from the
> game supplier. Microsoft themselves are guilty of this (Age of Empires at
> least).

I entirely agree. To make any application dependent on (a) admin 
privilege and (b) unrestricted paths across the firewall is stupid. 
Culpable. It's deliberate bad behaviour on the part of the writer. 
Fortunately, there are things I can live without.

RC

>  
>