Re: Worms, Air Gaps and Responsibility

[Gwendolynn ferch Elydyr <gwen () reptiles org>]

On Fri, 7 May 2004, Devdas Bhagat wrote:
> Just because the exploits will come in faster, does not mean that they
> will all have the same targets numerically. One enterprise can
> standardise on a specific distribution and version. The next enterprise
> may choose something else. All that is needed is that they can exchange
> data in some standardised format(s).

"All" is an impressive way of trivializing something which isn't at all
straightforward.  I think that we can all think of "standards" which are
fascinating in their implementation.

As an example, OpenOffice just finished opening up a Word document for
me - and disposing of all of the images, tables, and formatting in
the document... "exchange data"? Maybe.

Beyond that, your arguement that it's better to run more obsure software,
since fewer miscreants will write exploits for it seems like a rewording
of "Well - if they can't see it, they won't exploit it" - and we all know
how well relying on security through obscurity works.

> And these will be targets only if they are all compiled to the same
> binary. Desktops need not be running any services either. Additionally,
> you can put a firewall on each desktop that restricts communication to
> specific hosts and ports.

Uhhhh. I'm not at all sure how you've managed to presume that binaries
must be identical in order to be successfully exploited.  That misses out
on an astounding number of possible issues.

> Again, look at the roles played by the two systems. If they were in the
> same application space, then a comparison could be valid. How many
> attacks occur against MS Windows servers as against MS Windows desktops?
> Most of the worms hit *desktops*. How many corresponding attacks have
> their been against Linux desktops?

If they were in the same application space, you'd have to talk about the
same classes of application and functionality, as well.  You'd also have
to address the range of users treating their computer as a dumb toaster,
and paying about the same attention to the security of their computer as
they pay to the security of their toaster.

Linux is by-and-large an enthusiasts desktop - you have to be enthused
to slog through the various "features" ;> That means that your average
Linux user is more likely to be informed about the potential issues with
their desktop than the average windows user.  If you had the same
distribution of uneducated users running linux, I think your arguement
would fail. [0]

> > While recommending moving away from Windows might represent a security
> > ploy in the short term, the long term costs would be prohibitive for
> > larger organizations that move away, and then move back, to Microsoft.
> Not necessarily. Not everyone needs to move to RedHat. There are also
> other players in the same space including but not limited to SuSE (now
> Novell), Mandrake, Debian and its spinoffs, Gentoo, FreeBSD (not a Linux
> distribution, but still in the same category), Sun's Java desktop.....

Uh... I think you're misreading ;> That wasn't "everybody move to RedHat".
It was "changing your OS regularly for security reasons is an untenable
model".

cheers!
[0] ... and really - any arguement that says "Technology <foo> will solve
all your problems" is disingenious
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards