Full Disclosure mailing list archives
RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause
From: "Bill Royds" <full-disclosure () royds net>
Date: Sun, 18 Jan 2004 21:41:25 -0500
Actually the file type tag (.exe) has very little to do with whether a files is executable or not. Executable files have a header that describes whether it is executable or not. The first two characters of the file must be "MZ" (the initials of an early MS developer). That is one reason that it is a futile quest to only block attachments by the .exe extension and many viruses use other extensions such as .scr .pif .com ... On Windows NT and later systems, there is metadata attached to each file which includes whether it has execute permission or not. If you run a hardened windows NT, 2000 or XP system with executables in a readonly directory with execute set and all other directories blocking execute, you have the same ability as on Unix to prevent executable file drop. The problem is that Windows NT+ sets the group everyone to have write and execute access to all directories by default (to avoid support calls by people not able to install those games). This is a configuration problem, not an inherent problem. Windows inherent problem is that its Access Control features are so convoluted and flexible that it is hard for an administrator to know the result of any changes so most use the most flexible (and insecure) default. As well the Windows file sharing paradigm (SMB/CIFS) is even more arcane than NFS, if that is possible, and is not at all well documented with the Samba group documenting it much better than Microsoft. SMB has no easy way to restrict access by interface or by hardware/networking addresses but only uses Windows users and groups so any enterprise that needs to share files makes them reachable by any machine that can spoof the users with permissions. One can actually harden a Windows system fairly easily by running the Orange book C2 security level tools that can be run on OS install. Of course this blocks the machine from using a network and being much use. But it can be done. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of David F. Skoll Sent: January 18, 2004 7:12 PM To: Wes Noonan Cc: full-disclosure () lists netsys com Subject: RE: Religion... was RE: [Full-disclosure] Re: January 15 is Personal Firewall Day, help the cause
Microsoft is only un-securable for those who don't know how to secure it
No. The fundamental problem with Windows is the problem that lead to the creation of the anti-virus industry: Encoding of metadata in filenames. The fact that ".exe" on Windows means the same thing as turning on the execute bit in UNIX has cost the world economy billions. And it's impossible to change this without fundamentally changing Windows. (Even this flaw isn't a Microsoft innovation; it was first revealed in 1987 in the infamous CHRISTMA EXEC worm at IBM on the VM/370 system.) This flaw, the readiness of a Windows system to enable execute permission depending on the filename, makes every single Windows box a ticking time bomb. Someone just has to be clever enough to deposit an .exe on a system and trick someone into running it. The social engineering required to do the same on Linux is an insurmountable hurdle; not only do you have to deposit the file, but you have to convince someone to turn on the execute bit, which no Linux mail clients currently do, and which the average office worker is unlikely to even know how to do. (That's why I have a warm feeling when our sales people use Linux; they don't know enough to be dangerous. :-)) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause, (continued)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
- Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Jim Race (Jan 18)
- Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Bill Royds (Jan 18)
- RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Mike Marshall (Jan 18)
- Re: Symantec AntiVirus and AOL Joshua Levitsky (Jan 18)
- Re: Re: January 15 is Personal Firewall Day, help the cause Martin Mačok (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Michal Zalewski (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 19)
- Re: Re: January 15 is Personal Firewall Day, help the cause Michal Zalewski (Jan 19)
- Re: linux noexec (Re: January 15 is Personal Firewall Day) Martin Mačok (Jan 20)
- Re: Re: January 15 is Personal Firewall Day, help the cause Mary Landesman (Jan 16)
- Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)