Security Basics mailing list archives
(WAS: Re: Fwd: SF new column announcement: Microsoft Anti-Spyware?)
From: Sebastian <sebastian () helsinki fi eu org>
Date: Mon, 10 Jan 2005 23:38:54 +0200
Just another 2 cents of whichever currency:3. Educating users about what is good and what is not (basically meaning not clicking okay to everything) 5. Not giving users any rights they don't need. This means basic grouping (not by username but by function) and given access only when necessary. 6. Catering for the known holes (If wild VB controls, browser extensions, ActiveX etc. aren't really needed, disable)
Eves n such, -Sebastian Caeser Augustus wrote:
Here's my 2 cents: Nothing really is unexploitable if you try hard enough. If by some real chance an average user in the world was using Linux, you can be sure that people who make spyware would have made it for that platform as well. It's just isn't plain business sense to do that as of now. And really, I heard so much hohum about MS's security record. OK I understand that MS maybe not into security that much till very recently. But when they did (SP2) this is what I see happened: 1) The average user : feels good about security but is confronted by a learning curve. Whatever it is, but I'm sure that an information bar is easier to configure than a hosts file. 2) The IT guys shout: "Don't install it". - It breaks stuff. - It's got security issues( My companies IT policy ) - Not stable. I'd say Hello. Wake up. Just because you're incompetent enough not to know about it, you term something bad. I mean a sheer amount of IT staff that I've knows is just point and click types. Boot off the CD Press enter thrice, click next next next, when you get password box, type admin or password and lo behold, you have Windows 2003 running. I'm not saying all are like that. There are serious professionals(btw, i'm not) who DO this job. Bust most aren't. 3) The crackers: It's got holes: it's exploitable. I think: off course. Everything is. Including the Linux Kernel. That's what makes this field fun. I'm sure, given enough motivation (read money), you can have as many spyware as you want for Linux/Unix/Freebsd whatever. It's just that not most of supridentdents/Operations Managers/Nurses/Clerks/Executives/Sales Executives/Accountants who sits at his office/SOHO desk reading mail, does it on Konquror (even though it's free). So, no spyware. And oh, all this may be localised to India only, I dunno. But I have worked for an International Support Center, catering to THE average and the Admin level american/uk computer user. And that was the impression I got. On Fri, 07 Jan 2005 13:47:55 -0700, Kelly Martin <kel () securityfocus com> wrote:Matvei Kliuchnikov wrote:From the article:"because it's holes in Microsoft's operating system that built the entire spyware industry to begin with" That's just plain wrong. Spyware, by it's nature, is installed along with other applications that the user manually installs. Download KaZaa, for example, and you'll find that several other "spyware" apps are installed along with it. This has nothing to do with security vulnerabilites.You should really do a bit more reading before making such a definitive statement. Only a portion of spyware is installed this way. Most of the time the inclusion of spyware along with a legitimate application is clearly indicated in the user agreement, but these click-through agreements are rarely read and thus, the users gets a little more than he is expecting. A huge amount of spyware gets installed in an entirely different way, however, and has everything to do with vulnerabilities and/or unpatched machines. I'm referring to bits of code that are installed without a user's permission, just by visiting a website -- via security problems with ActiveX, Javascript, JAVA, and unpatched vulnerabilities in Internet Explorer. There are many, many examples of this. Have you never seen a .DLL downloaded while visiting a website using IE? What about the users that you support? It's pretty hard to surf the web nowadays using IE without getting some kind of spyware. Things to watch for: - has your browser's homepage been hijacked? - do you see any unwanted toolbars in IE? - do you see unwanted pop-up windows when you start IE? - are you unable to reach Google.com or Yahoo.com, and get redirected to another search engine instead? - is there a trojan or keylogger reporting statistics about you back to another location - [the list goes on, and on...]Obviously, Microsoft has a shoddy record of security problems, but don't confuse the issue and continue spreading FUD.I can recommend that you read up on CoolWebSearch as an excellent example of nasty spyware that is *not* user-installed, and does in fact attempt to exploit vulnerabilities. There are many others. Regards, Kelly Martin
Current thread:
- SF new column announcement: Microsoft Anti-Spyware? Kelly Martin (Jan 07)
- <Possible follow-ups>
- Re: SF new column announcement: Microsoft Anti-Spyware? Matvei Kliuchnikov (Jan 07)
- Re: SF new column announcement: Microsoft Anti-Spyware? Kelly Martin (Jan 07)
- Re: SF new column announcement: Microsoft Anti-Spyware? Edward J. Weinberg (Jan 10)
- Message not available
- Fwd: SF new column announcement: Microsoft Anti-Spyware? Caeser Augustus (Jan 10)
- (WAS: Re: Fwd: SF new column announcement: Microsoft Anti-Spyware?) Sebastian (Jan 10)
- Re: Fwd: SF new column announcement: Microsoft Anti-Spyware? Christos Triantafyllidis (Jan 10)
- Re: SF new column announcement: Microsoft Anti-Spyware? Kelly Martin (Jan 07)