Firewall Wizards mailing list archives
Re: Worms, Air Gaps and Responsibility
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sat, 8 May 2004 00:09:10 +0530
On 07/05/04 12:51 -0400, Gwendolynn ferch Elydyr wrote:
On Fri, 7 May 2004, Devdas Bhagat wrote:Just because the exploits will come in faster, does not mean that they will all have the same targets numerically. One enterprise can standardise on a specific distribution and version. The next enterprise may choose something else. All that is needed is that they can exchange data in some standardised format(s)."All" is an impressive way of trivializing something which isn't at all straightforward. I think that we can all think of "standards" which are fascinating in their implementation.
I didn't say it would be easy. I said that it is needed.
As an example, OpenOffice just finished opening up a Word document for me - and disposing of all of the images, tables, and formatting in the document... "exchange data"? Maybe.
And the specifications for a Word document format are available at? FWIW, The OpenOffice document format is a zipped XML file.
Beyond that, your arguement that it's better to run more obsure software,
No. My argument is that it is better to run different varieties of software, rendering the possibility of a monoculture less. For example just look at the MUAs used on this list, and figure out one exploit that is common to all of them.
since fewer miscreants will write exploits for it seems like a rewording of "Well - if they can't see it, they won't exploit it" - and we all know how well relying on security through obscurity works.
Uh, no. No one is arguing for that. I am just saying that relying on one basket to keep all security eggs in is bad.
And these will be targets only if they are all compiled to the same binary. Desktops need not be running any services either. Additionally, you can put a firewall on each desktop that restricts communication to specific hosts and ports.Uhhhh. I'm not at all sure how you've managed to presume that binaries must be identical in order to be successfully exploited. That misses out on an astounding number of possible issues.
They may or may not have to be compiled to the same binary for the same exploit to work.
Again, look at the roles played by the two systems. If they were in the same application space, then a comparison could be valid. How many attacks occur against MS Windows servers as against MS Windows desktops? Most of the worms hit *desktops*. How many corresponding attacks have their been against Linux desktops?If they were in the same application space, you'd have to talk about the same classes of application and functionality, as well. You'd also have
Yes.
to address the range of users treating their computer as a dumb toaster, and paying about the same attention to the security of their computer as they pay to the security of their toaster.
Note my point about application servers later. Reducing the possible points of intervention is good for a corporate network. It simplifies things to the point where a single administrator can deal with more user nodes.
Linux is by-and-large an enthusiasts desktop - you have to be enthused to slog through the various "features" ;> That means that your average Linux user is more likely to be informed about the potential issues with their desktop than the average windows user. If you had the same distribution of uneducated users running linux, I think your arguement would fail. [0]
Which I did agree to. I said that a cronjob updating software *may* help. I did not propose it as the ultimate solution which is clued users [insert quote about stupidity and the universe here].
While recommending moving away from Windows might represent a security ploy in the short term, the long term costs would be prohibitive for larger organizations that move away, and then move back, to Microsoft.Not necessarily. Not everyone needs to move to RedHat. There are also other players in the same space including but not limited to SuSE (now Novell), Mandrake, Debian and its spinoffs, Gentoo, FreeBSD (not a Linux distribution, but still in the same category), Sun's Java desktop.....Uh... I think you're misreading ;> That wasn't "everybody move to RedHat". It was "changing your OS regularly for security reasons is an untenable model".
So why change? Patch and update fast? In the worst case, a solution could be for the administrators to disable specific functionality in the application until such time as a fix is available. If Mozilla has a problem with Javascript, just disable Javascript support until such time as a fix is available. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Worms, Air Gaps and Responsibility, (continued)
- RE: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 06)
- Re: Worms, Air Gaps and Responsibility Crispin Cowan (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Bennett Todd (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 07)
- Message not available
- RE: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- RE: Worms, Air Gaps and Responsibility Victor Williams (May 11)