Full Disclosure mailing list archives
RE: Re: Administrivia: Testing Emergency Virus Filter..
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 20 Aug 2003 21:43:30 -0500
--On Wednesday, August 20, 2003 17:37:48 -0700 "Gary E. Miller" <gem () rellim com> wrote:
The difference is this between and secure OS and an insecure one. On an Insecure OS, the virus gets in. glues itself on anywhere in the machine. Maybe it attaches to a boot sector, maybe appends itself to a system file, edits registry, maybe all the above and a lot more, whatever. User logs out, the virus still runs as admin or root. Some virii even have hooks to turn off personal firewalls in an insecure OS. On a Secure OS, the virus can only write to the (normal) users home directory. Easy to find. Easy to delete. Virus can not write to registry, boot sector, system directories, etc. Then when the user logs out his processes are terminated or he is warned of something still running. So virus does not continue after log out. On a secure OS, the (normal) user can not edit the personal firewall setting so the cirus can not bypas that easily. Very secure OS can add even more restrictions on what a user can do. Like prevent the user from running daemons, bots, etc... The makes a huge difference in how easy it is to be infected, how easy it is to detect infection and how easy to disinfect.
Now change the word "virus" to "trojan" or "rootkit", and your defense of *nix falls apart. OSes aren't secure unless *people* properly configure them. *Any* OS can be hacked if it's not properly maintained.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Administrivia: Testing Emergency Virus Filter.., (continued)
- RE: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Bryan Allen (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Valdis . Kletnieks (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Paul Schmehl (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 21)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 20)
- Re: Re: Administrivia: Testing Emergency Virus Filter.. Thor Larholm (Aug 21)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 21)