Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

One Program To Kill Them All


  • Please log in to reply
11 replies to this topic

#1 mz30

mz30

  • Members
  • 828 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:liverpool,england
  • Local time:04:10 AM

Posted 26 March 2007 - 01:36 PM

as a bit of div i was wondering is it possible or will it ever be possible to iradicate all internet security threats

i mean i'm not really sure if it can be done but surely the amount of time spent by all the great members of the hjt team here and those of other sites is there no one or no collection of people trying to find a program
for all eventualities ?
what i'm trying to say is there can only be so many avenues these horrible infecters can try ,is'nt there ?
maybe i am a little naive when it comes to security but would pprecite any relys you could give thankyou :thumbsup:

Edited by mz30, 26 March 2007 - 01:37 PM.

god my head hurts.
if you don't ask ,you don't know



Posted Image

BC AdBot (Login to Remove)

 


m

#2 Mr Alpha

Mr Alpha

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:10 AM

Posted 26 March 2007 - 01:42 PM

I doubt a program will ever be able to satisfactorily plug the biggest security hole, the one between the keyboard and the computer.
"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

#3 mz30

mz30
  • Topic Starter

  • Members
  • 828 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:liverpool,england
  • Local time:04:10 AM

Posted 26 March 2007 - 01:50 PM

I doubt a program will ever be able to satisfactorily plug the biggest security hole, the one between the keyboard and the computer.

:thumbsup: y :flowers:
god my head hurts.
if you don't ask ,you don't know



Posted Image

#4 JohnWho

JohnWho

    Who was running the store?


  • Members
  • 2,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Bay Area, Florida, USA
  • Local time:11:10 PM

Posted 26 March 2007 - 02:21 PM

"PICNIC" -

Problem in chair, not in computer.


:thumbsup:


I know you think you understand what you thought I said,
but I'm not sure you realize that what you heard is not what I meant!


#5 arcman

arcman

  • Members
  • 706 posts
  • OFFLINE
  •  
  • Location:Michigan
  • Local time:11:10 PM

Posted 26 March 2007 - 02:36 PM

I doubt a program will ever be able to satisfactorily plug the biggest security hole, the one between the keyboard and the computer.

Definitely a big factor, though another major issue is that Microsoft has only just now, with the release of Vista, started to implement the policy of not setting up every account as the Administrator/Root/Super User. If you've ever used a *NIX OS you know that using the root account for everyday tasks is NOT recommended. It only takes one network exploit or a user opening up a trojan and suddenly malicious code has control of the root account, and thus control over every OS system file.

The main reason OS X has no viruses in the wild isn't because they play second-fiddle to Windows, it's because you have to enter a password via sudo any time you make a system-wide change to the OS. Make all the viruses you want for Linux/Unix/OS X, but unless the user is dumb enough to actually give the virus program their account password, the virus won't be able to do jack. Compare that to a default WinXP setup, where all you have to do to have worms spreading through your system is connect to the internet for 15 seconds without a firewall.

If XP had simply set up every default account as Limited instead of Administrator, and required a password for administrative operations, 90% of the virus/trojan issues out there for Win32 probably wouldn't exist. The functionality was all set up for that with NTFS permissions, they just had to actually make the Limited account usable for day-to-day use (as it is, you can barely run a CD-Player application without needing the admin account).
Vista has attempted to fix this with UAC (Cancel or Allow?), but since they've made it about 50 times more annoying than sudo a lot of users seem to be turning it off and sacrificing the security benefit.

Edited by arcman, 26 March 2007 - 02:41 PM.

Posted Image

#6 Mr Alpha

Mr Alpha

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:10 AM

Posted 26 March 2007 - 03:20 PM

Microsoft turning on the firewall in SP2 pretty much put a stop to the intenet worms. Now for a piece of malware to get onto a computer the computer has to initiate the connection.

The Limited User and UAC (User Account Control) issues are related. That you can't run as limited user isn't really Microsoft's fault, but lazy third party developers. UAC is an attempt to fix this by Microsoft. The fact is that once you got the computer setup as you want and the applications installed you need UAC pretty much disappears, except for those same third party applications which demand administrative privileges. Either you have to agree with Microsoft's attempt at fixing it with UAC, or you have to find yourself in the fact that it doesn't really need fixing that bad.
"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

#7 arcman

arcman

  • Members
  • 706 posts
  • OFFLINE
  •  
  • Location:Michigan
  • Local time:11:10 PM

Posted 26 March 2007 - 04:05 PM

Microsoft turning on the firewall in SP2 pretty much put a stop to the intenet worms. Now for a piece of malware to get onto a computer the computer has to initiate the connection.

That is true, SP2 fixed a lot of stuff. Although the root problem (hah, no pun intended) still exists, you can still hop on to a site with malicious activex code and find yourself with more "helper" applications than you ever wanted.

The Limited User and UAC (User Account Control) issues are related. That you can't run as limited user isn't really Microsoft's fault, but lazy third party developers. UAC is an attempt to fix this by Microsoft. The fact is that once you got the computer setup as you want and the applications installed you need UAC pretty much disappears, except for those same third party applications which demand administrative privileges. Either you have to agree with Microsoft's attempt at fixing it with UAC, or you have to find yourself in the fact that it doesn't really need fixing that bad.

UAC is definitely the right step to fix the problem, I think it needs a bit more polish, though. One of the nicer features of sudo for example is that once you confirm your account through it with your password, there's a set period of time before you have to re-enter it to perform another administrative action. For when you're doing a lot of changes or system installs, this keeps authentication out of your way while still keeping your system secure. UAC isn't quite so intelligent, it brings up the dialog whenever access needs granting, so some users are seeing it as more of a nuisance than they're willing to accommodate.
Posted Image

#8 JohnWho

JohnWho

    Who was running the store?


  • Members
  • 2,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Bay Area, Florida, USA
  • Local time:11:10 PM

Posted 26 March 2007 - 04:15 PM

One of the nicer features of sudo for example is that once you confirm your account through it with your password, there's a set period of time before you have to re-enter it to perform another administrative action. For when you're doing a lot of changes or system installs, this keeps authentication out of your way while still keeping your system secure. .



I hope I'm misunderstanding that -

during that "set time period", could any program, including a malicious one, perform an "administrative" type action?

If so, I can see an "open door" situation just waiting to be exploited.

Edited by JohnWho, 26 March 2007 - 04:16 PM.


I know you think you understand what you thought I said,
but I'm not sure you realize that what you heard is not what I meant!


#9 arcman

arcman

  • Members
  • 706 posts
  • OFFLINE
  •  
  • Location:Michigan
  • Local time:11:10 PM

Posted 26 March 2007 - 04:30 PM


One of the nicer features of sudo for example is that once you confirm your account through it with your password, there's a set period of time before you have to re-enter it to perform another administrative action. For when you're doing a lot of changes or system installs, this keeps authentication out of your way while still keeping your system secure. .



I hope I'm misunderstanding that -

during that "set time period", could any program, including a malicious one, perform an "administrative" type action?

If so, I can see an "open door" situation just waiting to be exploited.

Well, the sudo command doesn't simply lift all access restrictions from the file system, it simply elevates a user status to the root permission group for the duration of the command. You still have to prefix your command with sudo, but if you preform two sudo operations in succession, the second operation won't require you to re-authenticate. The time before you have to re-authenticate (usually) isn't that long, so even if a virus writer were to prefix the commands in his code with sudo, the possibility of it getting to that window where he doesn't have to authenticate is very low.

Of course, as is the case with most *nix software, this option is configurable. If you want sudo to be more secure you can simply turn the timestamp_timeout option off.
Posted Image

#10 JohnWho

JohnWho

    Who was running the store?


  • Members
  • 2,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Bay Area, Florida, USA
  • Local time:11:10 PM

Posted 26 March 2007 - 05:10 PM

Ah, that sounds much better.

Question:

sudo appears to be a downloadable program.

Is it included with OS X and other *nix distributions routinely?


I know you think you understand what you thought I said,
but I'm not sure you realize that what you heard is not what I meant!


#11 arcman

arcman

  • Members
  • 706 posts
  • OFFLINE
  •  
  • Location:Michigan
  • Local time:11:10 PM

Posted 26 March 2007 - 05:22 PM

Oh my yes. :thumbsup:

sudo is very common in Unix and Unix-like OSes, including Linux and OS X. When OS X asks for a system password, it's actually performing a sudo operation using a gui frontend. Ubuntu also performs it's admin tasks this way by default.
Posted Image

#12 mz30

mz30
  • Topic Starter

  • Members
  • 828 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:liverpool,england
  • Local time:04:10 AM

Posted 14 April 2007 - 07:03 PM

seen as i strted this topic a while ago and after spending time here at bc and lerned alittle i will try to rephrase the question what i was trying to ask (stay with me as i still may be wrong) :thumbsup:
all threats are basically numeric codes (i think) well is it not possible to have a program which runs like an anti virus,anti spyware but caters for all the variables ? what i mean there must be a limited amount of variables tht can infect your computer right?maybe i am a little out of my depth thinking this and mybe you would need a computer the size of the starship enterprise but surely bill gates with all his $$$$ must have the resources to make this a reality or would that put other comanies owned by microsoft dealing with these issues out of buisness so now that iv'e thought about it infections are good buisness so i thinkl iv'e just answered my own question :flowers:
god my head hurts.
if you don't ask ,you don't know



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users