Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?
From: Paul D. Robertson (paul_at_compuwar.net)
Date: 06/01/05
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
- Next in thread: R. DuFresne: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
- Reply: R. DuFresne: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Marcus J. Ranum" <mjr@ranum.com> Date: Tue, 31 May 2005 18:28:08 -0400 (EDT)
On Tue, 31 May 2005, Marcus J. Ranum wrote:
> Paul D. Robertson wrote:
> >AV isn't going to be effective against most custom Trojan Horses.
>
> We've always known that this was the end-game of malware. And I
> know you've been part of the choir on this particular psalm for a
> very long time. :)
Absolutely! I'm just singing a quick chorus of "now is the hour of our
discontent!"
I always used to say "If I wrote a Trojan..." or "If an attacker modified
or wrote a Trojan..." Now we get to say "Like that guy who wrote that
Trojan..."
I'm facing the fact that we're stuck with a bunch of reactive management
weasels. Fine, here's something they can react to! Then they can pat
themselves on the back for reacting to it "before it happened to us!"
> 99% of the firewalls out there are already _way_ too
> permissive; they allow arbitrary traffic outbound on many
> services, because their administrators somehow think
> that merely controlling port flows is "security" I was swapping
> Email with a guy last week who was puzzling over "how do
> you do SMB securely through a firewall?" and he seemed
> to think I was a nutbar for replying "You can't. Period." As
> if simply *wishing* it were securable were enough! The
But we have a firewall, and I'm letting it through- so it's secure now
isn't it?
> If custom trojans become a mass-media security meme,
> then look for a handful of venture-funded startups in the
> next year, offering bogus products designed to detect
> and trap these custom malware agents. Of course they
> won't work but they'll make a lot of fools sleep better
> and they'll make a lot of canny businessmen rich(er).
I *still* contend that removing the execute bit from attachments saved on
MS desktops would give everyone lots more time to deal with credible and
actual threats, rather than the noise that's become a threat simply
because of the volume. But I suppose if you spend years forcing your
loader to load and execute any manner of garbage as happily as it can,
you'd probably be resistant to that too...
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
- Next in thread: R. DuFresne: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
- Reply: R. DuFresne: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
