Re: Bypassing Personal Firewalls
From: Zow (zow@llnl.gov)
Date: 02/24/03
- Previous message: Frog Man: "WihPhoto (PHP)"
- Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
- Next in thread: John Howie: "RE: Bypassing Personal Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Shaun Clowes <shaun@securereality.com.au> Date: Mon, 24 Feb 2003 12:18:39 -0800 From: "Zow" Terry Brugger <zow@llnl.gov>
Shaun,
While I've just been skimming this discussion, I felt the need to respond to
one of the points you make:
> While I can see your point here, from the OS's perspective a user doesn't
> need to be protected from themselves.
On the contrary -- process separation is one of the fundamental concepts in
modern operating systems. If you have the misfortune of remembering the DOS 5
/ Windows 3.0 days, you'll appreciate how important this function is. The
need to protect the user from something running with their privileges is also
important for protecting against Trojan horses, such as Outlook-based mail
worms. The easiest way to protect against such attacks is via sandboxing.
While I personally would like to see such sandboxing functionality integrated
directly into operating systems, it can be added via a third-party extension,
such as Janus for Solaris and Linux, or one of the PFW products for Windows.
Terry
use StandardDisclaimer.pm
- Next message: Martin Schulze: "[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability"
- Previous message: Frog Man: "WihPhoto (PHP)"
- Maybe in reply to: xenophi1e: "Bypassing Personal Firewalls"
- Next in thread: John Howie: "RE: Bypassing Personal Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
