Re: Comptuer Virus Help

Sebastian Gottschalk wrote:
kurt wismer wrote:

Sebastian Gottschalk wrote:
[snip]
Real protection against viruses is provided by ACLs, implementing a global
no-exec policy and by not allowing automatic code execution.
by acls i imagine you're making a reference to least privilege... fred cohen's early experiments with viruses demonstrate fairly unequivocally that least privilege does not stop viruses... it is a speed bump, not a road block - it will interfere with those viruses that were made with the assumption of having admin access and that's about all...

ACLs that are set such all write access to binaries is denied will stop
viruses totally: they can't spread.

you must have an interesting definition of 'binaries'...

as for trying to control execution, determining executable data from non-executable data is undecidable in the general case...

That's why such policies also have to be enforced by programs. If you allow
the users to execute perl.exe, well, then you have a problem.

i'm sorry, i obviously wasn't clear... i meant undecidable in the computational complexity sense of the word... the computer can't figure such things out (which, by the way, is part of the reason why we 'tend' to mark executable content with special file extensions in dos/windows or execute flags under *nix)...

perl is not the only complicating factor, many tools are scriptable in some sense these days... ms word or alternatively open office are susceptible to viruses - are you going to disallow opening documents too?

they can be valuable additions to a defense in depth approach, but they are not, by themselves, a solution to the virus problem...

They are. Trivially.

it's interesting that you think a problem widely known to be unsolvable has such a strait-forward solution...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
.

Relevant Pages

  • Re: [opensuse] Who said Linux doesnot get Virus infections
    ... you can execute a screen saver if you test it. ... They're under the general "viruses" tag. ... files/systems to infect. ... The classical viruses come in two groups boot sector and binary file ...
    (SuSE)
  • Re: [Full-Disclosure] Viral infection via Serial Cable
    ... Current viruses do not even need user ... some expect to contact a stupid user who's using some ... The worms are using servers and their vulnerabilities (and the admin ... There were no known way for automatically execute the ...
    (Full-Disclosure)
  • Re: Get your free microsoft secuirty posters
    ... >The key point of the paper is that viruses can exist in any ... >computing system, no matter how it is implemented. ... The main defense is to not execute untrusted code. ...
    (alt.computer.security)
  • Re: Get your free microsoft secuirty posters
    ... >>The key point of the paper is that viruses can exist in any ... The main defense is to not execute untrusted code. ... What are Software Patents for? ...
    (alt.computer.security)
  • Re: SeTcbPrivilege privilege
    ... I tried using 'ntrights' to set the SeTcbPrivilege to the user, ... 'showpriv' is showing me the privilege as set. ... the problem of not being able to execute RSoP.msc (as I replied to ...
    (microsoft.public.windows.server.active_directory)