Re: Recurrent question
- From: Volker Birk <bumens@xxxxxxxxxxx>
- Date: 15 Dec 2005 13:40:21 +0100
Ric <me@xxxxxxxxxxx> wrote:
> By this reasoning an anti-virus program would be completely useless
> because it can't stop all viral infections.
No. An Anti-Virus program is useful exactly the same way a SPAM filter
is.
An Anti-Virus program DOES NOT PROTECT FROM EVERY VIRUS infection. But it
does help to filter out the annoying trials of so many malwares, which are
in the wild.
Protection against viruses only is achived by wise behaviour of PEBKAC
(and not using Windows, but OSes, which have much fewer problems in this
field).
So Anti-Virus programs can _help_ to prevent malware from running on your
PC. So can firewalls.
But it's completely useless to try to prevent malware, which already is
running, from doing what it wants to do, with the exception of concepts
like capability based systems (which are designed to do this) and
virtualization technics (which are designed to do this) or at least
technics like BSD's jail or Linux' seccomp (which are designed to to
this).
The latter technics (or something like that) are impossible with Windows,
because of the fact, that Windows messages are a pushing IPC without any
security system, and that all Windows applications are relying upon this.
> I can see your point though. There is a lot of code out there for
> defeating personal firewalls.
Yes. And it's trivial to write it.
> I think one of the best uses for a rules based personal firewall is to
> interactively teach users what is happening on their computers
The opposite is true.
It is completely useless to teach somebody about technical aspects of
what's going on, who is not able to understand even the basics.
A security system for end users has to do its job _invisible_ for the
user, it has to _secure_ the user whatever he does, and the worst mistake
is to depend on user's decisions.
All what I can (or must) read on c.s.* and d.c.s.* documents this: users
even don't understand, that a "port" is not a "door" or a "harbour", but
just a maintenance number. They don't understand, what a process is -
of course they don't, because how should they? Without hearing about
operating systems and the concepts of userland and kernelspace, and why
implementing protection, and what is meant with "protection" here, how
should they at all?
Without knowing about the TCP/IP protocol family, and knowledge about
the BSD sockets API, how should anybody understand what's going on here?
Teaching users by alerting "The process svchost.exe tries to open port 53,
do you want to allow this?" - IBTD.
Even an IT professional cannot answer this question correctly, and
%USERNAME% cannot understand what's going on here at all.
> Personal firewalls are popular.
Yes. This is the problem Microsoft brought to us by being so stupid to
open sockets and even offer DCE RPC to the Internet with every home user's
Windows box _before_ Windows XP SP2.
And since then, there is the Windows-Firewall. It is only the second best
concept, because it's ridiculous and dumb from Microsoft not just to stop
offering TCP servers and RPC to the complete world, but at least they're
filtering away this afterwards.
So now "Personal Firewalls" are completely useless, even if one does not
stop those TCP servers and DCE RPC manually.
And: they often are dangerous, too, because many of them open additional
security leaks, you don't have with just stopping TCP servers and RCP or
by using the Windows-Firewall.
> I think people will continue to use
> them no matter how insecure they are
I fear, you're right here.
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister
.
- Follow-Ups:
- Re: Recurrent question
- From: Ric
- Re: Recurrent question
- References:
- Recurrent question
- From: GRL
- Re: Recurrent question
- From: Volker Birk
- Re: Recurrent question
- From: Sla#s
- Re: Recurrent question
- From: Volker Birk
- Re: Recurrent question
- From: Ric
- Recurrent question
- Prev by Date: outpost pro free/ http://echkelon.blogspot.com/
- Next by Date: Re: Firebox II Basic Setup
- Previous by thread: Re: Recurrent question
- Next by thread: Re: Recurrent question
- Index(es):
Relevant Pages
|
