Re: Online Armor Firewall?

Sebastian G. wrote:

bassbag wrote:

Sebastian G. wrote:

bassbag wrote:


- buffer overflows in the kernel-mode driver due to lacking
parameter validation - runs a privileged service with 6
invisible windows, making it vulnerable to shatter attacks
Can you provide links to this ,and also links to show that the
vendor is unwilling to fix this?

Sorry, the 30 days of disclosure time aren't over yet. At any
rate, the windows for the shatter attacks are trivial to see with
Spy++.

Are you referring to matousec or secunia advisorys?


Hm? I haven't seen any of those ever discussing shatter attacks. But
well, Google is your friend. I for one only post public advisories on
Bugtraq, if the vendor fails to address the vulnerabilities
appropriately.

Thats true ,and why many prefer a lyered approach to security in
case one part fails.


"Layered security" is a typical buzzword showing a misinterpretation
of "defense in depth". Vertically stacked independent layers with
enforcable security policies increase security, because breaking the
system requires breaking all intermediate layers. Horizontally
side-by-side layers, as you describe your system, decrease security,
because exploiting just one layer compromises all other layers in the
same security context.

Can you give any software examples of vertically stacked independent
layers with enforcable security policies for the home user on a windows
OS?.

What security would you recommend using such as av
,firewall,hips (if any) etc and what would be your reasons?


AV - none at all, since it doesn't even partially solve any problem
and only introduces new vulnerabilities. A plain virus scanner not
using any privileged service serving as a pure host-based intrusion
detection system might be beneficial,but typically not worth the
effort. And it might also be beneficial as a spam filter, but other
kinds of spam filters are typically much better.

Would you recommend that all users i.e new windows pc users, not use an
av or just those like yourself who has some knowledge

Firewall - depends on your system. I'm quite happy with a small
host-based packet filter enforcing some ingress and egress filtering.

HIPS - are you nuts? An automated solution to DoS yourself...

possibly...


--

.

Relevant Pages

  • Re: Online Armor Firewall?
    ... the windows for the shatter attacks are trivial to see with Spy++. ... I for one only post public advisories on Bugtraq, if the vendor fails to address the vulnerabilities appropriately. ... Vertically stacked independent layers with enforcable security policies increase security, because breaking the system requires breaking all intermediate layers. ...
    (comp.security.firewalls)
  • Re: Online Armor Firewall?
    ... parameter validation - runs a privileged service with 6 invisible ... the windows for the shatter attacks are trivial to see with Spy++. ... Thats true,and why many prefer a lyered approach to security in case ...
    (comp.security.firewalls)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)
  • Re: The Myth of the secure Mac
    ... OEM Windows XP Home goes for a bit under $100. ... >> secure than Home. ... Though this really has nothing to do with security. ... Microsoft counts on third-party developers to provide more ...
    (comp.sys.mac.advocacy)