Re: And another one just for fun!

From: elsid (elsid_at_crbn.com)
Date: 08/24/03 

Date: Sun, 24 Aug 2003 08:08:00 -0700

Greetings:

Actually the trick is to prevent unauthorized access to the hard disk. If
the attacking/compromised process cannot get to the disk it cannot infect it
with a worm or Trojan horse or worse still destroy or steal information.

This requires a re thinking of computer security as a whole and moving away
from the "you can't get in my system" paradigm, which is akin to protecting
the countries borders, to 'this data (file,directory,file system, device)
can only be accessed in this manner'.

This is done by defining absolute rules of behavior for the resources on
your disk and implementing them at the system level so they cannot be
circomvented.

For example a rule such as "Executable programs can only be opened for
reading." prevents any executable program from being written to the disk.
So the email attachment cannot infect the disk with a worm or Trojan because
that means opening an executable for writing. The attachment cannot even
write a non executable file and rename as an executable it because
executables cannot be used in the rename system call because there is no
rule to cover it.

Similarly your registry is protected because it would also be covered by a
rule that states that it may only be opened for read.

Another example would be the "Credit card data file may only be opened by
the credit card program." thus no other program ( ftp, notepad, etc...) can
open the file to steal or corrupt it. In addition since the credit card
program is the only one that can access the data then the data will only
ever be accessed in the manner defined by the people who wrote the credit
card program.

Regards
Robert
elsid@crbn.com
http://www.crbn.com
Blue Steel Technology, Inc.

Jim Watt <jimwatt@aol.no.way> wrote in message
news:7l0hkvk8h66tq7m9mo6fvj249agnis295u@4ax.com...
> On Sun, 24 Aug 2003 06:54:29 GMT, "Lohkee" <Lohkee@worldnet.att.net>
> wrote:
>
> >Anti-Virus Software
> >Copyright (c) Lohkee 2003
> >All rights reserved
>
> <snip>
>
> It is indeed time to question whether we still need to continuously
> run software that will detect a virus on the boot sector of our 5 1/4
> disks.
>
> IMHO removing all executable attachments at the mail server gives
> more protection than AV software that the users have not updated
> for six months.
>
> It also consumes no user machine resources.
> --
> Jim Watt http://www.gibnet.com

Relevant Pages

  • Re: win2000 has spyware, can I logon with console repair and delete files to
    ... Well if it had that much malware on it and it was my computer, ... try downloading some free tools from ... can show the processes and map them to the owner executables and in ... well except the disk would be going full speed at ...
    (microsoft.public.win2000.security)
  • Re: win2000 has spyware, can I logon with console repair and delete files to
    ... its a laptop with a super small 2.1G disk. ... It insists on making 2 drives, ... AV, did the live updates, 24Mb of stuff, and yanked the network cable as ... > can show the processes and map them to the owner executables and in ...
    (microsoft.public.win2000.security)
  • Re: Small executables
    ... pesistent disk utilization alone. ... But this is why I continue to suggest that executables be compressed ... ISTM that compression at EXE generate time ... But the run-time overhead is not only in decompression, ...
    (comp.lang.pascal.delphi.misc)
  • Re: VC++ 6 vs. VC++ express: please advise
    ... It also cannot produce 64 bit executables. ... is very standards compliant. ... disk, and display some results. ...
    (microsoft.public.vc.language)
  • Re: And another one just for fun!
    ... Actually the trick is to prevent unauthorized access to the hard disk. ... So the email attachment cannot infect the disk with a worm or Trojan because ... executables cannot be used in the rename system call because there is no ... Another example would be the "Credit card data file may only be opened by ...
    (alt.computer.security)