RE: [Full-Disclosure] Re: Administrivia: Testing Emergency VirusFilter..

[Paul Schmehl <pauls@utdallas.edu>]

--On Wednesday, August 20, 2003 17:37:48 -0700 "Gary E. Miller" 
<gem@rellim.com> wrote:
>
> The difference is this between and secure OS and an insecure one.
>
> On an Insecure OS, the virus gets in. glues itself on anywhere in the
> machine.  Maybe it attaches to a boot sector, maybe appends itself to
> a system file, edits registry, maybe all the above and a lot more,
> whatever.  User logs out, the virus still runs as admin or root.
>
> Some virii even have hooks to turn off personal firewalls in an insecure
> OS.
>
> On a Secure OS, the virus can only write to the (normal) users home
> directory.  Easy to find.  Easy to delete.  Virus can not write to
> registry, boot sector, system directories, etc.  Then when the user logs
> out his processes are terminated or he is warned of something still
> running.  So virus does not continue after log out.
>
> On a secure OS, the (normal) user can not edit the personal firewall
> setting so the cirus can not bypas that easily.
>
> Very secure OS can add even more restrictions on what a user can do.  Like
> prevent the user from running daemons, bots, etc...
>
> The makes a huge difference in how easy it is to be infected, how easy
> it is to detect infection and how easy to disinfect.

Now change the word "virus" to "trojan" or "rootkit", and your defense of 
*nix falls apart.  OSes aren't secure unless *people* properly configure 
them.  *Any* OS can be hacked if it's not properly maintained.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html