Re: [Full-disclosure] Dumb question: Is Windows box behind a router safe ?

[Mary Landesman <marylande@xxxxxxxxx>]

>
> The more appropriate question would be "Is a Windows box safe with a
> user behind it?" since today's threats require that you browse to the
> danger, or click an "OK" button first :-)


Shall we just ignore the thousands of variants of Virut which are  
extremely prevalent? Virut is a file infecting virus combined with an  
IRC backdoor. Or how about the Nirbot family, which is like Virut only  
it includes RPC and LSASS exploits for additional means of  
propagation. How about the ubiquitous autorun worms that propagate via  
removable, fixed, and shared drives? How about those that are a  
combination of all of the above?

As for "browse to the danger" do you mean open a browser window and  
perform a search using your favorite search engine? Or browsing to  
your favorite trusted news, sports, enterprise website that happens to  
work with advertising networks that happened to be infiltrated by a  
malicious ad run? Or browsing to any of the other millions of websites  
which happened to be compromised via SQLi, stolen credentials, poorly  
configured settings, or any number of means? All of the above are  
viable means of malware exposure, simply by opening the browser.

The malware problem is not user-driven (nor is it Windows-specific).

-- Mary



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/