[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Re: Administrivia: Testing Emergency VirusFilter.. 

Yo Drew!

On Wed, 20 Aug 2003, Drew Copley wrote:

> I don't know how that guy thought that the smtp client portion of this
> code was an OS issue... How that is OS design. I don't know why such
> people would be offering their opinion on this.

The difference is this between and secure OS and an insecure one.

On an Insecure OS, the virus gets in. glues itself on anywhere in the
machine.  Maybe it attaches to a boot sector, maybe appends itself to
a system file, edits registry, maybe all the above and a lot more,
whatever.  User logs out, the virus still runs as admin or root.

Some virii even have hooks to turn off personal firewalls in an insecure OS.

On a Secure OS, the virus can only write to the (normal) users home
directory.  Easy to find.  Easy to delete.  Virus can not write to
registry, boot sector, system directories, etc.  Then when the user logs
out his processes are terminated or he is warned of something still
running.  So virus does not continue after log out.

On a secure OS, the (normal) user can not edit the personal firewall
setting so the cirus can not bypas that easily.

Very secure OS can add even more restrictions on what a user can do.  Like
prevent the user from running daemons, bots, etc...

The makes a huge difference in how easy it is to be infected, how easy
it is to detect infection and how easy to disinfect.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
	gem@rellim.com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html