Would a firewall prevent Sasser worm?

Discussion in 'Computer Security' started by Piotr Makley, May 4, 2004.

  1. Some do. Another reason to choose SuSE. :)
    Linus distros are competitive and provides a choice.

    MS's recent update CD package had a proprietary virus scanner for CA
    in the package.
    AntiVir is not open source. It's proprietary but free for
    non-commercial use. Also available for Windows. Free for
    non-commercial use.

    There are some open-source anti-virus tools usually included with a
    Linux distro.

    As for having a business reason with open source; if one has
    developed anti-virus software because one cannot trust closed-source
    anti-virus software for some reason, then there are business reasons
    for providing that software as open source to the community if one
    isn't in the anti-virus software *business*. Open-sourcing means
    free code reviews and enhancement suggestions for example. It also
    enhances the reputation of the "publisher".
     
    Bernd Felsche, May 8, 2004
    1. Advertisements

  2. Doesn't prevent them from becoming a spamming zombie.
     
    Bernd Felsche, May 8, 2004
    1. Advertisements

  3. May edition of Linux Magazine has 10.0 as the cover-DVD.
    Version: Mandrake Linux 10.0 Community-download-i586 20040305 18:50

    Just drop it in the DVD drive and reboot the system. Boot from the
    DVD... you may have to twiddle with the BIOS.

    Probably easier, cheaper and quicker just to buy the magazine.
    Saves a few gigabytes of downloading and burning.
     
    Bernd Felsche, May 8, 2004
  4. Absolutely.
     
    Bernd Felsche, May 8, 2004
  5. Ooh... anniversary. Worth a celebratory drink or three. :)
    2 days. Kernel patch. Not because it's needed as vulnerabilities
    fixed can only be exploit by moi.
     
    Bernd Felsche, May 8, 2004
  6. Antivir isn't open source. It's free for personal, non-profit use.
    No. Not saying any such thing.

    I've asked how many Linux viruses are out in the wild? i.e. self
    propagating.

    Linux mail applications still know the difference between data and
    executable. Although it's possible to "open" an executeable and to
    have it run locally with the luser's permissions, that can only
    impact on what the luser can access.
    Only if Mickeysoft start writing Linux applications that require
    root privileges to run.

    Linux is not a mono-culture. The variety of distributions and
    versions prevents many of the possible exploits from working and
    propagating.

    But I do know that Wine is so good at running Windows apps under
    Linux that somebody clicking on an attachment within Lookout!
    running under it, managed to "infect" his Wine registry and started
    getting all sorts of wierd errors revealing some shortcomings in
    Wine's bug-for-bug compatability. Skull-and-crossbones for that
    Wine window!

    His Linux wasn't infected.
     
    Bernd Felsche, May 8, 2004
  7. Linux can be made to look like Windows as well.

    It demonstrates good taste (or maybe successful aversion therapy)
    that most Linux users choose not to have that setup.

    So; what about XP's ability to preserve viruses after NAV has
    "cleaned them up"? Most lusers don't even know that their computer
    does anything like that.
     
    Bernd Felsche, May 8, 2004
  8. Violating ISP TOS? Not with any ISP around here.

    There are plenty of legitimate reasons to share files. If you have
    family spread over 5 continents, then sharing photos, sound clips,
    etc is perfectly legitimate. P2P is peer-to-peer. It just means that
    you enter into agreement with another individual to share files,
    without paying for an intermediary to do the job.
    Network address translation does nothing more than hide "internal"
    addresses from the outside world.

    You are talking about filtering, which is one of the functions of a
    _firewall_. NAT is network address translation. If the router with
    NAT has the ability to filter packets, then it's also a packet
    filtering firewall.

    A router capable of NAT doesn't necessarily provide the facility to
    filter packets.
     
    Bernd Felsche, May 8, 2004
  9. By the time those are done, the PC will be infected. NAV will try to
    clean it up but XP "Recovery" will restore it and the previous, out
    of date NAV database.
     
    Bernd Felsche, May 8, 2004
  10. Piotr Makley

    Leythos Guest

    Nope, I posted in another thread that she sits behind a router already.
    I never forget security, I'm in the security business.
     
    Leythos, May 8, 2004
  11. The point is that not every luser has that luxury.

    Security is everybody's business. Otherwise it doesn't work.
     
    Bernd Felsche, May 8, 2004
  12. It refers to my comment above: "...And Unix architecture is far better
    than Windows, in the sense that software modules can be isolated from
    each other."

    Windows started with a linear memory model, because it is originally a
    single user system. It is hard to prevent applications from colliding
    with each other, especially if they are malicious, and try to do tricks
    like privilege escalation.

    In Unix it is possible to run each application instance in a separate
    sandbox. From Intel 80386 onwards there has even been hardware support
    for it. In Windows sandboxes aren't used routinely, except with Java
    Virtual Machine.

    -- Lassi
     
    Lassi =?iso-8859-1?Q?Hippel=E4inen?=, May 9, 2004
  13. Piotr Makley

    xpyttl Guest

    The JVM is unrelated to the "hardware support" for a "sandbox" in the 386+.
    Windows rarely uses the 386 VM, and Unix never uses it. Windows does not
    use it to implement the JVM. Just because they both have VM in the name
    doesn't imply that there is a relationship.

    The protection between application instances is very similar between recent
    versions of Windows and Unix. Both rely on the virtual memory model of the
    x86, and they are used almost identically. One could argue that on Windows
    versions prior to NT 4.0 there were some holes in the operating system code
    that weren't possible in Unix, but since then, the memory model has been
    similar. There really isn't a "sandbox" in either, other than the JVM,
    which is a programmatic, rather than hardware, concept.

    What you got right, however, is that Unix has a much better developed
    concept of a "user" and what constraints to place on a user. Even in the
    most recent versions of Windows that concept still needs some development.

    ...
     
    xpyttl, May 9, 2004
  14. Amen to that. Back in my uni days when I learned C++ one of the things they
    kept hammering home was to watch your buffer usage carefully. You can't
    blame the language for the complete incompetence of some of the people using
    it.
     
    Phil Da Lick!, May 10, 2004
  15. I didn't claim they are the same. They are different developments from a
    decades old basic idea. At abstract level there is a relationship.
    That's why (IMHO) calling both 9X and NT as 'Windows' is a bit
    cheating...
    My main point. Sorry for explaining it so badly.

    -- Lassi
     
    Lassi =?iso-8859-1?Q?Hippel=E4inen?=, May 10, 2004
  16. Piotr Makley

    Nigel Wade Guest

    I take it from this that your mother-in-law installed her own system, from
    scratch, in one evening? And does she know how to secure her installation
    properly?
     
    Nigel Wade, May 10, 2004
  17. Piotr Makley

    Nigel Wade Guest

    You haven't included the time it's taken her to go out and buy Windows and
    Office. Lets assume it's an online purchase as local shops probably won't
    have OEM versions for sale (also, as she's not buying any hardware with
    Windows/Office to justify the OEM license, the OEM license is not valid; we
    really ought to include the fine for running unlicensed software if we want
    a true comparison). So that's (being generous) 2 days lost productivity at
    $25/hour = $400.

    Time to install Windows:
    1 hour

    Time to install all necessary drivers (including reboots) and configure
    basic networking etc.
    1 hour - and your system is now completely vulnerable unless you add the
    cost, and time, to install a firewall and anti-virus software. You should
    also download all the MS critical updates (about 3-4 hours on a broadband
    connection IIRC).

    Time to install Office
    30 mins

    zero, it gets overwritten during the install if you require.
    Fedora takes abount 30 mins if you know what you are doing, I'd guess
    Mandrake to be the same. So, for a first install it's about the right ball
    park. Thats to install a fully loaded system, Office, full development etc.
    networking up and running. Considerably less than the time it takes for a
    novice user to install Windows (why isn't my USB port working? What
    motherboard drivers?).
    Included in the above.
    Why? You've not included the time it takes to get it working in the Windows
    setup? I would expect Linux to detect and use it without any problem,
    although I've never used a Travan.
    Again, you have not included this in the costing for Windows install.
    And if you don't even know what you used for backup, what hope is there for
    you? Besides, there's no need to restore the data, Linux will quite happily
    read it from the Windows partition.
    It's likely on the CDs, and would be installed with everything else if you
    wanted it.

    As with all "comparisons" I've seen of Windows vs. Linux "true" costs,
    you've managed to conveniently ignore the true costs of Windows.
     
    Nigel Wade, May 10, 2004
  18. Piotr Makley

    Nigel Wade Guest

    Linux doesn't require any AV software, and therefore no updates either.
     
    Nigel Wade, May 10, 2004
  19. Piotr Makley

    Nigel Wade Guest

    I think you've got that backwards. That's the Microsoft, not Linux, tag line.
     
    Nigel Wade, May 10, 2004
  20. Piotr Makley

    Leythos Guest

    I didn't conveniently miss anything - I threw this out based on a quick
    review of what I thought it would take. I can see that I did miss a
    couple things, but it's still about the same cost in all. I was only
    looking at Mandrake 10 because there was a poster that specifically
    stated that M10 was as easy to install and use as XP.

    What would be nice is if we could get two machines, side by side (and I
    happen to have two machines with the exact same config in my office) and
    run the install on both to see what really happens. Once I get the
    production release of M10 and Open Office, I'll do just that - install
    both, taking notes of all steps, and time, I'll assume that I have blank
    drives, with data burned to DVD or CD as backup.

    When I get done I'll post the results.
     
    Leythos, May 10, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.