The Desktop Security Battle May Be Lost 389
Trailrunner7 writes in with a Threatpost.com article that begins: "For years, security experts, analysts and even users have been lamenting the state of desktop security. Viruses, spam, Trojans and rootkits have added up to create an ugly picture. But, the good news is that the desktop security battle may be over. The less-than-good news, however, is that we may have lost it. Jeremiah Grossman, CTO of WhiteHat Security, said Thursday that many organizations, particularly in the financial services industry, have gotten to the point of assuming that their customers' desktops are compromised. And moving forward from that assumption, things don't get much prettier." It goes on to speculate about home routers being targeted and infected.
Re:Though the Times They May Look Grim ... (Score:5, Informative)
Re:Don't worry! (Score:3, Informative)
Re:Except you still miss the point (Score:3, Informative)
A hardened Linux PC makes a fine router. Older hardware will do the job just fine too, so nothing expensive or exotic is required.
No-Charge Solution (Score:5, Informative)
I think this is the article http://linux.slashdot.org/story/10/03/25/2350236/Can-Ubuntu-Save-Online-Banking [slashdot.org]
Re:Though the Times They May Look Grim ... (Score:5, Informative)
Telus gave us this really crappy DSL/Wireless router. I never changed the admin password (admin/telus) on it, but I put a wireless password on it.
To quote the Mythbusters, "Well there's your problem!"
Re:And this is why... (Score:3, Informative)
Test it for yourself. Write a script on a Linux machine and try to execute it without adding execute permissions. You can't do it.
$echo 'whoami' > test.sh
$sh test.sh
themoof
$
Just sayin....
Re:Though the Times They May Look Grim ... (Score:5, Informative)
The article states "These are all reasonable assumptions based on real-world attacks that have been going on for some time now. Attackers have been targeting home networking equipment for a couple of years, using a combination of vulnerabilities in the firmware and hardware to get control of home users' outbound Internet traffic". Links within the original blog post discuss botnets that are already attacking Linux-based routers [computerworld.com]
There's nothing "hypothetical" about this threat.
Re:Assign responsibility to those who can do.... (Score:2, Informative)
It seems reasonable to assume that most if not all of those IP addresses represent infected machines.
Sadly, you are wrong. Port scans are almost never malicious.
In reality, the vast majority of those scans are from automated systems counting worms for non-malicious purposes, curious hackers, researchers, or ISPs maintaining and monitoring their segments.
Real malware does not bother to scan. It attacks without scanning because it is quicker and no less effective. Instead of waiting for a scan to time out, it launches multiple attack streams and closes down the ones that time out while spawning new ones. Scans are essentially wasted resources from the point of view of a malware author, recent malware does not bother.
When you see single port hits, or multiple simultaneous selective port hits, you are probably seeing malware. Nmap scans and portwalking scans, nope, that's just some poor schmuck at the NOC trying to find out which IPs are customer nodes and which ones are the equipment his predecessor installed without documenting it.
Mod Parent Up. (Score:5, Informative)
Re:Though the Times They May Look Grim ... (Score:3, Informative)
*slap*
It's x86_64 or x86. There's no such thing as x64.
Re:Mod Parent Up. (Score:5, Informative)
Re:KeyKOS or EROS usability? (Score:3, Informative)
You can have filenames; you just keep them in a namespace that's accessible only to the user (or the user's file manager or whatever). If you have a CLI, you type "program <filename>", and the CLI runs an instance of that program and gives it a capability to that file, rather than passing it the name. If you have a GUI, you probably do something like dragging the file onto the program, and the UI creates an instance of the program and passes it the capability.
You're correct that most programs wouldn't be able to have their own open dialogs. They'd have to rely on capabilities passed in from the user's file manager. Probably you'd express that by dragging again. That's actually more "desktop" than having an open dialog anyway.
You could support thumbnails by having a little program that generated a thumbnail from a file and did nothing else. Since you can prevent that program from leaking the information from the files, it's relatively safe to have the file manager call it with a read-only capability to every file in turn, and display the results.
The same applies to things like indexers. Although they'd be relatively powerful and dangerous, they wouldn't be remotely as dangerous as the simplest program in today's OSes, because you could prevent them from leaking the information to anyplace other than their indexes.
If you want to insert a file into a document, that looks like another drag operation. You drag the file into an existing instance of a program, rather than onto a factory icon.
It's pretty easy not to pass the same capability to multiple programs or instances of the same program (and pretty easy for them to detect it if you do, assuming they have write access to the file, or assuming you have a reasonable set of locking primitives).
Yeah, you'll lose some memory to separate instances. You can share all the program text, but the heap is gonna suck up space. It would presumably pay to be economical about building huge "dynamic" structures every time anybody ran your program. On the other hand, think of all the space you won't be wasting on every program having its own open dialog...
Capdesk isn't really unpleasant conceptually, if you want a toy example.
It's not free, and it can't be invisible to the user, but it's not so horrible as all that.