How the internet works

 | August 6, 2008 10:43 AM

2 Responses to “How the internet works”

Topher wrote a comment on August 6, 2008

Ok, I’ll bite…. since the hook has a nice juicy wiggly worm on it.

The problem with the 5 behavioral commandments is that it provides incomplete coverage:
– Behavior is only one aspect of security. Security is a layered model. AV is only one layer. User account access privilege is another layer, personal and network firewalls are another.
– For all of the open services and ports network ports on your computer, there are scores of exploits that can install nasty things like root kits. Only an AV has a chance to detect this kind of suspicious behavior, and put run-time blocks in place. When malware is running, how will you know? XP SP2 only has an incoming connection firewall, but not outgoing firewall. I think you should know when your computer is connecting out, and where. Vista is better on this front. An AV with a personal firewall is even better.
– The “No one writes viruses for Macs” belief, is a fallacy. In the last year, the rate of mac malware has increased significantly. Besides, Apple’s year over year success in the desktop/laptop market changes the overall hacker economic conditions for Mac users. The way that Mac users look at Windows with a smug attitude is misguided. It’s not a statement that Mac OS is safer, it’s that the economics of hacking windows is far more profitable. When the Mac world crosses the “hacker economic threshold” then we’ll see a lot more effort/research from the hacker world to go after the platform. When the mac stuff hits the fan, will an AV be in place when that happens?
– Logging into Windows as an administrator is no good, you should always be running as a limited user. If you’re browsing, and you mistakenly run something you shouldn’t you can limit the damage by not having full authoritative access to every system resource.
– A lot of legit software acts malware like. For example, some of the Google Desktop index data is not stored locally. Some of it is stored at a Google data center. What if you have a Word doc that has sensitive info in it. Do you really want that stored somewhere you can’t control it?
– A lot of legit software isn’t hardened, and subject to exploits. Recent exploits/weaknesses in Adobe Reader requires you to patch or upgrade. PDF’s are supposed to be harmless. They aren’t executable, nor do they contain macro scripts like word or excel documents, they should be safe right? Not always. Once malware breaks out of the trusted container, an AV would have a chance to detect it’s questionable behavior and put in a run time stop.
– What about your wireless network at home? Are you sure it’s set up securely? WEP is trivial to break. WPA and WPA2 are the only security standards that hold mustard. Do you have a file server running at home to share family pictures or other media? Home wireless networks are exploited daily.
– What about a new software or picture frame? Instances of infected CD autorun programs, and flash disk software have been known to be released to market. Not a vector that you would suspect.
– Lastly patch patch patch.

Some of the things I mentioned I wouldn’t categorized as “risky”, but the threat is still there (i.e. opening a PDF).

The sophistication of viruses is amazing. The virus payloads often include micro-email severs, root kits, screen capture functions, key logging functions, cutting edge crypto-algorithms, morphing code, obfuscated triggers, peer-to-peer functions, etc. The sky is the limit with what these viruses can do, and find.

more later… 🙂

seonghuhn wrote a comment on August 6, 2008

Excellent points Topher. Fortunately much of what you suggest or point out I already do.

I will write a separate post about Mac viruses and why the lack of them has little to do w/ the economics and more to do w/ the actual security of the OS. At least that is what I’ve learned. 🙂

Care to comment?