[PLUG] Dealing with security

alan alan at clueserver.org
Mon Feb 3 16:57:01 UTC 2003


On 3 Feb 2003, Wil Cooley wrote:

> On Mon, 2003-02-03 at 06:52, alan wrote:
>  
> > And you need them for scanning Windows files and documents.  (FTP servers 
> > and SMB shares used by marketing people are a prime target for this sort 
> > of scanning need.)
> 
> Not to mention e-mail.

Yes.  I tend to forget that since the current mail servers do not feed 
mail to Windows clients.  (Saving copies for later is important, 
however...)

> > I have found that the Linux versions are usually more expensive because 
> > they assume that if you are using Linux, you will be doing "corporate 
> > work", therefore they can suck more money out of you.
> 
> Not with Sophos, but then, Sophos is marketed only towards enterprise
> environments, so I guess it doesn't have cheap home-user editions to
> begin with.  (Although their license permits employees to use it at home
> for no extra charge.)

I am trying to remember if Sophos was the one that wanted to charge me 
$2,000 a year per server.  

When i was testing virus scanners about three years back, the Linux 
versions had some serious problems.  The McAfee versions would either core 
or not detect some viruses. (Mostly macro viruses, which is what I 
needed the most.)  There was not much else available.

I need to test against my collection and see how well the new versions 
work.

> > But Linux does not have anything as wide-open as Outlook.  (Where the 
> > features have been pushed through by the S&M department, without reguard 
> > to common sense.)
> 
> True, but there have been vulnerabilities in the MIME handling of e-mail
> applications under Linux.  There's nothing inherent in the system that
> makes user-level applications more secure (unless, of course employing
> special tools, like Stack/FormatGuard).

Just keeping users from being able to alter system binaries stops 
many of the attacks that Windows exploits like to use.  (Many of the 
windows viruses replace the winsock dll(s) with their own trojaned 
version.) That protection helps a great deal.  (Especially in a multi-user 
environment.)  To get MS Office to work with Multi-user NT, you have to 
give it write access to the system directory.  One infection infects the 
entire userbase all at once.

Special tools help as well, but having proper permissions set helps keep 
the infection limited to a single user, if it happens at all.  (And with 
things like SubDomain, you can nail the process down to the point where, 
even if they can gain a foothold on the machine, it does not help a whole 
lot.)

> > Actually we are starting to see some of the same things working, but not 
> > from OpenOffice as much as Wine.  (Wine is set to run .exe files by 
> > default with some configurations.)
> 
> We discussed the OOo possibility at the last AT meething; I think you
> were still out working on that paper.

Yep.  Oh well...

> > Actually we are much less vulnerable now.  The question is if we can stay 
> > that way.
> > 
> > From what i have seen, the answer is "yes".  The question of if anyone 
> > will use it is still to be determined...
> 
> I agree that there is a good deal more attention being given to security
> issues these days.

Unfortunatly, in many places it is just lipservice or DRM masquerading as 
security.  (Security for Microsoft is whether your check clears.)






More information about the PLUG mailing list