[thelist] RE: [OT] blaster worm punishment

[Kristian Rink]

Hi again,... :)


On Sun, 30 Jan 2005 15:57:10 +0200
Val Paliy <valeriypaliy at yandex.ru> wrote:

[blinking tools]
> You  are  absolutely  right about the blinking tools; however, some of
> these  tools really do work - for example I was running WinXP Pro on a
> Celeron  333  MHz  machine  and  it  was  not  as slow, as most higher
> performance  computers without them. Anyway - when you install a tool,

The point is (getting back to the "learning curve"): On Windows XP,
most if not everything of what those tools can give you you may also
achieve simply by using the tools the OS gives you - shut down
unnecessary services, remove unwanted software packages, adjust user and
file permissions and so on. 



> experimenting to make sure no data is lost if anything goes wrong. You
> could  always  experiment  at  home  (do not forget to backup just the
> same)  and  bring  the  software  that  works  to your boss to have it
> installed there :-)

Surely this is worth a try; on the other side, in an enterprise IT
environment you will need software which is way robust than the binaries
you'd install and run on your home box. Running Windows XP in mid-sized
installations as desktop OS can be terribly painful, so usually it
breaks down to minimizing software and tools on the desktops, to get rid
of everything that is not strictly necessary.


[Firewalls]
> ZoneAlarm  is not the best choice, and again - it depends on where you
> are using a fire wall. My suggestion would be - if you like a piece of
> software  and  would like to try and even buy it afterwards, save your
> time  -  go  out  on the Net (using a library or an internet-cafe) and
> read  other people's feedback on the product. Caution not to go to the
> software  producer's  web  site  - Kristian is right - 50% of them are
> simply trying to get your attention.

Well said. :) There should be, anyhow, a more abstract look at this: In
definition of terms, "firewalling" actually means not really software
but a concept of minimizing risks in an IT environment. Firewalling
includes things such as

- identifying potential threats and vulnerable spots in your structure 
 (single points of failure, mission-critical applications and so on);

- identify services the structure needs to provide, as well as users and
  user groups that are allowed to use these services,

- identify, where services might be abused, and what is necessary to
  prevent that abuse.

This usually leads to a concept of things to protect (read: things to
prevent) and things to allow. Usually, a firewall computer in the end is
used to help implementing such concepts, together with other helpful
things like intrusion detection systems, honeypots and so on.

Things like ZoneAlarm, "desktop firewalls", are sort of different: Here,
software tries to provide a protection against virtually everything that
is "evil" while the same time allowing everything that is "good".
Computers are not able to do that sort of distinction - if you get a
single CONNECT on port 25, software can hardly tell whether it is a worm
trying to infect your system, a user or software probing your host for
open ports or simply some user trying to send mail through your SMTP
service. Desktop firewalls often use the concept of "showing that they
are useful" - install one of those, and you will have a whole bunch of
"hits" within a wink of an eye. Most of those probably aren't dangerous
or even attacks at all, but you feel that your firewall is keeping them
off your back. On the other side you run plenty of tools like P2P
clients, instant messaging software or the like through your firewall,
practically opening it far and wide. This will probably keep a buhcn of
well-known worms off your host but will not save you from "real"
attacks.


[Software tools]
> True.  That's  why  I  said - feel the software, read for feedback and
> then install it.

Indeed. Be picky. Way often, more is less. Software can never replace
knowledge.


[Trust]
> I do not trust anyone except for myself to play around with my system.
> Getting  help  is  a good thing, but how can you be 100% sure that you
> will not get a little present (say, a trojan or key-logger) along with
> the  help.  Resume: use certified computer stores, not simply the guys
> you  know  that  are  good  with  computers - besides a possibility of
> getting  a  "present",  if you do not know what you are doing, how can
> you be sure he does?

You're surely right, but this is just the top of the problem. Trust in
software is difficult to establish; only a (semi)professional security
auditing of your tools probably gives you a chance of being able to
trust your software. Can you look into the depths of your system and
tell whether or not there are some hooks allowing people you don't want
(companies, governments, secret services,...) to access your system
circumventing all of its local security measures? Open Source software
is helpful here, enabling you actually to do right that. But even this
way, it's a long way to software you really might put trust in it. If
one day Trustworthy Computing / TCPA might be common, chances to have a
computer you can trust will be == 0.


 
> The  other  problem is that some users are simply not willing to admit
> not  knowing  what  they  are  doing,  and  trying to "fix" everything
> themselves.


Indeed. Though car analogies usually suck: I'd never try to repair my
clutch or fix my exhaust pipe myself, I know people who know how to do
that. Why are things different for computers?


Cheers & take care,
Kris


-- 
"never to be seen again... ever to release the pain.
 renewal of our minds!"		(kreator)
www.stop1984.org -> we don't need no big brother
swpat.ffii.org -> no logic patents for europe!