Mayday | Answer usually is "I have an antivirus, so no problem" |
---|---|
Mayday | Antivirus is becoming a problem rather than a solution |
Mayday | Viruses are something more seious than users think |
Mayday | Many users can't understand someone can run a program in their machine from outside |
Mayday | and they're quiet thinking they have a firewall and an antivirus |
Mayday | but the problem is the software |
Mayday | wrongly desined |
Mayday | some years ago somebody thiught about mixing data and programs |
Mayday | and nowadays is still confuse |
Mayday | now it's difficult going back |
Mayday | we can see how there is an whole in an explrer or an email program |
Mayday | the user thinks he is safe with having an antivirus |
Mayday | but what happens if the virus comes in before updating the antivirus? |
Mayday | since th first appearence up to when antivirus makers realise about it, there is a time space |
Mayday | During this time aniviruses won't detect anything |
Mayday | what happens if propagation strategy sucess? |
Mayday | e.g. we can see what happened with Sobig.F |
Mayday | It beated som records in infected files until it sbecame inactive because of expiring date |
Mayday | the problem is the hours we need to clean up everything |
Mayday | let's go back to the example of clinical history's stealing |
Mayday | if we want to design a trojan it's easy to locate clinical histories finfding the key |
Mayday | what would antivirus do then? |
Mayday | nothing at all |
Mayday | viruses are not a game |
Mayday | the're becoming something serious |
LadyMooN | A short time ago a Trojan propagated, examine web pages that client looks, and if he locates a keyword like "bank", etc.. he load a registry of keyboard to send it to a site. |
LadyMooN | Thats an attempt to steal data of bank accounts. In adititon, the trojan installed a proxy at the victimīs computer; then a transfer order made by the authors of the trojan, will appear in bank logs with the IP of the victim |
LadyMooN | Thatīs real, and insīt a lie. |
LadyMooN | We arenīt talking about kids playing to look who is going to infect more computers, or searching zombies to launch DoS attacks to a client in a lan game. We are talking of something extremely serious. |
LadyMooN | A short time, I have seen like around 1100 computers, all with broad band in different countries (in Togo, also!), send simultaneously thousands and thousands of spam against a email server. |
LadyMooN | Obviously, this 1100 computers have been attacked of some form, and its probably that it was automatic; they were too many to have been attack "hand by hand". |
LadyMooN | The really worrisome thing of all facts is that its propably that we will suffer more and more attacks more destructive and better coordinated. |
Mayday | and if we think that one of the most dangerous arms to infect is mail |
Mayday | and by April 2004 more than 70% will be spam |
Mayday | the problem seems to be quite big |
Mayday | but it doesn' seem tha solution being as good as the problem needs |
Mayday | In fact there have been important failures in FreeBSD or Linux, for example |
Mayday | And there also have been in Unix "owner" systems like Solaris, aIX, and so. |
LadyMooN | The big difference between this systems (open source or not) is that Windows is the design. |
LadyMooN | After all, Linux and BSDs inherit the tradition of an O.S, although was design at first moment without security (Unix) it has demonstrated be think inside his limitations. |
LadyMooN | And Unix admin is better equipped than Windows admin to confront posible problems. We have to remember a thing: paranormal events DOESNT EXISTS in Unix. |
Mayday | If I start this program and it doesn't want to? |
horacio | Some file is missing, or anything else. There is nothing hide. |
horacio | What windows administrators do? Reboot the machine or reinstall everything |
horacio | It doesn't matters if it's free or not. |
horacio | If they release freely windows code, situation doesn't change at all. |
horacio | Spoking about free software, some people think it's better because ther are more people involved developing it. |
horacio | And this is not right, I think. |
horacio | Eg. how experienced are those peoples? |
horacio | Part of Microsoft problem rigth now is one result of software engenieering, mi opinion. |
horacio | Lets say that the worst payed employed, the most inexpert developer |
horacio | can make a mistake and turn it on a "buffer overflow". |
horacio | And that is a lot difficult to prevent, or detect. |
horacio | Free software work, for example, peoples who work on critical areas are best prepared. |
horacio | Ther isn't too much division between "architects" and "workers", |
horacio | the same people who design a virtual memory system is who write most part of the code. |
horacio | and based on his experience, is more probable that he pay attention on critical parts. |
horacio | But the number of people working on code is not the answer, indeed quality is. |
horacio | That's means, is more important a good design documentation. |
horacio | Source code has too much detail. And this may turn into an inconvenient. |
clsk | Foretunetly, projects like FreeBSD, the linux kernel, etc, are coordinated by a good team of people that also include security in the firs place of their priority list. |
clsk | Myth 2: The unix systems suffer alot because they are used less. |
clsk | This is something that only someone that doesn't even know what an operating system is would accept. It is possible (i suppose that everyone present here knows) to design an operating system with a good security level. Of course all of them can have some problems, bu there's an important difference between them. |
clsk | And lets not forget that the first known buffer overflow was explited in unix systems in november 1988. At that time, until NT came out, the internet was run by unix systems. Even today the windows systems do little serious things. What objective is sexier for the intruder? for example, that a Juniper router (they use FreeBsd) moving gigabits of traffic in a main station? |
clsk | Even if there are less unix systems in number, the majority of mail and the traffic is moved by unix systems. Thus unix is not a so minority objective. Also, knowning that there code is available (and that design information) of many unix versions, and of most of the important tools, it should be eassier to promot an "Armaggedonix". However, this has not happened. |
clsk | What's the explanation? |
clsk | Feistel says that Microsoft has many enemies and it is clear that the attacks go in their way. To some point I think this is true, but it is not true that the intruders are attacks the easier systems, and the only difference between Unix and Windows is not the existance of users with restricted permissions. Obviously, this is not important. |
clsk | I remember a discussion in 1989 in a channel dedicated to virus in Fidonet. At this time I dedicated my time to get into OS/2, becayse the people in IBM had made an operating system mono-user but multitask, that was going to allow to write enormous viruses in BASIC, with executables in many hundreds of KB, and the users were not going to know about this. It was going to make the job easier for virus authors. |
clsk | I remember that i defended the existance of a mechanism that would ask (for example) for a password to the user before installing something. And, of course, everyone considered this unconfortable. Todays, the windows user should periodically execute a program that gets rid of unwanted "spyware" that has been installed like by art of magic, without his/her intervention. How is this possible? |
clsk | Something more than permissions is required, but of course it's an important part. And that's exactly what Mac OS X does. |
clsk | For example: not so long ago (i have a Mac) i downloaded a free video editor from Avid. |
clsk | When i installed it, the software asked me for an administrator password. |
clsk | Something that surprised me alot, because this was an user program, and Mac OS X has everything that is needed to access to dispositives like fireware, video, etc... |
clsk | What did it want it for? To change some system drivers (among them the Fireware one!!) for its own versions. This could've been a disaster with other programs, and i didn't give it the password. I aborted the installation and deleted the program |
clsk | Does it sound like hell to someone the DLLs in windows? It's not about being confortable, it's about the true security problems. Through the question channel someone is asking me if i believe that OpenBSD is more secure than linux |
clsk | For this answer: It's crazy what most of the distributions (of linux) are doing. |
clsk | There's no clear distinction between what the operating system is and the additional programs. The "make" or the "diff" have the same treatment as Quake, for example. |
clsk | And this is a big mistake. Confusion is one of the worst enemy of security. |
clsk | This is what in 1995 made me get rid of Linux and decide myself for for FreeBSD, for example. And i don't regret this at all. |
clsk | so anyways... my intention is to foment a debate. If os wants to, we can open the moderation of the channel and we can discuss these points this together |
clsk | Overall it is interesting to talk about these myths. Security inherits from free software, and that system like unix or Mac OS X are less targetted because of being the minority |
clsk | This is, of course, together with the increasing problem of virus security and worms in the preventable worsening |
clsk | Make games, gentlemen |
clsk | <Arador> what differences are there between make and make and how does freebsd run these differences |
clsk | Make is part of the operating system, an undividable unity. Quake is an additional packet. |
clsk | http://cvsweb.freebsd.org |
clsk | <Armadillo> Is there a document of the kernel design? |
clsk | Or techniques of engineering of the software have not been used? |
clsk | <pepita> borja: i came in in the middle of the talk, but why do you think that there i going to be a "predicted worsening"? |
clsk | I think that there is going to be a worsening because there are people that are making business with the failures of security |
clsk | Thanks for attending this talk and i hope you have a good morning/afternoon/night |