[
Lists Home |
Date Index |
Thread Index
]
Right, but the query is not about defending against the
virus. One can do that with a good firewall and being
smart about attachments. I'm not worried about music
files, Mom and Pop, or even the global banking systems
becoming hostage to the Butterfly effect.
The problem is that if an effective attack is launched,
the IP addressable site is hosed. There is no
credible defense, AFAIK. One can protect the data
yes, but not the system use, so for any command and
control system where the owner has real and determined
opposition, the best thing is to use a VPN instead of
the web.
This means that some of the Federal dollars pushing
initiatives for some public systems and vendors
who are pushing middle tier vendors off of non-web
frameworks are increasing the risks ahead of the
safety aspects. Should we say, iceberg dead ahead?
We know how to mitigate, but not to prevent. Some
markets have to be made more aware. There is a
very good reason procurement officials can waive
requirements from higher authorities.
len
From: Alaric B Snell [mailto:alaric@alaric-snell.com]
Dare Obasanjo wrote:
> Short of creating a mail client and server that prevented people from
> receiving mail attachments, how would you solve the problem exploited
> by this current virus on any one of the popular operating systems
> existing today?
On many UNIX systems, just mount /home as not allowing execution, so
people need root priveleges to install software, and non-installed
software can't be run.
UNIX systems don't really have this concept of an executable file
sitting there waiting to be clicked on, anyway - things generally need
to be in your path to get executed to begin with. If I got sent an
executable file as an attachment, I'd need to save it to my home
directory then open up a shell window and explicitly invoke it, with a
"./" prefix to override the path and execute a file from the current
directory.
ABS
|
