From: Jacob Palme <jpalme(_at_)DSV(_dot_)SU(_dot_)SE>
Subject: Re: VIRUS WARNING
Date: Sun, 7 May 2000 17:55:19 +0200
Jacob,
Sorry for stepping slightly out of the topic you are discussing,
At 11.17 -0400 0-05-07, Keith Moore wrote:
in my mind the people most responsible for the viruses are those who
built systems that were so easily compromised.
we don't need protocol support to track them down.
That is certainly one factor of importance. But even the
best systems can be compromised, and crimes directly using
the Internet, such as ping overloads, mail bombing, using
vulnerabilities like buffer overlow, etc., do occur. Also,
designing systems which are more safe from viruses may be
systems which are less user-friendly. For example, I have
set my MS Office programs to always ask me before running a
macro in an unkown file in it. The advantage is less risk for
viruses, but the disadvantage is that I have to OK those
questions from MS Office of whether to accept macros. And
if they occur too open, there is a risk that I click "yes"
before thinking through the risk of doing this.
What you really would like to have is a common accept/deny type of list.
This would trim down the required OK's quite alot. Those which are on the deny
list would be silently denied and those on the accept list would be silently
accepted. Only those not existing on either of the lists would actually require
manual intervention in approving.
While I may not normally want say Javascripts enabled (and I usually *dont*)
I do want this for some services, like my Internet bank, ordering of books or
other day-to-day activities. Also, I normally is not interested in any
Javascripts pushed in my face during normal surfing since most of the time it
is just annoying in my mind, but that is my view and my preference.
So, by having an accept/deny list in the client side you are able to trim the
settings more finegrainly. The downside to this is that way to many users
rarely changes anything once the system is up and they will most probably set
things to allow as much as possible to happend as a default.
In my mind there is still a lot of things to do in the client side which is not
particularly smart, not particularly safe but may raise the bar sufficiently
for the kind of attack we are discussing. It does nothing to save us from all
other forms of attack.
Also, for mail-lists one should really consider wiether it is a goot thing to
allow all sort of attachments to be sent by anyone. Passing a script or other
executable info along with the mail is good for some, but not all need it in
order to write and read email. There is even lists where passing GIF or JPEGs
is not allowed, and the mail server could be configured to blcok these mails.
This is also a very rought tool, but could also save lives in these situations
since email-lists is really a high-price hit for this kind of attack. This
form of blocking should probably also be controled using accept/deny lists,
since there may very well be a group of people which have a legal reason to
pass material around (such as patches, Word documents etc).
I do not know about the laws in the U.S.A., but in my
country, Sweden, police are allowed to perform wiretapping
and electronic eavesdropping only by decision of a court,
and only when there is reason to believe the someone has
committed a crime with a penalty of at least two years in
prison.
Actually, in order to wiretap you first of all must be the Swedish police,
then you must have a court order based on sufficient believe of criminal
activity. All other wiretapping is forbidden.
This is a slightly stronger statement, since this forbids say NSA to wiretap
phonecalls or computer traffic in Sweden, even by remote means. Also, tapping
radio traffic is useless, since they may not actually do anything with the
information since the spreading of the information is regulated.
But then, it is hard to figure out where the possible crime of wiretapping was
commited and then apply the laws accordingly. Most probably is these laws
broken on continous basis and no one does anything.
BTW. I enjoyed Mr. Palme's discussion.
Cheers,
Magnus