You know of an O/S that is not vulnerable to malware attacks? Please let me
know
the name, I haven't encountered one professionally since I was using
OpenGenera
in '95 and that was only secure because we had a more or less complete list
with
the names of every person who had ever successfully managed to learn the
beast.
Very few software products can be considered perfect. However, NAT and basic
statefull firewalls only protect against a specific category of attacks, the
arrival of unsolicited connection requests through the network. Most mainline
operating systems have built-in protection against such attacks. Windows XP-SP2
and Windows Vista certainly do. They come with a built in firewall that will,
by default, prevent incoming traffic on all ports. I understand that recent
Linux distributions and recent versions of OS/X have similar protections.
Attacking ports by sending random packets is very much a 2003 story. Modern
malware typically works by exploiting users' naiveté, bugs in document parsers,
or a combination of both. An example of user naiveté would be to ask users to
download a special media player to look at frolicking bodies. An example of
exploiting document parsers would be to lure users to visit a malevolent web
site, and have they open a booby trapped image or movie.
The typical NAT or stateful firewall offers no protection against document
parsing bugs. That is a good thing. If firewalls tried to do that, they would
have to incorporate a large amount of document parsing code, and would most
probably become a target for their own parsing bugs. Of course, no amount of
electronics will protect against users intent on downloading a very special
media player...
-- Christian Huitema
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf