On Sun, 4 Nov 2001, Tzafrir Cohen wrote:
> On Sun, 4 Nov 2001, Omer Zak wrote:
> > My PC has all its hard disks installed in removable bays.
> > Now I want to set up a hard disk with a popular but vulnerable operating
> > system, for the purpose of surfing and reading unsafe E-mail attachments.
> A simpler slution is VMWare. If you don't happen to have removable disks
> and your PC happens to have the resources (96MB, PI233, IIRC. Not a big
> deal) then it might even cost less.
This will work until some clever person finds a bug in VMWare, which
allows worms to escape the VMWare 'jail' and wreak havoc all around.
This reminds me of a Star Trek TNG episode, in which a hologram creature
(Moriarty) tried to take over control of the Enterprise, by fooling
people into believing that they work on the real Enterprise controls while
they work on hologram simulations thereof.
> A "virus" (virus, trojan, worm, whatever), once being able to execute on
> your system, can cause (assuming it has full priviliges, which is correct
> under win9x, and not always incorrect even with better systems):
> * immediate damage to the data and software installed on your computer
> (Also consider bios firmware deletion)
I am not concerned about data or software. BIOS firmware is a problem.
Aren't BIOSes normally protected by a jumper, which must be
removed/inserted before flashing can happen?
> * expose local data (sircam and magistr send arbitrary documents with each
I am not planning to keep sensitive data in the special hard disk.
> * send infected messages from you, and thus make you look bad
I want to prevent this.
> * plant back-doors
Will be wiped out next time I copy from CD-ROM.
> * potentially a base of an attack on other computers in the network
I want to prevent this.
> Some of those take effect immediately, and thus can't be reversed by
> flushing the disk afterwards.
Yes, and this is why I am asking for suggestions.
> This should only work if you download mail, disconnect the computer,
> execute the suspected programs and when you're done, you revert the system
> back to how it was before.
> Anything less won't be safe agains both mass-mailers and backdoors.
This will solve the problem of handling unsafe E-mail, except that the
following procedure will be followed:
1. Download E-mail under Linux.
2. Save unsafe E-mail messages and attachments in a special folder.
3. Copy the folder to CD-RW.
4. Swap hard disks and reboot the PC.
5. Use the popular&insecure OS to read the special folder's contents from
But there's still the problem of unsafe Web surfing.
After your clarifications, the goals are:
1. Protect BIOS against unwanted flashing.
2. Detect any outgoing undesired traffic (SirCam or Code Red type).
3. If possible, block any undesired outgoing traffic.
This is no IGLU Cabal. The former IGLU Cabal members found a loophole in
the God-erected Holy Firewall+ChrootJail Combo and used it to gain
Godly powers and escape our limited reality.
WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html