Loading ...
Sorry, an error occurred while loading the content.

Worselling a PC

Expand Messages
  • Omer Zak
    (Worsel is the name of a non-human Lensman featured in E.E. Doc Smith s Lensman series. He normally protected his mind against evil influences by telepathic
    Message 1 of 5 , Nov 4, 2001
    • 0 Attachment
      (Worsel is the name of a non-human Lensman featured in E.E. 'Doc' Smith's
      Lensman series. He normally protected his mind against evil influences by
      telepathic Bad Guys. However, when he needed to trap them, he exposed one
      part of his compertmentalized mind and left it unprotected. When the
      Baddies took control over the unprotected part of his mind, the other
      parts of his mind caught them. Similar in principle to computer systems
      set up to trap crackers.)

      My PC has all its hard disks installed in removable bays.
      Now I want to set up a hard disk with a popular but vulnerable operating
      system, for the purpose of surfing and reading unsafe E-mail attachments.

      Full anti-virus protection is not needed, because I can re-image the hard
      disk from a CD-ROM backup any time.
      However, I don't want my PC to become network nuisance due to the actions
      of certain viruses (such as SirCam).

      Any suggestions how to protect others from anything my PC could do under
      viral influence? (Besides a firewall, which needs another PC.)
      --- Omer
      There is no IGLU Cabal. The former Cabalists, all of whom were insanely
      horny guys, had a fit of madness, and they converted into Islam, exploded
      themselves in a vain attempt to take some kaffirs with them, and went
      directly into the heavenly and welcoming arms of 72 beautiful houris.
      WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
    • Chen Shapira
      ... I ve heard good things about a personal firewall called ZoneAlarm. It has a free version, and a pro version, both are claimed to be very effective.
      Message 2 of 5 , Nov 4, 2001
      • 0 Attachment
        > Any suggestions how to protect others from anything my PC
        > could do under
        > viral influence? (Besides a firewall, which needs another PC.)

        I've heard good things about a "personal firewall" called ZoneAlarm.
        It has a free version, and a "pro" version, both are claimed to be very
        effective.
        They can be installed on the PC you work on, thats why they are "personal"
        firewall.

        There are many more personal firewalls if you want to shop around.
        I've heard the blackIce is non-effective when it comes to blocking network
        traffic, which makes it a very poor firewall.

        Thanks,
        Chen.
      • Tzafrir Cohen
        ... A simpler slution is VMWare. If you don t happen to have removable disks and your PC happens to have the resources (96MB, PI233, IIRC. Not a big deal) then
        Message 3 of 5 , Nov 4, 2001
        • 0 Attachment
          On Sun, 4 Nov 2001, Omer Zak wrote:

          > My PC has all its hard disks installed in removable bays.
          > Now I want to set up a hard disk with a popular but vulnerable operating
          > system, for the purpose of surfing and reading unsafe E-mail attachments.
          >

          A simpler slution is VMWare. If you don't happen to have removable disks
          and your PC happens to have the resources (96MB, PI233, IIRC. Not a big
          deal) then it might even cost less.

          But you are connected to the network when reading those mails, right?

          >
          > Full anti-virus protection is not needed, because I can re-image the hard
          > disk from a CD-ROM backup any time.
          > However, I don't want my PC to become network nuisance due to the actions
          > of certain viruses (such as SirCam).
          >
          > Any suggestions how to protect others from anything my PC could do under
          > viral influence? (Besides a firewall, which needs another PC.)

          What do you want to protect against?

          A "virus" (virus, trojan, worm, whatever), once being able to execute on
          your system, can cause (assuming it has full priviliges, which is correct
          under win9x, and not always incorrect even with better systems):

          * immediate damage to the data and software installed on your computer
          (Also consider bios firmware deletion)
          * expose local data (sircam and magistr send arbitrary documents with each
          message)
          * send infected messages from you, and thus make you look bad
          * plant back-doors
          * potentially a base of an attack on other computers in the network

          Some of those take effect immediately, and thus can't be reversed by
          flushing the disk afterwards.

          This should only work if you download mail, disconnect the computer,
          execute the suspected programs and when you're done, you revert the system
          back to how it was before.

          Anything less won't be safe agains both mass-mailers and backdoors.

          --
          Tzafrir Cohen
          mailto:tzafrir@...
          http://www.technion.ac.il/~tzafrir
        • Tzafrir Cohen
          ... [ I wonder which will be the first worm that will try to turn off such firewalls. There is already onevirus that tries to block access to all the web sites
          Message 4 of 5 , Nov 4, 2001
          • 0 Attachment
            On Sun, 4 Nov 2001, Chen Shapira wrote:

            >
            > > Any suggestions how to protect others from anything my PC
            > > could do under
            > > viral influence? (Besides a firewall, which needs another PC.)
            >
            > I've heard good things about a "personal firewall" called ZoneAlarm.
            > It has a free version, and a "pro"version, both are claimed to be very
            > effective.
            > They can be installed on the PC you work on, thats why they are "personal"
            > firewall.

            [ I wonder which will be the first worm that will try to turn off such
            firewalls. There is already onevirus that tries to block access to all the
            web sites of anti-virus vendors, and many virii choose not to run if they
            detect an anti-virus installed ]

            >
            > There are many more personal firewalls if you want to shop around.

            That's nice, but I don't believe that it is effective enough.

            How can that personal firewall stop a mass-mailer? After all, it is a
            legitimate mail client.

            How can a simple firewall stop a backdoor client that connects to a
            [not so] well known server through http traffic (and thus possibly over an
            http proxy) to a server to recieve instructions? Such backdoor have been
            implemented, IIRC.


            A personal firewall will indeed easily help you avoid most backdoors (e.g:
            those that listen on a local port), and may be able to identify some cases
            of malicious use. But it is not a magic bullet.

            (disclaimer: I don't know any f those softwares personally. I only guess
            what they can and cannot do)

            --
            Tzafrir Cohen
            mailto:tzafrir@...
            http://www.technion.ac.il/~tzafrir
          • Omer Zak
            ... This will work until some clever person finds a bug in VMWare, which allows worms to escape the VMWare jail and wreak havoc all around. This reminds me
            Message 5 of 5 , Nov 4, 2001
            • 0 Attachment
              On Sun, 4 Nov 2001, Tzafrir Cohen wrote:

              > On Sun, 4 Nov 2001, Omer Zak wrote:
              >
              > > My PC has all its hard disks installed in removable bays.
              > > Now I want to set up a hard disk with a popular but vulnerable operating
              > > system, for the purpose of surfing and reading unsafe E-mail attachments.
              > >
              >
              > A simpler slution is VMWare. If you don't happen to have removable disks
              > and your PC happens to have the resources (96MB, PI233, IIRC. Not a big
              > deal) then it might even cost less.

              This will work until some clever person finds a bug in VMWare, which
              allows worms to escape the VMWare 'jail' and wreak havoc all around.
              This reminds me of a Star Trek TNG episode, in which a hologram creature
              (Moriarty) tried to take over control of the Enterprise, by fooling
              people into believing that they work on the real Enterprise controls while
              they work on hologram simulations thereof.

              > A "virus" (virus, trojan, worm, whatever), once being able to execute on
              > your system, can cause (assuming it has full priviliges, which is correct
              > under win9x, and not always incorrect even with better systems):
              >
              > * immediate damage to the data and software installed on your computer
              > (Also consider bios firmware deletion)

              I am not concerned about data or software. BIOS firmware is a problem.
              Aren't BIOSes normally protected by a jumper, which must be
              removed/inserted before flashing can happen?

              > * expose local data (sircam and magistr send arbitrary documents with each
              > message)

              I am not planning to keep sensitive data in the special hard disk.

              > * send infected messages from you, and thus make you look bad

              I want to prevent this.

              > * plant back-doors

              Will be wiped out next time I copy from CD-ROM.

              > * potentially a base of an attack on other computers in the network

              I want to prevent this.

              > Some of those take effect immediately, and thus can't be reversed by
              > flushing the disk afterwards.

              Yes, and this is why I am asking for suggestions.

              > This should only work if you download mail, disconnect the computer,
              > execute the suspected programs and when you're done, you revert the system
              > back to how it was before.
              >
              > Anything less won't be safe agains both mass-mailers and backdoors.

              This will solve the problem of handling unsafe E-mail, except that the
              following procedure will be followed:
              1. Download E-mail under Linux.
              2. Save unsafe E-mail messages and attachments in a special folder.
              3. Copy the folder to CD-RW.
              4. Swap hard disks and reboot the PC.
              5. Use the popular&insecure OS to read the special folder's contents from
              CD-RW.

              But there's still the problem of unsafe Web surfing.

              After your clarifications, the goals are:
              1. Protect BIOS against unwanted flashing.
              2. Detect any outgoing undesired traffic (SirCam or Code Red type).
              3. If possible, block any undesired outgoing traffic.

              --- Omer
              This is no IGLU Cabal. The former IGLU Cabal members found a loophole in
              the God-erected Holy Firewall+ChrootJail Combo and used it to gain
              Godly powers and escape our limited reality.
              WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
            Your message has been successfully submitted and would be delivered to recipients shortly.