RE: [hackers-il] Worselling a PC
- On Sun, 4 Nov 2001, Chen Shapira wrote:
>[ I wonder which will be the first worm that will try to turn off such
> > Any suggestions how to protect others from anything my PC
> > could do under
> > viral influence? (Besides a firewall, which needs another PC.)
> I've heard good things about a "personal firewall" called ZoneAlarm.
> It has a free version, and a "pro"version, both are claimed to be very
> They can be installed on the PC you work on, thats why they are "personal"
firewalls. There is already onevirus that tries to block access to all the
web sites of anti-virus vendors, and many virii choose not to run if they
detect an anti-virus installed ]
>That's nice, but I don't believe that it is effective enough.
> There are many more personal firewalls if you want to shop around.
How can that personal firewall stop a mass-mailer? After all, it is a
legitimate mail client.
How can a simple firewall stop a backdoor client that connects to a
[not so] well known server through http traffic (and thus possibly over an
http proxy) to a server to recieve instructions? Such backdoor have been
A personal firewall will indeed easily help you avoid most backdoors (e.g:
those that listen on a local port), and may be able to identify some cases
of malicious use. But it is not a magic bullet.
(disclaimer: I don't know any f those softwares personally. I only guess
what they can and cannot do)
- On Sun, 4 Nov 2001, Tzafrir Cohen wrote:
> On Sun, 4 Nov 2001, Omer Zak wrote:This will work until some clever person finds a bug in VMWare, which
> > My PC has all its hard disks installed in removable bays.
> > Now I want to set up a hard disk with a popular but vulnerable operating
> > system, for the purpose of surfing and reading unsafe E-mail attachments.
> A simpler slution is VMWare. If you don't happen to have removable disks
> and your PC happens to have the resources (96MB, PI233, IIRC. Not a big
> deal) then it might even cost less.
allows worms to escape the VMWare 'jail' and wreak havoc all around.
This reminds me of a Star Trek TNG episode, in which a hologram creature
(Moriarty) tried to take over control of the Enterprise, by fooling
people into believing that they work on the real Enterprise controls while
they work on hologram simulations thereof.
> A "virus" (virus, trojan, worm, whatever), once being able to execute onI am not concerned about data or software. BIOS firmware is a problem.
> your system, can cause (assuming it has full priviliges, which is correct
> under win9x, and not always incorrect even with better systems):
> * immediate damage to the data and software installed on your computer
> (Also consider bios firmware deletion)
Aren't BIOSes normally protected by a jumper, which must be
removed/inserted before flashing can happen?
> * expose local data (sircam and magistr send arbitrary documents with eachI am not planning to keep sensitive data in the special hard disk.
> * send infected messages from you, and thus make you look badI want to prevent this.
> * plant back-doorsWill be wiped out next time I copy from CD-ROM.
> * potentially a base of an attack on other computers in the networkI want to prevent this.
> Some of those take effect immediately, and thus can't be reversed byYes, and this is why I am asking for suggestions.
> flushing the disk afterwards.
> This should only work if you download mail, disconnect the computer,This will solve the problem of handling unsafe E-mail, except that the
> execute the suspected programs and when you're done, you revert the system
> back to how it was before.
> Anything less won't be safe agains both mass-mailers and backdoors.
following procedure will be followed:
1. Download E-mail under Linux.
2. Save unsafe E-mail messages and attachments in a special folder.
3. Copy the folder to CD-RW.
4. Swap hard disks and reboot the PC.
5. Use the popular&insecure OS to read the special folder's contents from
But there's still the problem of unsafe Web surfing.
After your clarifications, the goals are:
1. Protect BIOS against unwanted flashing.
2. Detect any outgoing undesired traffic (SirCam or Code Red type).
3. If possible, block any undesired outgoing traffic.
This is no IGLU Cabal. The former IGLU Cabal members found a loophole in
the God-erected Holy Firewall+ChrootJail Combo and used it to gain
Godly powers and escape our limited reality.
WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html