Loading ...
Sorry, an error occurred while loading the content.

RE: [hackers-il] Worselling a PC

Expand Messages
  • Tzafrir Cohen
    ... [ I wonder which will be the first worm that will try to turn off such firewalls. There is already onevirus that tries to block access to all the web sites
    Message 1 of 5 , Nov 4, 2001
    • 0 Attachment
      On Sun, 4 Nov 2001, Chen Shapira wrote:

      >
      > > Any suggestions how to protect others from anything my PC
      > > could do under
      > > viral influence? (Besides a firewall, which needs another PC.)
      >
      > I've heard good things about a "personal firewall" called ZoneAlarm.
      > It has a free version, and a "pro"version, both are claimed to be very
      > effective.
      > They can be installed on the PC you work on, thats why they are "personal"
      > firewall.

      [ I wonder which will be the first worm that will try to turn off such
      firewalls. There is already onevirus that tries to block access to all the
      web sites of anti-virus vendors, and many virii choose not to run if they
      detect an anti-virus installed ]

      >
      > There are many more personal firewalls if you want to shop around.

      That's nice, but I don't believe that it is effective enough.

      How can that personal firewall stop a mass-mailer? After all, it is a
      legitimate mail client.

      How can a simple firewall stop a backdoor client that connects to a
      [not so] well known server through http traffic (and thus possibly over an
      http proxy) to a server to recieve instructions? Such backdoor have been
      implemented, IIRC.


      A personal firewall will indeed easily help you avoid most backdoors (e.g:
      those that listen on a local port), and may be able to identify some cases
      of malicious use. But it is not a magic bullet.

      (disclaimer: I don't know any f those softwares personally. I only guess
      what they can and cannot do)

      --
      Tzafrir Cohen
      mailto:tzafrir@...
      http://www.technion.ac.il/~tzafrir
    • Omer Zak
      ... This will work until some clever person finds a bug in VMWare, which allows worms to escape the VMWare jail and wreak havoc all around. This reminds me
      Message 2 of 5 , Nov 4, 2001
      • 0 Attachment
        On Sun, 4 Nov 2001, Tzafrir Cohen wrote:

        > On Sun, 4 Nov 2001, Omer Zak wrote:
        >
        > > My PC has all its hard disks installed in removable bays.
        > > Now I want to set up a hard disk with a popular but vulnerable operating
        > > system, for the purpose of surfing and reading unsafe E-mail attachments.
        > >
        >
        > A simpler slution is VMWare. If you don't happen to have removable disks
        > and your PC happens to have the resources (96MB, PI233, IIRC. Not a big
        > deal) then it might even cost less.

        This will work until some clever person finds a bug in VMWare, which
        allows worms to escape the VMWare 'jail' and wreak havoc all around.
        This reminds me of a Star Trek TNG episode, in which a hologram creature
        (Moriarty) tried to take over control of the Enterprise, by fooling
        people into believing that they work on the real Enterprise controls while
        they work on hologram simulations thereof.

        > A "virus" (virus, trojan, worm, whatever), once being able to execute on
        > your system, can cause (assuming it has full priviliges, which is correct
        > under win9x, and not always incorrect even with better systems):
        >
        > * immediate damage to the data and software installed on your computer
        > (Also consider bios firmware deletion)

        I am not concerned about data or software. BIOS firmware is a problem.
        Aren't BIOSes normally protected by a jumper, which must be
        removed/inserted before flashing can happen?

        > * expose local data (sircam and magistr send arbitrary documents with each
        > message)

        I am not planning to keep sensitive data in the special hard disk.

        > * send infected messages from you, and thus make you look bad

        I want to prevent this.

        > * plant back-doors

        Will be wiped out next time I copy from CD-ROM.

        > * potentially a base of an attack on other computers in the network

        I want to prevent this.

        > Some of those take effect immediately, and thus can't be reversed by
        > flushing the disk afterwards.

        Yes, and this is why I am asking for suggestions.

        > This should only work if you download mail, disconnect the computer,
        > execute the suspected programs and when you're done, you revert the system
        > back to how it was before.
        >
        > Anything less won't be safe agains both mass-mailers and backdoors.

        This will solve the problem of handling unsafe E-mail, except that the
        following procedure will be followed:
        1. Download E-mail under Linux.
        2. Save unsafe E-mail messages and attachments in a special folder.
        3. Copy the folder to CD-RW.
        4. Swap hard disks and reboot the PC.
        5. Use the popular&insecure OS to read the special folder's contents from
        CD-RW.

        But there's still the problem of unsafe Web surfing.

        After your clarifications, the goals are:
        1. Protect BIOS against unwanted flashing.
        2. Detect any outgoing undesired traffic (SirCam or Code Red type).
        3. If possible, block any undesired outgoing traffic.

        --- Omer
        This is no IGLU Cabal. The former IGLU Cabal members found a loophole in
        the God-erected Holy Firewall+ChrootJail Combo and used it to gain
        Godly powers and escape our limited reality.
        WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
      Your message has been successfully submitted and would be delivered to recipients shortly.