Re: New MB and Firewall
 

Would you run an AV on Linux or FreeBSD or Solaris, etc? Of course not, so why run one for NT which has at least the security capabilities of those other systems? The only systems that benefit from AVs are those with poor architecture that allows random processes unmitigated access, like the Windows (SUE)line Single User Edition. Restrict administrative accounts from running untrusted applications and isolate/restrict standard users in a manner that prevents the virus from being able to propigate.This has the advantage of being immune to new viruses and trojans while requiring no upgrades. Besides, if you have your system setup in a manner that makes virus propigation not possible, why waste the time scanning?


Secondly, I would hope you are all aware that ALL firewalls are software, some just run on very limited operating systems rather than general purpose opersting systems and on specialized hardware rather than general hardware. Firewalls should be divided by type or generation, since this actually allows for a sane comparison. Lastly,before we get some replies, are you to take the word of the masses here? Something about the "least common denominator" should ring true.

Re: Do you need AV and Firewall?
 

Hi,

I've split this post off into its own topic, as it was not directly related to the topic in which it was posted.


Your contention is based upon flawed reasoning. That's understandable, because a lot of people follow the same flawed reasoning. They contend that Linux is 'safe' because malicious software can only effect the particular user's files and not the system root. That reasoning is unsound, as was explained quite a long time ago at linuxquestions.org
Yes, Linux is more 'secure' because it does not use Remote Procedure Calls in the fundamental way that Windows does, but this does not mean that it's inherently 'safe'. The predominant reason that few Linux systems get compromised by viruses and other malicious software is that Linux is not a standardised operating system that is in almost universal use. Should Linux ever become standardised and 'idiot proofed' to the extent that it becomes suitable for use as an everyday OS for 'Joe public' to use, then it WILL be compromised.

It is ridiculous to suggest that people should not use protective software on their PCs. It is even more ridiculous to suggest that Windows users should not use such software because you, as a Linux user, do not.

Re: Do you need AV and Firewall?
 

Sure it was, he just doesn't know that application level security doesn't exsist. But I've pointed him in the right direction now. Plus, he learned how to label firewalls for a sane comparison so he could get more accurate help.


I truly find it funny that you brought a tiff from another site to this one (I've never seen that before)!
I'm new here, and you don't really know me, so you have no idea how funny this is. Your new to security aren't you? I am arguably the biggest advocate of NT security you'll ever meet. I freely and frequently state that NT security is superior to UN*X security. People like to take one of two aruments back:

1. Counting exploits.
2. Claiming exotic configurations and major architectual modifications in UN*X/Linux should be just considered the norm.

Do to this fact, I've stopped arguing the point for a while now... still funny that you'd think I meant UN*X to be more secure. My point was in fact that AV solutions for UN*X essentially don't exist. Odd considering that the NT security is in fact superior to UN*X at the commercial level.

So why is AV not needed on UN*X? Even the argument that less viruses efect UN*X... well no AV software, wouldn't every virus that does exist effectively be a 0-day since no AV countermeasures exist?


Enjoy failing a lot of questions on the CISSP, SSCP, and CISA exams and just looking overall ignorant on the subject, however no reason to drag the naive down with you.

I'll say it... the NCSC says it, the NSA says it, the good people at ISO say it, the CISSP exam says it, the real world says it.
"Current security efforts suffer from the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems."
- The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments ( http://www.nsa.gov/selinux/papers/inevit-abs.cfm )

You see what that says? Adequate security cannot be provided by applications... it must be accomplished at the OS level. What does this mean? Application security DOSE NOT MATTER!

Unless your application is PERFECT sooner or later it will be exploited, and all applications get exploited in the same way.


cheers

catch

Re: Do you need AV and Firewall?
 

Hi,

All I am going to say is this: the only secure computer out there is the one that is encased in cement with no power or network connections.

I would rather secure a Linux box than a Windoze box.

Christian

Re: Do you need AV and Firewall?
 

Secure from what, everything but attacks?

System security is _not_ measured by the configuration, it is measured by capabilities and assurances. These are highly quantitative and not all abstract like lockdown-securing-admin skill.

Re: Do you need AV and Firewall?
 

There is no amount of application security, NT or otherwise, that will prevent you from receiving viruses on a Windows machine. They come as an attachment some people actually inadvertently run, or even as a TEMPORARY INTERNET FILE off of a site you may visit, without you even knowing, and do not need for you to run them for them to do what they are going to do. Some just report back to the person's server information about you, like what sites you've visited from your history logs, and don't affect applications or application security at all. Some disrupt network communication - which can affect ANY computer, not just Windows PCs. To say that NT application security will protect you is definitely a giving in to a false hope, especially without a firewall that lets that nasty traffic right in. Have fun getting your trojans.

Re: Do you need AV and Firewall?
 

Wrong, hence, lower assurance systems.

Wrong, your failure to read is affluently made clear. Restrict administrative accounts from running untrusted applications and isolate/restrict standard users in a manner that prevents the virus from being able to propagate.

It's indisputably luculent; you haven't a clue what you're talking about.

I'll give you that one, even though you've left out thousands, if not millions of high assurance systems with their own super-networks. ;)


This is the only (somewhat) sensible thing you've said here. Not that you meant to. :)

I don't and won't give bad advice regardless of how uneducated a user is. So please stop spreading your bad, uneducated information on the Internet! It's apparent that someone else has drug the naive, like yourself, down to applying bad habits when it comes to computer security.

Seriously, it's not your fault you were misinformed, but read a book or two. *please*

Re: Do you need AV and Firewall?
 

Misinformed? How about the fact I have seen things firsthand? Can you say that you are an administrator of a network that has seen such things as non-application oriented scripts that will run regardless of the permissions you lock down on your computer? How about UNIX scripts that are not bound by Windows permissions? I've seen it happen on both my home network and the one I work on at work where things are not bound by simple Windows NT permissions. Where do you get off at? What experience do you have? Are you actually a legitimate Systems Administrator, or are you just a hobbyist?

You can't lock down your Temporary Internet Files folder to have only read permissions to it or you'd never get internet pages (they are downloaded off the internet for you to view them, after all, requiring "write" permission somewhere). And little good restricting a user's account would do if they are already a standard user. And how can you restrict an admin account without reverting it to a standard user account? Far as I know, unless you know something I don't, at least with XP, it's only either/or, nothing in-between. I know there are those that would say never log in as an admin unless you're going to install stuff. Yes, that is why they were created like this in the first place. But that is inconvenient and inefficient, and will not stop scripts that don't use normal install channels from running unblocked if the person is logged in under a standard user account, anyway, so what good does it serve a person other than to inconvenience themselves for nothing?

And all of the sudden I know nothing because I bring up viruses you obviously know nothing about:

Originally Posted by me:
Your response:
The specific issues I was talking about at the end of my quote aren't "applications" per se that will be picked up as such to be blocked from running. They come in the form of trojan scripts. Scripts are text-files, not applications. This is why they are called scripts. A script can run regardless of user privileges, and can fake a signature of a dll that is trusted. And all a virus needs is network connectivity and to have part of their script ran in order to propagate. I had a virus once that propagated through files I used just by me double-clicking and opening them before I realized what it was doing. All I could see right away was that it changed the file-extension to all-caps. After I went back to a file I had opened before and couldn't open it again, only then did I know something was wrong. But this opening of files action can be done by a standard user or admin user. People like you that rely on account privileges to solve everything are not living in reality, so yes, I do know better. Kinda funny how if someone has seen something you obviously haven't that it seems to automatically make them a liar and not know what they are talking about with you. Arrogance is not your best friend when it comes to the security threats that are out there, my friend.

Re: Do you need AV and Firewall?
 

Oh dear! Your argument seems to be Because no security application is perfect, it naturally follows that no such application is worthy of implementation and use! Seems a rather irrational argument to me!

No doubt you have achieved learning and/or qualifications, dude, but the simple factor of commonsense seems to be somewhat lacking in there. Effectively, you've told people that, because Security software for use on a Windows machine isn't perfect, they shouldn't bother using any of it.

Now I'm not sure if that was your intention, but it most certainly is the effect of your comments to date. And it's downright silly. While you're busy waiting for Utopia to come along, we'll just keep right on advising people to use the protections which ARE available to them, thanks!

Re: Do you need AV and Firewall?
 

Just because something happened for you doesn't mean that is the norm. It could mean that you have hardware damage, it could mean that cosmic rays had it in for you, it could even mean that you are just not educated enough to do something the right way. ;) *cringe* I hate to say it, but it is clear to me that you have either never used a well documented OS or have just not been aware of the documentation available for it.Trusted facilities manuals (TFMs) : they are written in the design stage and tuned during QA. This gives the document a completely different spin than you'd find in something written by someone who is basing their knowledge on use of the system rather than involvement in its actual design.


"Hobbyist" :lol:

I have been on independent auditing teams for the NT B feasibility papers, the Standard Mail Guard and its parent system LOCK. I have been an assistant moderator on the ACM's OS SIG for quite a while now. I have consulted on the KSOS ASIC port project and am currently working on an R12k PSOS under IRIX project. And for my day job I'm on the Sr. design team for AITOS (the first OS since LOCK to formally target the NCSC A1 criteria) I've wrote more security white-papers than you've obviously read!

This is going to be very arrogant of me... but really most system admins (like yourself) know very little about computer security. Sure they know about patches and user profiles, but how many system administrators do you know that monitor for transitive rights? Or even know what transitive rights are and how they occur in single command/multi actioned systems? These are very important security concepts. Most system admins can't even comprehend how MAC, DBAC, and RBAC work, so why would we expect them to take concepts from these and apply them to lesser functional systems?

Let's make a little scenario here. Why don't you go to an AIX community and tell them that they need to run AV software on their systems and report back your findings.

AV software is bad... it is only useful on single user systems like Win9x/Me since none of typical security issues associated with running additional, privileged software are not present since the computer lacks the concept of permissions and privileges to begin with. AV software increases the complexity of the system, as stated above doesn't actually resove the underlying security issues, don't resolve new viruses, and require constant upkeep. What is more, many AV tools actually introduce new tools by running at such a low level on the system while allowing any user to have interactive session. How is this different than say... running Apache as root?

Why does this make more sense? Again remember, anything a virus can do, an attacker can do as well. It's not like viruses have special abilities to bypass process protections, so if you are relying on an AV, what is protecting you against an attacker, internal or external doing the same actions?

Running more software (which by definition under DOD-5200.28-STD is a bad idea since you are placing security related software which not only needlessly increases complexity AND falls outside of the systems assurance audit, but also exists outside of the TCB). Doesn't make it the best or most correct solution.

To understand these and other important security related aspects.....well, they are best left to the experts. Admins(you) are intended to implement policy, not to create it. People like the idea of talent because it makes them feel more important. Everyone(you) wants to be a star and no one seems to appreciate that doing their job to fit into an overall system well will yield far greater results. This also tends to lead to a lack of understanding from history and mistakes are made over and over again. the whole idea of procedures is that they are made by people who know how to do it, so no one else needs to learn. IT people just have this love for reinventing the wheel though... quite puizzling and hurts the industry as a whole.

Computer security is about a single universal principal... assurance. The more you have the more secure any system is. Fact of the matter is some OSes offer more assurance than others.


Fact of the matter is that an infrastructure based on policies, standards, guidelines, procedures, CCMS, role rotation, and dedicated risk management is going to offer far greater assurance than a few talented admins working ad hoc. The admins should merely follow procedures and have limited knowledge of the systems themselves, this is why many security focused organizations use role rotation specifically for admin roles. This way the admins never have too long on any given system, plus the admin that takes their spot after audits their work, though with a proper change control management system (ccms) this is less of an issue.

Remember: Viruses can be defeated with proper configuration, I use no anti-virus software, neither does my work and neither of us have ever had a problem. It's just a matter if dealing with process propagation and trusted resources correctly.

Most people know f@ck-all about security until they get into an InfoSec graduate program and personally I find that to be a silly situation.