Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (2) </ [1] 2 >/

[ Track this topic :: Email this topic :: Print this topic ]

reply to topic new topic new poll
Topic: Security and the Zen of dodging malware< Next Oldest | Next Newest >
Fordi Offline





Group: Members
Posts: 90
Joined: April 2004
Posted: Mar. 08 2005,20:01 QUOTE

While it's true that Windows XP is more "vulerable" to spyware and virii - due, and lets admit it, mostly to its prevalence - Linux will eventually be a target as well.

I mean, there's already Spyware for Mac OS X.  A boon to interoperability?

Now, in terms of keeping your browser secure, Linux is pretty hard (meaning solid, rather than difficult).  You have to manually execute software.  Basically, if you run a virus, or a maliciously written script, or anything of that nature, it's your own damn fault.

But wait...  Why not give the browser the ability to run arbitrary code anyway?

*ducks under the large number of tomatos incoming from the audience*

No, seriously.

What if you could have a user and a bit of disk set aside for a "Downloaded software jail". A quarantine, if you will.  The user has no rights outside the quarantine, and the browser chroots into the quarantine and su's to the user.  The quarantine has the symlinked libs and bins of a "basic" x-enabled distro (like, less stuff than DSL - just xdm), an emulated /dev (everything's /dev/null, regardless of its name) and no /proc (no letting it get at the kernel).  The q-user's CPU time is limited to 10%.  

Meanwhile, the quarantine control daemon watches what this program's doing, looking for warning signs.  Is it poking at /proc?  why's it trying to write data to /etc/rcS.d/S00Alpha?  It just changed its own .xinitrc!

And, if after toying with the program for a few minutes, you like it, and the q-daemon hasn't complained about anything, just type a single command and have it installed properly.

Easy peasy?  No.  That daemon would be a bear to code.  Finding a suitable "Quarantine" distribution might be tricky.  Tweaking the browser code to behave in this way wouldn't be much fun either.

Anyway, just an idea for the implementation of the "ease of install" that Windows enjoys without sacrificing security.
Back to top
Profile PM 
kaplah Offline





Group: Members
Posts: 13
Joined: Mar. 2005
Posted: Mar. 10 2005,03:59 QUOTE

Ever notice Mac OSX has a copy of Internet Explorer in it?

There's the leak....
Back to top
Profile PM YIM 
AwPhuch Offline





Group: Members
Posts: 1404
Joined: April 2004
Posted: Mar. 10 2005,06:53 QUOTE

Quote (kaplah @ Mar. 09 2005,22:59)
Ever notice Mac OSX has a copy of Internet Explorer in it?

There's the leak....

OOOH...that would be classified as a BUUUUURRRRN!

:p

I understand the prinicpal of what you are saying, kinda like a dummy account to check for rootkits and whatnot, kinda like a honeypot user..this way if the program is malicious..it cant get anywhere, cant damage any main users, and is trapped inside a "quarantine" zone...good call but might be difficult to impliment...

Brian
AwPhuch


--------------
http://www.frappr.com/dsl <-- Where do you use DSL?
http://www.smoothwall.org <-- Ultimate firewall for the world!
http://boinc.mundayweb.com/one/stats.php/userID:6107 <--My BOINC stats!
./S99LinuxRevolution start
Back to top
Profile PM WEB 
kaplah Offline





Group: Members
Posts: 13
Joined: Mar. 2005
Posted: Mar. 10 2005,13:12 QUOTE

A good "test zone" is another PC, or another partition on the same PC, or better yet..... another OS running in emulation on your local box (Qemu is good for this)

Make a hard copy of the image to another drive (I like to use an externally connected USB drive to do this)
Run your test- make sure things are A-OK and then resotre the perfect image back to start from square one again.
Back to top
Profile PM YIM 
mikshaw Offline





Group: Members
Posts: 4856
Joined: July 2004
Posted: Mar. 10 2005,15:22 QUOTE

My preferred method of using "safe" software relies heavily on trust.  I tend not install any programs that seemed to have appeared out of nowhere.  Just about everything I have is open source and already has a large user base...large enough so that if there was any malicious code included it probably would have been found already (and essentially killed the developer's reputation).  Since my programming knowledge is limited, this is where the trust comes in.

I disagree that prevalence is the main reason Linux is unaffected by malware...i'm sure it's A reason, but we will never be sure how influential it is until the popularity of Linux increases immensely.  I could claim that it's mainly because Windows is insecure by default, and making it secure requires more time, effort, and knowledge than is required to secure a Linux system, which is already fairly secure as long as you're not an IDIOT running as root most of the time.


--------------
http://www.tldp.org/LDP/intro-linux/html/index.html
Back to top
Profile PM WEB 
5 replies since Mar. 08 2005,20:01 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (2) </ [1] 2 >/
reply to topic new topic new poll
Quick Reply: Security and the Zen of dodging malware

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code