Thread: Trend Micro Mobile Security 2.0 beta available
View Single Post
Old 05-26-05, 08:15 AM   #6 (permalink)
Ward
Aximsite Minor League
 
Join Date: Jan 2005
Location: England
Posts: 102
Thanked 0 Times in 0 Posts
Originally Posted by Villain
As for software firewalls, they're not bad, and well worth having as another measure of protection. However, they are not the end all be all of security, either. If you're infected, what good does it do you to stop that infection from spreading? You're data is already at risk, so now you're going to have to deal with that. How about if the code that is on your machine simply runs a script to call iexplore.exe or some other 'trusted' program, so that it can use it as a conduit to send the data?

Wouldn't be that hard to create a simple script that uploaded the results of keystrokes as a .html file using the 'PUT' command already in most HTML browsers. Granted, it's gotten better in regards to some measures of PC security. However, the proof's of concept for attacks like this are already out there, all someone has to do is find a good way to implement them, and that'll be when the reality sets in.
My firewall is one of the decent ones - Outpost Pro. It distinguishes between permission given to windowless apps and their windowed counterparts, thus if iexplore was launched without a window to fetch an URL, Outpost would warn me. I've tried this exploit in particular and it is caught.

Again, this is only if iexplore was actually allowed on my system! :D 'cos it isn't. Only Opera, an FTP client, FTP server, Emule and RemotelyAnywhere are allowed limited permissions. Everything else is blocked and logged.

A virus can run rampant on my systems, but I have a long history with PCs so I mirror my documents regularly from one machine to all others, yeah, even the PPCs. The firewall is containment - something an AV cannot do.

If an AV fails, then I've lost the entire network. More often than not, AVs are slow to detect new viruses - especially the ones that propagate first, infect last.

Finally, AVs do nothing at all against spyware or Windows vulnerabilities. So if you have an AV, fair enough, but get a decent firewall too - it will detect 100% of all spyware regardless of definitions since they all have a common element: reporting to base. And it will shield vulnerably spots in the OS from exploitation.

A box with an AV and Firewall is much more secure, I just choose to forego the AV since I don't believe it is employed under my regime.
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Last edited by Ward; 05-26-05 at 08:23 AM.
Ward is offline   Reply With Quote