Michal Zalewski wrote: Uhh, with some new worms, you not only can't execute the rogue directly by just clicking on an attachment, but you need to enter a password to get access to it... you just need a userbase clueless enough to carry out even a fairly complicated action out of curiosity, and some social engineering. That's certainly true, though you can minimise such issues in KDE by using Kiosk mode to reduce the functionality available to users. I was responding however to Kenneth's point about how easy it was to open an attachment in it's respective app. I don't minimise the dangers - they are real, but I do think we're in a better poisiton in the unix desktop world than the current state of the windows desktop. Cheers Rich.
Kenneth R. van Wyk wrote: I think that we're seeing several of the features that have plagued the security of desktop Windows systems being increasingly incorporated into the desktops of Linux systems. Further, the Linux desktop is truly maturing and, along with that, we're getting closer and closer to a critical mass of users. So why do I feel that this is a Secure Coding issue and not (just) an OS security issue for Full-Disclosure and similar groups to discuss? IMHO, the issues that we're dealing with get straight to the heart of the design of the desktop environments that are being deployed. Sure, Linux has grown up with an arguably better separation of administrative and desktop users from day one, but even just a user-level email worm can be pretty frustrating (in case you haven't noticed from the size of your inbox in the last month or so). What you're getting at is that clueless users want dangerous features, and that some programmers don't understand why it's a bad idea to provide them, and/or they don't have the option to leave them out (boss says they have to be there, etc...) Further, cluesless users will pick the dangerous features if it is at all an option, i.e. if they can pick Lookout for Linux as a MUA, they will. This is from personal experience supporting users, family, etc... that have no understanding of what happens to an attachment that they save to disk. If the default directory they save to is not the same default that comes up when they launch Word and do File-Open, they are lost. If/when they ever endup running Linux, their understanding of filesystems is not going to increase. I don't see a lot of room for secure programmers to help out. Sure, they will not write MUAs that have the bad behavior, and the user will pick a bad one. The programmer can write secure helper apps, but all programs that the MUA can invoke have to be secure. The assumes that the MUA doesn't simply let the user launch ELFs or something. Ryan
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michal Zalewski Sent: Tuesday, March 09, 2004 1:16 PM Uhh, with some new worms, you not only can't execute the rogue directly by just clicking on an attachment, but you need to enter a password to get access to it... you just need a userbase clueless enough to carry out even a fairly complicated action out of curiosity, and some social engineering. As ever, the chief flaw that is exploited by the most successful (in terms of wide spread) viruses is that of human naivete / stupidity. I reckon you'd get a fairly good spread of virus even if you asked people to type the virus code into debug (a tool which, among other things, allows you to directly enter hex codes). The only thing that might slow such a virus down is that many of the people typing it in would get a digit or two wrong. I've long maintained that Unix, Linux et al are not protected so much by technical superiority as by a lack of users - particularly a lack of technically uninformed users. In some cases, too, the protection is that there are less dumb developers. To truly bring Linux down, what's needed is a Visual Basic 1.0 for Linux :-) Alun. -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | [EMAIL PROTECTED] Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer. [Ed. Let's please keep this to a discussion of design features and NOT a mudslinging contest (which no one can possibly win). Thanks. KRvW]
At 11:14 AM -0700 3/10/04, Jared W. Robinson wrote: Seems to me that the average user application doesn't need to open TCP/UDP ports for listening. Fixed in a previous major protocol stack. Doing the equivalent on DECnet requires privilege.