[plug] security of linux desktops re mail viri

Anthony Jones ajones at clear.net.nz
Sat Dec 15 12:19:37 WST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 15 December 2001 09:25, Michael Hunt wrote:
> > Surely one can filter, on a user per user basis, incomming email and
> > consign certain attatchments to oblivion whilst allowing the message
> > through? A filter killing, amoung other things, .sh .jpg and double
> > suffix endings would surely bring the number of accidents down to the
> > level where one would feel better after just beating people half to
> > death rather then killing them outright.

> Note : I'm not recommending the product here but zone Alarm (a windows
> based personal firewall) does exactly what you have suggested. For example
> whenever a vbs file came in as an attachment zone alarm would rename the
> file to something like <name_of_file>.vbs.zam (or something like that. This
> caused a zonelarm icon to been seen instead of the default vbs icon and if
> the user tried to run the script they would get a zone alarm message
> explaining what it had done and why. If you do want to run the script you
> can save it to disk, rename it, scan it for viruses and then run it. I
> thought that this was pretty cool (and still do) but I don't think Zone
> Alarm as a firewall will ever be as secure as a separate linux based
> firewall (see http://www.smoothwall.org/ for details).

If you think a virus checker/scanner offers you any kind of security you're 
mistaken. The problem with a virus checker is it's like listing people who 
write bad cheques. It only tells you about a virus once someone has already 
been affected by it. If you want to break into someones computer system you 
can write an executable and email it to them. A virus checker does not 
protect against this.

It is unwise to allow any kind of executables to be run which aren't 
correctly sandboxed. Even sandboxing can have flaws so it's best not to run 
executables at all unless you trust the source that you're getting them from.

> Personally a sperate firewall suits me as I have a policy that it can be
> the 'sacrificial lamb' in the event of a security breach. Basically of it
> can give me the information as to how and what was cracked, I can rebuild
> it, plug the hole and have it back up and working in no time. (I have no
> data on it apart from the firewall logs). Sure with smoothwall I would lose
> my proxy cache, but it is not that big anyhow. The getting of the whom data
> is interesting but a bit of a lower priority for me,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8Gs9ZhwVaoilFPn0RAol6AKCCl7/75owspSfsOg1ltBWhlJERoACfSPwE
uMQcLIVvyndfRyb5/Q4O8HU=
=lfgY
-----END PGP SIGNATURE-----



More information about the plug mailing list