• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Linux, Mac viruses on the rise

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
I disagree. I think a majority of pc users these days understand the risks of browsing the web.
Click to expand...

The large number of SQL worm and CodeRed attempts in my home machine's logs would seem to disagree with you.

 
Originally posted by: spyordie007
Vista is going to be pretty much the same way. Just another dialog for them to click on through.
Click to expand...

Which are completely worthless, generally.

Even very experianced computer-savy people end up 'just clicking through'.

For instance if you like to download mp3s from random websites and play them on some sort of music player.. and every time you download a mp3 from a http website and the system pops up a warning, then when you download a executable or virus disquised as a mp3 in the link or whatnot by mistake and the system tries to warn you.. you'll just ignore the warning. You'll just assume that it is the same old warning automaticly. Even if it's a different shape, different color and such, muscle memory will just be expecting that little ok sign every time you want to do something.

It's very hard to avoid doing that. Sudo is dead close on doing this for most people. It's getting close to the point were if you double click on some installer or whatnot and it pops up 'you don't have the rights', instead of figuring out what is going on most people are just going to feed it their password.

Now if dialogs are excedingly rare, they'll work. Because they'll pop up and confuse the user and they'd have to sit and actually read what it is going on.

For instance a good one dialog that I think is good is nautilus's dialogs. At least currently.

For instance if you have a file named filename.jpg, but it's a bash script in reality then the 'mime' detection stuff will fail and it'll pop up with a warning: "This file has a extension that indicates it's a jpeg, but it appears to be a script blah blah blah' or something similar. Then it has a 'ok' style button. But when you click ok it just makes the dialog go away. If you try double clicking on it again then you get the same message. To open a file you have to right click it and select from a list of applications/actions. The list your provided includes appropriate actions for both jpegs and bash script.

So since it's pretty rare for nautilus to get confused on file types.. it either knows it or it doesn't.. then it's pretty effective, I beleive. As a end user you have to stop and think about what you realy want to do with the file and then explicitly tell the computer what to do with it.

-----


One thing that I do like with XP SP2 and Vista is the security context stuff. The Zone stuff, I think? It's a good idea. You download stuff off of the web, then the file has a sort of restricted status. Linux needs something like that.

SELinux can technically provide this, but it's complex and the developers are being very smart and very dumb at the same time with it.

Novell AppArmor can get something close to it, but it's only going to be usefull against protecting against exploits in certain programs due to it using pathnames in it's rules. It's not usefull on giving these sort of security contexts to files.

For instance, using Apparmor, you could restrict Firefox to only be able to write files out in it's temp directory, configuration directory, or the download directory. So even if somebody injected malicious code into firefox then a attacker still couldn't use it to isntall a virus into some other program or steal your evolution password file or something like that. The application would be contained and the incedent would get recorded in the logs.

So that's nice.

The downside, since it relies on pathnames, is that if you restricted firefox to only write out to downloads then that is very incovient to end users. If they tried to do a 'save as' to a webpage or whatnot and they tried to save it to a different directory... then it would crap out. You could give write access to the entire home directory, instead of just the downloads directory, but then that ends up weakening the protections.

Also if you want to assign some sort of security context to certain files.. then providing a symbolic link, moving the file, or mount --bind, a directory to a different location then effectively your changing the permissions of that file. Looking at it in DAC terms, if you can make a file executable, or grant write permissiosn simply by copying to a different location, then that's not cool at all.

SELinux, since it doesn't rely on path statements and actually assigns permission to the file's metadata itself (that follow the file and don't change based on paths) then you can do the XPSP2 or Vista style Zones. Trouble is is that SELinux is very hard to use and it's going to take a long time for it to mature to the point were it's usefull for most people. Apparmor is easy to use and right now a typical administrator can use it to lock down applications in just a handfull of minutes.

So the Security Zones/security context stuff is something that is kinda neat. Although I don't know how strong it is... there are a nasty little class of exploits for SP2 that are designed to work around these zones.
 
What about just disabling overwrite (modify)/delete/execute permissions on the browser? The browser shouldn't need that at all except for 'modify/delete' for its cache. At the worst a virus could only create and write new files. An exception can be made for overwriting/resuming downloads. As for applets, they should have their own little sandbox directory created for them so it's isolated from the rest of the file system. Of course, buffer exploits could grab an 'exception' for themselves but the more casual viruses such as some JavaScript ones would simply seize to operate. They should just rewrite the whole thing with buffer-overflow proof code. All they have to do is replace strcat with strncat (for example), don't they, or is it more complicated than that?

Would this limit functionality? Maybe a tad, but not much considering the great security it gives you. You don't have to delete a file in the Save dialog in your browser that often, do you? Fixing the source problem is better, but MS continually fail to do that with all the holes in IE. They need to be aware of their own abilities. Automatic updates are a step in the right direction but tons still get spyware. It's sad they have to limit the web or the browser but when the user just clicks 'yes' and voluntarily enters their password on everything, it's the only choice.

Maybe this is harder than it sounds but I think they could do a much better job than what they're doing now. To be honest I don't think applets or scripts should be given any file system access at all, except for a small little 'cookie' allocated for each one that they are free to modify, and that's it. For applets that need FS access, I guess that's too bad. I don't think the web is the place for applications like that. Either that or it should be limited to a registry hack for IT people who really need to use it, so they could specify the CLSID of the needed application.

drag: I'm unaware of said zones on XP SP2. Can you elaborate on that?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top