Comodo ?

Very easy: don't use Internet Exploder, and there are no such problems. Keep your browser up to date, and there will be no such problems, if it's not Internet Exploder.

I'd not call this "user stupidity", because most users just don't know.

Yours, VB.

^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^

If they would use operating systems whithout the security design flaws Microsoft Windows has (for example the nonsense to make users to administrators as default), then there would be much less danger because of viruses. Maybe then AV programs would be not of huge importance.

If PCs with Windows are well configured and are sensible driven, then usually AV programs are not necessary. As a matter of fact, on the PCs I'm driving with Windows for developing Windows software, I don't use AV scanners at all.

Anyways, AV programs can be useful if used like a Spam filter - they can be used to filter out known viruses, so that only new viruses are left as a problem. This makes things much more easier, so AV programs can be of value.

In spite of this advantage, virus scanners are dangerous: many users misinterpret (or are fooled by advertizing), that AV scanners would prevent a PC from getting viruses, and are fooled to use the "removal tools", many AV tools bring with them.

The first is a problem because these users often are becoming careless, the latter is a big problem, because usually people manage to remove the obvious parts of known viruses, while reloaded malware code remains active and usually even cannot detected by anti virus scanners.

I just commented this. I underlined, so you can find my answer more easily. Additionally, I tryed to explain more exactly in this posting.

According to my experience, it's perfectly true. I'll give you an example full of proofs for my claim:

^^^

^^^^^^

Please read my text again. I'm not calling you greedy.

I'd be ashamed, if this simple and primitive leak tests would be the only thing I had hacked. It's so easy to ignore application filtering, that this is an excercise for a rookie. Alexander Bernauer, for example, asked me to introduce him in Windows programming. I showed him the basics one afternoon, and afterwards, he implemented his wwwsh as very first Windows programming example.

Fortunately I'm able to claim, that I hacked some much more serious software, too. ;-)

Great.

Sorry, I'm not posting in web forums usually. I just like usenet, this is why you can read me here.

I'm not living in a region of frequently automated attacks like the Internet. I'm living in a small town, and I even don't need to lock my door at all (perhaps I don't need locks, there was a lock in this door when I moved into this flat already). If this region would be as insecure as the Internet, then probably I'd immediately would move ;-)

But, according to your question, if there would be under havy attack, and there would be a door which is 100% secure against the attack to break the door, I'd for sure would use this door only in such an insecure environment. If there would be no such door, probably I would move.

I cannot find any sense in your question BTW.

Yes. I already gave you an example.

To understand the ideas behind these concepts, please read

Yours, VB.

It is possible.

For example, if you have an operating system, which has a capability based security concept, then it's very easy to prevent an application from unwanted communication - while you cannot prevent from tunneling here, too.

It's just very difficult to implement this with Windows. Windows is perfectly designed to make it very easy for a programmer to implement IPC without any security system between processes wich are opening windows.

This behaviour is by design. Microsoft document this, and this is the reason, why Microsoft are describing the problem as "don't even try":

| For the Windows user interface, the desktop is the security boundary. Any | application that is running on the interactive desktop can interact with any | window that is on the interactive desktop, even if that window is not | displayed on the desktop. This behavior is true for every application, | regardless of the security context of the application that creates the | window and regardless of the security context of the application that is | running on the desktop.

Additionally, Microsoft have many extra possibilities to implement IPC between local processes without a real security system, too: the component concepts of Windows. Microsoft decided not to implement a security concept into them, because of the fact, that the desktop is the security boundary anyways.

If you want to prevent unwanted IPC on Windows, you have to implement a security system for _every_ single concept Windows offers to communicate on a Windows desktop. This makes this task very complex and expensive.

You at Comodo already implemented a security system for Windows messages, so just try to figure out, how many extra systems you additionally have to implement.

This is why breakout.c uses Windows messages, and breakout-wp.cpp uses COM. The first is using the core communication, the second one is using one of the methods for implementing unfiltered IPC.

So you had to implement a complete extra security system to secure Windows' messaging system, while it tooks me a Saturday evening to hack a program, which just uses another possibility to go around. To prevent such things, you'd have to implement a complete own security system for COM, while I'd have to just go around and use the next possible IPC technology, until all possibilities are done.

Then I'd had a look at your filtering implementations the very first time - today, I'm just ignoring them.

So the costs for me in the role of an "attacker" (as a matter of fact, I'm not, but PoC for attacks I'm giving) are only a fractional amount of your costs to secure. You only can lose this game.

And: of course, application filtering, if it would work at all, isn't a good idea after all, and even is counterproductive.

You better should read:

Does not match.

Usually, people are meaning with "layered approach" a misunderstanding of the common military strategy "defense in depth". What are you meaning by this term?

Yours, VB.

The opposite is true; just search the usenet for the terms acrobat+firewall+phoning+home, and you immediately will detect, that it's very common, that people are stopping their online software update because of this misinformation.

That online software updates are a good idea, and leaving them out can endanger you as a home user, you can find out when watching the security announcements.

So this is a clear (empirical) proof, that "filtering outbound" nonsense endangers users and therefore is counterproductive.

Yours, VB.

"Unknown IPC attempt to in-process surrogate context of COM server MSIE.loadpage. [Allow] [*DENY*]"

*SCNR*

Your opinion is flawed as follows:

Many outbound connections don't need to actually go outbound.

As a clear (empirical) example, a workstation in a network that has a mail server, the workstation does not need to be permitted outbound SMTP permission, only the mail server needs such access.

Allowing outbound SMTP from workstations can help spread viruses/malware around the internet causing end-users to be more at risk - this is just one example.

Block ALL outbound access unless having a good reason to allow it and then only allow it for specific destinations as needed.

;-)

Yes, this is one of the huge problems. But: even if it _would_ work, it would not be a good idea.

Yours, VB.

^^^^^^^^^^^^^^^^^^^ ;-D

Even if the user would actually understand it, what should he do? Probably he would allow it as the harmless thing it is, IE would load a malicious website and install malware of the attacker's choice. Pwn3d!

Hm... Mr. Freud... ;-)

Yours, VB.

You misunderstand what I'm saying.

Volker: This endangers them.

Melih: That is so untrue.

Neither one of you can prove your position as being true. I'm sure you can come up with examples where you can *deduce* from circumstances, that your position is correct. And I'm sure Melih can do likewise. But all of that is circumstantial, not absolute.

I offered an empirical proof for it above. Just read again, please.

Yes. This is how an empirical proof works.

If there is a claim, which has an empirical proof, then I would be pleased to hear "Melih" first, why this should be wrong. I did not claim without argument, no, I already offered an empirical proof.

What is absolute? We're talking not about Mathematics here. We're talking about social models:

Yours, VB.

Yuur statement, Volker. You made a statement with no qualifiers attached. You didn't say, "based on my experience, or "based on empirical evidence" only. You made a broad statement. And all I'm saying is, you cannot prove in every instance, that's the case. You can't assume a circumstance does not exist that won't support your argument. I know how empirical evidence works, but thanks for the link. BTW, you don't really put a lot of faith in Wikipedia, do you? :)

We're talking not about Mathematics here. We're

Maybe you are. I'm talking about statements and the logical analysis of them. I didn't say your position was all wet; I agree with what you say, in general. It's my opinion, from my experience, that far too many folks on usenet make far too many absolute statements and assume everything they say is true, even when they have some bits of empirical evidence.

Volker, your thinking is more in line with the logical positivists, by the way, many of whom were great German thinkers, whom I admire:

:)

But, read what it says under the criticism section:

"Early critics of logical positivism said that its fundamental tenets could not themselves be formulated in a way that was clearly consistent. The verifiability criterion of meaning did not seem verifiable; but neither was it simply a logical tautology, since it had implications for the practice of science and the empirical truth of other statements. This presented severe problems for the logical consistency of the theory. Another problem was that, while positive existential claims ("there is at least one human being") and negative universals ("not all ravens are black") allow for clear methods of verification (find a human or a non-black raven), negative existential claims and positive universal claims do not allow for verification.

Universal claims could apparently never be verified: How can you tell that all ravens are black, unless you've hunted down every raven ever, including those in the past and future? This led to a great deal of work on induction, probability, and "confirmation", which combined verification and falsification."

Volker, I always enjoy your posts.

There is a danger that, while a user is attempting to block outgoing traffic to protect his/her privacy, they will also block some piece of software from obtaining worthwhile updates or notifications.

Or in other words, some people will get carried away with blocking things from "phoning home." :-)

I'm also not sure that a third-party add-on "personal firewall" can stop Windows itself from phoning home. Microsoft may well do this at a level that is not accessible to normal non-MS applications. From there we can speculate that if MS can phone home without the personal firewall detecting it, then it's possible malware could do the same thing. (I'm assuming a security hole that the malware could exploit as a method of bypassing the personal firewall.)

And there's the rub, as they say. Too many home users will not learn and do not acquire experience. They get tired of being alerted, so they turn off the alerts. They get tired of things getting in their way, so they just bypass the security measures.

I'm not at all convinced that application control can actually work as it's usually implemented. There's too much chance of malware being able to neatly bypass it.

Virus scanners are normally a "bolting the barn door after the horse runs away" product.

Anti-spyware software seems to confuse users about what is a serious threat and what isn't. It may also not really be necessary if you don't use IE and if you don't install any software that includes spyware as part of the install. (In other words, don't install software you don't know anything about or got from an untrusted source, and always do some research before actually installing any software to determine whether or not it is known to contain spyware.)

And there isn't any chance that there's malware out there that can simply bypass Sygate using a local exploit?

What good will all those options and controls do if the malware just goes around it?

Obvious: The updates for the vulnerabilities exploited by Blaster and Sasser have been available some weeks before - and Automatic Updates were enabled by default. Users have intentionally blocked relevant update mechanisms, by deactivating the with the well-known hypeware "XP AntiSpy" or by blocking with personal "firewalls".

Well, is there any reason beside hype?

And obviously, this also leads to actually leaking information in first place.

Windows doesn't do so.

It's no security vulnerability that an Administrator user can gain SYSTEm (kernel) privileges.

You're twisting it. Sygate *is* a local exploit.

Giving the user a warm illusion of security? :-)

Real malware just waits until the user opens the webbrowser and uses various IPC methods to control it.

I wanted to do a test to see how long it would take to come up with a solution for a leak test (of course they all are different and will take different amount of time etc, but the only one we hadn't build a code for was volkers 2nd test as we pass the first one). So I asked one of our developers and we timed him: It took him 92 minutes to come up with a solution and write the code to stop this leak test. Of course there are other issues involved in integrating this code to the whole beta product etc etc but 92 min was the actual time it took to come up with a solution to this leak..The beta is now launched here

that passes this leak test (well all known ones so far (known publicly to us). ) Of course the reason why we can do it fast could be either because we have a good architecture or this leak test was too easy etc etc. I think it was because we had a good architecture ;-)

thanks

Melih