[3116] in WWW Security List Archive
Re: BoS: New and destructive word macro virus(3)
daemon@ATHENA.MIT.EDU (Safetynet, Inc.)
Sat Sep 28 12:23:46 1996
Date: Sat, 28 Sep 1996 10:18:08 -0400 (EDT)
From: "Safetynet, Inc." <safety@gti.net>
To: ivan <ivan@club-internet.fr>
cc: www-security@ns2.rutgers.edu, best-of-security@suburbia.net
In-Reply-To: <324C33EE.2F38@club-internet.fr>
Errors-To: owner-www-security@ns2.rutgers.edu
> 6) Nevertheless, i would be particularly interested in having your
> real-life experiences with client-side security : even if a company does
> not have a server but only allows employees to "surf" the web for info,
> it exposes itself to threats (other than pure viruses) as
> java/javascript/activex/PS/helper apps/... nuisance or "security risks".
> To your mind which one is the worst ? Do you have examples and
> coutermeasures ?
One way to protect the client during surfing is to use an OS with client
security capabilities (NT, Unix), or add a security program (StopLight,
DACs) to a non-secure OS (DOS, Win3.x, Win95, OS/2).
To access a program deemed a "security risk", two IDs must be created:
General Use: Access to programs and data, except internet software
Internet Use: Access to internet software, restrict access to all other
areas
Operating systems that support program pathing (OS/2 w/SES-enabled
security app) can also be used to implement this concept without requiring
two IDs. In this case, the process has security permissions associated
with it.
Best Regards,
Bob Janacek - Technical Director
Safetynet, Inc. - Antivirus, security and network management software
http://www.safe.net/safety/
Novell Professional Developer, IBM DAP
