[4433] in WWW Security List Archive
Re: Symantec Band-Aid for ActiveX Hack
daemon@ATHENA.MIT.EDU (Jay Heiser)
Fri Feb 14 13:03:40 1997
Date: Fri, 14 Feb 1997 10:12:22 -0500
From: Jay Heiser <Jay@homecom.com>
Reply-To: jay@homecom.com
To: "'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
I'm not sure how this Symantec kludge works, but even if
it does, I don't see this solving the problem either.
I like full hard disk encryption -- esp for laptops -- but
it would do nothing to protect against an ActiveX attack, its
only useful to control access when the PC is unattended and
shutoff/logged off.
I suspect Symantec is pushing file crypto:
How do you know which files to encrypt?
Does it automatically decrypt them when you run Quicken?
Are the files unencrypted when the app is being used
and would the hack succeed if Quicken was running
when you encountered the hostile ActiveX code?
This looks like somebody's clever idea to get some PR. If
they want to attract some attention without having to create
anything of substance, they might consider announcing that
their product also prevents damage from the Good Times virus.
Brian Toole wrote:
>
> Well, Symantec thinks it has a band-aid for the symptom,
> encrypt the files you don't want stolen when your system
> is broken into.
>
> http://www.pcweek.com/news/0210/13esym.html
>
> I'm not so sure I'm comfortable with the line of reasoning
> behind this marketing effort. While there is nothing wrong
> with data encryption itself, arguing that this makes you
> "safe" from the big bad hacker seems somewhat dubious.
>
> This is tantamount to saying "well, I don't lock my door
> because everything valuable is secured anyway", and
> then being upset when someone steals the safe and burns
> down the house on the way out.
>
> Over simplification of the problem, and the resultant
> false sense of security that this type of stopgap measure
> provides is almost as big a risk as the hack itself (IMHO).
>
> --Brian
>
> > -----Original Message-----
> > From: Kevin J Mcmahon
> > Sent: Tuesday, February 11, 1997 9:12 AM
> >
> > [snip]
> >
> > However, there is still the larger issue of the
> > fact that a piece of malicious code can be written to modify the
> > system in
> > any way that it chooses (at least on DOS/Win3.1, Win95, Mac etc.).
> > Imagine
> > a virus that re-enables Java/Javascript (and ActiveX for IE) on your
> > browser, then inserts an envelope around your 'home' URL. The next
> > time
> > you startup your browser the home page is loaded via a hacked site
> > that
> > contains even more malicious software. The payload for this
> > virus/trojan
> > horse would be fairly small and once the hacked web site is accessed
> > more
> > malicious things can be done (like the Quicken hack) based on what
> > applications you have running on your system.
> >
> > Kevin J. McMahon
> > MCI Technical Security
> >
--
Jay Heiser, 703-610-6846, jay@homecom.com
Homecom Internet Security Services
http://www.homecom.com/services/hiss
For company & industry news...subscribe to newsletter@homecom.com
