[29019] in bugtraq
Re: Bypassing Personal Firewalls
daemon@ATHENA.MIT.EDU (Zow" Terry Brugger)
Mon Feb 24 16:01:09 2003
To: Shaun Clowes <shaun@securereality.com.au>
In-Reply-To: Message from Shaun Clowes <shaun@securereality.com.au>
of "Sat, 22 Feb 2003 13:14:04 +1100." <5.2.0.9.0.20030222125953.00acd338@mail.securereality.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 24 Feb 2003 12:18:39 -0800
From: "Zow" Terry Brugger <zow@llnl.gov>
Message-Id: <20030224201844.BAACD1BE68@zathras.llnl.gov>
Shaun,
While I've just been skimming this discussion, I felt the need to respond to
one of the points you make:
> While I can see your point here, from the OS's perspective a user doesn't
> need to be protected from themselves.
On the contrary -- process separation is one of the fundamental concepts in
modern operating systems. If you have the misfortune of remembering the DOS 5
/ Windows 3.0 days, you'll appreciate how important this function is. The
need to protect the user from something running with their privileges is also
important for protecting against Trojan horses, such as Outlook-based mail
worms. The easiest way to protect against such attacks is via sandboxing.
While I personally would like to see such sandboxing functionality integrated
directly into operating systems, it can be added via a third-party extension,
such as Janus for Solaris and Linux, or one of the PFW products for Windows.
Terry
use StandardDisclaimer.pm
