Posted by: reformedmusings | March 26, 2010

The myth of Windows 7 security

CanSecWest has again produced enlightening results. ZDNet records the latest breach of Windows 7: Hacker exploits IE8 on Windows 7 to win Pwn2Own. In case you’ve been sleeping, these are Microsoft’s latest offerings. The more things change, the more they remain the same.

I should also note that Peter Vreugdenhil bypassed the two core elements of Microsoft’s security plan: ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). It took him just two weeks to implement.

In case you’re getting smug on your Mac, note that another hacker, Charlie Miller, hacked Safari for the third year in a row. Hardly constitutes a challenge. Others hacked and hijacked iPhones.

Caveat Emptor!

Advertisements

Responses

  1. Just as I was reading your blog, I noticed another blog that explained why Linux is so hard to hack. The site is technical, so I’ll just put up the link:
    http://cristalinux.blogspot.com/2010/03/understanding-viruses-in-linux.html

  2. I found one post – http://blogs.zdnet.com/security/?p=995 – where the author claims the only reason Ubuntu wasn’t hacked is that no one cares about it. My response to that is – bring it on! Let’s see the hack. Talk is easy. Actually doing something is hard work.

  3. Agreed. Talk is cheap. AppArmor and/or SELinux make Linux a fortress, an AppArmor has been implemented in Ubuntu at the kernel level by default since at least Hardy. Just straight Ubuntu with a hardware firewall that virtualizes ports serves me very well.

  4. Great link in your first comment. Additionally, the introduction of AppArmor into the kernel to tighten up applications’ access outside their own areas and GccSsp to catch buffer overflows greatly enhances Ubuntu’s security. But like the commenters point out, nothing is idiot proof.

  5. I’ve never figured out how to use a firewall. I know rootkits are extremely rare in Linux and viruses can’t replicate – but I’ve always wondered just how much security I should have on my home computer.

  6. I have a FIOS router with a built-in firewall that’s my primary line of defense. Before that I had a Linksys router w/firewall. That’s a good start.

    In Linux, I’ve primarily used Guard Dog under KDE. It provides a GUI for the built-in iptables firewall in Linux. I haven’t messed w/the software firewall in Gnome yet. ufw is the terminal program to set the firewall. Firestarter is the recommended GUI tool, but the last time I used it a few years ago, it crashed badly.

  7. You’ve given me a lot of information. Thank you.

  8. You’re welcome. I loaded Firestarter today and played with it a bit. It’s much better than it used to be, but still doesn’t handle VPN or resource sharing on the local network very well.

  9. I’ll see if I can get it to work for me. I last tried GUFW, which is so cryptic I couldn’t figure out how to do anything at all.

  10. That’s why I’ve gravitated to the GUIs like Guarddog and Firestarter. I don’t have the time to decode all the settings to use anything else. You still need some basic port knowledge if you have a home LAN, but that’s not too bad.

  11. I’ll have to work on the port knowledge. I am definitely going to try Firestarter.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: