Prev: Chosen plain text attack on Chaocipher
Next: Polymorphic Code Protection
From: Mok-Kong Shen on 11 Jul 2010 05:51

The race between producers of malware and producers of anti-malware is
well-known. It is IMHO natural to assume that the former, being the
'active' partner, have some advantages in this race and so the computer
of an average user has always a very real chance of being infected
without detection, no matter how much money he invests in purchasing
software to protect his computer and how careful and disciplined he
does his work.

I think it even may not be entirely foolish to question the (aboslute)
safety of protection software themselves, for these are as a rule
trusted based on the market reputation of the producers only, if I
don't err.

I remember the time of the first PC that I used, where a few colleagues
of mine were regularly reading and adapting some parts of the operating
system (CP/M), apparently with ease. Nowadays, who among the users of
computers have competent knowledge (and means) to understand some
details of an OS, let alone checking and modifing them? And the previous
question certainly applies here as well.

Without saying, all other foreign software downloaded are in principle
(maybe more) questionable.

BTW, a recent article on cyber warfare could serve also for looking at
the matter from a different standpoint:

http://www.economist.com/node/16478792

M. K. Shen
From: Stewart Malik on 11 Jul 2010 07:34
One word will do enough......Linux
From: Mok-Kong Shen on 11 Jul 2010 08:25
Stewart Malik wrote:
> One word will do enough......Linux

Four words might be better: One never really knows!

M. K. Shen
--------------------------------------------------------------------

For unto every one that hath shall be given, and he
shall have abundance: but from him that hath not shall
be taken away even that which he hath.

St. Mattew 25/29




From: amzoti on 11 Jul 2010 12:37
On Jul 11, 2:51 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> The race between producers of malware and producers of anti-malware is
> well-known. It is IMHO natural to assume that the former, being the
> 'active' partner, have some advantages in this race and so the computer
> of an average user has always a very real chance of being infected
> without detection, no matter how much money he invests in purchasing
> software to protect his computer and how careful and disciplined he
> does his work.
>
> I think it even may not be entirely foolish to question the (aboslute)
> safety of protection software themselves, for these are as a rule
> trusted based on the market reputation of the producers only, if I
> don't err.
>
> I remember the time of the first PC that I used, where a few colleagues
> of mine were regularly reading and adapting some parts of the operating
> system (CP/M), apparently with ease. Nowadays, who among the users of
> computers have competent knowledge (and means) to understand some
> details of an OS, let alone checking and modifing them? And the previous
> question certainly applies here as well.
>
> Without saying, all other foreign software downloaded are in principle
> (maybe more) questionable.
>
> BTW, a recent article on cyber warfare could serve also for looking at
> the matter from a different standpoint:
>
>    http://www.economist.com/node/16478792
>
> M. K. Shen

Why would you think there is only one attack profile from
<who_cares_***>_ware?

For example, look at: http://www.eskimo.com/~joelm/tempest.html

If it is electronic (or otherwise), it is vulnerable as the number of
attack profiles is limitless and one only needs to get passed the
weakest link.

Forgive my theft of Einstein's quote with a slight modification.

"It's not only worse than you imagine, it's worse than you can
imagine! "

Cyber warfare can be equated to the war on drugs - what a joke - but
it makes for great articles, journal and research papers.
From: WTShaw on 11 Jul 2010 14:46
On Jul 11, 11:37 am, amzoti <amz...(a)gmail.com> wrote:
> On Jul 11, 2:51 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
>
>
>
>
>
> > The race between producers of malware and producers of anti-malware is
> > well-known. It is IMHO natural to assume that the former, being the
> > 'active' partner, have some advantages in this race and so the computer
> > of an average user has always a very real chance of being infected
> > without detection, no matter how much money he invests in purchasing
> > software to protect his computer and how careful and disciplined he
> > does his work.
>
> > I think it even may not be entirely foolish to question the (aboslute)
> > safety of protection software themselves, for these are as a rule
> > trusted based on the market reputation of the producers only, if I
> > don't err.
>
> > I remember the time of the first PC that I used, where a few colleagues
> > of mine were regularly reading and adapting some parts of the operating
> > system (CP/M), apparently with ease. Nowadays, who among the users of
> > computers have competent knowledge (and means) to understand some
> > details of an OS, let alone checking and modifing them? And the previous
> > question certainly applies here as well.
>
> > Without saying, all other foreign software downloaded are in principle
> > (maybe more) questionable.
>
> > BTW, a recent article on cyber warfare could serve also for looking at
> > the matter from a different standpoint:
>
> >    http://www.economist.com/node/16478792
>
> > M. K. Shen
>
> Why would you think there is only one attack profile from
> <who_cares_***>_ware?
>
> For example, look at:http://www.eskimo.com/~joelm/tempest.html
>
> If it is electronic (or otherwise), it is vulnerable as the number of
> attack profiles is limitless and one only needs to get passed the
> weakest link.
>
> Forgive my theft of Einstein's quote with a slight modification.
>
> "It's not only worse than you imagine, it's worse than you can
> imagine! "
>
> Cyber warfare can be equated to the war on drugs - what a joke - but
> it makes for great articles, journal and research papers.

There are simple strategies that work. Bad design can be countered
with good protocols to isolate the weaknesses, not talking about
endless patches but the absurd use of common sense to do the obvious.
"The path to ruin is well trodden."
 |  Next  |  Last
Pages: 1 2 3 4 5 6
Prev: Chosen plain text attack on Chaocipher
Next: Polymorphic Code Protection