The Future of Computer Security

[Guest]

[Raccoon]

Forgive me for my blunt ignorance, but why doesn't a Firewall fall under the Prevention category?  Yes, it may seem as a layer where "allow:all" is given access to the firewall, making the firewall a detection device... but so is any vanguard layer of protection.  Whatever your door might be, the public is bumping into it in an "allow:all" fashion, even if the door itself is configured "deny:all".

The question remains; why can't a Firewall be that door?

Or better, why can't an AV with firewall-like abilities to system resources be considered a door?

Both technologies exist with a White-List, if the software is worth its weight.

[Melih]

Forgive me for my blunt ignorance, but why doesn't a Firewall fall under the Prevention category?  Yes, it may seem as a layer where "allow:all" is given access to the firewall, making the firewall a detection device... but so is any vanguard layer of protection.  Whatever your door might be, the public is bumping into it in an "allow:all" fashion, even if the door itself is configured "deny:all".

The question remains; why can't a Firewall be that door?

Or better, why can't an AV with firewall-like abilities to system resources be considered a door?

Both technologies exist with a White-List, if the software is worth its weight.

Are you suggesting to use firewall to deny all incoming traffic, hence creating a door? If so then yes, but then again, this would be putting a brick wall to where the door was and you are stuck inside and its not practical. (if i have misunderstood your question pls forgive me and will be happy to recieve a further explanation). Also, a firewall is not aware of the content of the traffic as such. It doesn't know whether its allowing pure data or executable file when it allows things. Hence it won't be able to prevent things according to threat levels. This is why you need to build a Kernel firewall (which is what CFP v3 is) that protects the kernel itself against any executable running. And when you ask the question: "....firewall-like abilities to system resources be considered a door", you are describing CFP v3 So CFP v3 is the Door we have been waiting for.

Melih

[Raccoon]

I guess your blog post was just a little confusing.  You explicitly stated that Firewalls cannot be used as a front-line defense.  I can't imagine what you would call that something then; if not a firewall, then maybe a router?  We're splashing about in a puddle of security techniques that can and have been bundled into one.

Packet shaping is no new technology.  Spying on packets for sensitive content isn't either.

Naturally, whatever you call this software (or door), it's going to have a handle, lock and key so that it can be opened when appropriate.  From this point on, it's really meaningless what we call it. 

Anti-Virus-Firewall-Memory-Manager-Rights-Auditor-Packet-Monitor-Freeware-Suite-Pro

[Melih]

here is a write up i had done about firewalls http://forums.comodo.com/melihs_corner_ceo_talkdiscussionsblog/what_is_a_firewall_here_is_the_laymans_explanation-t10489.0.html
where i explain 2 main purposes of firewalls (Personal firewalls).

I think we are getting stuck on what to call this new thing that could do "firewalling the kernel" etc..

so v3 is that thing, and we call it a firewall, even though its different than what firewalls are today

Melih

[Raccoon]

Don't most anti-virus deploy the same preventative measures?

BTW, if you want a really GOOD feature for Comodo, consider gobbling up a Startup Monitor.  There are a few of them, but I'm not entirely sure the source of mine. I think it installed with AutoPatcher.  It's a powerful defensive tool that really SHOULD have been implemented with Windows 3.1-- prompting the user whenever an application tries pushing itself to run at startup.

There are many places to monitor; not just the registry \Run[Once] keys, but libraries and anything that modifies the \Startup folder as well as legacy autoexec.bat, win.ini and system.ini.

[Little Mac]

Actually, no, most AVs don't do anything like this; they are reactive, rather than proactive.  That is, they are designed only to respond to a known infection (ie, a "cure"), rather than to stop an infectible from getting a foothold in the first place (ie, a "prevention").

Although it's not exactly the same, v3 does provide protection for startup items, given that it will alert to ANY attempted change.  It will give the user an alert that "item x" is trying to access/modify/whatever registry key z, or any other application, system file, etc.  Further, you have the option to define some registry keys, files, etc as "protected" and set how you want them to be protected.  So you can stop, block, and kill any attempted change without even blinking...

LM

[LeoniAquila]

Will computer users need anything more than CPF 3 stable and CAVS 3 stable? Will the only remaining main threat be personal lack of awareness?

Opinions?

[soyabeaner]

There will always be something...no matter how superior both products will turn out to be.  Time and testing are the best answers to your question.  You can intentionally browse forbidden sites and install nasties to see what happens...

Just as we all know 100% security software doesn't really exist, unless there's a backup program (or even an different online scanner) to confirm your computer's health, how would you know that CFP & CAVS are doing their job?  I do, however, believe (since trust is a key word here) that both of them will raise the percentage close to that 3-digit number.

[LeoniAquila]

I guess you're right. It was just a nocturnal thought that I had.

I can't help wondering, how we can possibly get swindled, when doing banking matters and e-commerce:

With my bank I login with a unique code every time, generated by a "keygen", so to speak. This should be secure. But when shopping online, I use a virtual bank card - it's connected to my account but works only for one time, with a temporary credit card number. Then I have to create a new card for every transaction. This is great, because I never have to send my real card number over the internet. However, this login consists of only 5 signs, and it's permanent (changeable though, and SSL encrypted). So if anyone could hijack my browser, they would get access to my virtual card, and be able to shop how much they want to, with my bank account. Or does the encryption prohibit  this?

/LA

[Melih]

I guess you're right. It was just a nocturnal thought that I had.

I can't help wondering, how we can possibly get swindled, when doing banking matters and e-commerce:

With my bank I login with a unique code every time, generated by a "keygen", so to speak. This should be secure. But when shopping online, I use a virtual bank card - it's connected to my account but works only for one time, with a temporary credit card number. Then I have to create a new card for every transaction. This is great, because I never have to send my real card number over the internet. However, this login consists of only 5 signs, and it's permanent (changeable though, and SSL encrypted). So if anyone could hijack my browser, they would get access to my virtual card, and be able to shop how much they want to, with my bank account. Or does the encryption prohibit  this?

/LA

MIM - Man In the Middle attacks are the way to fraud you in this scenerio.

Scenerio 1: You logon to your bank, but MIM is there negotiating everything between you and the bank, hence has access to everything and can instruct the bank to transfer money. Its not just about stealing your details, all they want is the ability to have access to your bank account, even if it means they will piggy back to your login session.

Scenerio 2: Dealing with a merchant: one of the biggest problems is how do u know the merchant is legitimate? the merchant could be MIM, hence getting details from you and using those details to buy something else from some other legitimate merchant. This way you think you are shopping with a legitimate place and providing your details, but this MIM is merely taking your details and using it.


Here is a statement: I can play chess against world's 2 top players and I can guarantee that I will never loose to both!

-I can either win one and loose one
-Or we draw
-I will never loose both games

So how do i do that?
easy: I mount a MIM attack on them. I put them into two different rooms and I play one's move against the other one! Both thinks they are playing against me, but in reality they are playing against eachother!

Melih

[LeoniAquila]

Thanks for your reply.

Scenerio 1: You logon to your bank, but MIM is there negotiating everything between you and the bank, hence has access to everything and can instruct the bank to transfer money. Its not just about stealing your details, all they want is the ability to have access to your bank account, even if it means they will piggy back to your login session.

But how is it possible to be a MIM, when the transferring of information is encrypted?

Scenerio 2: Dealing with a merchant: one of the biggest problems is how do u know the merchant is legitimate? the merchant could be MIM, hence getting details from you and using those details to buy something else from some other legitimate merchant. This way you think you are shopping with a legitimate place and providing your details, but this MIM is merely taking your details and using it.

I suppose this is where the certification business comes in. But how should one know that the provider of certificates is trustworthy? After about 8 months of being a Comodo forum member I certainly do trust Comodo, but I don't really know any other provider by name. What I can do then is to shop from either 100% well known sites, or sites in my home country which seems to be totally trustworthy - e.g. if they have a vast range of merchandise, if they are certificated and use SSL encryption, if they have a registered corporate number, and so on.

/LA

[Melih]

Thanks for your reply.

But how is it possible to be a MIM, when the transferring of information is encrypted?

I suppose this is where the certification business comes in. But how should one know that the provider of certificates is trustworthy? After about 8 months of being a Comodo forum member I certainly do trust Comodo, but I don't really know any other provider by name. What I can do then is to shop from either 100% well known sites, or sites in my home country which seems to be totally trustworthy - e.g. if they have a vast range of merchandise, if they are certificated and use SSL encryption, if they have a registered corporate number, and so on.

/LA

depends on where the encryption starts and where the MIM is going to interject itself. MIM could have interjected some malware or simply poised your DNS. (there many different techniques)

As to how to trust certification authorities, if we don't do our job proplerly, then people won't trust us, so we are motivated to get it right, otherwise we don't get paid for it cos people won't trust us and people won't buy certificates from us.

Melih

[Goran]

Here is a statement: I can play chess against world's 2 top players and I can guarantee that I will never loose to both!

-I can either win one and loose one
-Or we draw
-I will never loose both games

So how do i do that?
easy: I mount a MIM attack on them. I put them into two different rooms and I play one's move against the other one! Both thinks they are playing against me, but in reality they are playing against eachother!

Melih

Be carefull what you are saying, I might take a bet with you on this.  You need to be more specific - you must play with one player with black figures, and with other with white figures, otherwise you will most definitely loose both, unless you are Bobby Fischer. 

Goran

[3xist]

Seems the prediction "Prevention will be the first line of defense" has been tested positive (Scientific Terms)

Josh

[Melih]

Be carefull what you are saying, I might take a bet with you on this.  You need to be more specific - you must play with one player with black figures, and with other with white figures, otherwise you will most definitely loose both, unless you are Bobby Fischer. 

Goran

actually colours don't matter..
you can play against one in one room and the other in the other room. As long as you then play one's move against the other, colours don't matter.

thanks
Melih

[Tags:]