Re: Windows/Macro Language Info?
- From: "Pete Dashwood" <dashwood@xxxxxxxxxxxxxx>
- Date: Tue, 5 Apr 2005 13:51:46 +1200
"Richard" <riplin@xxxxxxxxxxxx> wrote in message
news:1112642698.694707.4660@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > They can be spread just as easily by Java, JavaScript, JScript or
> VBA macros in MS
> > applications,
>
> I think that you meant to say J++ when you had 'Java'.
>
No, Java scriptlets and servlets can also carry malware. The fact they they
are 'fenced' or 'sandboxed' as you called it does not prevent them
activating other servers by URL.
It does not require foundation classes.
> > or any other web scripting.
>
> No. The point is that malware is often using Windows _features_. For
> example http://www.mikx.de/scrollbar/
>
This is really a pretty old chestnut, Richard and has been plugged for
nearly 6 months now... I tried the test on his page and my Browser (IE6,
with updates applied) was not vulnerable.
> > The fact is that Perl, PHP, and probably (I don't know
> > because I have never used it) Python, can all be used to host or even
> create
> > malware.
>
> No. These are server side scripting languages while Javascript and
> VBScript are client side. There is a vast difference.
I totally understand the difference between client and server side (and you
have mentioned before that JavaScript is client side, when it can be used
for both [RUNAT=SERVER]). A client side script in ANY language that
supports access to COM components on the client, CAN be used for malware. On
Non-windows machines the same effect can be obtained with Java beans on the
client or using CORBA on a client.
> That is, when
> you connect your client machine to a potentially malicious server the
> Perl, PHP, Python scripts run on the remote server and send you HTML,
> the Javascript and VBScript runs on _your_ machine.
>
If the server is malicious it can send you a lot more than HTML. Server
push, HTML containing client pull and SSI, are all potentially harmful, yet
I use them all the time, without problem.
> Now JS and VBS are running in a 'sandbox' inside your browser so they
> can only do what that allows them to. With MS IE it is allowed to do
> more, by design, or can access other features (such as drag and drop).
>
Yes, that is fair comment. However it is also true that many of these
'holes' have been plugged in later versions of IE.
> > And what exactly is the risk?
>
> Viruses used to just do nasty things, like delete files, but now they
> are much more useful. For example a conservitive estimate is one
> million Windows zombie spam mailers. Machines that quietly wait for
> instructions from their 'owner' to send out spam mail. The user
> probably never notices the extra traffic.
I run an STMP mail server under IIS. It has been attacked once and someone
in Taiwan tried to hijack it for exactly the purposes you describe. The
checks and balances I had in place (which I am certainly not going to
describe here) alerted me before it had sent a dozen mails. It took 15
minutes to adjust the firewall and some SMTP options. Since then I have
never had a problem.
>
> I wouldn't run any machine, especially not a Windows machine, unless it
> was behind a genuine firewall.
Yes, on that we can certainly agree.
> I use old 486s, a 386 with a 1.44
> floppy drive will do, and a couple of network cards to run Freesco or
> Smoothwall, there are many similar free products. This runs headless
> (no monitor) and acts as a firewall, router, gateway, and can do other
> server functions. I put up a new one a couple of weeks ago and watched
> the logs as it went on line. Within a minute it had logged probes on
> various ports vulnerable to Windows as well as probes on telnet, ftp
> and ssh ports.
>
Yes, I also note probes every day, but they don't succeed; that is why we
have firewalls.
> > Usually Panda detects a couple of viruses that have never been
> activated and removes them,
>
> If you are getting _anything_ then you are being too complacent.
(in your opinion. I don't see it so...) The worst that could happen is I
lose a day. The system is restored as it was yesterday before the disaster
(whether it be malware or hardware failure) happened. I can tolerate that.
I'd rather have the facilities and use them, knowing and having weighed the
risks, than simply disable them because there MIGHT be a problem. But, as I
have tried to stress all along, it is a very personal decision and other
people won't see it that way. I am not advocating that others should do what
I do; simply that it works for me.
> The
> latest technology is defeating virus checkers by infecting the
> underlying Windows file system levels so that the scan gets a false
> report of file sizes and dates, as it would be if the virus wasn't
> there.
The 'underlying Windows file system levels' are NTFS on my system. It is as
secure as anything can be in this environment. I have been doing a fair bit
of work with the file system, and the WSH paper I have recently released
here deals with using these objects. I agree with you that this COULD be
subverted by script code (the facilities to change file size, dates, etc.
are certainly there within the object methods) but on a properly configured
system such a script would never get to run UNLESS the user allowed it to,
and had permissions to the objects it was manipulating. (As most of them
are System Owned it is not that easy... you would need Admin priveleges for
a start...It could not be run from within the latest editions of IE and
SP2.). But, obviously, it COULD happen, if a user sat down and knowingly ran
a script that did it. This comes back to the point I made in my earlier
post: ANY programmable system can have malware on it if people decide to sit
down and write it, and the language being used allows it.(And sometimes
legitimate requirements that the language MUST allow, can be subverted to
bad purposes.)
What does sometimes happen on my system is that some undetected viruses get
into the notorious 'Local Storage' area and are archived by windows into
'secret storage'. Panda finds them when it does a full scan and would find
them if any of these files were attempted to be activated. I clear 'secret
storage' manually (I don't use erasure tools because I don't feel confident
about what they do) about every three months. It pisses Windows off, and it
sulks a bit before getting back to normal after an hour or so.
>
> > Machine gets infected. So what? It is an inconvenience.
>
> It is also an inconvenience to all the mailusers that you may be
> pumping spam out to.
But I'm not, so that is just speculation on your part.
> For those with dial-up connection it is more than
> an inconvenience when they silently dial 0900 numbers in Nigeria.
>
And that is just using an extreme case that has no relevance on my personal
machine, to reinforce your point (which I don't entirely disagree with
anyway). Any good virus checker should notify the minute you download a
dialer (and Panda certainly does.) Other checks I have in place watch
anything that tries to dial anywhere, and that is over and above the
firewall.
I am not dismissing your concern, just balancing it. (And reminding you that
my comments only apply to MY system).
> There was a case just a month or so ago where Xtra agreed to write off
> a couple of thousand dollars in excess bandwidth charges where a
> Windows machines sent out Gigabytes of spam.
>
I don't use Xtra and wouldn't. (So it wasn't my machine... :-))
Richard I have nothing but respect for what you do and how you do it. But
you have to accept that there is a diversity of approaches in IT.
My comments at the time I posted them, were confined entirely to my personal
machine and experience. Yet when I posted I had a bet with myself there
would be comments from you and Leuko... How could I know that? Because I
know that you both are anti Windows and anti MS. And I totally respect your
right to be so. I don't even think you are wrong, but I do think the
reaction is more emotional than logical.
For millions of people around the world, Windows HAS to be a reasonable
platform. I use it because, in the days when I was trying to make money
writing software, that was what my customers used and, as you know, I
totally believe in markets.
I am not blind to its shortcomings, but neither am I blind to the fact that
there is NO perfect approach. And I refuse to get emotional about computer
software. If it works; good. If it doesn't; fix it or change it. For me (and
I am not the only one...) Windows works. (OK, it needs a lot of fixing, but
MS are doing that...).
Personally, I find XP Pro to be an excellent OS. I find IE6 meets my browser
needs adequately. But that doesn't mean I won't use Linux or Firefox. I know
they are also good products. I changed from MS Access to MySQL and have
never regretted it, but I had an incentive to do so. I can't see me
investing more time in the learning curve for new software when what I have
serves me fine.(I have already invested huge amounts of time learning to get
the best out of what I have, I would need a VERY good reason to start
over...)
However, that is one man's opinion and I respect the right of others to
disagree.
Pete.
.
- Follow-Ups:
- Re: Windows/Macro Language Info?
- From: Richard
- Re: Windows/Macro Language Info?
- References:
- Re: Windows/Macro Language Info?
- From: Lueko Willms
- Re: Windows/Macro Language Info?
- From: Pete Dashwood
- Re: Windows/Macro Language Info?
- From: Lueko Willms
- Re: Windows/Macro Language Info?
- From: Pete Dashwood
- Re: Windows/Macro Language Info?
- From: Richard
- Re: Windows/Macro Language Info?
- Prev by Date: Re: Windows/Macro Language Info?
- Next by Date: Re: Windows/Macro Language Info?
- Previous by thread: Re: Windows/Macro Language Info?
- Next by thread: Re: Windows/Macro Language Info?
- Index(es):
Relevant Pages
|
