Sunday, August 31, 2003
If Anti-virus is obsolete, whats next?
Before briefly reviewing the available products, I will define what I mean by behavioral blocking. When I use the term, I am referring to a technology that has the ability to run suspect programs in multiple virtual operating systems, determine precisely what the code does and then, based upon a set of rules, decide what to do with that program. This is different from what some people call behavioral blocking, which generally refers to the use of set of rules to decide what to do with a program based upon its attributes.
That is a real waste of compute cycles. Now we know what all the next generation processors are going to be doing. They are'nt going to be any faster than what we have now because most of thier cycles are gonna be doing these things.
And if you think using Linux saves you, think again. It seems to me that the only reason there are'nt more worms/viruses for Linux is that there are less people using the Operating system. Same for the *BSD and so on.
Another form of attribute blocking is integrity checking. This can take various forms, but essentially it consists of a mechanism to determine if the characteristics of a file or program are about to be (or have been) changed by another program. CRC and MD5 checks are one form of this technology. Programs like tripwire and tcpwrappers are another. Most of these, however, only report a file or program alteration and do nothing to prevent it.
Can you see a normal average computer user doing this? I cant. Its not possible. Whats the solution? Network devices, with user data residing on servers. We buy the service which gets us the network admin who is responsible for securing your data. No more personal computers. Sad. An average computer user cannot keep his computer patched at all times.
Before briefly reviewing the available products, I will define what I mean by behavioral blocking. When I use the term, I am referring to a technology that has the ability to run suspect programs in multiple virtual operating systems, determine precisely what the code does and then, based upon a set of rules, decide what to do with that program. This is different from what some people call behavioral blocking, which generally refers to the use of set of rules to decide what to do with a program based upon its attributes.
That is a real waste of compute cycles. Now we know what all the next generation processors are going to be doing. They are'nt going to be any faster than what we have now because most of thier cycles are gonna be doing these things.
And if you think using Linux saves you, think again. It seems to me that the only reason there are'nt more worms/viruses for Linux is that there are less people using the Operating system. Same for the *BSD and so on.
Another form of attribute blocking is integrity checking. This can take various forms, but essentially it consists of a mechanism to determine if the characteristics of a file or program are about to be (or have been) changed by another program. CRC and MD5 checks are one form of this technology. Programs like tripwire and tcpwrappers are another. Most of these, however, only report a file or program alteration and do nothing to prevent it.
Can you see a normal average computer user doing this? I cant. Its not possible. Whats the solution? Network devices, with user data residing on servers. We buy the service which gets us the network admin who is responsible for securing your data. No more personal computers. Sad. An average computer user cannot keep his computer patched at all times.
Thursday, August 28, 2003
Wednesday, August 27, 2003
Google is now also a calculator
Looks like google is throwing everything, except the kitchen sink. Hey I dont mind, I'm an emacs user myself!
(emacs is an editor that also includes everything except the kitchen sink)
Looks like google is throwing everything, except the kitchen sink. Hey I dont mind, I'm an emacs user myself!
(emacs is an editor that also includes everything except the kitchen sink)
Tuesday, August 26, 2003
Sunday, August 24, 2003
Thursday, August 21, 2003
Gnutella protocol
I have an idea for a fun program. But need to study the gnutella protocol to figure out how things work with a decentralized protocol.
I have an idea for a fun program. But need to study the gnutella protocol to figure out how things work with a decentralized protocol.
Longhorn screen shots
The Windows desktop is turning more and more into a childs toy. Looking into those screen shots makes me feel sick. How dumb are the people who use windows? Already in Windows XP I find myself turning of all those dumbed down interfaces. The older interface makes so much more sense. Oh the days of the command line!
Linux is a blessing. As long as I have Linux with Windowmaker, life can go on! I cant imagine using an interface other than Windowmaker. It is just so perfect. It gives me all that I need and more.
The Windows desktop is turning more and more into a childs toy. Looking into those screen shots makes me feel sick. How dumb are the people who use windows? Already in Windows XP I find myself turning of all those dumbed down interfaces. The older interface makes so much more sense. Oh the days of the command line!
Linux is a blessing. As long as I have Linux with Windowmaker, life can go on! I cant imagine using an interface other than Windowmaker. It is just so perfect. It gives me all that I need and more.
Wednesday, August 20, 2003
Copied from :
http://arstechnica.com/etc/linux/index.html
Screen - Multiple Terminals - Screen, the terminal multiplexor. Screen is like a window manager for your console. Unlike a virtual terminal, screen allows you to detatch from a terminal. While detached, the program you were running continues to run. You can then reattach later and continue your task. This is useful if you want to run a bunch of tasks but don't want to keep an ssh session open or if you lose your connection. Screen is almost always used when running a game server in Linux. You can attach occasionally to check the server output without having to interrupt the server. First, we want to connect to our remote host via ssh and then run screen:
jorge@piccolo:~ ssh trunks
jorge@trunks:~$ screen
Note how my remote machine doesn't ask for a password, thanks to LUSSH. Now, execute whichever command you wish, for the example make it something that will remain in the foreground. Our "watch uptime" from a while back will suffice. Now, you've got something running on the remote host, and we want to detatch it (it will still be running, but your terminal windows will be free). Hit CTRL-A, then d. You are now detached. The process you were viewing run is still running... you can confirm this with ps -a. You can now exit back onto localhost (piccolo in this example), yet the program continues to run on the remote host even though we're not connected to it. To reattach, ssh back into the remote host and at the prompt type "screen -r". Screen will return you to where you left off. This is just a simple example; what other ways are Arsians using screen? (IRC is a popular use for this) Let us know in the Discussion.
http://arstechnica.com/etc/linux/index.html
Screen - Multiple Terminals - Screen, the terminal multiplexor. Screen is like a window manager for your console. Unlike a virtual terminal, screen allows you to detatch from a terminal. While detached, the program you were running continues to run. You can then reattach later and continue your task. This is useful if you want to run a bunch of tasks but don't want to keep an ssh session open or if you lose your connection. Screen is almost always used when running a game server in Linux. You can attach occasionally to check the server output without having to interrupt the server. First, we want to connect to our remote host via ssh and then run screen:
jorge@piccolo:~ ssh trunks
jorge@trunks:~$ screen
Note how my remote machine doesn't ask for a password, thanks to LUSSH. Now, execute whichever command you wish, for the example make it something that will remain in the foreground. Our "watch uptime" from a while back will suffice. Now, you've got something running on the remote host, and we want to detatch it (it will still be running, but your terminal windows will be free). Hit CTRL-A, then d. You are now detached. The process you were viewing run is still running... you can confirm this with ps -a. You can now exit back onto localhost (piccolo in this example), yet the program continues to run on the remote host even though we're not connected to it. To reattach, ssh back into the remote host and at the prompt type "screen -r". Screen will return you to where you left off. This is just a simple example; what other ways are Arsians using screen? (IRC is a popular use for this) Let us know in the Discussion.
Monday, August 18, 2003
Sunday, August 17, 2003
Friday, August 15, 2003
Wednesday, August 13, 2003
Tuesday, August 12, 2003
Monday, August 11, 2003
RPC Worm
This is the vulnerability we were trying to get patched a few days ago. Why cant everybody just use Linux!
This is the vulnerability we were trying to get patched a few days ago. Why cant everybody just use Linux!
The Virus did it
Damn it! That is one excuse I cant use. I dont use Windows!!!!
Maybe I'll be able to use "The Worm did it!" in a couple of years!
Damn it! That is one excuse I cant use. I dont use Windows!!!!
Maybe I'll be able to use "The Worm did it!" in a couple of years!
Low-Cost Linux Gaining on Microsoft in India
Difference between India and the US is that most people here in the US are already used to using Windows. In India everybody is new to computers, and everybody is learning from the start. The learning curve for them is the same, whether they learn to use Linux, or Windows. They dont have to learn how to use Linux all over again, from scratch after having learnt Windows. Plus, Linux is not made by a foriegn company.
Difference between India and the US is that most people here in the US are already used to using Windows. In India everybody is new to computers, and everybody is learning from the start. The learning curve for them is the same, whether they learn to use Linux, or Windows. They dont have to learn how to use Linux all over again, from scratch after having learnt Windows. Plus, Linux is not made by a foriegn
Saturday, August 09, 2003
Tuesday, August 05, 2003
InformationWeek > Microsoft > Microsoft's Web Site Brought Down By Attack > August 1, 2003
Ok maybe this is why there is so much fuss being made!
Ok maybe this is why there is so much fuss being made!
New Scientist
US government computer experts have warned that hackers may be preparing a large-scale coordinated attack. This could involve the release of a virulent type of internet worm or use thousands of enslaved personal computers to bring down websites.
I dont understand why there is such a big fuss over this particular vulnerability. And believe me, there is a whole lot of fuss being made!
US government computer experts have warned that hackers may be preparing a large-scale coordinated attack. This could involve the release of a virulent type of internet worm or use thousands of enslaved personal computers to bring down websites.
I dont understand why there is such a big fuss over this particular vulnerability. And believe me, there is a whole lot of fuss being made!
Monday, August 04, 2003
We had a bunch of experimental computers running Windows 98/2000. Since they are computers meant to run simulations, I hardly ever have to interact with them. The users were supposed to apply the patch for the RPC vulnerability that has been making everybody panic. They did'nt. There machines are now of the net. Those that had been compromised have been thrown of the net completely. Those that were vulnerable but not compromised cannot get out of the University. For now. When the users found they could'nt actually get out of University, they came running over to me.
I've applied the patch, and put a firewall on those machines, and hopefully the network guys will put them back on the net.
On another note, the machines that are directly under me, were patched, and firewalled, and never even showed up on the network guys scans. Thats what I keep telling these people. Give me complete control, and your machines will be safe.
There is a problem with there scanning though. Windows 98 machines are not vulnerable to this particular exploit. But they for some reason do show up on the scans, and are blocked even though they cant be hacked. Some poor people got swept into this for no reason at all. And they have no choice. They have to run Windows 98 because the data acquisition cards will only run in Windows 98.
I've applied the patch, and put a firewall on those machines, and hopefully the network guys will put them back on the net.
On another note, the machines that are directly under me, were patched, and firewalled, and never even showed up on the network guys scans. Thats what I keep telling these people. Give me complete control, and your machines will be safe.
There is a problem with there scanning though. Windows 98 machines are not vulnerable to this particular exploit. But they for some reason do show up on the scans, and are blocked even though they cant be hacked. Some poor people got swept into this for no reason at all. And they have no choice. They have to run Windows 98 because the data acquisition cards will only run in Windows 98.
Subscribe to:
Posts (Atom)