Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Trustworthy Computing Mini-Poll
From: "Bruce Ediger" <eballen1 () qwest net>
Date: Fri, 20 Dec 2002 12:53:22 -0700 (MST)

On Fri, 20 Dec 2002, Simon Richter wrote:

On Fri, Dec 20, 2002 at 02:47:59AM +0100, yossarian wrote:
features will my new computer have, that will convince me to lose certain
options I have right now - playing music, copying what I like, etc?.

I'd say protection from binary viruses and stack overflows, plus if
someone breaks into your computer and you have stored your key in a safe
place you can tell what she modified. So this would be a definitve must
if you're builing a server, and I'm asking now whether you would like
those features on your home box as well, even if you had to give up DVD
copying or get special illegal hardware for it.

I'm sorry, maybe I was sleeping in class...  can somebody explain to me
how a TCPA machine (as currently hypothesized) would keep stack overflows
from happening?  Is this a facet of having a "nub" check each and every
memory access, and having a stack marked "read/write/no execute"? Or is
my vision not far enough?

I'm serious here - I'm not trying to be argumentative, I just want to
figure this out so I can evaluate it.

I see that you qualified "protection from *binary* viruses" - the "nub"
sure wouldn't allow a file that a file virus (Staog or something like
that) had tinkered with to execute.  But file viruses were never a serious
threat as far as I can tell (see http://news.com.com/2009-1001-254061.html).
The really widespread viruses were boot sector (basically BIOS infectors)
and macro (code for "Word" macro) viruses - right?  Not to say that other
viruses don't exist, just that those were by far the greatest number
in the wild. Now, Outlook viruses (Klez, SirCam, etc) seem like the real
problem.  Windows 98/ME seem to have enough reliability that people don't
reboot with a floppy in place often enough to spread boot sector viruses.

Can someone explain how TCPA might prevent "Word" macro viruses?  It's
my understanding that (unlike some Outlook viruses) macro viruses do
exactly what a user might do - they don't take advantage of bugs to
do their work.  The automatic execution of macros in a "Word" document
is the feature that enables macro viruses to spread.  How does a TCPA
computer prevent that?  Users modify "Word" doc files all the time -
TCPA can't stop users from tampering with .doc files and still retain
any use for the computer in question.

Outlook viruses seem to either spread via bugs in Outlook or the HTML
engine used to render HTML email (part of IE?).  How is a TCPA
computer supposed to prevent that?  A signed application has a bug
that allows the signed application's scripting language to do things
automatically that the application should only do at a user's behest.

Very honestly, I don't see how a TCPA-crippled computer will help
the macro virus or email virus situation.  Maybe someone can explain,
and I'd really appreciate that.  Cause right now I get immunity from
"Word" macro viruses and Outlook viruses by running AbiWord and Pine
respectively.  I don't need to trade in my Turing-capable machine for
something that's crippled in ways that will cause problems we haven't
yet forseen.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]