Wednesday, September 3, 2008

So you thought your OS was secure?

When looking for information about the IDA disassembler (anyone who knows it and can give me a few hints?) I found an interesting video at Google Videos. Alex Sotirov discussed how he found a very applicable "ANI" exploit in WinXP and Vista, including showing his best IDA tricks. Quite academic and extremely technical. As food for thought he ends the lectures with this diagrams about what OS provides what security measures:

We Mac users sometimes brag about how secure OS X is, while in reality it probably has a pretty solid base in Darwin and provides a reliable development environment with Cocoa... but when bugs and exploits are found, OS X is standing there almost absolutely naked and defenseless.

Of course, Windows drags a larger pile of legacy code behind itself, but it also is a lot more under fire, it makes a lot more sense to produce exploits and viruses for Windows.

My advice (which I hope will soon be published at are still simple: 1) use good, secure software which throws away popups and spam 2) install system updates as they become available 3) run some sort of firewall and maybe free antivirus software . You, or if someone does it for you, need to keep your computer reasonably clean and well-oiled. Don't blame a virus if it's you who's filled up your disk. By these simple principles, my systems have been essentially perfectly free from virus trouble for at least five years. Knock on wood :-)

A little PS about that dangerous Internet hole which recently was "discovered" by Anton Kapela and Alex Pilosov. Experts are saying that indeed the "hole" is there, but everyone concerned were already aware of it and will not have much problems with it. If anything it is a small reminder that whenever you transmit passwords or any sensitive data over the Internet, you should not make any assumptions that the network is not wiretapped.

No comments: