[Esd-l] ZIP scanning, take two (repost)

Peter Hanecak hanecak at megaloman.com
Mon Feb 23 00:38:20 PST 2004


Hello,

On Mon, 23 Feb 2004, Snowy Angelique Maslov aka 'Snowpony' wrote:

[snip]
> I must admit I tend to get people to zip things to get through filters on most
> systems.  However with the way Windows XP/2003 now handles zip files this
> technique is starting to have it's own security problems.  :/  I'd say perhaps
[snip]

I start to see a loop here:

1) MS makes something "executable", 
2) virus/worm/... takes advantage of it,
3) filtering software filters such things out
4) MS makes something else "executable",
5) ...

etc.

Maybe it's time to clearly separate executables (maybe also counting 
buffer overflows) and data. A lot of people were saying this for a long 
time but all major "solutions" we have for now is "Trusted Computing 
Initiative" which is trying to be portrayed as solution but if we see say 
how buffer overflows in some games on Xbox are used to run unsigned code 
on that console ... well that leave us where we are today with one more 
problem: What that "Trust" does mean? Something like "It's your computer 
but we do not trust it so we propose this scheme which will enable us to 
trust your computer which will betray you - its owner - as we wish".

Well ... in the long run I'm optimist: Something new and better will come 
and prevail. :)

Sincerely

Peter

-- 
===================================================================
  Peter Hanecak <hanecak at megaloman.com>
  GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt
===================================================================


More information about the esd-l mailing list