OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: RE: [firewalls] Digest Number 388
From: Michael.Owennet-tel.co.uk
Date: Wed Dec 13 2000 - 11:19:02 CST

> ***
> This strikes me as an overreaction - what exactly should they be doing?
> Unless they perform a checksum on every application every time it
> connects
> to the 'Net, this sort of a problem will likely exist.
> ***
>
> Your statement above about performing a checksum is certainly an avenue
> which needs to be considered. Although some
> processing time would be required at the initiation of each application
> accessing the network, the option of being able to do
> this would be quite valuable (and necessary) to some people. The
> option
> could be disabled on slower machines if someone
> is willing to assume this greater risk.

Yes, it could be a good idea, but where do you store the checksums securely? Unless you store it in read-only media, it can still be compromised. I'd use a CD ROM for my server, but your average home user isn't going to want to have a checksum CD that he has to update each time he installs something new, and has to keep in his drive whenever he's launching network-enabled applications.

I still think general common-sense precautions will keep the average user safe. But then, I disable pretty much all scripting/ActiveX in my web browsers, and consider that to be "common sense." My level of paranoia likely exceeds that of the average user.

Mike 

----
Michael Owen
IT Security Engineer
NET-TEL Computer Systems Ltd
Michael.Owennet-tel.co.uk
-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]