Page 2 of 3

Posted: Tue Jul 12, 2005 4:55 pm
by Harteex
I'm on Windows with an administrator account and I use IE.

It was a long time ago I had any virus, and that came from an old floppy...

Posted: Wed Jul 13, 2005 6:48 am
by jro
Same with me I use XP minus service packs, some services disabled, and I use Firefox+Firewalls and various malware scanners. No malware problems for a long time now. :shock:
"Asking for the password is a way to ensure that the same user who logged in is still sitting behind the computer, and not someone else with possibly harmful intentions."
If someone logs in, why isn't that enough? Who leaves their PC running with malicious users creeping around their home or office? Why not ctrl+alt+del and password lock the OS before leaving? Even more secure that way since nobody can read/send email or surf bad sites on your account like they can if you leave a Linux session running. Or do we need passes for all of that too? :roll:
clicks on "yes" buttons can easily be emulated by any virus
If no unauthorized program were allowed to run, how will this hypothetical "mouse controlling" virus first gain control? By that line of thinking, someone can also make a keylogger or console virus for Linux to catch your root passwords and use it to destroy.

At some point we need to strike a balance between user comfort and security. Why not let security freaks run their ultra secure linux distro, and try a different approach with ReactOS?

Hmm one feature so far More please

Posted: Wed Jul 13, 2005 8:44 am
by oiaohm
Feature one control access to admin can be password or click depending on admin selection in setup and security control centre(name for program that control security up for debate).

Note virus people I will stuff two things up. Mouse controling virus would be screw up simplely.
Admin not accessable when Mouse control features are in effect a virus could click all day on the OK but due to control features in effect no click will be excepted. Yep this stuffs vnc Admin control so there would have to be a exception flag.

security or features My objective is not to remove features maybe require a flag to use them.

security or comfort? I am trying to make secuirty with the least amount of pain. So I do need to know what would hurt some people so options can be built in so it can be as friendly as a security can be.

I guess the yes option is for home computers not business reactos home version default. reactos business no way password all the way.

Starting to see the reason for the 2 versions but I think microsoft took the split a little to far and caused home version users to much trouble. Basicly Reactos Home and Reactos Business be almost exactly the same bar few security config options and the default choosen.

Reason is disagreements like the last one this could take some time to workout all the sticking points.

Posted: Wed Jul 13, 2005 8:46 am
by Luemmel
If no unauthorized program were allowed to run, how will this hypothetical "mouse controlling" virus first gain control? By that line of thinking, someone can also make a keylogger or console virus for Linux to catch your root passwords and use it to destroy.
there are keyloggers for linux and they need to be run as root
the problem with many exploits is that they often don't just use one vulnerability and you can't be sure that there isn't a security problem that allows unauthorized programs to run
you can just make it as hard as possible for virus developers
At some point we need to strike a balance between user comfort and security. Why not let security freaks run their ultra secure linux distro, and try a different approach with ReactOS?
would be ok with me but i just think it won't work that way :)

BTW: the problem with most viruses is that they don't pop up and say "here i am"
so it's quite hard to proof that you don't have one

Posted: Wed Jul 13, 2005 9:45 am
by jro
Ok "comfort" was a bad choice of words. I like "security with the least amount of pain" better. And it is painful to type a password too often. Maybe two versions is best.
you can't be sure that there isn't a security problem that allows unauthorized programs to run
Can't we lower possibilty for a vulnerability in that area? If the kernel and other files are read only, can it help? Maybe use lists of authorized programs? I'm just concerned about how security choices will affect home use. I have a peev against OS password prompts :) Email, Bank, Ebay I understand but I feel like I should be able to run any files I click on my computer without a quiz. I'd rather do Yes/No and have the OS handle as much security behind the scenes as it can.

I know it's hard to say yet but do you think windows antivirus products might work with ReactOS?

Posted: Wed Jul 13, 2005 4:08 pm
by Luemmel
in my point of view the best protection for ReactOS is the fact that it's open source so critical bugs or vulnerabilies can be fixed immidiately
and not 3 months later when 5 million infected pc's make "a company" notice that the bug was not that "harmless"
0-day exploits will always be a problem and ReactOS as a system that will propably run as a desktop in 95% of all cases should not try to compete with OpenBSD when it comes to security

Posted: Thu Jul 14, 2005 12:25 am
by Nicram
Hello :)
I'm OpenBSD admin from version 3.4 & OpenBSD user from version 3.1.
I must sya that making ReactOS so security is impossible, because then many software will not work (software that was made for Windows).
Sometimes even small software like for checking what hardware is in the PC, or using some hardware functions will just don't work then. & i think making something like chroot (known as jail) under Windows is impossible (even more impossible wirh FAT file system).
But.. ReacOS can be secure enough. Just developers must sometimes think before thay make hardware drivers work, software running etc.
& remember that the most big problem of today IT security is PEBKAC :)

Hmm Nothing is imposible.

Posted: Thu Jul 14, 2005 12:23 pm
by oiaohm
Jail is not that hard to create inside windows is unable to be done due to lack of access to control dll access and what dll a program is accessing.

Most programs require to link into the system some how. Ie either the interpert most common this is only used by core libs.

Wine provide how to this was able to be done. Two different libs one with alot of power one with bugger all. Control the dlls programs can access to. All good secuirty is Impossiable on fat just does not have means to store enough information.

You will be supprised how few apps commonly ask to interface directly with drivers they don't install themselfs.

Hmm what is PEBKAC. What I am not trying to compete with Freebsd. I would not call it system suitable for windows. Windows security will have to be created on the fly.

Some windows antivirus products will work in time with Reactos but not all. Some just will be to fussy about reactos internals and if installed can cause problems.

Almost all windows software will run in a limited account under windows its just verry painful setting stuff like icq and nero. Allow access only to verry small sections of the registry and driver access and no access to change to some other programs. Since the software works this is not unabled to be done. I did not say that it was simple methrods to achive it at least have to be attempted.

As with all security it has to be bend able but not simple to break.

Posted: Thu Jul 14, 2005 1:32 pm
by Nicram
PEBKAC = Problem Exists Between Keyboard and Chair

Are that problem.

Posted: Fri Jul 15, 2005 1:27 am
by oiaohm
Never seen that one short before.

My problem with windows you really don't get to the chair before you have problems. IE Problem Exists Between the Keyboard and Chair is the last hurdle. But of you go flat on your face at the first one its not really a big issue.

Services/Deamons running as Admininstrator or more. Kind does to matter how much problem is between the keyboard and chair. Users been let in default as uncontroled Admininstrator account. This is bad setup for sure. Users are kind predictable they will take the default options in may cases even if its not good for them. Ie problem exists at Microsoft when it comes to setup.

Basicly If I can get it back to in between the Keyboard and Chair this a improvement. Note not all users will have access to Admininstrator right and don't need them but due to Windows horible setup of the security system the Administrator will require all the tools to make it simple to set right. If seting something is to hard some Windows Administrators have the habit of near enough is good enough.

Basicly we have problems on all sides. I don't say I can fix them all. My goal is to give a user a sporting chance of getting the system setup right.

Surpisingly windows can provide almost the same security as FreeBSD but it almost never setup right. Note FreeBSD should always be better because they will not have to depend on the user to set the security of the applications it runs. I really don't have a option due to no good security setup from Microsoft.

Posted: Fri Jul 15, 2005 9:52 am
by Luemmel
Surpisingly windows can provide almost the same security as FreeBSD but it almost never setup right.
FreeBSD ist not OpenBSD and the only setup i can imagine which possibly makes windows (not ROS!) almost as secure as OpenBSD is removing all network devices from the box ;)

Posted: Fri Jul 15, 2005 10:17 pm
by Sarocet
Returning to the topic:
Yes/No popus are stupid. Users will click yes by default even if the windows default is no. And if their program doesn't go, it will try the other, but probably first tes ('it always work'). A password is required, maybe with a bit paranoiac message (like some IE msg's when trying to download).

You talk about keyloggers: of course there is such problem. Wouldn't it be always?
Can't we make the pupup window in that way so it, inserted into the kernel, accessed the keyboard directly (maybe even with the interruptions) so no key-catch system could get it? I would solve this problem. Problems: non us-ascii chars may work badly. Only allow ASCII-7 ??

A little improvement we can do is the giving of different su passwords so we can have an account that can be limited (with or without password) and (if allowed) forward to admin account with a second password, specific for that user, so we don't use global system passwords. They are user credentials + specific admin password. No way to use it form other accounts even if password stolen. Even also passwords for different credentials addings.

I don't think 0-Days very problematic. They are problems for detecting time of antivirus companys. I don't think many people will be trying to attack ROS (at least for now). At least, we will always have patches faster than MS.
And infected emails are really PEBKAC problems. I once received a mail that could have been able to trick me. A person I knew but we didn't have got in touch by internet. Subject: Can we be friends?. Strange but not too. Then i see the attachment .CPL!!!!!!! Who will think someone will send a control panel extension for them???? (if not expressly asked for).

Of course, default account are limited users. Also the option of hide accounts from GUI login while allowing accesing to them with command line. GUI admin is also good, not only for stupid programs that ask for admin rights but also for some operations as CD burnings and global backups. Also when installing huge quantity of software (computer configuring).
A good idea would be the ability of making a limited account an admin account for X time (10 min, 1 hour, 2 hour...) up to 1 week, for example so passed that time admin rights would expire. Nobody would need them for more time as an specific requirement, and newbies would not have large problems for forgetting reconverting them to limited.
(Admins may always build their own version with that limit greater)

Keylogger and other problems

Posted: Sat Jul 16, 2005 1:22 am
by oiaohm
You have to be root on linux boxs to install keyloggers. Yes you can send a key to a program but you cannot keylog from a normal user.

How many programs need to keylog. This is part of the keyboard control system. A defect that should not be in the system. Only programs ran at the same user should be able to do this max.

So the password sould be entered in a verry limited user then transfered to admin. Ie the password windows does not own to current user so when active the keyboard owns to the password window only keys it does not handle is passed on. This is handled by good security.

In the system I want when a user switch into admin mode all the current and normal programs ie word, Outlook don't get run as admin it they stay at there normal user level. You can do this now using runas under windows.

The good emails ones are like with the com hidden hmm a .txt let click. Thank god for thunderbird kicking up. Windows would not.
Question what reason does Outlook have to execute programs other programs. Good security fixes problem. That a program I though that was a .txt file thats not right.

Choke CD burning admin rights. Its not required. There is a nice level system inside windows that a admin can assign so when program is run while in a limited account it get more processor access. Declare the acls for driver access. Nero provides a tool to do this for there program and limited account can do it all. This is the windows problems are that to many programs run with to many rights.

Nasbackup software I use to central all my backup does not need full admin rights. Right to terminate any currently running programs to copy files yes need to run a program to dupicate registry and some network access. Does not need to be able to write files to any client machines other than the dupicate registry and maybe something in temp. Note it does not require half as much access as windows throws its way. Even on the server it only need to be able to write to a directory and dupicate registry and network accesss and read the system. Most backup programs have to dupicate registry due not being able to copy it while its running.

Global backup need to do read files stop some programs so it can read files, maybe copy registry to new file and a place to store it.

Global restore need write access as well. Question how often would you do a Global restore.

The attacks I was referening to did work on alot of people machines and it was a zero day it even worked on wine so it will work on reactos if someone install outlook of some form it was god dam general attack.

Time limit on admin level that is can be set is a good idea extra feature.

If I created the click threw window. It would be a differnet look to any other windows. Most likely check board Squares of the title bar and toolbar come to mind. Yes it would look horible but thats is goal to get you attention. Default option NO. You have to hold the yes button for a count of 5 ie 5 4 3 2 1 admin its quicker to click no this is user training. Yes this may be over kill.

And I would most likely run a competion for the most effective admin message in the least number of words.

Installing huge quantity of software (computer configuring). Is that not what unnattended for. Put disk in and leave. Now some kinda of unattended install system would be require thanks for reminding me. A new unattended system that install and set security for every program.

Hmm maybe a install mode that make all non installed .exe auto start the install wizard to setup security program. MSI it would be automatic.

This still does not give any program uncontroled access to the system. The roll back system in windows depends on the same kind of intercepts.

But due to it not being on a application at a time base and does not provide any security settings.

Features extra features so far.
password or yes and no for admin access.
Set able timed access on admin.

Posted: Sat Jul 16, 2005 8:09 am
by jro
Please do not require password to run programs or do system tasks. It seems stupid, when I am the only user on a PC. This is not linux, and linux is NOT perfectly secure. Trust me there are problems with linux but it's no use to argue. Passwords and "paranoia" messages do not HELP security, what happens behind the scenes matters much more I'm afraid.

Posted: Sat Jul 16, 2005 9:05 am
by oiaohm
I know linux has its problems.

Lack of simple user/admin control with alot of its security.
Minor flaws that do happen. And getting less.
The common one most os have.
X11 flaws yes its not the best.
Most of these can be control by the provided security parts.
Note I am a linux user I know its flaws. Yes samba does not store ntfs options samba 4 should.

Windows has a direct screen draw system without remote linking. Advantage over X11 for a desktop. Strange that is so weak as a desktop. This is the reasons why I went looking at windows security and found a lot more problems than I ever expected to find. When there is a chance to produce something better we should always to take the chance.

Password yes to help.
The message has to be clear why you are being blocked and enought to alert you something that cannot be overlooked. Hmm why in hell am I going into the configs of the system. Most users go months between entry times. I have done this as a secuirty demontration to a boss of a company where the machines where independly setup. I sent the people a email detailing what to change to allow remote access in a way bypassing the normal methords and with a key I could access with.

Email read enter follow the instuctions bellow to stop the machine from recording the actives you do on it. 30% did it. Yep a few people got fired.

Interface is part of good security is one section that needs work.

The message will not be simple to write. I can tell you that.
It has to wake user up so a person saying go here to there does not work nice hack that one you fix the problem and provide a back door.
The user has to be sure of the source of the information or the information itself.
The user has to be carefull not to go into admin and change things willy nilly because they could endup locked out. Reason why it will have to be another form.

I am not just after the interface I am also after anyone who knows enought or more weak points that need to have some kind of shield.

The planing stage of security is the hardest to get right. If you get it wrong you either endup with usless security or users not able to get stuff done.

Just another idea colour of title bar background or something along this line of admin windows different for a single user could perform the same methord. It is critcal that a user know what windows are admin and what windows are normal user. Reason I have seen this done fake login windows really good way of aquiring passwords. Or a mixing up a windows from another program with a admin window and clicking yes to something that should be clicked no or inversed.

There has to be something different about them. I am willing to take suggestings and if they are good they will live.