[unisog] zotob variant?

Dale W. Carder dwcarder at doit.wisc.edu
Thu Oct 13 20:34:03 GMT 2005


Jim Dillon wrote:
> The point was simple, signatures don't scale well, it is easy to  
> modify
> the signature and re-attack with the same source.

Valdis.Kletnieks at vt.edu wrote:
> Though if once a week, new stuff is
> dropping itself on Gary's net before the anti-floopware(*) vendors  
> have gotten
> an ID for it yet, there's something wrong....

In security, enumerating badness never scales.  IDS, IDP, and friends
have their place today but are effectively doomed.

I'm sure we're not too far away from everything tunneled over SSL
anyway.

On the other hand, user intervention doesn't scale either.  When the
choice is "block this potentially bad thing" or "do what I wanted",
positive reinforcement wins.

Gary is on the right track with non-privileged user accounts.  It is
a low hanging fruit.  This is a way of life on MacOS X today already.
But, since OS X doesn't have marketshare to be a real target, it is
unclear if this will actually help.

Dale

------------------------------------------------------------------------
Dale W. Carder - Network Engineer   | DoIT Network Services
University of Wisconsin at Madison  | dwcarder at doit.wisc.edu
(608) 263-3628 | 24hr NOC: 263-4188 | http://net.doit.wisc.edu/~dwcarder




More information about the unisog mailing list