From: "Jörg Ostertag" <Joerg.Ostertag@avira.com>
To: Theodore Tso <tytso@mit.edu>, Rik van Riel <riel@redhat.com>,
Eric Paris <eparis@redhat.com>, Greg KH <greg@kroah.com>,
Al Viro <viro@zeniv.linux.org.uk>,
"Press, Jonathan" <Jonathan.Press@ca.com>,
Arjan van de Ven <arjan@infradead.org>,
linux-kernel@vger.kernel.org, malware-list@lists.printk.net,
linux-security-module@vger.kernel.org
Subject: Re: [malware-list] Threat model for Unix Computers
Date: Fri, 8 Aug 2008 12:48:55 +0200 [thread overview]
Message-ID: <200808081248.55590.Joerg.Ostertag@avira.com> (raw)
In-Reply-To: <20080806014435.GF8224@mit.edu>
Am Mittwoch, 6. August 2008 03:44 schrieb Theodore Tso:
> On Tue, Aug 05, 2008 at 08:46:00PM -0400, Rik van Riel wrote:
...
I'm trying to fill in some other thread models, not all directly related to
virus-scanning, but if we want to get a complete anti-threat model for linux,
we should take them into account too.
In addition I'll add some usage scenarios for later extracting some threat
scenarios ...
Desktop-Users:
----------------------
> The Linux Desktop (where clueless users may be tricked into
> running malware).
I would add the chance of users exporting there locally stored Files via CIFS,
SMB, http, ... for accessing them with there beloveled streaming clients.
Speaking of exporting Files from a Desktop PC we should also take in account
File-Sharing clients.
Some more examples of a Desktop Users desire would be:
- copying Files to/from there PDA (BT,USB,WLAN)
- sharing internet connection with there PDA (BT,USB,WLAN)
Another threads would be:
- giving access to the Desktop-PC to guest-users for
"just let me look up something in the internet"
and the guest-user on the Desktop not informing about the (in his point of
view) urgent installation of there beloved
Browser-malware^H^H^H^H^H -adware ^H^H^H^H^H -extention
For all the Files stored on the Desktop PC we should also take in account,
that the paranoid Desktop user would store them inside a crypted
device/container. Some examples would be: truecrypt-container/-partition,
External crypted Harddrive, ...
... speaking of storing Files I would expect even Desktop Homeusers to store
there Files on a local mini Fileserver (like a Fritz-Box, NSLU2, ...) to
share them with other devices like Multimedia players, ...
Notebook-Users:
------------------------
And then we have the Linux Notebook users. I separate these from the Desktop
users, because they will have most of the Scenarios for Desktop users plus
some additional treats.
- Connecting to random accesspoints (Airports, Hotels, ...)
- Exporting there Wireless (BT,WLAN,UMTS, ...) to random people. Sometimes
willingly, sometimes unwillingly
- leaving there Notebooks unattended
- without Bios password
- without HDD-encrytion
- without Boot-Manager Password
- without screenlock
- ...
Linux Desktops in public places:
--------------------------------------------
I'm thinking of Linux Desktop PCs in places like Internet-Cafe,
Public-Library, School, ...
These would be similar to the Standard Linux Desktop but adding some
additional threats.
- willingly trying to attack the PC with physical access to
- CD-Rom
- USB-Devices
USB-Stick
Card Reader
- Network cable
- Floppy drive (if still existing)
- Reset Button
> The Linux File Server (where it is *highly* unlikely to have
> active running malware, since there are no clueless
> users running on said file server), but where malware
> may be stored and read over CIFS, NFS, etc.
Maybe it "was" unlikely, but you can see more and more
(Now-)Unix-administrators originally used to other operating systems and with
a different view to security. So it would be nice if we would be able to
protect these users/admins/installations too.
Mail-Proxy:
--------------
> The Linux Mail server is really a restricted case of the Linux
> Fileserver; where the only way in is SMTP, and the
> only protocol out is IMAP/POP.
I would add SMTP for the outgoing channel too.
Web-Proxy:
----------------
Only to complete the list:
The Linux Web Proxy is another example of a Linux Server.
The way in would be http traffic (mostly over port
80 and 443) and the way out will be either over a shared
proxy port or offered transparent if the Linux machine is used
as router.
In my opinion all good webproxies with scanner already provide a pretty good
solution here.
--
Jörg Ostertag - Manager UNIX SW Development - Avira GmbH
Phone: +49 (0) 7542/500-500
Fax: +49 (0) 7542/500-576
Lindauer Str. 21, D-88069 Tettnang, Germany, http://www.avira.com
PGP Key-ID: 0x46BDEF37
Geschäftsführender Gesellschafter: Tjark Auerbach
Sitz der Gesellschaft: Tettnang
Handelsregister: Amtsgericht Ulm, HRB 630992
ALLGEMEINE GESCHÄFTSBEDINGUNGEN
Es gelten unsere Allgemeinen Geschäftsbedingungen
(AGB). Sie finden sie in der jeweils gültigen Fassung
im Internet unter http://www.avira.de/agb
***************************************************
next prev parent reply other threads:[~2008-08-08 10:54 UTC|newest]
Thread overview: 220+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-04 21:00 [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning Eric Paris
2008-08-04 22:32 ` [malware-list] " Greg KH
2008-08-05 0:26 ` Christoph Hellwig
2008-08-05 0:47 ` Eric Paris
2008-08-05 0:54 ` Christoph Hellwig
2008-08-05 5:49 ` Kyle Moffett
2008-08-05 12:32 ` Alan Cox
2008-08-05 11:31 ` Alan Cox
2008-08-05 14:06 ` Peter Zijlstra
2008-08-05 14:09 ` Alan Cox
2008-08-05 17:58 ` Nick Piggin
2008-08-06 2:41 ` Andi Kleen
2008-08-06 18:04 ` Rik van Riel
2008-08-05 0:32 ` Eric Paris
2008-08-05 0:35 ` Eric Paris
2008-08-05 0:51 ` Greg KH
2008-08-05 11:23 ` Alan Cox
2008-08-05 17:03 ` Greg KH
2008-08-05 18:56 ` Eric Paris
2008-08-05 20:30 ` Greg KH
2008-08-06 18:49 ` Eric Paris
2008-08-06 21:02 ` Theodore Tso
2008-08-06 21:28 ` Eric Paris
2008-08-06 21:52 ` Theodore Tso
2008-08-07 14:16 ` Eric Paris
2008-08-07 21:55 ` David Wagner
2008-08-08 2:06 ` Rene Herman
2008-08-08 2:15 ` Eric Paris
2008-08-08 2:55 ` Rene Herman
2008-08-08 11:58 ` Press, Jonathan
2008-08-08 12:34 ` Rene Herman
2008-08-08 13:11 ` Press, Jonathan
2008-08-08 13:43 ` Rene Herman
2008-08-05 11:25 ` Alan Cox
2008-08-05 17:01 ` Greg KH
2008-08-05 20:36 ` Alan Cox
2008-08-05 19:46 ` Eric Paris
2008-08-05 20:15 ` Greg KH
2008-08-06 9:37 ` tvrtko.ursulin
2008-08-06 15:25 ` Greg KH
2008-08-06 15:41 ` Eric Paris
2008-08-06 16:03 ` tvrtko.ursulin
2008-08-06 9:28 ` tvrtko.ursulin
2008-08-05 14:41 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface foron " Press, Jonathan
2008-08-05 14:56 ` Eric Paris
2008-08-05 16:37 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon " Press, Jonathan
2008-08-05 17:19 ` Eric Paris
2008-08-05 17:38 ` Arjan van de Ven
2008-08-05 17:29 ` Alan Cox
2008-08-05 18:02 ` Arjan van de Ven
2008-08-05 20:12 ` Alan Cox
2008-08-05 20:41 ` Arjan van de Ven
2008-08-05 18:04 ` Press, Jonathan
2008-08-05 18:11 ` Greg KH
2008-08-05 18:38 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Press, Jonathan
2008-08-05 18:54 ` Theodore Tso
2008-08-05 20:37 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-05 21:14 ` Greg KH
2008-08-05 21:23 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning Press, Jonathan
2008-08-05 21:42 ` Arjan van de Ven
2008-08-05 21:44 ` Greg KH
[not found] ` <2629CC4E1D22A64593B02C43E855530303E21D47@USILMS12.ca.com>
2008-08-05 22:26 ` [malware-list] [RFC 0/5] [TALPA] Intro toalinuxinterfaceforonaccess scanning Greg KH
2008-08-05 23:37 ` Al Viro
2008-08-05 23:48 ` Eric Paris
2008-08-05 23:57 ` Theodore Tso
2008-08-06 0:11 ` Greg KH
2008-08-06 0:25 ` Eric Paris
2008-08-06 0:46 ` Rik van Riel
2008-08-06 1:44 ` Theodore Tso
2008-08-08 10:48 ` Jörg Ostertag [this message]
2008-08-08 22:26 ` [malware-list] Threat model for Unix Computers Peter Dolding
2008-08-09 1:21 ` david
2008-08-09 1:44 ` Ulrich Drepper
2008-08-05 23:55 ` [malware-list] [RFC 0/5] [TALPA] Intro toalinuxinterfaceforonaccess scanning Theodore Tso
2008-08-06 10:25 ` Pavel Machek
2008-08-05 21:45 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning Al Viro
2008-08-05 20:18 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning Greg KH
2008-08-05 20:28 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-05 20:51 ` Eric Paris
2008-08-05 21:08 ` Arjan van de Ven
2008-08-06 0:51 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Rik van Riel
2008-08-06 12:10 ` Press, Jonathan
2008-08-06 12:38 ` Peter Dolding
2008-08-06 13:11 ` Press, Jonathan
2008-08-06 13:49 ` Arjan van de Ven
2008-08-06 13:55 ` Eric Paris
2008-08-06 14:11 ` Peter Dolding
2008-08-06 14:20 ` Serge E. Hallyn
2008-08-06 13:57 ` Peter Dolding
2008-08-06 11:31 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon " David Collier-Brown
2008-08-06 23:20 ` Peter Dolding
2008-08-06 13:44 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Arjan van de Ven
2008-08-06 14:16 ` tvrtko.ursulin
2008-08-06 14:23 ` Arjan van de Ven
2008-08-06 15:22 ` Theodore Tso
2008-08-06 15:54 ` tvrtko.ursulin
2008-08-07 9:28 ` Pavel Machek
2008-08-07 14:21 ` Peter Dolding
2008-08-07 14:31 ` Eric Paris
2008-08-08 0:05 ` Peter Dolding
2008-08-08 5:17 ` James Morris
2008-08-06 15:08 ` Theodore Tso
2008-08-06 15:33 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-06 15:46 ` Rik van Riel
2008-08-06 16:12 ` tvrtko.ursulin
2008-08-06 16:25 ` Rik van Riel
2008-08-06 18:06 ` Eric Paris
2008-08-05 20:17 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon " Alan Cox
2008-08-06 9:24 ` tvrtko.ursulin
2008-08-06 15:24 ` Greg KH
2008-08-05 18:27 ` Arjan van de Ven
2008-08-05 18:34 ` Press, Jonathan
2008-08-05 18:38 ` Greg KH
2008-08-05 20:15 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Press, Jonathan
2008-08-05 20:26 ` Greg KH
2008-08-06 10:05 ` tvrtko.ursulin
2008-08-06 10:50 ` Adrian Bunk
2008-08-06 11:07 ` tvrtko.ursulin
2008-08-06 11:26 ` Adrian Bunk
2008-08-07 0:49 ` Mihai Donțu
2008-08-07 4:39 ` Arjan van de Ven
2008-08-11 13:45 ` Mihai Donțu
2008-08-11 13:56 ` Arjan van de Ven
2008-08-11 16:11 ` David Collier-Brown
2008-08-11 21:18 ` Press, Jonathan
2008-08-11 22:09 ` David Wagner
2008-08-12 7:32 ` Alan Cox
2008-08-13 10:28 ` Pavel Machek
2008-08-13 10:46 ` Press, Jonathan
2008-08-13 11:08 ` Peter Dolding
2008-08-13 12:56 ` Pavel Machek
2008-08-13 13:52 ` tvrtko.ursulin
2008-08-14 12:54 ` Pavel Machek
2008-08-14 18:37 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-14 22:39 ` Pavel Machek
2008-08-15 0:00 ` Rik van Riel
2008-08-15 0:43 ` Theodore Tso
2008-08-15 1:02 ` Rik van Riel
2008-08-15 3:00 ` Eric Paris
2008-08-15 5:22 ` david
2008-08-15 5:33 ` david
2008-08-15 5:38 ` david
2008-08-17 22:14 ` Pavel Machek
2008-08-17 22:12 ` Pavel Machek
2008-08-17 22:47 ` david
2008-08-17 22:58 ` Pavel Machek
2008-08-17 23:24 ` david
2008-08-18 0:00 ` Casey Schaufler
2008-08-18 0:17 ` david
2008-08-18 0:31 ` Peter Dolding
2008-08-18 0:39 ` david
2008-08-18 0:42 ` Casey Schaufler
2008-08-18 0:07 ` Rik van Riel
2008-08-19 10:41 ` Pavel Machek
2008-08-15 8:35 ` Alan Cox
2008-08-15 11:35 ` Theodore Tso
2008-08-15 12:57 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning Press, Jonathan
2008-08-15 13:16 ` Theodore Tso
2008-08-15 13:22 ` douglas.leeder
2008-08-15 13:28 ` douglas.leeder
2008-08-15 13:55 ` Theodore Tso
2008-08-15 14:19 ` douglas.leeder
2008-08-15 15:42 ` Valdis.Kletnieks
2008-08-17 22:10 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning Pavel Machek
2008-08-13 13:58 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Arjan van de Ven
2008-08-13 13:54 ` Arjan van de Ven
2008-08-13 14:16 ` tvrtko.ursulin
2008-08-13 14:28 ` Arjan van de Ven
2008-08-13 15:19 ` tvrtko.ursulin
2008-08-14 12:56 ` Pavel Machek
2008-08-14 20:06 ` Alan Cox
2008-08-14 22:35 ` Pavel Machek
2008-08-11 21:53 ` David Wagner
2008-08-11 21:45 ` Alan Cox
2008-08-14 10:48 ` David Collier-Brown
2008-08-06 15:00 ` Theodore Tso
2008-08-06 15:17 ` Greg KH
2008-08-06 15:22 ` Eric Paris
2008-08-05 20:38 ` Arjan van de Ven
2008-08-05 20:54 ` Eric Paris
2008-08-05 21:05 ` Al Viro
2008-08-05 18:38 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon " Arjan van de Ven
2008-08-05 18:39 ` Eric Paris
2008-08-06 0:30 ` Rik van Riel
2008-08-06 1:55 ` Eric Paris
2008-08-06 11:40 ` Sidebar to [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for on " David Collier-Brown
2008-08-06 0:22 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon " Rik van Riel
2008-08-06 0:53 ` jmorris
2008-08-06 2:46 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface foron " Andi Kleen
2008-08-06 8:39 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for on " tvrtko.ursulin
2008-08-05 11:21 ` Helge Hafting
2008-08-05 17:04 ` Greg KH
2008-08-05 2:49 ` Casey Schaufler
2008-08-05 3:01 ` Cliffe
2008-08-05 3:44 ` Casey Schaufler
2008-08-05 3:45 ` Cliffe
2008-08-05 20:56 ` Paul Moore
2008-08-06 3:00 ` Casey Schaufler
2008-08-06 14:18 ` Paul Moore
2008-08-07 0:49 ` Casey Schaufler
2008-08-05 3:46 ` Greg KH
2008-08-05 3:58 ` Cliffe
2008-08-05 12:05 ` Peter Dolding
2008-08-05 12:22 ` Alan Cox
2008-08-05 18:08 ` Nick Piggin
2008-08-06 9:44 ` [malware-list] " tvrtko.ursulin
2008-08-06 11:10 ` Nick Piggin
2008-08-06 11:29 ` tvrtko.ursulin
2008-08-06 16:57 ` Nick Piggin
2008-08-05 22:55 ` J. Bruce Fields
2008-08-06 10:09 ` [malware-list] " tvrtko.ursulin
2008-08-06 22:24 ` David Wagner
2008-08-07 0:04 ` James Morris
2008-08-07 10:30 ` Alan Cox
2008-08-07 11:19 ` tvrtko.ursulin
2008-08-06 2:35 ` Andi Kleen
2008-08-06 3:43 ` Eric Paris
2008-08-06 3:52 ` Andi Kleen
2008-08-06 22:04 ` David Wagner
2008-08-18 14:06 ` John Moser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200808081248.55590.Joerg.Ostertag@avira.com \
--to=joerg.ostertag@avira.com \
--cc=Jonathan.Press@ca.com \
--cc=arjan@infradead.org \
--cc=eparis@redhat.com \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=malware-list@lists.printk.net \
--cc=riel@redhat.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).