Bring back write lockout

All topics relating to computer security and internet privacy. Please try to keep it technical related and leave political diatribes at the door.

Re: Bring back write lockout

Postby fig1 » October 1st, 2015, 5:32 pm

i would personally love it if flipping a switch meant that a usb drive would be as difficult to write to as a cdrom or dvdrom.

they have usb drives with write switches, and sd cards (of various spec/capacity) with write switches, and all of those switches can be overridden with software-- which kind of defeats any *security* purpose.

i realize theyre probably not meant to be security features, but people think they are and real write-blocking would be lovely.
User avatar
fig1
 
Posts: 41
Joined: September 14th, 2015, 4:27 am

Re: Bring back write lockout

Postby tomazzi » October 6th, 2015, 7:24 pm

cynwulf wrote: NX bit helped tremendously with this with later supported hardware, but of the x86 class CPUs, AMD64 was the first to support it in the hardware, hence Microsoft's much vaunted NX support (DEP) in Windows XP, was of course limited to 64 bit capable CPUs and came along in service pack 2 (2004 - around about the time other OS started implementation if I recall correctly). Users with 32 bit CPU's (the majority back then) were unprotected due to the lack of software emulation (which at least two projects for Linux and OpenBSD had already provided a year earlier). To make matters worse most windows binaries were not built with DEP support, so in fact it became useless and the web is littered with guides for how to turn it off...

In fact, things were even worse: SSP (stack smashing protection) was implemented in gcc in the year ~2002 (gcc v3.0). Microshit have "implemented" (read: stole GPL'd software) this technology almost at the same time - but, due to a corporate mess, their critical software was NOT compiled with SSP until XP SP3, and even at that time it was used only for selected programs, like the infamous, buggy SQL server.

cynwulf wrote:Privilege escalation is as ever one of the main issues.

This is always a main target to achieve - when the virus can escalate the privileges, then it can easily bypass the NX bit protection ...
The guy(s) who created "sality" should be given a Nobel prize ;)

Randicus Draco Albus wrote:A more effective measure would be to teach people to not download from unknown sources by clicking on an .exe file

I disagree - today, 99% of winblows viruses are NOT spread in this way - so teaching people to not click on some "exe" is simply pointless.
The most dangerous viruses are spreading through:
- malformed data files (jpg, movies, xlsx/docx VBA scripts, ...)
- infected/malicious web pages
- infected USB flash firmware
- trojans - "free" closed-source programs, with hidden "bouses" ;)

Regards.
tomazzi
 
Posts: 18
Joined: August 7th, 2013, 6:57 am

Previous

Return to Security/Privacy-Related

Who is online

Users browsing this forum: No registered users and 1 guest

cron

x