To: Theodore Tso <tytso@...>, Rik van Riel <riel@...>, Eric Paris <eparis@...>, Greg KH <greg@...>, Al Viro <viro@...>, Press, Jonathan <Jonathan.Press@...>, Arjan van de Ven <arjan@...>, <linux-kernel@...>, <malware-list@...>, <linux-security-module@...>
Am Mittwoch, 6. August 2008 03:44 schrieb Theodore Tso:
...
I'm trying to fill in some other thread models, not all directly related to
virus-scanning, but if we want to get a complete anti-threat model for linux,
we should take them into account too.
In addition I'll add some usage scenarios for later extracting some threat
scenarios ...
Desktop-Users:
----------------------
I would add the chance of users exporting there locally stored Files via CIFS,
SMB, http, ... for accessing them with there beloveled streaming clients.
Speaking of exporting Files from a Desktop PC we should also take in account
File-Sharing clients.
Some more examples of a Desktop Users desire would be:
- copying Files to/from there PDA (BT,USB,WLAN)
- sharing internet connection with there PDA (BT,USB,WLAN)
Another threads would be:
- giving access to the Desktop-PC to guest-users for
"just let me look up something in the internet"
and the guest-user on the Desktop not informing about the (in his point of
view) urgent installation of there beloved
Browser-malware^H^H^H^H^H -adware ^H^H^H^H^H -extention
For all the Files stored on the Desktop PC we should also take in account,
that the paranoid Desktop user would store them inside a crypted
device/container. Some examples would be: truecrypt-container/-partition,
External crypted Harddrive, ...
... speaking of storing Files I would expect even Desktop Homeusers to store
there Files on a local mini Fileserver (like a Fritz-Box, NSLU2, ...) to
share them with other devices like Multimedia players, ...
Notebook-Users:
------------------------
And then we have the Linux Notebook users. I separate these from the Desktop
users, because they will have most of the Scenarios for Desktop users plus
some additional treats.
- Connecting to random accesspoints (Airports, Hotels, ...)
- Exporting there Wireless (BT,WLAN,UMTS, ...) to random people. Sometimes
willingly, sometimes unwillingly
- leaving there Notebooks unattended
- without Bios password
- without HDD-encrytion
- without Boot-Manager Password
- without screenlock
- ...
Linux Desktops in public places:
--------------------------------------------
I'm thinking of Linux Desktop PCs in places like Internet-Cafe,
Public-Library, School, ...
These would be similar to the Standard Linux Desktop but adding some
additional threats.
- willingly trying to attack the PC with physical access to
- CD-Rom
- USB-Devices
USB-Stick
Card Reader
- Network cable
- Floppy drive (if still existing)
- Reset Button
Maybe it "was" unlikely, but you can see more and more
(Now-)Unix-administrators originally used to other operating systems and with
a different view to security. So it would be nice if we would be able to
protect these users/admins/installations too.
Mail-Proxy:
--------------
I would add SMTP for the outgoing channel too.
Web-Proxy:
----------------
Only to complete the list:
The Linux Web Proxy is another example of a Linux Server.
The way in would be http traffic (mostly over port
80 and 443) and the way out will be either over a shared
proxy port or offered transparent if the Linux machine is used
as router.
In my opinion all good webproxies with scanner already provide a pretty good
solution here.
--
Jörg Ostertag - Manager UNIX SW Development - Avira GmbH
Phone: +49 (0) 7542/500-500
Fax: +49 (0) 7542/500-576
Lindauer Str. 21, D-88069 Tettnang, Germany, http://www.avira.com
PGP Key-ID: 0x46BDEF37
Geschäftsführender Gesellschafter: Tjark Auerbach
Sitz der Gesellschaft: Tettnang
Handelsregister: Amtsgericht Ulm, HRB 630992
ALLGEMEINE GESCHÄFTSBEDINGUNGEN
Es gelten unsere Allgemeinen Geschäftsbedingungen
(AGB). Sie finden sie in der jeweils gültigen Fassung
im Internet unter http://www.avira.de/agb
***************************************************
--
