[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Finjan "SurfinGate"



Adam Shostack wrote:
> 
>         Does it access a file?  ...

Maybe I should have been more clear.

It's certainly true that one could concoct software that looked for
some tell-tale signs in Java applets or ActiveX controls (though it'd
be a little tricker in the latter case, I suspect).  What worries me
is that this sort of tool might provide a false sense of security to
corporate IS types (people who pay my company lots of money).

(Oh, gee, I see now that the last line of your message was "It could
lead to a false sense of security."  Rare concensus on cypherpunks.)

Anyway, there are lots of products like this (lots of virus scanners
claim to defend against "all current and future viruses"), and they're
not quite the same as sleazy snake-oil pseudo-crypto outfits.  It
worries me, if only as somebody with money in a bank that might be
rendered vulnerable, that a tool like this might be installed under
the illusion that an impenetrable wall has gone up around the 
network.

Seems to me that putting together an ActiveX control that "sneaks" its
way through the firewall risk policy wouldn't be hard.  Unless the 
applet scanner actually simulates execution of the control under a
variety of input conditions (and we know that's not likely) (but prove
me wrong, please) there's not much it can do other than poke around and
check what other DLL's the thing wants to access.  It might be a bit
harder to be sneaky in Java, but I certainly wouldn't bet I could look
at an applet and guarantee its safety to any threshold (if I could, why
not just do that in the browser?).

Believing in the safety of precertified applets/controls is scary 
enough.  Trusting yet another piece of software in the loop just seems
a little wacky to me.


(Oh, and in case Finjan is a Tivoli partner, or for all I know another
IBM company, I'm not speaking for Tivoli.)
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:[email protected] mailto:[email protected]  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!