@Daedalus

Thanks for your reply it is a very balanced overview much appreciated.

_________________
Amiga A1200T - TF1260 - R9200 - Indivision AGA MK3
Amiga A500 - PiStorm EMU68
Pegasos 2 G4 - AmigaOS 4.1 FE / MorphOS 3.16

@Fairdinkem

Quote:

Your opening words are a question so I guess you already did. "Can I ask you a question?"

haha thats quite funny. You didnt get my post though it was a joke, take it easy , sounds like you should smoke somethin bro. But i'll still maintain that os4 box is waaay safer than any windows machine you use. Id love someone to tell me of a modern amiga virus or trojan that would affect our systems.

Daedlus

nice post

@realize

Trojans should be a major concern for you on ANY platform. Anything you install off of the Internet can contain a trojan. Any pluggable media that has a bootsector with code can contain a trojan.

But that's not what he asked for, as a firewall would not protect against trojans on ANY OS. Unless the trojan attempted to phone home and you caught it in the act. But by the time it does that it could have already completely wiped out all your important documents.

So anti-virus software is good if there is even a tiny chance of you running code you haven't checked. On my Linux machine I'm not very worried, as all code running has either been written by me or been distributed by Ubuntu. Except for the Arm Cortex M compiler I compiled last week, but the build-script there seemed to only use sensible sources (see how easy a life-long rule breaks down? )

_________________
This weeks pet peeve:
Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean.

@Daedalus

If you can use UDP through your router and it's not an enterprise level firewall with stateful inspection then you will almost certainly have a security hole. I suggest not using UDP without stateful inspection if you worry about security. That means no P2P filesharing

Other than that, the basic idea of security by not opening up holes to begin with is pretty solid. If there's an ssh server, the ssh server can be hacked (more or less by definition). If there's a web server, the web server might have a hole allowing an attack.
A few years ago, all image loading libraries in all Windows installations EVER had to be replaced because they were universally using the length claimed by the picture header to allocate memory rather than using the file size. Result: executable code in memory. Possibility of firewall catching this: NIL.

Same thing happened in October 2013, fixed November 5th: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3906

When was the last time you clicked on a link in a browser? It could be the one that wipes your data off your drive.

_________________
This weeks pet peeve:
Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean.

@Deniil715

Quote:

Not quite. There are no doors. There is nothing in an Amiga that accepts incoming connections by default. You would have to hack the IP-stack (Miami/Roadshow) directly, providing it has security holes the hacker knows about.

Well, it's a widely known fact that Miami has some rather nasty backdoors and stuff. While few users might call it justified f.ex. "being able to remotely check the keyfile user uses is valid", that doesn't mean it also couldn't be used for malicious purposes not intended by the developer. As for others, don't know what exactly there is, but have you f.ex. tried to send miami keyfile with dcc? You could probably even compress it with lha.

The biggest reason most hackers don't bother with AmigaOS (and compatibles) is that they're such small part of userbase. Desktop windows and Android are probably the most targeted platforms nowadays, and there's even malware appearing on OSX. This didn't happen few years ago, even if OS was definitely as vulnerable back then (probably more), it just wasn't seen as "big enough target".

Some "more competent hackers" probably know better what Miami can and can't do, but afaik, none has yet disclosed their findings in public. Which is good, as even in the "big world", it's usually the "less skilled hackers" that have most malicious intent (because there are more of them), based on public information released by more competent hackers, who often release the information with good intent (so that people who have written the code would fix it, and users could prepare for exploits).

Last edited by Jupp3 on 24-Jan-2014 at 02:37 PM.

@Fairdinkem

BTW, forgot to mention it, but at first I thought you were talking some type of software driver that featured internet security. Whatever that was, I'd never heard of it!

I may use my Amiga daily, and use it on the "unsecured" internet, but never thought of myself as driving the Amiga.