Poster | Thread |
Fairdinkem
| |
Re: Internet security for daily drivers Posted on 23-Jan-2014 22:09:13
| | [ #21 ] |
|
|
|
Cult Member |
Joined: 23-Feb-2010 Posts: 517
From: Victoria, Australia | | |
|
| @Daedalus
Thanks for your reply it is a very balanced overview much appreciated. _________________ Amiga A1200T - TF1260 - R9200 - Indivision AGA MK3 Amiga A500 - PiStorm EMU68 Pegasos 2 G4 - AmigaOS 4.1 FE / MorphOS 3.16 |
|
Status: Offline |
|
|
realize
| |
Re: Internet security for daily drivers Posted on 24-Jan-2014 4:32:14
| | [ #22 ] |
|
|
|
Super Member |
Joined: 14-Apr-2003 Posts: 1797
From: nyc | | |
|
| @Fairdinkem
Quote:
Your opening words are a question so I guess you already did. "Can I ask you a question?"
|
haha thats quite funny. You didnt get my post though it was a joke, take it easy , sounds like you should smoke somethin bro. But i'll still maintain that os4 box is waaay safer than any windows machine you use. Id love someone to tell me of a modern amiga virus or trojan that would affect our systems.
Daedlus
nice post |
|
Status: Offline |
|
|
olegil
| |
Re: Internet security for daily drivers Posted on 24-Jan-2014 9:28:29
| | [ #23 ] |
|
|
|
Elite Member |
Joined: 22-Aug-2003 Posts: 5895
From: Work | | |
|
| @realize
Trojans should be a major concern for you on ANY platform. Anything you install off of the Internet can contain a trojan. Any pluggable media that has a bootsector with code can contain a trojan.
But that's not what he asked for, as a firewall would not protect against trojans on ANY OS. Unless the trojan attempted to phone home and you caught it in the act. But by the time it does that it could have already completely wiped out all your important documents.
So anti-virus software is good if there is even a tiny chance of you running code you haven't checked. On my Linux machine I'm not very worried, as all code running has either been written by me or been distributed by Ubuntu. Except for the Arm Cortex M compiler I compiled last week, but the build-script there seemed to only use sensible sources (see how easy a life-long rule breaks down? ) _________________ This weeks pet peeve: Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean. |
|
Status: Offline |
|
|
olegil
| |
Re: Internet security for daily drivers Posted on 24-Jan-2014 9:39:03
| | [ #24 ] |
|
|
|
Elite Member |
Joined: 22-Aug-2003 Posts: 5895
From: Work | | |
|
| @Daedalus
If you can use UDP through your router and it's not an enterprise level firewall with stateful inspection then you will almost certainly have a security hole. I suggest not using UDP without stateful inspection if you worry about security. That means no P2P filesharing
Other than that, the basic idea of security by not opening up holes to begin with is pretty solid. If there's an ssh server, the ssh server can be hacked (more or less by definition). If there's a web server, the web server might have a hole allowing an attack. A few years ago, all image loading libraries in all Windows installations EVER had to be replaced because they were universally using the length claimed by the picture header to allocate memory rather than using the file size. Result: executable code in memory. Possibility of firewall catching this: NIL.
Same thing happened in October 2013, fixed November 5th: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3906
When was the last time you clicked on a link in a browser? It could be the one that wipes your data off your drive. _________________ This weeks pet peeve: Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean. |
|
Status: Offline |
|
|
Jupp3
| |
Re: Internet security for daily drivers Posted on 24-Jan-2014 14:31:45
| | [ #25 ] |
|
|
|
Super Member |
Joined: 22-Feb-2007 Posts: 1225
From: Unknown | | |
|
| @Deniil715
Quote:
Not quite. There are no doors. There is nothing in an Amiga that accepts incoming connections by default. You would have to hack the IP-stack (Miami/Roadshow) directly, providing it has security holes the hacker knows about. |
Well, it's a widely known fact that Miami has some rather nasty backdoors and stuff. While few users might call it justified f.ex. "being able to remotely check the keyfile user uses is valid", that doesn't mean it also couldn't be used for malicious purposes not intended by the developer. As for others, don't know what exactly there is, but have you f.ex. tried to send miami keyfile with dcc? You could probably even compress it with lha.
The biggest reason most hackers don't bother with AmigaOS (and compatibles) is that they're such small part of userbase. Desktop windows and Android are probably the most targeted platforms nowadays, and there's even malware appearing on OSX. This didn't happen few years ago, even if OS was definitely as vulnerable back then (probably more), it just wasn't seen as "big enough target".
Some "more competent hackers" probably know better what Miami can and can't do, but afaik, none has yet disclosed their findings in public. Which is good, as even in the "big world", it's usually the "less skilled hackers" that have most malicious intent (because there are more of them), based on public information released by more competent hackers, who often release the information with good intent (so that people who have written the code would fix it, and users could prepare for exploits).Last edited by Jupp3 on 24-Jan-2014 at 02:37 PM.
|
|
Status: Offline |
|
|
Hypex
| |
Re: Internet security for daily drivers Posted on 25-Jan-2014 2:02:01
| | [ #26 ] |
|
|
|
Elite Member |
Joined: 6-May-2007 Posts: 11230
From: Greensborough, Australia | | |
|
| @Fairdinkem
BTW, forgot to mention it, but at first I thought you were talking some type of software driver that featured internet security. Whatever that was, I'd never heard of it!
I may use my Amiga daily, and use it on the "unsecured" internet, but never thought of myself as driving the Amiga. |
|
Status: Offline |
|
|