Dragan on Security

Interesting article. Have a fun.

Thanks to Zeljko who spotted this article.

This is area in development and it makes many people concerned. Are science methods and software mature enough to do it properly and not to hurt anyone? It seems as experiment, but actually it is in use and can cause problems for you if you traveling to USA. Obviously, increase of terrorist threats forces governments to introduce various technologies, even some of them are not accurate enough.

You can check here if you are on “No Fly List”. This system uses Soundex system developed in 1918. Soundex removes vowels from names and applies numerical values to remaining consonants. Names are matched according to those resulting numerical values.

Article about difficulties to profile terrorists is here.

There has been a large amount of confusion and concern out there about Vista’s new user security model especially about UAC and DEP mechanisms. 

User Account Control (UAC) is a new security mechanism introduced in Vista, whose primary goal is to force users to work using restricted accounts, instead working as administrators. Everybody runs as Standard User, a new user account security construct, UAC, acts as gatekeeper of process security boundaries - a doorway to process security context elevation. This decision will probably (if not already) cause many complaints as people who use Windows XP according some surveys, in usual day-to-day activities, log onto system as administrators or local administrators in 90% or more cases. Many applications have been written having in mind administrative privileges on machines. According some authors, this can cause that almost 50% of applications will not work because of lack of privileges and they should be fixed to work with less privileges. People that understand security well know that many problems are caused by fact that majority of users and applications have been written to work in environment and mode with highest instead of least privileges. That is huge software design and development fault.

Another topic for many discussions (and where Microsoft had to make important security design decision in terms of convenience vs. security is strategy) is enabling Data Execution Prevention (DEP) in Windows Vista.  In simple terms, DEP treats data as data and code as code, and then blocks execution of any data content.  The benefit of this is that if there is a vulnerability in the system (or in an application) that allows a data buffer to be overrun, with DEP enabled, it is harder for the attack to execute the malicious code that was placed in the data buffer - thus blocking the attack.  DEP is turned on by default for the kernel and it is a great way of protecting other parts of the system (like Internet Explorer) and applications from buffer overruns.  Here is the problem:  it turns out that there are some third-party add-ons that generate code dynamically and store the code in the data region (sometimes referred to as “jitting”), and there is no method for DEP to distinguish between these add-ons and malware.  So you either have more security or potential application compatibility issues. Many people experienced this with very basic add-ons, for example Adobe Reader plug-in.

Interesting articles to read and video to watch are this, this and this.

Be careful with choosing antivirus, antyspyware and software firewall tools that you will use. It can significantly slow down performances of your Windows system, including but not limited to boot time, prime, and file IO delays. I’ve used Symantec Norton Antivirus for long period of time. Much more: I can say that I liked Symantec since Peter Norton’s times and famous DOS Norton Utilities and it guided me later to choose Norton Antivirus and not any other. I was reluctant and denied many advices from colleagues to change to other antivirus software.  But as boot time, opening files and applications performances were significantly degraded I started to seriously consider other solutions. Colleague spotted this article and it triggered me to finally give up from using Symantec Norton Antivirus and I bought NOD32 now. It was really improvement of performances of my system. Adio Symantec Norton Antivirus, welcome to NOD32!