Fragments
A Collection of Statements, kinda
Brain Fart: OS & Eprom burning

 
Post new topic   Reply to topic    Fragments Forum Index -> General Technical
View previous topic :: View next topic  
Author Message
nevelsteen



Joined: 19 Jan 2004
Posts: 90
Location: Uppsala, Belgium or Texas

Reply with quote

PostPosted: Mon Dec 20, 2004 9:13 am    Post subject: Brain Fart: OS & Eprom burning

I had another brain fart. Was just thinking if there was a logical separation between read-only OS files, config files and data, that you might be able to burn your entire OS and programs to an Eprom so that it is freshly loaded at boot. Changes to any OS files via viruses or what not are all lost. Config files would still have to be changable and data is of course also writable. Kinda like Restore points, but heavier. Maybe just a harddrive partition that is entirely read-only after the initial install. I used the same technique with Windows 3.1 way in the beginning. Just had a zip file with the entire OS that I unzipped everytime I needed it. And John mentioned that he used Ghost or something to take an image.
Unfortunately M$ doesn't make a clear separation between OS and config files.
:end of fart:
Back to top
View user's profile Send private message
martin
Site Admin


Joined: 19 Jan 2004
Posts: 455
Location: In the middle of Sweden

Reply with quote

PostPosted: Mon Dec 20, 2004 11:25 am    Post subject:

Well, you've just reinvented MS Windows NT Embedded. Since 4.0 (maybe 3.51, but I forgot), MS has a version made for embedded systems. Software (including OS) for embedded systems need special segment mappings, so only code and constant data are linked into ROM addresses, while any dynamic data end up in RAM address areas. Self-modifying code is also eliminated.

Also, remember the first IBM PC? It had the entire OS in ROM, including the Basic interpreter. Later, it loaded the disk operating parts and language only from diskette and what remained in ROM later turned into the BIOS.

Another, fairly common, method is to have your entire running system on a CD. Or on RAM disk, loading it from CD. I've seen people run Apple web servers that way. It does not make them resistant to attack, but makes recovery very easy.

But even if you could make the entire OS, except the "config files" read-only, I don't think you're protected from attack. Too many attacks work on files that must be writeable anyway. And memory can't be write-protected just yet, either (unless you get an AMD processor and software that doesn't exist yet).
Back to top
View user's profile Send private message Send e-mail Visit poster's website
nevelsteen



Joined: 19 Jan 2004
Posts: 90
Location: Uppsala, Belgium or Texas

Reply with quote

PostPosted: Mon Dec 20, 2004 12:15 pm    Post subject:

Ok, since my knowledge level of security is a tiny fragment of yours. Tell me which sort of writable files that are prone to attack which are data or config. Almost all the malware that I have seen or viruses have been based on EXEs/DLLs, hidden software installed, scripts that are called at runtime. With the except of the infectation previously mentioned found to exploit a bug in JPG loading, all my data has been unharmed until now. If the system doesn't allow programs to be installed or the boot sequence to be altered to include malicious programs and all the EXEs and DLLs are protected, then I am left wondering what's left.
Back to top
View user's profile Send private message
Johan Marechal



Joined: 15 Feb 2004
Posts: 111
Location: Brugge (Belgium)

Reply with quote

PostPosted: Mon Dec 20, 2004 12:31 pm    Post subject:

martin wrote:
But even if you could make the entire OS, except the "config files" read-only, I don't think you're protected from attack. Too many attacks work on files that must be writeable anyway. And memory can't be write-protected just yet, either (unless you get an AMD processor and software that doesn't exist yet).


Volgens mijn bescheiden mening kan je "onmogelijk" je beveiliging 100% instellen met een gesloten OS als windows XP, de enige die dat "zou kunnen" is M$ zelf.
Een mogelijkheid is via Linux maar dat in praktijk brengen... feit is dat heel wat mogelijk is en dat je die wel op cd kan draaien (zie knoppix bv) maar het gras is altijd groen aan de overkant, ik draai na vier jaar ook geen Linux meer uiteindelijk, ik gebruik mijn computer(s) teveel.
_________________
Groetjes,
Johan
Back to top
View user's profile Send private message Visit poster's website AIM Address MSN Messenger
martin
Site Admin


Joined: 19 Jan 2004
Posts: 455
Location: In the middle of Sweden

Reply with quote

PostPosted: Mon Dec 20, 2004 4:46 pm    Post subject:

nevelsteen wrote:
Ok, since my knowledge level of security is a tiny fragment of yours. Tell me which sort of writable files that are prone to attack which are data or config.

Eh... word docs? Eh... hosts? lmhosts? config.sys? autoexec.bat? eh... key rings? eh... dns zone files? eh... password files? SQL databases, including stored procedures? Access dbs? Give me a little time and I can come up with a few hundred more. Then on top of that, a lot of buffer overflow exploits don't install or modify anything directly, but use preexisting code (heap overflows, trampolining, etc) Buffer overflows of all kinds, btw, account for more than 50% of all compromises nowadays. (A little note: contrary to what AMD claims in their ad spots, execute protecting the stack does not solve the buffer overflow problem, since heap overflows are not affected in the least. So don't go feel secure just yet.)

Quote:
Almost all the malware that I have seen or viruses have been based on EXEs/DLLs, hidden software installed, scripts that are called at runtime.


Viruses are by definition EXE/DLL based. Worms are not; they don't have to be anywhere exept in memory and bad worms are worse currently than viruses.

Quote:
With the except of the infectation previously mentioned found to exploit a bug in JPG loading, all my data has been unharmed until now. If the system doesn't allow programs to be installed or the boot sequence to be altered to include malicious programs and all the EXEs and DLLs are protected, then I am left wondering what's left.


As I said, most stuff is left. A buffer overflow is the thing most in vogue right now. I really recommend the original article by aleph1 in phrack: "Smashing the stack for fun and profit", but I forgot which issue it was, must be around 1996, it's a computer security classic. The first article I read about it was by Dildog, also in phrack, but I forgot both the title and the year. If you're into machine language or computer architecture, both articles are bound to set you on fire in a big way. But promise you won't take the dark road, though.


Last edited by martin on Tue Dec 21, 2004 2:27 pm; edited 1 time in total
Back to top
View user's profile Send private message Send e-mail Visit poster's website
martin
Site Admin


Joined: 19 Jan 2004
Posts: 455
Location: In the middle of Sweden

Reply with quote

PostPosted: Mon Dec 20, 2004 5:03 pm    Post subject:

Oops, dildog's article wasn't in phrack but on cDc (www.cultdeadcow.com):

http://www.cultdeadcow.com/cDc_files/cDc-351/index.html

That entire site is a pleasure for sore eyes.


The aleph1 article is here (yes 1996! god, I'm great!):

http://phrack.org/show.php?p=49&a=14
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Johan Marechal



Joined: 15 Feb 2004
Posts: 111
Location: Brugge (Belgium)

Reply with quote

PostPosted: Mon Dec 20, 2004 5:23 pm    Post subject:

martin wrote:


The aleph1 article is here (yes 1996! god, I'm great!):



Aiai dat komt niet meer goed al den Martin goddelijke uitspraken doet!
Laughing
_________________
Groetjes,
Johan
Back to top
View user's profile Send private message Visit poster's website AIM Address MSN Messenger
martin
Site Admin


Joined: 19 Jan 2004
Posts: 455
Location: In the middle of Sweden

Reply with quote

PostPosted: Tue Dec 21, 2004 2:29 pm    Post subject:

Johan Marechal wrote:

Aiai dat komt niet meer goed al den Martin goddelijke uitspraken doet!
Laughing


Dat doe ik dikwijls, maar het is erg als ik het zelf moet zeggen.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Fragments Forum Index -> General Technical All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Theme created by K.Nevelsteen