+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Group Project Thread, Security Based Project Idea in Coding and Web Development; Ok. I finally have a worthwhile idea to pitch for the project. This one is security based and spurred on ...
  1. #1

    Join Date
    Jun 2005
    Location
    Elgin, Scotland
    Posts
    387
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    24

    Security Based Project Idea

    Ok. I finally have a worthwhile idea to pitch for the project. This one is security based and spurred on by the security article here, and in particular, this quote:

    One clear symptom that you have a case of "Enumerating Badness" is that you've got a system or software that needs signature updates on a regular basis, or a system that lets past a new worm that it hasn't seen before. The cure for "Enumerating Badness" is, of course, "Enumerating Goodness." Amazingly, there is virtually no support in operating systems for such software-level controls. I've tried using Windows XP Pro's Program Execution Control but it's oriented toward "Enumerating Badness" and is, itself a dumb implementation of a dumb idea.
    How difficult would it be to write a program that monitors all code executed by the system? This would look at programs that run, etc and decide, based on a list of rules, what is allowed to run. Anything else would be prevented and logged with the ability to allow it if it is a legitimate application.

    Not being a programmer, I don't quite know the implications of this task such as processor time, memory usage, etc. but I think this would be a very useful feature for schools. Certainly it would stand as a big barrier to spyware, malware, adware, etc, as well as stopping staff & pupils trying to install unauthorised applications.

    Can someone tell me if this is possible, and whether it can be added to the (potential) features list for the Edugeek Project?

    Cheers,

    Rob.

  2. #2

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,985
    Thank Post
    735
    Thanked 559 Times in 374 Posts
    Blog Entries
    3
    Rep Power
    206

    Re: Security Based Project Idea

    well project (once i get my net connection sroted) is an admins tool kit in not so many words and adding it as part of project not an issue..

    As for program side not sure problem is have to make sure that it very small as it need to run a lot if think of amount of work doing for example just do task list to see amount it would have to check before you start doing anything.

    but could be possable...

    what do others think?

    russ

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227

    Re: Security Based Project Idea

    How difficult would it be to write a program that monitors all code executed by the system? This would look at programs that run, etc and decide, based on a list of rules, what is allowed to run.
    Certainly on Linux systems, this is possible today. Playing with mount options is an obvious starting point. Then you can move on to more complex measures like Systrace, Tripwire and SELinux or GRSecurity.

    Disclaimer: Here be dragons.

    I don't believe this is possible on Windows at the moment. You need intimate support from the OS internals to do this kind of thing and it just doesn't exist.

  4. #4

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,985
    Thank Post
    735
    Thanked 559 Times in 374 Posts
    Blog Entries
    3
    Rep Power
    206

    Re: Security Based Project Idea

    was thinking about this problem being is that got antivirus software that intercepts programs and then this could slow system right down...

    russ

  5. #5

    Join Date
    Jan 2006
    Location
    Hertfordshire
    Posts
    151
    Thank Post
    2
    Thanked 8 Times in 8 Posts
    Rep Power
    20

    Re: Security Based Project Idea

    It is possible in vb to list all running application and with that information could compare every title against a safe list and the close the program that is not on the list

    Tom

  6. #6

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,420
    Thank Post
    644
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: Security Based Project Idea

    Quote Originally Posted by uk101man
    It is possible in vb to list all running application and with that information could compare every title against a safe list and the close the program that is not on the list

    Tom
    Comparing by window title can sometimes be unreliable as there are no strict rules applications adhere to and can change regularly, but it is certainly possible and a lot easier on resources. AFAIK, this is how Ranger does it.

  7. #7

    Join Date
    Jan 2006
    Location
    Hertfordshire
    Posts
    151
    Thank Post
    2
    Thanked 8 Times in 8 Posts
    Rep Power
    20

    Re: Security Based Project Idea

    i would have to check my coding but i think it possible to pull the programs path and name, which i'm guessing you could use to check against a safe list

  8. #8

    Join Date
    Aug 2005
    Location
    Birmingham, UK
    Posts
    490
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Security Based Project Idea

    using names as a basis for comparison is a bad idea, for instance, i could just rename a malicious piece of code to a process name that has been declared safe to run and voila, md5sums of the exes would be more useful, but would need to be updated when the program version changes

    On a side note, doesnt windows group policies have a similar sort of system for safe program execution (which uses the path system and invariably can be bypassed with the method above)

  9. #9

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,420
    Thank Post
    644
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: Security Based Project Idea

    @E1uSiV3: Yes, I know the exact GPO you are thinking of and it goes back to Win9x days, "Only allow the following programs to be executed" or similar wording. In Win9x it was possible to rename an EXE to something that was allowed, but as far as I know, the newer Win2K+ version of this GPO actually makes a hash of the file, which means that users can't rename EXEs they want to run - but secondly, when applications change, you must remember to re-do the hash of the EXE otherwise it might not run at all

  10. #10


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,715
    Thank Post
    288
    Thanked 788 Times in 615 Posts
    Rep Power
    226

    Re: Security Based Project Idea

    I have a nasty feeling that hashes + automatic patching = bad things.

    You'd have to be able to easily check which system file hashes have changed, whether the change is legit (or not) and be able to push out the new hashes as part of the patching process.

    Is anyone here using this function with success / beyond testing?

  11. #11
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,218
    Thank Post
    230
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    31

    Re: Security Based Project Idea

    I would have thought that the hashing for Windows System patches and the like would be fine just the application software would be the issue? I suppose it depends on how much software you run and how frequently it needs patching. As long as you run the update then make the changes I can't see a problem with that solution?

    Wes

  12. #12

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,047
    Thank Post
    3,579
    Thanked 1,119 Times in 1,024 Posts
    Rep Power
    377

    Re: Security Based Project Idea

    Dont exe's or any other file types that are able to run have digital signatures or something to that effect or possibly something else that allow you to determine if it is malware or not ?

  13. #13

    Join Date
    Aug 2005
    Location
    Birmingham, UK
    Posts
    490
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Security Based Project Idea

    Quote Originally Posted by gecko
    Dont exe's or any other file types that are able to run have digital signatures or something to that effect or possibly something else that allow you to determine if it is malware or not ?
    In theory, yes, but its voluntary and no bugger uses is apart from microsoft and a few other people.

    The whole windows patching issue can be avoided by adding a rule for the whole windows directory as it should be read only anyway for joe public

  14. #14

    Join Date
    Jun 2005
    Posts
    223
    Thank Post
    6
    Thanked 8 Times in 8 Posts
    Rep Power
    31

    Re: Security Based Project Idea

    Indeed. The trouble is you get naff educational software that insists on having write access to .ini files it installs in the windows folder, despite the fact that it only ever reads settings from them.

  15. #15

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,047
    Thank Post
    3,579
    Thanked 1,119 Times in 1,024 Posts
    Rep Power
    377

    Re: Security Based Project Idea

    Asked a Q on EE , here is the URL :

    http://www.experts-exchange.com/Prog..._21700066.html

    Registration is free ( at least there should be an option to register for free )

    If not let me know and I can post back with the info.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •