Dan Goodin, an AP Technology writer, has written an article published by Yahoo News that makes a point that web site scripting languages have become a next low hanging fruit for malware writers. It appears easier to exploit securith weaknesses of contemporary
web sites, like Orkut or MySpace to propagate a worm than it is to mess with tighter and tighter security of Windows operating system.

Roots of this problem can be found in a visionary statement “Network is operating system”. New Web Services are applications running over that operating system. I think there are a lot of parallels in what MySpace does and what AOL client application used to do. Rinse of Web Service worms is a testament to the success of “Network is Operating System” idea.

Can a Network OS deal with security problems the same “patchy” way as a conventional OS? Often OS users can tolerate existing threat because there is a workaround or that allows waiting for a patch. It is more difficult to do with Network OS because most of it is outside of our control. All we can do is to deal with individual applications running over it. A user of Network Operating System does not have the same degree of control over it. This leaves us, as users, in a situation where we can do one of two things: stop using the service or switch to another provider. Both of them are not really acceptable… but we have no choice…

I think this situation is calling for different approaches. One approach is to use a throw-away web environment. It can be done using a Virtual Machine, like a VMware image with a Web Browser. VMware virtual machine can be simply deleted from hard drive after web browsing.

Another solution might be in having application level access control to the resources of a usual computer. I think Dekart Private Disk with Firewall is one of the first vestiges of this approach.

For both of these approaches it does not really matter how insecure web site scripts are. Security measures are taken by OS user and designed by OS designers, rather than patched by web service designers.

It might be a smart strategy for Microsoft Windows create a virtual machine partition that would be allowed to browse web and have a firewall in between that part and the rest of the system. It is akin to idea of a DMZ in network protection, but in operating system. I think it might be interesting to have portions of OS file system dedicated to DMZ applications. If application is installed in DMZ it would be executed within OS with stricter access to resources than if it was not. Special subsystems within OS might be created to bridge two parts of OS in controlled manner. In this way, control (and responsibility) is back to where it belongs – with the user.

Microsoft already traveled down this road, but in different direction. Windows NT could run MSDOS applicaitons as a virtual machine that shared resources and access with Windows NT. Developers of various virtualisation technologies have gone another way to - aiming for complete isolation of virtual machines from each other.

I think trow-away web enviroment should concentrate on two key points - managing baseline configuration of the trow-away partition (is like installing applications for web browsing on a VMware image) and  managed interaction between DMZ Virtual Machine  and the host OS (kind-of Private Disk Firewall enveloping host OS).

FON is a global community of for people to share broadband internet access using WiFi access point. FON network is supported by Google, Skype and some high profile venture capital. I discovered existence of this initiative from web site WRT54G.net

To become a Fonero - a person sharing Internet access through FON network is easy. –>

eWeek reported a new trojan that searches victim hard drive for Word, Exell, PDF and JPG images and encrypts them. The trojan evaded anti-virus filters by staying below radar because of limited distribution.  Trojan attemtps to blackmail computer owner into paying $300 dollars for encryption key to recover the data. If user data is not very valuable this is no more than annoying non-sense. But if data is important and there is no back up copy of it, then user has a problem. The article does not say if there were people that paid  the ransom money. I suspect that there were some…

My previous article has been pretty timely then. Cryzip trojan is exactly a type of  malware that could be stopped by Dekart Disk Firewall.

How to stop a virus, worm or a backdoor from accessing private data? Antivirus and anti-spyware protect from existing and known threats. They cannnot protect from damage that might be caused by yet unknown ‘business worm’ created to mine infected computer for confidential information. This article describes an unusual solution to the problem …
Read the rest of this entry »