> You know of an O/S that is not vulnerable to malware attacks? Please let me > know > the name, I haven't encountered one professionally since I was using > OpenGenera > in '95 and that was only secure because we had a more or less complete list > with > the names of every person who had ever successfully managed to learn the > beast.
Very few software products can be considered perfect. However, NAT and basic statefull firewalls only protect against a specific category of attacks, the arrival of unsolicited connection requests through the network. Most mainline operating systems have built-in protection against such attacks. Windows XP-SP2 and Windows Vista certainly do. They come with a built in firewall that will, by default, prevent incoming traffic on all ports. I understand that recent Linux distributions and recent versions of OS/X have similar protections. Attacking ports by sending random packets is very much a 2003 story. Modern malware typically works by exploiting users' naiveté, bugs in document parsers, or a combination of both. An example of user naiveté would be to ask users to download a special media player to look at frolicking bodies. An example of exploiting document parsers would be to lure users to visit a malevolent web site, and have they open a booby trapped image or movie. The typical NAT or stateful firewall offers no protection against document parsing bugs. That is a good thing. If firewalls tried to do that, they would have to incorporate a large amount of document parsing code, and would most probably become a target for their own parsing bugs. Of course, no amount of electronics will protect against users intent on downloading a very special media player... -- Christian Huitema _______________________________________________ Ietf mailing list [email protected] http://www.ietf.org/mailman/listinfo/ietf
