I suggested that packet inspection protections be applied across the entire internet; essentially make the bad stuff illegal, or at least not worth the effort. Or that users could pay their ISP for those extra protections. That's not a radical idea. Maybe some ISPs already offer that.
Granny isn't going to set up a sophisticated firewall. The network ought to do that for her.
--
John Larkin Highland Technology, Inc
lunatic fringe electronics
Let people decide if they want deep packet and email protections, but make protections the default. That, applied universally, would make most exploits not worth launching. And it would kill the AV business.
Tekkies will always need and find ways to transport zip and exe files.
Simply blocking .exe files, regardless of content, is a pretty clumsy way to do it.
Some of my customers can't accept .exe. .zip, or some other formats from me. They take a laptop to Starbucks and expense the coffee.
--
John Larkin Highland Technology, Inc
lunatic fringe electronics
All computers that I know of have instruction sets [1]. Instructions are fetched and executed out of RAM. Sensible memory management hardware divides memory into segments or pages, and each has assignable attributes, like "read-only data" "r/w data" "read-only, executable" "nonresident" "dirty", things like that. Proper use of these facilities makes many common exploits impossible. All this was known decades ago, except to Microsoft and Intel.
The structure of c discourages proper memory management.
Spice netlists are many levels of abstraction from the machine. Spice interprets net lists; the computer doesn't execute .asc files. Try writing a virus as an LT Spice netlist file.
[1] well, ones that are actually used.
--
John Larkin Highland Technology, Inc
lunatic fringe electronics
OK, open source, it is in the Linux kernel too. ARM - raspberry- gcc.
The nice thing about the PICs I use it that those have 2 hardware comparators directly wired to the PWM generator and can stop it if some level is exceeded. Nice to measure current in some output stage.. either in a MOSFET source or via some current transformer. I like the 1:10 very small ringcore current transformers, so easy to wind :-)
You depend on the thermal delay, to reduce drive before things get too hot?
Ah yes 100% linear P = U * I :-)
mmm Processors can do very strange things, in interrupts for example unexpected things may surface after a long time Bug free? no I do not think so, at least not always. Testing is very important, Here is a nice 'bug', program crashes and then is restarted , wrote some script to show when Sat Oct 6 05:51:25 CEST 2018 Sat Oct 6 05:51:37 CEST 2018 Sat Oct 6 05:51:48 CEST 2018 Sat Oct 6 06:23:01 CEST 2018 Sat Oct 6 10:18:38 CEST 2018 Sat Oct 6 10:19:38 CEST 2018 Sat Oct 6 10:19:54 CEST 2018 Sat Oct 6 10:20:41 CEST 2018 Sat Oct 6 10:22:34 CEST 2018 Sat Oct 6 10:23:08 CEST 2018 Sat Oct 6 10:23:57 CEST 2018 Sat Oct 6 10:26:04 CEST 2018 Sat Oct 6 11:34:14 CEST 2018 Sat Oct 6 11:34:30 CEST 2018 Sat Oct 6 15:23:39 CEST 2018 Sat Oct 6 15:24:43 CEST 2018 Sat Oct 6 15:40:11 CEST 2018 Sat Oct 6 15:40:23 CEST 2018 Sat Oct 6 15:50:12 CEST 2018 Sat Oct 6 15:50:43 CEST 2018 Sat Oct 6 16:29:14 CEST 2018 Sat Oct 6 16:29:39 CEST 2018 Sat Oct 6 16:32:23 CEST 2018 Sat Oct 6 16:35:48 CEST 2018 Sat Oct 6 16:36:00 CEST 2018 Sat Oct 6 16:36:14 CEST 2018 Sat Oct 6 16:36:31 CEST 2018 Sat Oct 6 16:37:45 CEST 2018 Sat Oct 6 16:40:10 CEST 2018 Sat Oct 6 16:43:08 CEST 2018 Sat Oct 6 17:21:09 CEST 2018 Sat Oct 6 17:21:21 CEST 2018
looks like LAN ethernet congestion, UDP is not error free... But why does it crash> I did code some exit(1) statements should go over that code again. And that is not PICs, but Linux on a fast computer.... load factor often much higher than 5.
bug? or just error handling? Will see later,.
Better the fuse than all those expensive components.
Tomorrow some soldering is planned, just received these:
formatting link
makes life so much easier for test circuits. Small SSOP PLLs will go on it.
Actually you *can* hide things in source code, as Ken Thompson illustrated in his classic 1984 Turing Award lecture "Reflections on trusting trust"; see
formatting link
And with that you start on the road to enlightenment.
There are millions, maybe billions, of poorly-protected stripped-Linux devices on the net. Things like wifi routers, webcams, voip phones, that are being hacked and used as botnet agents. There are probably light bulbs that run a hacked Linux.
Our voip phones run some sort of Linux and download their runtime application any time they power up, or whenever they feel like.
We have our voip phones, cams, and guest wi-fi on a seperate (well, virtually separate) network from important stuff. That at least gives us a bit of internal protection.
And the people who make cheap gadgets strip the protections, or worse. Network-wide defense would protect them too.
We have IT consultants that we pay to keep us secure. An ebay IoT thermostat or light bulb doesn't.
I'm not worried about my own PCs security; I pay a consultant to do that for me. I'm concerned with the entire system, granny and her smart coffee maker running who-knows what Chinese code.
Packet sniffing and net-level security will become a necessity of national defense. ASICS can be developed to do that without serious time hits.
--
John Larkin Highland Technology, Inc
lunatic fringe electronics
Now you are talking about your local network security which is in your hand s. Why don't you implement all the things you have talked about on your ow n system? You could add a firewall, virus sniffer, evil protecting piece o f your custom hardware and software you seem to feel is the solution to eve ryone else's problem. Then you can show us all how to do it!
A Linux lightbulb can't be hacked if it is behind the Larkin patented evil barrier.
LOL! I think you must have worked at DoD contractors. Workers there have a habit of throwing design problems over the wall to other departments. It 's so easy to say an ASIC will solve the problem and then let someone else figure out how it has to work. LOL!
I don't think the Intel CPU is all that bad iff you run it in one of the segmented protected modes where things can be very tightly controlled. The problem is that all modern stuff is predicated on a flat memory model where anything can modify anything and code and data are mingled. The non-execute bit helps slightly but any good hacker can get round it.
The virtual machine capabilities of todays chips aren't bad either.
You announce that magic packet inspection by the same invisible technology leprechauns that will police the Northern Irish border post Brexit will solve all our problems. But they won't. They are a figment of your imagination. Just keeping a list of all the patterns of bad code is a monumental task and the aggressors would simply encrypt or pad with NOOPs here and there to defeat simple signature analysis.
OS/2 and Unix seem to do pretty well. It is MickeySoft Windows that is the extremely vulnerable one. Apple's OS will run perfectly well on the right PC hardware - certain brands of Medion make fine Hackintoshes.
I am no great fan of the Intel chips but they are nothing like as bad as you want to paint them. Most of the bugs are in Microsofts software. The self same hardware behaves robustly when running Apples dialect of Unix.
Putting it on a website would seem to be the simplest way out - then they can download it iff their corporate firewall permits them to do so.
Blocking .exe's is exactly the sort of collateral damage that packet inspection blocking can be expected to cause. And the malware writers will simply devise better means to obfuscate their code in the meantime.
Corporate types send each other ZIP files all the time .DOCX and .XLSX from Office are both ZIP files with a different extension. You might want try sending your real ZIP files with one of those extensions and a few spurious empty directories to make them look like Office2007 dross.
Since you can never tell what is in an exe file without running it they do represent a serious vulnerability. The worst corporate vulnerability is a USB stick with suggestive scribbles on it dropped in a carpark.
The security guys are always on a hiding to nothing. Just look how long the blokes wearing red T-shirts last in original Star trek. It is always the most senior corporate types that are the worst at security too :(
I once had to delouse the CEO's PC one Xmas Eve because everyone else had already gone home and his kids had been playing dodgy games on it...
There is a case for not permitting anything that hasn't been digitally signed by a trusted source from ever running. Unfortunately even the major makers of hardware drivers are very sloppy about doing it.
Users get accustomed to overriding important security warnings :(
Blocking based on file names is dumb. Real packet snooping would look for malware.
Sure, but the cost would escalate and the payoff would dwindle if there were serious, global defenses. Except for the highest level targets, it wouldn't be worth the effort.
We defeated smallpox and malaria and yellow fever in most of the world. Why not malware?
Then something else should be done.
--
John Larkin Highland Technology, Inc
lunatic fringe electronics
Fwir, most of the problems with malware are not from the perpetrators directly, but poor training and idiots who click on attachments without knowing the contents. Also, javascript and anything downloaded for execution is a wide open security hole, but most websites won't work at all unless script is enabled. Some web sites go out to dozens of third party sites to complete the page, non of which are verifiable by the end user and corruption of any one of those third party sites could cause problems. Then you have machines with removable media autorun enabled for everything, when any removable media should have autorun disabled by default.
If you want to see how bad this is and are a Firefox user, check out the httpfox addon, which has a real time display of all the sites visited to build the page, a wireshark for http. That and lightbeam, which plots a wireframe map of referenced sites associated with a site...
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.