Search

About me

Johannes (Hanno) Böck
mail: hanno@hboeck.de
jabber: hanno@hboeck.de
gpg: BBB51E42
ssh: RSA, ECDSA


Hanno on Twitter
Hanno on identi.ca

Impressum

schokokeks.org



Atheist

Twitter/identi.ca

hanno: Seen one of those scary meth victim tooth pictures? study claims lots of diet soda just as bad http://t.co/ecvy7DOcK3

hanno: gehts eigentlich nur mir so dass sich kabeld+youtube in letzter zeit oft wie drosselkom anfühlt? so mit aussetzern und so.

hanno: Vielleicht sogar von einer staatlichen Behörde

hanno: Trotzdem darf Jan Fleischauer meinen dass die Erde eine Scheibe ist, nur muss er dann halt auch mit rechnen dafür kritisiert zu werden

hanno: Hachja, der unterschied zwischen "Meinung" und "Wissenschaftliche Tatsachen" ist halt ein schwieriger

Anzeigen

Events

22.05 - 25.05 - Linuxtag
30.05 - 02.06 - GPN13 (5 Days)
04.07 - 07.07 - PQCrypto (40 Days)
05.07 - 07.07 - SIGINT (41 Days)
31.07 - 04.08 - OHM13 (67 Days)
01.10 - 02.10 - Open Access Tage (129 Days)
My pages
Picture gallery

Archives

Categories



All categories

Feeds

Tags

Creative Commons

CC0
Unless noted otherwise, all content is CC Zero / public domain

Dangerous for their business model

Wednesday, August 9. 2006, 14:37
A while back, some people from the chaos computer club created a small tool called dingens (yeah, the name sucks) to disable windows services that open ports to the network.
The idea is simple, a common windows installation (esp. before sp2) opens various ports to the network by default, even if they aren't used for anything. This led to a couple of security threats in the past, many viruses used buggy services to attack remote computers.

Now, while it's probably in general not a good idea to use an operating system so poorly designed that it opens ports by default without needing them, if you're forced to use windows, dingens is probably a much better idea than most other »security solutions«. Why? Because it closes security holes instead of working around them and introducing new problems, like antivirus-apps or personal firewalls do.

Now, recently Antivir reported win32sec.exe (the dingens-tool) as
SecurityPrivacyRisk/Tool.KillService riskware

And Panda Antivirus says:
Hacktool/Servicekiller.A

Probably someone should tell the people at Panda about the different meanings of »Hacker«. Just because something was done by »Hackers« doesn't mean it's a hacktool. In fact, detecting dingens as something dangerous is trying to get rid of competitors in terms of security solutions. The only thing dingens endangers is the business model of so-called security companies.
After some people intervened, Antivir has removed the signature now. Panda still thinks it's a »hacktool«.

The complete idea of AV apps is wrong. The purpose of a virus is to use security holes to spread itself. AVs can only detect already known viruses. That also means the security hole is known and thus should be fixed, not worked around by some crappy software that can have security problems itself. The only valid usage of an AV I can think of is to scan email to reduce crap in your inbox. But, not to secure you (that should be done by a well-designed mail client), just to save you time from deleting the mails, the same thing spamfilters do. A command-line scanner like clamav (the only free one) is just fine for this. Everyone telling you that you need to install a »allround security solution« on your PC is lying.
English, Security | Comments (4) | Trackbacks (0)
Defined tags for this entry: , , , , , ,
Related entries by tags:

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

Das Tool kümmert sich aber nicht nur um TCP-Ports. Hab "dingens" mal eben durch Jottis Malware Scan gejagt ... zumindest sagt da kein Scanner, daß es ein gefährliches Tool sei.
#1 Alex (Link) on 2006-08-09 15:14
Wie oben geschrieben, Antivir hat die Sig entfernt, Panda ist bei jotti nicht mit drin.
#1.1 Hanno (Link) on 2006-08-09 15:38
I couldn't agree more (concerning the tasks of an av app). But lets be honest: A really big part of the windows security business is based on disinformation. While your last sentence is completely correct, I do believe that lying is part of the business model in many cases. And it's probably bound to stay this way.
#2 Gunnar Wrobel (Link) on 2006-08-09 20:39
the tool isn't called "dingens" - it's just the domain name - , it's called "Shutdown Windows' services" or "Windows-Dienste abschalten" (german).

+++ neingeist
#3 neingeist (Link) on 2006-08-10 03:08

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.