Statefull Packer Inspection against any kind of Malware!

Thu Aug 12 22:55:08 EEST 2004

fs <admin at www0.org> wrote in
news:mailman.267.1092340051.316.linux-greek-users at lists.hellug.gr: 

> On Wed, Aug 11, 2004 at 11:49:28AM +0000, beatnik wrote:
>> Lets assume that i do not want to run critical security updates
>> (patches) by Micro$oft.
>> a) I was wondering if just a firewall can save my ass without even
>> using AV.
> 
> se sigkekrimenes mono periptoseis 8a "sosei to kwlo soy" opws les.
> 
>> b) If there is one, then i would like it also that firewall to
>> inspect each incoming packet to my network interface and if the data
>> portion of the packet matches a virus/trojan/worm/ or anykind of
>> malware packet then simply it will have to drop it of.
> 
> The "data portion". Malista, e.. exeis katalabei oti ayto einai stin
> ousia ena antivirus; To Norton Antivirus sta agaphmena soy windows,
> mporei na ginei setup na elegxei otidhpote grafetai ston sklhro disko
> kai profanws prin treksei.
> 
> Den mporw na siniditopoiisw pws kati tetoio mpori na soy fenetai
> anasfales mprosta stin idea poy esy eixes. Giati na kaneis analisi sta
> paketa apo to irc kai to ka8e http otan eisai apla enas desktop user? 
> 
> Oi providers 8a ebriskan xrhsimi tin idea soy. Kai ayto giati den
> exoyn tropo <<fysikhs>> epafhs me ta arxeia, se anti8esh me esena. Poy
> ksereis ti trexeis (8eoritika).
> 
>> That way even if i deliberately choose to open a virus infected link
>> or a worm infected attachment my OS still be in no danger at all even
>> without running an AV or Pacthes!
> 
> An eixes ena worm attachment sto local mailbox soy, pws akribws enas
> packet filter 8a to ekobe;

Ma otan katevaine to mail apo ton mail server tou ISP sto local box mou 
tote exetazontas to paketo paketo tha ekane signature matching kai tha to 
ekove.

>> Antivirus Packages after all dont work as they should in my opinion!.
>> They wait for your machine to get infected 
> 
> Ayto einai stegna la8os. Ena sosto antivirus den perimenei pote na
> ginei infected to OS. Ayto poy ennoeis einai oti afhnei executables na
> eggrafoyn sto disko, opws les parakato. _PWS AKRIBWS_ ayto einai pio
> anasfales apo ena packet filter poy isws den exei updated virus
> definition dbase; kai _PWS AKRIBWS_ einai  anasfales ena antivirus poy
> _EXEI_ updates virus dbase kai afhnei ta executables na eggrafoyn sto
> disko; 
> 
>> with a virus which is stored in a hdd 
>> file and then because they have a scannable object in their hands,
>> only then, they can delete the damn thing.... 
> 
> E, ksana8eto tin erotish me th kainoyrgia soy skopia, pws akribos
> einai pio anasfales ena tetoio antivirus me updated virus dbase  apo
> ena packet filter poy den exei updated virus dbase?

Ma skopos einai an exei!! To SPI tha elenxei packet packet eno to av 
xreiazetai scannable object file pou stin ousia simainei pos to 
executable prepei an ginei stored ston hdd kai meta to anagnorizeis os io 
kai episi palid yskoleuetai na to svisei.

-- 
Just because I can, doesnt mean I will.
Just because I dont, doesnt mean I cant.
Just because you say so, doesnt mean Ill change.
And above all, just because you want it, doesnt mean I care.