Aller au contenu

Protections open source


Déchet(s) recommandé(s)

Je me demandais s'il n'y avait d'entre vous qui préconisait les logiciels opensource surtout pour la sécurité. La question qui me vient toujours à l'esprit c'est de me demander si d'avoir un logiciel dont la programmation est gratuite sur internet ne facilite pas la job du hacker/cracker (vous comprenez bien l'idée...)

L'autre question c'est lequel de ces logiciels vous recommandez/utilisez et pourquoi?

Lien vers le commentaire
Partager sur d’autres sites

Pense pas qu'il y ait d'anti-virus/anti-spyware/firewall pour windows qui soient FOSS.

La sécurité de FOSS n'est pas pour les logiciels de sécurité, mais pour les logiciels en général. Et surtout pour les histoires de kernel (genre la "base" du système d'exploitation".

Le principe est que "Given enough eyeballs, all bugs are shallow".

Si on a assez de gens qui regardent la source et de beta tester, tous les bugs sont simples et "obvious" à trouver et réparer pour quelqu'un.

L'"avantage" du closed-source par rapport à ça est le "security through obscurity".

Mais c'est pas toujours vu comme un avantage parce qu'on a une situation où :

1 - Les programmeurs se forcent pas toujours nécessairement à réparer tous les problèmes en pensant que personne vont trouver la faille de sécurité.

2 - Les failles ne sont pas nécessairement trouvées rapidement et on se retrouve avec des situations où ça prend 17 ans à corriger un bug.

Donc idéalement, les logiciels devraient, comme la cryptographie, donner une sécurité parfaite même si l'attaquant connait tout le système.

Mais pratiquement, dû à la complexité de ces logiciels, l'obscurité peut servir de "speed bump" pour les attaquants.

Lien vers le commentaire
Partager sur d’autres sites

Petite clarification rapide. Un logiciel gratuit (ce que tu voulais probablement dire) ne veux pas nécessairement dire qu'il est open source et vice versa.

Pour qu'un logiciel soit considéré comme open source, le code source doit être mi à la disposition de tout le monde pour que chacun puisse modifier le code à sa guise.

Même si un hacker a accès au code source d'un antivirus open source (je sais même pas si ça existe en partant), il ne serait pas ben ben plus en affaire vu que c'est déjà tout compilé sur la machine qui exécute le programme (donc "non modifiable").

Le seul moyen de faire quelque chose avec un hypothétique code source d'antivirus serait de le modifier pour changer ses fonctions, compiler le programme modifié à partir du code et le distribuer comme antivirus. Au final, ça reviendrait encore plus compliqué que de créer un virus ben ben simple et le faire passer pour un antivirus.

Lien vers le commentaire
Partager sur d’autres sites

Cool, très éclaircissant comme réponse. Mais, alors quel logiciels de protection utilisez vous? Acheter ou Hacker (voyons personne ferais ça franchement!)ou simplement gratos sur le net?

Du même coup, y'a pas quelqu'un qui peut me dire si peerguardian est vraiment efficace!?!

Lien vers le commentaire
Partager sur d’autres sites

Je ne toucherais pas à Peer Guardian même avec une perche de 20 pieds de long (longue histoire).

Meilleur protection: l'édication

Meilleur antivirus payant: Les produits Kaspersky Labs suivi des produits Eset.

Meilleur antivirus gratuit: AVG ou Avira, Avast! commence à sérieusement faire dur sans système d'analyse heuristique.

Lien vers le commentaire
Partager sur d’autres sites

Tu peux voir le code source, donc trouver les vulnérabilités.

Tu peux exploiter ces vulnérabilités sur le poste de quelqu'un utilisant ce programme.

Donc, "un logiciel de sécurité pas sécuritaire".

Lien vers le commentaire
Partager sur d’autres sites

(modifié)
Je ne toucherais pas à Peer Guardian même avec une perche de 20 pieds de long (longue histoire).

Et pourrais-je savoir pourquoi?? Ça m'intrigue... tu à l'air de dire tout le contraire de la dernière personne à qui j'en ai parlé?

Modifié par LeRoy
Lien vers le commentaire
Partager sur d’autres sites

Tu peux voir le code source, donc trouver les vulnérabilités.

Tu peux exploiter ces vulnérabilités sur le poste de quelqu'un utilisant ce programme.

Donc, "un logiciel de sécurité pas sécuritaire".

Tu peux utiliser le même argument pour le kernel de Linux, et pourtant c'est très sécuritaire.

Lien vers le commentaire
Partager sur d’autres sites

Et pourrais-je savoir pourquoi?? Ça m'intrigue... tu à l'air de dire tout le contraire de la dernière personne à qui j'en ai parlé?

Heuuu..T'es ici pour apprendre ou pour enseigner?

J'demande ça d'même là Sté. :siffle:

Lien vers le commentaire
Partager sur d’autres sites

(modifié)

Et pourrais-je savoir pourquoi?? Ça m'intrigue... tu à l'air de dire tout le contraire de la dernière personne à qui j'en ai parlé?

[...]longue histoire[...]

PG2 is a placebo. Of course, you see some addresses blocked. The fucking thing blocks ONE-THIRD of the Internet address space, by its own claim.

What you do NOT know is whether the addresses this piece of shit blocked were, in fact, the very peers who had the pieces you were downloading.

By inducing and then reinforcing paranoia, PG2 does more harm to torrenting than the RIAA, the MPAA and the FBI combined. I've said it before - if PG2 didn't exist, the MPAA would have invented it. Smiley

Here's just a small selection of the problems with this overhyped garbage:

http://www.slyck.com/forums/viewtopic.php?t=38295

The Media Defender internal email leak offered plenty of information for the taking. MediaDefender-Defenders said that they hoped that the email leak will prove to be a viable tool to protect against anti-P2P efforts. This is something BlueTack has been trying to do. After the email leak, a text file that compiles the complete IP (Internet Protocol) list Media Defender used while dropping fake files onto various P2P sites and networks was posted. While judging the effectiveness of these lists had proven to be an impossible task before the major leak, the effectiveness can now be tested.

Slyck began the investigation when BlueTack's 'Paranoid' IP filter blocked one of TVUnderground's new eDonkey2000 servers. A request for comment or information on the matter to BlueTack's team went unanswered. To this day, why BlueTack has blocked only one of TVUnderground's servers is unknown. In the meantime, Slyck is currently in the possession of a copy of BlueTack's IP filter lists, and further investigation into related matters appeared warranted.

According to the BlueTack website, "B.I.S.S. is a site dedicated to improving the safety and awareness of all our members and guests, providing News, Security articles, Software Reviews, Technical Support, Guides, IP Research and Free Software needed to help us keep our connections to the net and each other safe, secure, and free from unwelcome intruders."

Among the things offered are the blocklists, which have been met with either acceptance by the file-sharing community or complete rejection. Some say that the blocklists allow users to simply block any anti-filesharing company and allow users to connect with non-industry IPs. Others say that there is no way to get the right IPs before the IPs are changed to different addresses, thereby rendering the filters ineffective. It's been the subject of debate for quite some time amongst many experts with no real way to test the lists, at least until the Media Defender email leak.

The 'Paranoid' eMule IP filter was retrieved on September 27, 2007. The Level1 IP blacklist, which is supposed to block all known anti-p2p IPs, was retrieved on September 30, 2007. The idea behind getting these lists now is to offer ample time for Media Defender's now public IPs to be added to the lists for a much more effective blocklist for PeerGuardian users.

Slyck then obtained a copy of the publicly available 14.3MB compressed text file which lists all of the Media Defender's IP addresses. At this point, it became obvious that testing such a large volume of IPs would prove to be an overly time-consuming challenge, at least by hand. In order to alleviate this problem, it was best to test one particular IP range. Conveniently enough, the first range started with 116. Slyck then decided to test all of the IPs that started with the number 116.

The total number of IPs used by Media Defender starting with 116 was 1,474. Obviously, BlueTack did block all IPs that started with 116, but how many Media Defender IPs were successfully blocked? When Slyck investigated, there was a common theme that blocklists seemingly jumped over several ranges used by Media Defender. After some extensive study using the Level1 list for anti-p2p companies and the 'Paranoid' list, BlueTack would have successfully blocked 16 IPs. Thus, this sample test offered 1.09% protection against Media Defender in that range.

The IPs that were successfully blocked were: 116.255.1.109, 116.255.1.154, 116.255.1.244, 116.255.1.27, 116.255.1.52, 116.255.1.85, 116.215.157.243, 116.212.14.223, 116.199.202.170, 116.199.202.240, 116.199.207.83, 116.199.207.84, 116.199.226.78 , 116.199.227.11, 116.199.227.27, 116.199.227.67. The remaining 1,458 IPs would still be allowed through even with these two filters being used today.

While BlueTack may still perpetuate the idea that their filters are 99% effective, these latest findings will only fuel criticisms towards BlueTack's actual effectiveness. A complete test might not be possible short of creating a simple program to test every single number or spending weeks hand-testing every single Media Defender IP address. In the mean ime, it seems very apparent that BlueTack's filters have a few holes.

And that was tested against known and published addresses!! In order to catch those 16 addresses (probably by dumb luck and the law of large numbers), BlueTack also blocked more than 4 million INNOCENT addresses in the same range.

==============================================================

A SECOND TEST:

I am convinced that it is not authentic. I did a reverse lookup on 500 or so somewhat randomly picked addresses from the 5.3 million addresses in that list. Look at the results -- it's pretty clear that the vast majority of the items in the list are residential dynamic IP addresses from all over the world.

===============================================================

http://www.physorg.com/news110035755.html

Not Much Anonymity for Unprotected File-Sharers: Researchers Examine P2P Networks

The same technology that allows easy sharing of music, movies and other content across a network also allows government and media companies easy access to who is illegally downloading that content.

"Note that it is not our intention here to examine how accurate and comprehensive these lists are, though this would be interesting and challenging future work."

=============

"after a quick look through the document, found elsewhere (PDF) (thanks again guys), all their stats are based on a couple of assumptions: that the blocklist contains no false positives, and more importantly, that it fails to contain no address that should be included. i will leave it to others to comment on the likelyhood of these assumptions being correct."

===============

FROM PG;s ow website:

Well, it is accurate in the sense that it blocks everything on your blocklist. <No shit, really?>

It is impossible to know _all_ the addresses to block

PeerGuardian is known to be incompatible with McAfee and BlackICE firewalls. Outpost is also known to cause a problem if you shut down PG2 while it is running. There is currently no way around this, so we recommend you try switching to another firewall

PeerGuardian blocked someone, should I be worried?

Well, it was blocked, so why would you worry?

PeerGuardian is slowing down my connection!

This occurs because of the way PeerGuardian blocks packets, not connections.

PeerGuardian is blocking an IP like crazy, should I worry?

PeerGuardian will constantly block IPs. Many times you will see IPs get blocked three or more times before giving up - this is due to the way most computers handle reliable connecting. After a period of time, people may retry to see if you are responding yet. This does not mean people are spying on you. <No ... it means they are trying to download or upload files in a swarm where you are connected ...duh ...>

A block list is a list of bad IP ranges that are know to spy on people’s computers.

<That's simply a lie. A blocklist is =just a list of IP addresses. Its accuracy and completeness depend ENTIRELY on who created it and who contributed to it.>

This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. <Translation - it's a POS, we know it's a POS and you're just as liable to get caught with it as without, and we ain't responsible. But thanks for the donation anyway ...>

Total of IP's being blocked right now:

* 2,377,645,666

<Yep TWO FUCKING BILLION blocked connections all to TRY to prevent one percent of the known addresses of MD from getting through.>

first things first, if the government was and/or are spying on you right now, it will be on a IP range that is not on our blocklists and is a secret range of IPs, second thing is, if the government was and/or are spying on you right now, they would be doing it on a whole diffrent level.

<Then why are you blocking the Department of Agriculture's IP range? Are you afraid they'll detect someone pirating a seed catalogue?>

==================================

I have more. Lots more. Smiley

Modifié par Kéwee
Lien vers le commentaire
Partager sur d’autres sites

Tu peux utiliser le même argument pour le kernel de Linux, et pourtant c'est très sécuritaire.

La sécurité d'une chose ne garantit pas celle d'une autre.

N'empêche que je ne serai pas à l'aise à l'idée d'une protection dont le code est disponible sur le net. En entreprise, ça ne marcherait juste pas.

Pour Linux, bien ça ne vaut pas la peine d'attaquer quelque chose de bien protégé et gratuit.

Attaquer Windows est plus amusant xD

Lien vers le commentaire
Partager sur d’autres sites

Un déchet à ajouter?

Il faudra cliquer là ou là.

Devenir éboueur

L'inscription est gratuite, rapide et presque pas humiliante.

Je suis prêt!

Se connecter

Supposant bien sûr que vous ne soyez pas déjà banni.

Je veux revenir!
 Partager

×
×
  • Créer...