Linked by Thom Holwerda on Fri 5th Jan 2007 20:11 UTC, submitted by sogabe
Zeta MauriceK writes about security in the ZETA operating system. Apparently magnussoft, sole distributor of ZETA, makes security claims [on the German version] that with ZETA "it is not possible to examine a system from the outside without notifying the user due to the architecture of this software." MauriceK seems to think differently, and even gives examples on how code can be executed without the user's knowledge in ZETA. In related news, BeUnited is no more. Instant update: the discussion concerning security just made its appearance on the Haiku m-l.
Thread beginning with comment 199004
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Not secure
by molnarcs on Sat 6th Jan 2007 14:56 UTC in reply to "RE: Not secure"
molnarcs
Member since:
2005-09-10

the statement was -"it is not possible to examine a system from the outside without notifying the user due to the architecture of this software." all the examples from MauriceK where of abuses from the inside, in other words, it requires user action, like executing a malicious program. if he had shown examples that remotely connected and executed code on a zeta machine then it would have made some sense in this context.

The vast majority of security issues with WinXP is due to attacks from the inside, malicious code that found its way to your hard-drive. The statement Maurice set out to debunk is completely bogus. You can make the same claim of any OS, including win98 ;) ... until you ran an application that has remote code execution vulnerability. Or what about portscans - you can use use nmap to scan a Zeta machine, which surely qualifies as an examination from the outside ;) )) But jokes aside, what Maurice shows is that due to the "architecture of this software," it is very very easy to hide malicious software on the system without the user having any chance to notice them. Of course this depends on user-interaction, and once the code is on your puter, it qualifies as an "inside" attack vector, but still, the original statement is false (as in meaningless), and its only purpose is to lull users into a false sense of security.

Reply Parent Score: 2