J'ai présenté la solution de sécurité et de virtualisation (enfin, presque) jail lors de la réunion du groupe SUR du 11.04.2006. Les slides de cette présentation sont disponibles au format PDF à l'adresse http://saad.docisland.org/docs/files/sur20060411-jail.pdf.

Si vous avez des questions ou des commentaires, n'hésitez pas à m'en faire part par courriel : saad at docisland dot org.

eWeek has a very interesting article on what Microsoft thinks of malware and what shall its customers do in case of infection. Let's get down to the conclusion: once you get infected, Microsoft thinks that it becomes impossible to recover. So they are advising their customers to investigate in automated processes to wipe the hard drives of the infected machines and reinstall everything.

Sound advice but how to exclude the infection vector from the reinstallation process while keeping the operating system and the applications running smoothly? Or do we just reinstall and protect our machines with Holy Water(tm) until the Patch Day if there is a patch in the first place then wait at least 15 days to check that the patch doesn't break business before deploying it?

Oh you said user education? Good, let's see how the average user will cope with stuff such as ActiveX controls, Browser Helper Objects, DCOM and such. Don't get me wrong. User education is very important but it ain't no magic bullet, particularly if the system and applications they are using are screwed. For instance, what do we teach to users regarding the latest Internet Explorer 0day? We tell them once more to stop using Internet Explorer and use FireFox? C'mon! Think about it. Will we end up with a huge list of "applications : alternatives" couples and switch to this or that whenever a vulnerability shows up? Don't you think something smells really really bad here?

According to eWeek, Mike Danseglio, program manager in the Security Solutions group at Microsoft said:

"Detection is difficult, and remediation is often impossible," Danseglio declared. "If it doesn't crash your system or cause your system to freeze, how do you know it's there? The answer is you just don't know. Lots of times, you never see the infection occur in real time, and you don't see the malware lingering or running in the background."

100% true. So what does Microsoft do about it? Is this an externality to them? Does it impact in any way shareholder's value?

And about targeted attacks:

Danseglio said malicious hackers are conducting targeted attacks that are "stealthy and effective" and warned that the for-profit motive is much more serious than even the destructive network worms of the past.

So much for penetrate&patch.

But the software is not the only one to blame here:

"Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity," he said.

So far, so bad. Microsoft won't do anything really significant about it as long as this doesn't significantly impact shareholder's value. Every advice M. Danseglio gave incurs investments from the customers. No news, it's an externality for Microsoft.

I'm currently sampling albums that I expected to receive earlier. For some mysterious reasons, one of the stores I order from screwed up and delivered them to me a full week after the expected shipping date. I will be done soonish and will publish the April'06 edition of Wonderful Songs by the end of the week.

On a side note, I asked on the Feb'06 edition what's the name of the artist who sings on King Kora's Mini Amba. Roger Greipl, the saxophone player of the band, told me that the singer is Lamin Jobarteh, the Kora player. Thank you Roger for the information! King Kora will be giving a concert at the Satellit Café (link in French) in Paris on April 27th.