Author Topic: Interesting....  (Read 17744 times)

0 Members and 1 Guest are viewing this topic.

clweb

  • Guest
Interesting....
« on: June 18, 2003, 06:56:20 PM »

Pavel Baudis

  • Guest
Re:Interesting....
« Reply #1 on: June 18, 2003, 07:08:10 PM »
Yeah, I've seen this already  ;D. It proves that BART could be really handy and cool tool  :D

meneer

  • Guest
Re:Interesting....
« Reply #2 on: July 22, 2003, 04:18:45 PM »
Looking good.
Does it require identification and authentication prior to reading and changing disk content?
If not: apart from physical protection measures, what can keep a hacker from using Bart to attack a server?

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Interesting....
« Reply #3 on: July 22, 2003, 04:35:19 PM »
Only encryption can prevent a hacker from stealing your data if the attacker has physical access to the hardware. That's for sure.
If at first you don't succeed, then skydiving's not for you.

meneer

  • Guest
Re:Interesting....
« Reply #4 on: July 22, 2003, 04:47:08 PM »
That means that Bart can be a risk?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Interesting....
« Reply #5 on: July 22, 2003, 04:51:37 PM »
No. That means that if you want your data to be safe, you have to physically protect them. If the attacker has physical access to your computer, he can do anything he wants, with or without BART. For example, he can take your hard disk, plug it into some other NT-based system and read/copy your data. Or, he can use his own bootable CD and read your data. Or... just take your computer away  8)

meneer

  • Guest
Re:Interesting....
« Reply #6 on: July 22, 2003, 04:59:02 PM »
Physical protection is vital, but in many cases the regular windows logical protection is a decent first line of defense.
Of course I too have the linux boot flop to change admin passwords, but seeing Bart equipped with many more than only an AV scanner leaves me in doubt... ;)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Interesting....
« Reply #7 on: July 22, 2003, 05:02:05 PM »
Well, I must say I don't understand why. In fact, you can do almost the same with any other bootable CD...

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Interesting....
« Reply #8 on: July 22, 2003, 05:13:23 PM »
but seeing Bart equipped with many more than only an AV scanner leaves me in doubt... ;)

Uh, than you should try Knoppix:  http://www.knoppix.net/
MfG Ralf

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Interesting....
« Reply #9 on: July 22, 2003, 05:16:10 PM »
And, for your extra safety, you can protect your own BART CD's with a password. So that at least the attacker won't be able to use your own BART (that may be laying on the table just next to the server).
If at first you don't succeed, then skydiving's not for you.

meneer

  • Guest
Re:Interesting....
« Reply #10 on: July 23, 2003, 10:45:52 AM »
I am not trying to offend you, excuse me if it looks that way, it's just that this tool is very powerfull. And because of that one has to be extra carefull about protecting one's properties.
Indeed it is not BART that's the risk, but personally  I would like to see a less powerfull BART, that only contains the AV part, so that less experienced users can start a trusted scan and that other tools that could otherwise bypass the regular NTFS protection (lets just forget about FAT and the like) are not readlily available.

But as we mentioned earlier: adequate physical protection is very important. But there so much more to be done  :-\

djhack

  • Guest
Re:Interesting....
« Reply #11 on: July 23, 2003, 04:35:06 PM »
mm I think it's time for a reality check

BART is a far less effective root kit than what is readily available out there

NTFS "protection" (a.k.a. (easily overcome http://www.sysinternals.com/ntw2k/freeware/NTFSDOS.shtml) incompatibility with the normal DOS boot disk) is a joke if you rely on it for data protection and just leave physical access open to your server you can consider yourself with no security at all

raising the security of your installations is the key
not the cripling of software capable of piercing your security
there will always be software that can do that no matter what you do
it's no use to blame the hackers for security breach it's your job as an administrator to protect your installations

on a related note , any admin reading this might want to look at this
http://www.nu2.nu/pebuilder/
it's a now legit Windows PE builder yay ! :)