Executable Documents and the Case for AppArmor

mike acker · Post by **mike acker** » Wed Jul 02, 2014 7:11 am

Yesterday there was this article about visual basic used as a virus vehicle in Word . and from earlier we remember how an infected flash object in an excel spreadsheet was used to effect the RSA hack

if you think of your computer as a castle with the kernel being the Keep of the Castle -- and the various application regions being the "Towers" you see that when this mechanism is operating properly a hacker can't get into the "Keep" -- nor can he get from one "Tower" to another...

...unless someone opens one of these executable documents: all the Towers belong to the same King: you. And they all use the same credentials: yours: the ones you logged on with.

what this means: if the Lord of the North Tower opens an infected executable document he now has access to all the same directories that the other Towers have.

back to reality: If you have access to (e.g.) PeopleSoft and you open an infected document in e/mail that infected document can now access PeopleSoft. This is the case for AppArmor: you should access PeopleSoft ONLY with the PeopleSoft app. software. AFAIK this can only be defined using AppArmor.

mike acker · Post by **mike acker** » Thu Jul 03, 2014 9:02 am

good essay on ZD Net this morning dealing with this topic

it is critical to recognize that when you log onto a PC workstation your logon credentials are applied to ALL you apps... this is a serious error, and mixed with executable documents it is a recipie for disaster

Linux Mint Forums

Executable Documents and the Case for AppArmor

Executable Documents and the Case for AppArmor

Re: Executable Documents and the Case for AppArmor