Arno Wagner <(E-Mail Removed)> wrote:
> Previously sam <(E-Mail Removed)> wrote:
>> Arno Wagner <(E-Mail Removed)> wrote:
>>> Previously (E-Mail Removed) <(E-Mail Removed)> wrote:
>>>> On Apr 1, 12:57 pm, Arno Wagner <m...@privacy.net> wrote:
>>>>> Previously mscotgr...@aol.com <mscotgr...@aol.com> wrote:
>>>>>> On Apr 1, 3:17 am, "iws" <nos...@nospam.com> wrote:
>>>>>>> "Matt" <matt...@hotmail.com> wrote in message
>>> [...]
>>>>> If you trust Carbonite (and you have to, despite their claims
>>>>> of encryption, after all it is their software doing the
>>>>> encryption), and you only need backups under Windows, it looks
>>>>> like a good deal.
>>>>>
>>>>> Arno- Hide quoted text -
>>>>>
>>>>> - Show quoted text -
>>>
>>>> If you are really worried about security, you can encrypt your
>>>> files first. It would be an extra stage, but if really
>>>> worried/concerned/ paronoid, very possible. Carbonite only backs
>>>> up files / directories you want to to.
>>>
>>>> Personally, I am the only person interested in my (excellent)
>>>> holiday photos.
>
>>> Well, for the really paranoid, this is again not enough,
>>> since you are running their software on your system.
>
>> Its easy to ensure that it cant do anything that matters to the
>> system its run on.

> I don't think so.

You're wrong.

> Local attacks that allow privilege elevation are notoriously easy on Windows.

And its easy to check whether that is happening, and easy to
ensure that they cant do any damage to the system that its run on.

> And even if you put it into a virtual machine, there
> have been vulnerabilities, that allowed breaking out.

And its easy to check whether that is happening, and easy to
ensure that they cant do any damage to the system that its run on.

>>> For ordinary paranoia levels, you approach should work well.

>> And for the ultra paranoia too.

> Definitely not.

Fraid so.

Previously sam <(E-Mail Removed)> wrote:
> Arno Wagner <(E-Mail Removed)> wrote:
>> Previously sam <(E-Mail Removed)> wrote:
>>> Arno Wagner <(E-Mail Removed)> wrote:
>>>> Previously (E-Mail Removed) <(E-Mail Removed)> wrote:
>>>>> On Apr 1, 12:57 pm, Arno Wagner <m...@privacy.net> wrote:
>>>>>> Previously mscotgr...@aol.com <mscotgr...@aol.com> wrote:
>>>>>>> On Apr 1, 3:17 am, "iws" <nos...@nospam.com> wrote:
>>>>>>>> "Matt" <matt...@hotmail.com> wrote in message
>>>> [...]
>>>>>> If you trust Carbonite (and you have to, despite their claims
>>>>>> of encryption, after all it is their software doing the
>>>>>> encryption), and you only need backups under Windows, it looks
>>>>>> like a good deal.
>>>>>>
>>>>>> Arno- Hide quoted text -
>>>>>>
>>>>>> - Show quoted text -
>>>>
>>>>> If you are really worried about security, you can encrypt your
>>>>> files first. It would be an extra stage, but if really
>>>>> worried/concerned/ paronoid, very possible. Carbonite only backs
>>>>> up files / directories you want to to.
>>>>
>>>>> Personally, I am the only person interested in my (excellent)
>>>>> holiday photos.
>>
>>>> Well, for the really paranoid, this is again not enough,
>>>> since you are running their software on your system.
>>
>>> Its easy to ensure that it cant do anything that matters to the
>>> system its run on.

>> I don't think so.

> You're wrong.

>> Local attacks that allow privilege elevation are notoriously easy on Windows.

> And its easy to check whether that is happening, and easy to
> ensure that they cant do any damage to the system that its run on.

>> And even if you put it into a virtual machine, there
>> have been vulnerabilities, that allowed breaking out.

> And its easy to check whether that is happening, and easy to
> ensure that they cant do any damage to the system that its run on.

Oh, so fighting malware is easy? I hadn't noticed. Better get rid of
that anti-virus company stock fast....

Honestly, neither of the two taks is easy, even for an expert.
The things that may prevent this attack is not that it is hard.
It is that a) it would kill the business if exposed and b) why
would the business invest money into creating this capability?

Arno

Arno Wagner <(E-Mail Removed)> wrote:
> Previously sam <(E-Mail Removed)> wrote:
>> Arno Wagner <(E-Mail Removed)> wrote:
>>> Previously sam <(E-Mail Removed)> wrote:
>>>> Arno Wagner <(E-Mail Removed)> wrote:
>>>>> Previously (E-Mail Removed) <(E-Mail Removed)> wrote:
>>>>>> On Apr 1, 12:57 pm, Arno Wagner <m...@privacy.net> wrote:
>>>>>>> Previously mscotgr...@aol.com <mscotgr...@aol.com> wrote:
>>>>>>>> On Apr 1, 3:17 am, "iws" <nos...@nospam.com> wrote:
>>>>>>>>> "Matt" <matt...@hotmail.com> wrote in message
>>>>> [...]
>>>>>>> If you trust Carbonite (and you have to, despite their claims
>>>>>>> of encryption, after all it is their software doing the
>>>>>>> encryption), and you only need backups under Windows, it looks
>>>>>>> like a good deal.
>>>>>>>
>>>>>>> Arno- Hide quoted text -
>>>>>>>
>>>>>>> - Show quoted text -
>>>>>
>>>>>> If you are really worried about security, you can encrypt your
>>>>>> files first. It would be an extra stage, but if really
>>>>>> worried/concerned/ paronoid, very possible. Carbonite only backs
>>>>>> up files / directories you want to to.
>>>>>
>>>>>> Personally, I am the only person interested in my (excellent)
>>>>>> holiday photos.
>>>
>>>>> Well, for the really paranoid, this is again not enough,
>>>>> since you are running their software on your system.
>>>
>>>> Its easy to ensure that it cant do anything that matters to the
>>>> system its run on.
>
>>> I don't think so.
>
>> You're wrong.
>
>>> Local attacks that allow privilege elevation are notoriously easy
>>> on Windows.
>
>> And its easy to check whether that is happening, and easy to
>> ensure that they cant do any damage to the system that its run on.
>
>>> And even if you put it into a virtual machine, there
>>> have been vulnerabilities, that allowed breaking out.
>
>> And its easy to check whether that is happening, and easy to
>> ensure that they cant do any damage to the system that its run on.

> Oh, so fighting malware is easy?

Yep, if you know what you are doing.

> I hadn't noticed. Better get rid of that anti-virus company stock fast....

Thats what you use to protect against malware.

> Honestly, neither of the two taks is easy, even for an expert.

Wrong.

> The things that may prevent this attack is not that it is hard.
> It is that a) it would kill the business if exposed and b) why
> would the business invest money into creating this capability?

Sure, but thats a separate issue to whether its perfectly possible to protect against that unlikely possibility.