Potential FD-ISR network security gotcha!

I for one appreciate you taking the time to point out this issue. One of the main reasons I come to Wilders is to learn about security in its many forms. Many people on this board take offense to anyone pointing out any weaknesses in ISR. Many users also are afraid of the thought of doing anything other than simple copying of snapshots and archives. I'm sorry if that offends anyone, but it is true. When you have users who are so paranoid about security that they go to extremes such as:

You would think they would be appreciative of one more way to make their computer secure.

Carl

 

Perhaps you missed my pervious post just above where I did state I was glad he did point it out. I don't think I'm overly security conscious. Just have you laptop stolen once with what I have on it and you'd be careful too. Plus I have been the victim of a bad trojan before that was almost like killdisk in disabling my computer. Lessons learned. I don't take chances anymore. I have too many valuable things on here from work etc that can't be compromised. And I think I'm one of the more vocal ones on here pointing out any issues I have with the software. Ask Peter.

I appreciate anyone's effort to point out any issue with this software as I heavily depend on it. The computer I have came with camera security software pre installed. The house I live in came pre wired with a security system, no I don't own a rotweiler, but I do run a few well thought out and tried security apps. If this software had a huge security hole in it via remote code execution so easily I doubt they'd be in business however I do see that someone with a dictionary attack could have fun with against someones admin password. Doesn't it reboot after 3 failed attempts? Anyways even though I think my system is pretty secure I still have attempted to block the remote control function of this software by setting the port to 0. And just so you don't think I'm being unappreciative here's a smile.

I think that if I had put that smiley face at the end of my other post you're referring you you might not have felt that. Sometimes emotion doesn't come through just by typing.

 

I think the potential for remote security breach thru FD-ISR, although a very valid observation AND discovery, is still worthwhile to point out and discuss indeed. It's never intended to discount the validity of that possibility, only like Horus37 i have gone through pure h*ll in much similar fashion so hence returning an apparent sharp reply in answer to such a bold announcement as " IF, I can destroy/change any/all of your snapshots/archives!"

Likewise again as already mentioned, i too appreciate the effort to point out potential security issues within this software since I strongly depend on it myself.

 

I already taken the Liberty of creating a series of snapshots and their equal compliment of ARCHIVES and strategically stored them not just on the $ISR directory alone but dispensed them in several various hard drives AND partitions to negate any possibility of my configurations ever becoming subject to tampering either within or from without.

That's the beauty i discovered with FD-ISR. It affords an end-user alternative locations to store Duplicates/ARCHIVES which of course are easily returned again back to full working and clean snapshots.

I could also say with complete confidence, GOTCHA! My motto is keep well ahead of the curve and you will never lose ground or to put it more accurately, even a single bit of your data. LoL

All that and plus if you employ an Imaging solution you have an iron-clad safety mechanism which is 100% immune from deficiency.

 

Easter,
I didn't write that quote of your last post, Peter did. I don't want any problem with the copyrights of Peter.

 

I think Peter sums it up well here, the potential to manipulate FD-ISR remotelty for malicious purposes was and is worth pointing out, but I think if your system is exposed in such a way as to allow this then it is likely many other things will wreak havoc before someone exploits FD.

I thinks those who spend the time and effort writing malicious code do so with the primary purpose of exploiting the majority, this is simple work ethic, minimum effort maximum result, it is imo one of the main reasons that Microsoft suffers so many vulnerabilities / exploits. Much is said by users of browsers like Opera (I use it myself) about how much more secure it is than IE, this may be true, but in simple terms whilst IE has significantly more share of the browser market than say Opera, who is going to waste their time writing code to exploit about 1 or 2 in every 100 users. Likewise with FD-ISR, likely a miniscule % of the internet comminity is using it, so it is unlikely too many will be wasting their time hunting down those users.

It does however serve as a good reminder to all of us that almost anything you put on your computer could be used against you if you expose your system to the outside world. Microsfts OS has built in remoting capabilities, imagine the fun you could have with remote registry access to someones machine, a feature microsoft built into XP.