| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Multiple AV Vendors ignoring tar.gz archives Shoshannah Forbes to me: > > Known virus scanning > > is a far from perfect method for achieving this, but as the only > > intelligent method of achieving it has been entirely disregarded by > > users, AV and OS developers, scanning is pretty much what we are left > > with. > > To which method are you referring here? For lack of a better name -- after all, this is a technology that has hardly been investigated -- I refer to this as integrity management. Basically you turn known virus scanning on its head to have the on- access scanner only allow known good code to run, rather than trying to do the impossible of finding all possible permutations of all possible (known) "bad" code. This can easily be done using the existing technology, but instead of depending on the a vendor to find new bad things, add detection of them and ship that update _finally_ giving the user protection, the user supplies their own list of _allowable_ code and new code can be run once the administrator updates their own, of allowable code database . (There are other clever things such a re- purposing of this technology neatly allows too -- for example, such technology could easily be configured to block access to all files of a given type; it can be easily used to track software usage for auditing and licensing checking; etc, etc...) Fred Cohen realized this was the only intelligent way to do things two decades ago, but couldn't sell a product based on the idea at the time (he used the term "integrity shell" and may have even called his product "Integrity Shell"). Admittedly, this was a DOS product (there may have been Unix versions too?) and the time was one of _very_ limited system resources, no protected memory, no OS-provided security services or privilege separations, etc _AND_ the height of the first period of explosive growth of PC usage, where PCs were either not networked at all or only connected to isolated LANs. The Internet existed but worms, viruses and other mobile malicious code were all but non-existent and the "it will never happen to me" attitude reigned... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092
Powered by blists - more mailing lists