lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200405171517.i4HFHjlA014699@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Support the Sasser-author fund started 

On Mon, 17 May 2004 13:33:44 +0200, Ondrej Krajicek <krajicek@....muni.cz>  said:

> > we're faster".  Add on an the required anti-virus program monitoring
> > packets in and out and watch your performance drop as that eliminates
> > the whole concept behind DMA as now you have to route all data through
> > the host cpu anyways.  Pretty soon, we'll need AV signature engines
> > encoded in the data bus of Windows machines in silicon.  I wouldn't be
> > surprised if Intel or AMD had a skunkworks project on this very problem.

"Palladium".  It's more about DRM than about real security (think about it -
if somebody find yet another IIS exploit, the buffer overflow will run in the IIS
context same as it does now....

> IMHO the data are routed through host CPU anyway, DMA is not as clever
> to locate the proper file in the proper filesystem on the proper
> volume and pass them to the proper network card. You're right that the=20
> CPU does not have to process every single bit of each (?) file.
> But this could be solved by used more advanced bus architecture
> (PCIX or even something faster) and adding more CPU. Dedicated anti-virus
> chip is a thing which I hope is not going to happen.

Hmm.. let me get this straight - I can run something like SELinux and get
snappy performance on a 700mz PentiumIII, but to get security out of Windows
I'll need even MORE CPU and a PCIX?  What's wrong with this picture?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040517/284240e4/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ