| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <EFEDB05BD6D3904BA5A595FB322BB4FF2545AC@dnzakex1.datacom.co.nz> From: StuartF at datacom.co.nz (Stuart Fox (DSL AK)) Subject: Multiple AV Vendors ignoring tar.gz archives > For lack of a better name -- after all, this is a technology > that has hardly been investigated -- I refer to this as > integrity management. > Basically you turn known virus scanning on its head to have > the on- access scanner only allow known good code to run, > rather than trying to do the impossible of finding all > possible permutations of all possible > (known) "bad" code. This can easily be done using the > existing technology, but instead of depending on the a vendor > to find new bad things, add detection of them and ship that > update _finally_ giving the user protection, the user > supplies their own list of _allowable_ code and new code can > be run once the administrator updates their own, of allowable > code database . (There are other clever things such a re- > purposing of this technology neatly allows too -- for > example, such technology could easily be configured to block > access to all files of a given type; it can be easily used to > track software usage for auditing > and licensing checking; etc, etc...) Isn't this similar to what MS do in Windows 2003/XP SP2 with Software Restriction Policies? Executables are only allowed to run provided they fit a prespecified pattern i.e. name (not very useful), signed or not, hash of the executable.
Powered by blists - more mailing lists