| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4208A1F7.21408.D6015FB@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Multiple AV Vendors ignoring tar.gz archives Stuart Fox to me: > Isn't this similar to what MS do in Windows 2003/XP SP2 with Software > Restriction Policies? Executables are only allowed to run provided they > fit a prespecified pattern i.e. name (not very useful), signed or not, > hash of the executable. Yes, but it has to be much more thoroughly implemented. It needs to be at a low level in the file system (as existing on-access virus scanners' file system filter drivers and the like currently are) and it needs to be able to handle a much broader conception of "code" than the existing implementation (again, as existing on-access virus scanners have, with their "intelligent" file typing and such...). Such a "solution" would only ever be widely useful in properly managed corporate environments -- most small businesses (and many medium-sized ones) and most individual users would never have the discipline and/or interest in managing this, but in larger corporate, and many other large institutional, settings, where most PCs are really just tools providing a standard (and usually fairly limited) set of applications, such an integrity management approach would be easily adopted in place of on-access virus scanning and would only ever need updating just before standard maintenance procedures update/patch the contents of the managed PCs or new functionality (apps) were to be installed. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092
Powered by blists - more mailing lists