| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <45B5E860.14136.558A8E8A@nick.virus-l.demon.co.uk> Date: Tue, 23 Jan 2007 10:50:08 +1300 From: Nick FitzGerald <nick@...us-l.demon.co.uk> To: Full-disclosure@...ts.grok.org.uk Subject: Re: detecting targetted malware lsi wrote: > This is probably patented and implemented already but nonetheless its > a new idea for me, so I mention it... <<snip simple description of executable white-listing>> Fred Cohen "invented" this anti-malware approach in discussing the mitigation of computer viruses in his seminal (Ph.D. thesis) research of the properties of computer viruses. AFAIK he did not patent the idea, and he certainly did implement it in an unsuccessful commercial product so there is solid prior art. Further, there are several more recent implementations of more-or-less the same idea. The main problem with this approach to anti-malware is that it actually requires system admins to give a shit about understanding the code on the systems they "maintain" _and_ them understanding what their users should be doing. Of course that takes a few minutes of _effort_ on their part, so they continue to recommend the "suck it an see" approach of known virus scanning, etc, etc as then they can blame any "failures" on their "dumb users" and/or their slack suppliers... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists