lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20080806101028.B87BA2FE88B@pmx1.sophos.com>
Date:	Wed, 6 Aug 2008 11:09:34 +0100
From:	tvrtko.ursulin@...hos.com
To:	"J. Bruce Fields" <bfields@...ldses.org>
Cc:	Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org,
	malware-list@...ts.printk.net
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for	on
 access	scanning

J. Bruce Fields wrote on 05/08/2008 23:55:24:

> On Mon, Aug 04, 2008 at 05:00:16PM -0400, Eric Paris wrote:
> > Please contact me privately or (preferably the list) for questions,
> > comments, discussions, flames, names, or anything.  I'll do complete
> > rewrites of the patches if someone tells me how they don't meet their
> > needs or how they can be done better.  I'm here to try to bridge the
> > needs (and wants) of the anti-malware vendors with the technical
> > realities of the kernel.  So everyone feel free to throw in your two
> > cents and I'll try to reconcile it all.  These 5 patches are part 1.
> > They give us a working able solution.
> > 
> > >From my point of view patches forthcoming and mentioned below should
> > help with performance for those who actually have userspace scanners 
but
> > also could presents be implemented using this framework.
> > 
> > 
> > Background
> > ++++++++++
> > There is a consensus in the security industry that protecting against
> > malicious files (viruses, root kits, spyware, ad-ware, ...) by the way
> > of so-called on-access scanning is usable and reasonable approach.
> 
> Can you point to any helpful explanations of that concensus?

I can't, but everyone is doing it so that is at least an implied 
consensus.
 
> Off-hand it's surprising.  (A defense that depends on cataloging every
> possible individual attack sounds difficult!)

Maybe it is not how you imagine it? It is not a database of every possible 
individual attack but there are more intelligent methods. But I am not an 
expert in this field to explain it better..

Tvrtko


Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon,
OX14 3YP, United Kingdom.

Company Reg No 2096520. VAT Reg No GB 348 3873 20.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ