lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20080806102529.GB23685@atrey.karlin.mff.cuni.cz>
Date:	Wed, 6 Aug 2008 12:25:29 +0200
From:	Pavel Machek <pavel@...e.cz>
To:	Theodore Tso <tytso@....edu>,
	"Press, Jonathan" <Jonathan.Press@...com>,
	Greg KH <greg@...ah.com>,
	Arjan van de Ven <arjan@...radead.org>,
	Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org,
	malware-list@...ts.printk.net,
	linux-security-module@...r.kernel.org
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro toalinuxinterfaceforonaccess scanning

> On Tue, Aug 05, 2008 at 06:12:34PM -0400, Press, Jonathan wrote:
> >  
> > I don't think I'm stupid, but frankly I don't understand the point
> > of the questions being asked in the last three responses to my
> > statement.  I don't know why they are relevant, and I don't know how
> > to answer them in a framework that we can all understand at the same
> > time.  What is my threat model?  Naively stated, it is that there is
> > a file on a machine that might do damage, either there or elsewhere,
> > and I want to find it and get rid of it in the most efficient way.
> > I am not defining the nature of the damage or the mechanism.
> 
> This is actually quite shocking to me.  You don't know how to define
> the threat model?  And you call yourself in the security business?
> Read some books or essays by Bruce Schneier.  A good one might be his
> recent book, "Beyond Fear: Thinking Sensibly About Security In An
> Uncertain World".
> 
> The naive refusal to think about threat models is why we have to
> submit to really insane, useless, "security theater" every time we get
> on an Airplane and have to take off our shoes and throw our bottleed
> water into a huge heap in front of the security line.  (If they really
> thought the water bottles could contain explosives, why leave them in
> a huge pile in front of the TSA employees.  :-)

Actually it is better. When I travelled from brussels they were so
busy confiscating water from me that they missed a knife ;-).

> If the goal is to get make we are proof against malware, we need to be
> very clear about the whys and wherefores about how the file might have
> gotten there.  And if you are going to be serving that file a million
> times a day, does it really make sense to block the open a million
> times a day, or do you make sure that you notice when it gets
> corrupted in the first place?

Well, I'm afraid that AV industry with its "lets enumerate badness"
model... just does not protect against anything at all...

Maybe we should be thinking more like "only ever run exectuables from
trusted sources" -- like from your distro -- ? Fortunately that's the
way most linux users work today.
								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ