[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20080806102529.GB23685@atrey.karlin.mff.cuni.cz>
Date: Wed, 6 Aug 2008 12:25:29 +0200
From: Pavel Machek <pavel@...e.cz>
To: Theodore Tso <tytso@....edu>,
"Press, Jonathan" <Jonathan.Press@...com>,
Greg KH <greg@...ah.com>,
Arjan van de Ven <arjan@...radead.org>,
Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org,
malware-list@...ts.printk.net,
linux-security-module@...r.kernel.org
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro toalinuxinterfaceforonaccess scanning
> On Tue, Aug 05, 2008 at 06:12:34PM -0400, Press, Jonathan wrote:
> >
> > I don't think I'm stupid, but frankly I don't understand the point
> > of the questions being asked in the last three responses to my
> > statement. I don't know why they are relevant, and I don't know how
> > to answer them in a framework that we can all understand at the same
> > time. What is my threat model? Naively stated, it is that there is
> > a file on a machine that might do damage, either there or elsewhere,
> > and I want to find it and get rid of it in the most efficient way.
> > I am not defining the nature of the damage or the mechanism.
>
> This is actually quite shocking to me. You don't know how to define
> the threat model? And you call yourself in the security business?
> Read some books or essays by Bruce Schneier. A good one might be his
> recent book, "Beyond Fear: Thinking Sensibly About Security In An
> Uncertain World".
>
> The naive refusal to think about threat models is why we have to
> submit to really insane, useless, "security theater" every time we get
> on an Airplane and have to take off our shoes and throw our bottleed
> water into a huge heap in front of the security line. (If they really
> thought the water bottles could contain explosives, why leave them in
> a huge pile in front of the TSA employees. :-)
Actually it is better. When I travelled from brussels they were so
busy confiscating water from me that they missed a knife ;-).
> If the goal is to get make we are proof against malware, we need to be
> very clear about the whys and wherefores about how the file might have
> gotten there. And if you are going to be serving that file a million
> times a day, does it really make sense to block the open a million
> times a day, or do you make sure that you notice when it gets
> corrupted in the first place?
Well, I'm afraid that AV industry with its "lets enumerate badness"
model... just does not protect against anything at all...
Maybe we should be thinking more like "only ever run exectuables from
trusted sources" -- like from your distro -- ? Fortunately that's the
way most linux users work today.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists