lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <g7d74u$81o$1@taverner.cs.berkeley.edu>
Date:	Wed, 6 Aug 2008 22:04:14 +0000 (UTC)
From:	daw@...berkeley.edu (David Wagner)
To:	linux-kernel@...r.kernel.org
Subject: Re: [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning

Eric Paris  wrote:
>There is a consensus in the security industry that protecting against
>malicious files (viruses, root kits, spyware, ad-ware, ...) by the way
>of so-called on-access scanning is usable and reasonable approach.

This is at odds with my experience.  Are you sure you've been talking to
the right people?  Is it possible you've only been talking to A/V vendors?
I find it entirely plausible that there is such a consensus among A/V
vendors, but I'm pretty skeptical that the rest of the security community
would make this kind of claim.  What I hear, instead, is quite a bit of
skepticism about the future of A/V.

Here's an experiment for you.  Walk up to a random security expert and
ask them what they think of blacklisting as a foundation for building
secure systems.  Ask them what they think of the future of A/V in security
and whether they think A/V will be of increasing or decreasing relevance
to security in the future.  The answers might be educational.  Actually,
I suspect it's even possible you might find that many knowledgeable A/V
insiders privately share some of these same concerns about the future
of A/V -- look at how pretty much every major A/V vendor out there is
looking to diversify, to expand into other areas of computer security
and compliance, and to move beyond signature-based file scanners.

If you picked a bunch of computer security experts who don't work for an
A/V vendor and asked them what they thought about all this, I suspect
they'd be more likely to line up behind the kinds of comments that Ted
Tso has been posting.  Personally, I think Ted's comments have been
highly constructive, thoughtful, and well worth re-reading.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ