lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080811065608.44687f65@infradead.org>
Date:	Mon, 11 Aug 2008 06:56:08 -0700
From:	Arjan van de Ven <arjan@...radead.org>
To:	Mihai Donțu <mdontu@...defender.com>
Cc:	Adrian Bunk <bunk@...nel.org>, tvrtko.ursulin@...hos.com,
	Greg KH <greg@...ah.com>,
	"Press, Jonathan" <Jonathan.Press@...com>,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	malware-list@...ts.printk.net
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon
 access scanning

On Mon, 11 Aug 2008 16:45:47 +0300
Mihai Donțu <mdontu@...defender.com> wrote:

> On Thursday 07 August 2008, Arjan van de Ven wrote:
> > On Thu, 7 Aug 2008 03:49:55 +0300
> >
> > Mihai Donțu <mdontu@...defender.com> wrote:
> > > Well, here is one attempt.
> > >
> > > A good percentage of an AV product's job is to prevent
> > > exploitation of a security hole in a product before the vendor
> > > (assuming the vendor admits it's bug and not a misuse of the
> > > product's features).
> >
> > just to get things clear;
> > you're not talking about preventing the actual exploitation per se
> > (that would be the job of the various protection technologies) or
> > the containment (that would be SELinux), but more about detecting
> > the presence and preventing to (accidental) use of pre-canned,
> > widely used exploit binaries/files ?
> 
> I apologize for the late reply. The answer to your question is: yes.
> I was planning to write some more on this subject but this is
> unnecessary now, because I see [almost] everyone accepted that some
> kind of antimalware scanning is needed and are looking for
> alternative (better) solutions to the patch that started all this.

we do still appreciate your description, since I don't think there's a
clear "here's what we really try to protect against" statement yet.

Answering Ted's questions would be a really good start...


-- 
If you want to reach me at my work email, use arjan@...ux.intel.com
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ