[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <48A0649B.4010706@sun.com>
Date: Mon, 11 Aug 2008 12:11:07 -0400
From: David Collier-Brown <davecb@....com>
To: Arjan van de Ven <arjan@...radead.org>
Cc: Mihai Donțu <mdontu@...defender.com>,
Adrian Bunk <bunk@...nel.org>, tvrtko.ursulin@...hos.com,
Greg KH <greg@...ah.com>,
"Press, Jonathan" <Jonathan.Press@...com>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
malware-list@...ts.printk.net
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon
access scanning
Arjan van de Ven wrote:
>>>just to get things clear; yyou're [ talking about ...] detecting
>>>the presence and preventing to (accidental) use of pre-canned,
>>>widely used exploit binaries/files ?
Mihai Donțu <mdontu@...defender.com> wrote:
>>I apologize for the late reply. The answer to your question is: yes.
>>I was planning to write some more on this subject
Arjan van de Ven wrote:
> we do still appreciate your description, since I don't think there's a
> clear "here's what we really try to protect against" statement yet.
Perhaps I could try: the AV folks are trying to prevent the
execution of either modified normal binaries/files or
specifically exploit binaries/files, by machines for which the
files are executable or interpretable.
The experience of those communities is predominantly
with DOS/Windows executables and interpretable files, which
they have difficulty generalizing from.
In principle, they could be targeted at any machine, so any
mechanisms should be applicable to native executables and
interpretables as well as foreign ones.
--dave (who (in)famously wrote a UUCP virus, which warned sysadmins
if they had bad enough security settings to have run it as root) c-b
--
David Collier-Brown | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb@....com | -- Mark Twain
cell: (647) 833-9377, bridge: (877) 385-4099 code: 506 9191#
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists