lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <48A0649B.4010706@sun.com>
Date:	Mon, 11 Aug 2008 12:11:07 -0400
From:	David Collier-Brown <davecb@....com>
To:	Arjan van de Ven <arjan@...radead.org>
Cc:	Mihai Donțu <mdontu@...defender.com>,
	Adrian Bunk <bunk@...nel.org>, tvrtko.ursulin@...hos.com,
	Greg KH <greg@...ah.com>,
	"Press, Jonathan" <Jonathan.Press@...com>,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	malware-list@...ts.printk.net
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon
 access scanning

Arjan van de Ven wrote:
>>>just to get things clear; yyou're [ talking about ...] detecting
>>>the presence and preventing to (accidental) use of pre-canned,
>>>widely used exploit binaries/files ?

Mihai Donțu <mdontu@...defender.com> wrote:
>>I apologize for the late reply. The answer to your question is: yes.
>>I was planning to write some more on this subject 

Arjan van de Ven wrote:
> we do still appreciate your description, since I don't think there's a
> clear "here's what we really try to protect against" statement yet.

  Perhaps I could try: the AV folks are trying to prevent the
execution of either modified normal binaries/files or 
specifically exploit binaries/files, by machines for which the 
files are executable or interpretable.

  The experience of those communities is predominantly
with DOS/Windows executables and interpretable files, which
they have difficulty generalizing from.

  In principle, they could be targeted at any machine, so any
mechanisms should be applicable to native executables and
interpretables as well as foreign ones.

--dave (who (in)famously wrote a UUCP virus, which warned sysadmins 
        if they had bad enough security settings to have run it as root) c-b
-- 
David Collier-Brown            | Always do right. This will gratify
Sun Microsystems, Toronto      | some people and astonish the rest
davecb@....com                 |                      -- Mark Twain
cell: (647) 833-9377, bridge: (877) 385-4099 code: 506 9191#
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ