lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 15 Aug 2008 09:25:25 -0700 (PDT)
From:	david@...g.hm
To:	"Press, Jonathan" <Jonathan.Press@...com>
cc:	Peter Zijlstra <peterz@...radead.org>,
	Helge Hafting <helge.hafting@...el.hist.no>,
	linux-kernel@...r.kernel.org, malware-list@...ts.printk.net,
	hch@...radead.org, andi@...stfloor.org, viro@...IV.linux.org.uk,
	alan@...rguk.ukuu.org.uk, Arjan van de Ven <arjan@...radead.org>
Subject: RE: [malware-list] TALPA - a threat model?  well sorta.

On Fri, 15 Aug 2008, Press, Jonathan wrote:

>> -----Original Message-----
>> From: malware-list-bounces@...sg.printk.net [mailto:malware-list-
>> bounces@...sg.printk.net] On Behalf Of Peter Zijlstra
>> Sent: Friday, August 15, 2008 6:37 AM
>> To: Helge Hafting
>> Cc: linux-kernel@...r.kernel.org; malware-list@...ts.printk.net;
> hch@...radead.org;
>> andi@...stfloor.org; viro@...IV.linux.org.uk;
> alan@...rguk.ukuu.org.uk; Arjan van
>> de Ven
>> Subject: Re: [malware-list] TALPA - a threat model? well sorta.
>>
>> On Fri, 2008-08-15 at 12:07 +0200, Helge Hafting wrote:
>>> It seems to me that this "scan on file open" business is the
>>> wrong way to do things - because it reduces performance.
>>>
>>> If you scan on file open, then your security sw is too late and
>>> getting in the way.
>
> The problem is that you have to account for the cases where the malware
> made it onto the system even if you were trying to catch it ahead of
> time.  For example:
>
> - Administrator turns off or reduces AV protection for some reason for
> some period of time.  It happens all the time.

according to the threat model actions of the administrator do not matter.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ