Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Alan Cox

Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning

Date: Monday, August 11, 2008 - 2:45 pm

On Mon, 11 Aug 2008 21:53:23 +0000 (UTC)
daw@cs.berkeley.edu (David Wagner) wrote:

quoted text> David Collier-Brown writes:
> >Arjan van de Ven wrote:
> >> we do still appreciate your description, since I don't think there's a
> >> clear "here's what we really try to protect against" statement yet.
> >
> >  Perhaps I could try: the AV folks are trying to prevent the
> >execution of either modified normal binaries/files or 
> >specifically exploit binaries/files, by machines for which the 
> >files are executable or interpretable.
> 
> 1. We already know how to prevent/detect modifications to
> normal binaries.  See Tripwire etc.  As far as I know, no new
> kernel technology is needed.

Tripwire is incredibly ineffecient and ineffectual because we don't have
a scalable 'file was modified' notifier

Alan
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinter ..., Alan Cox, (Mon Aug 11, 2:45 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinter ..., David Wagner, (Mon Aug 11, 2:53 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinter ..., David Collier-Brown, (Thu Aug 14, 3:48 am)

Navigation

Popular discussions


linux-kernel:
Josef Sipek	Re: [PATCH 01/24] Unionfs: Documentation
Greg Kroah-Hartman	[PATCH 20/36] Driver core: Call device_pm_add() after bus_add_device() in device_a...
Oleg Nesterov	Re: init's children list is long and slows reaping children.
Randy Dunlap	Re: mmotm 2010-06-11-16-40 uploaded
Pete Clements	2.6.20-git8 fails compile -- net/built-in.o __ipv6_addr_type
git:
Stephen R. van den Berg	Re: [RFC] origin link for cherry-pick and revert
Christian Stimming	git-gui: Fix broken revert confirmation.
Junio C Hamano	Re: git-svnimport
Anuj Gakhar	Git Architecture Question
Johannes Schindelin	Re: [PATCH] Fix approxidate("never") to always return 0
linux-netdev:
Gerrit Renker	v2 [PATCH 1/4] dccp: Limit feature negotiation to connection setup phase
Nick Piggin	Re: Kernel WARNING: at net/core/dev.c:1330 __netif_schedule+0x2c/0x98()
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
David Miller	Re: 2.6.27.18: bnx2/tg3: BUG: "scheduling while atomic" trying to ifenslave a seco...
Ingo Molnar	Re: [regression] nf_iterate(), BUG: unable to handle kernel NULL pointer dereference
git-commits-head:
Linux Kernel Mailing List	ath9k_htc: Allocate URBs properly
Linux Kernel Mailing List	[ARM] dma: use new dmabounce_sync_for_xxx() for dma_sync_single_xxx()
Linux Kernel Mailing List	MIPS: Cavium: Remove unused watchdog code.
Linux Kernel Mailing List	V4L/DVB (8976): af9015: Add USB ID for AVerMedia A309
Linux Kernel Mailing List	ARM: 5670/1: bcmring: add default configuration for bcmring arch
openbsd-misc:
Christophe Rioux	Implementation example of snmp
Ryan McBride	Re: Packets Per Second Limit?
Nick Holland	Re: booting openbsd on eee without cd-rom
Bryan Irvine	Re: OpenBSD 4.7 Released, May 19 2010
Jacob Yocom-Piatt	Re: Same shit all over again

Colocation donated by:

Syndicate