RE: [malware-list] TALPA - a threat model? well sorta.

> -----Original Message-----

quoted text

> From: Theodore Tso [mailto:tytso@mit.edu] > Sent: Friday, August 15, 2008 1:05 PM > To: douglas.leeder@sophos.com > Cc: Press, Jonathan; alan@lxorguk.ukuu.org.uk; andi@firstfloor.org;

Arjan van de

quoted text

> Ven; hch@infradead.org; Helge Hafting; linux-kernel@vger.kernel.org;

malware-

quoted text

> list@lists.printk.net; Peter Zijlstra; viro@ZenIV.linux.org.uk > Subject: Re: [malware-list] TALPA - a threat model? well sorta. > > > Not to mention removable media - it might be old hat, but

infected/malware

quoted text

> > files can come in on floppies, CDs or USB flash discs careless left

on the

quoted text

> > pavement outside an office. > > That's not a problem given the scanning model proposed by Eric; when > you insert removable media, it will get scanned when it is first > accessed.

That is exactly the idea. However, the context of this particular thread was the following statement by Helge Hafting: It seems to me that this "scan on file open" business is the wrong way to do things - because it reduces performance. If you scan on file open, then your security sw is too late and getting in the way. We were just pointing out that this is not a good argument in practical terms AGAINST scanning on open. In fact, your reply completely reinforces that point. Jon Press --

unsubscribe notice

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/


linux-kernel:
Mel Gorman	Re: [PATCH 1/4] vmstat: remove zone->lock from walk_zones_in_node
Guenter Roeck	Re: [lm-sensors] Location for thermal drivers
David Woodhouse	Re: RFC: Moving firmware blobs out of the kernel.
Siddha, Suresh B	Re: [PATCH 2.6.21 review I] [11/25] x86: default to physical mode on hotplug CPU k...
Peter Zijlstra	Re: [patch 4/6] mm: merge populate and nopage into fault (fixes nonlinear)
git-commits-head:
Linux Kernel Mailing List	[MIPS] Fix potential latency problem due to non-atomic cpu_wait.
Linux Kernel Mailing List	USB: rename USB_SPEED_VARIABLE to USB_SPEED_WIRELESS
Linux Kernel Mailing List	lib/vsprintf.c: fix bug omitting minus sign of numbers (module_param)
Linux Kernel Mailing List	[Bluetooth] Initiate authentication during connection establishment
Linux Kernel Mailing List	[POWERPC] 4xx: Add ppc40x_defconfig
linux-netdev:
MERCEDES	Your mail id has won 950,000.00 in the MERCEDES Benz Online Promo.for claims send:
David Miller	Re: [PATCH] xen/netfront: do not mark packets of length < MSS as GSO
David Miller	Re: skb_segment() questions
Shan Wei	[RFC PATCH net-next 2/5]IPv6:netfilter: Send an ICMPv6 "Fragment Reassembly Timeou...
Stanislaw Gruszka	[PATCH 1/4] bnx2x: use smp_mb() to keep ordering of read write operations
git:
Nicolas Sebrecht	git-svn died of signal 11 (was "3 failures on test t9100 (svn)")
Junio C Hamano	Re: [PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
Martin Langhoff	Re: [PATCH] GIT commit statistics.
Alexandre Julliard	[PATCH] gitweb: Put back shortlog instead of graphiclog in the project list.
Josh Triplett	[PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
openbsd-misc:
Taisto Qvist XX	Re: AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics wi...
Nico Meijer	Re: gOS Develop Kit with VIA pc-1 Processor Platform VIA C7-D
Andreas Bihlmaier	Re: jetway board sensors (Fintek F71805F)
admin	Drive a 2009 car from R799p/m
Antti Harri	Re: how to create a sha256 hash