>> -----Original Message-----
>> From:
david@lang.hm [mailto:david@lang.hm]
>> Sent: Friday, August 15, 2008 1:47 PM
>> To: Press, Jonathan
>> Cc: Peter Zijlstra; Helge Hafting; linux-kernel@vger.kernel.org;
> malware-
>> list@lists.printk.net; hch@infradead.org; andi@firstfloor.org;
>> viro@ZenIV.linux.org.uk; alan@lxorguk.ukuu.org.uk; Arjan van de Ven
>> Subject: RE: [malware-list] TALPA - a threat model? well sorta.
>>
>> On Fri, 15 Aug 2008, Press, Jonathan wrote:
>>> In addition, to generalize from the incorrect idea that the actions
> of
>>> root are not being defended against to the idea that the possible
>>> impacts of an administrator's actions in configuring an application
>>> should not be accounted for at all in our thinking doesn't make
> sense to
>>> me anyway.
>>
>> questions had been raised about how this model could defend against
> all
>> the tricky things that root can do, the answer was that they are not
>> trying to defend against root doing tricky things.
>>
>> turning off the scanner, letting things get infected, and turning it
> back
>> on would fall in the same catagory as marking a file that the scanner
>> marked as bad as sucessfully scanned.
>
> Well, I agree that there are things you can't prevent, that's for sure.
> But the point is to build the "threat model" and application
> functionality around the idea that IF they happen, you want to be able
> to plug the resulting holes as well as you can. You can't simply close
> your eyes to the possibility.
