Re: [malware-list] TALPA - a threat model? well sorta.

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Helge Hafting

Subject: Re: [malware-list] TALPA - a threat model? well sorta.

Date: Monday, August 18, 2008 - 3:09 am

Press, Jonathan wrote:
quoted text>> -----Original Message-----
>> From: Theodore Tso [mailto:tytso@mit.edu]
>> Sent: Friday, August 15, 2008 1:05 PM
>> To: douglas.leeder@sophos.com
>> Cc: Press, Jonathan; alan@lxorguk.ukuu.org.uk; andi@firstfloor.org;
>>     
> Arjan van de
>   
>> Ven; hch@infradead.org; Helge Hafting; linux-kernel@vger.kernel.org;
>>     
> malware-
>   
>> list@lists.printk.net; Peter Zijlstra; viro@ZenIV.linux.org.uk
>> Subject: Re: [malware-list] TALPA - a threat model? well sorta.
>>
>>     
>>> Not to mention removable media - it might be old hat, but
>>>       
> infected/malware
>   
>>> files can come in on floppies, CDs or USB flash discs careless left
>>>       
> on the
>   
>>> pavement outside an office.
>>>       
>> That's not a problem given the scanning model proposed by Eric; when
>> you insert removable media, it will get scanned when it is first
>> accessed.
>>     
>
> That is exactly the idea.  However, the context of this particular
> thread was the following statement by Helge Hafting:
>
> 	It seems to me that this "scan on file open" business is the
> wrong 
> 	way to do things - because it reduces performance.
>
> 	If you scan on file open, then your security sw is too late and 
> 	getting in the way.
>
>  
> We were just pointing out that this is not a good argument in practical
> terms AGAINST scanning on open.  In fact, your reply completely
> reinforces that point.
>   
Scanning on open should be a last resort. Scan in advance when you can.
Of course, removable media cannot be scanned until it is inserted and 
mounted,
that is obvious. The scanning can start as soon as the filesystem is 
mounted though,
there is no reason to wait until users try to access something.

A CD inserted into a CD-server may not necessarily be needed immediately, so
scanning in advance will help here too. The user inserting a CD in a home
computer may start to use stuff right away, or perhaps he spends
some time reading the docs before a complicated install. Sill room for some
scanning in advance, which also may end up with the nice effect of 
caching the CD.

Helge Hafting



--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 9:24 am)

TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 9:36 am)

Re: TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 9:37 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 9:47 am)

Re: TALPA - a threat model? well sorta., Greg KH, (Wed Aug 13, 9:57 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 10:00 am)

Re: TALPA - a threat model? well sorta., Christoph Hellwig, (Wed Aug 13, 10:07 am)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Wed Aug 13, 10:39 am)

Re: TALPA - a threat model? well sorta., Theodore Tso, (Wed Aug 13, 11:15 am)

Re: TALPA - a threat model? well sorta., Andi Kleen, (Wed Aug 13, 11:17 am)

Re: TALPA - a threat model? well sorta., H. Peter Anvin, (Wed Aug 13, 11:21 am)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Wed Aug 13, 11:21 am)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Wed Aug 13, 11:24 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 11:40 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 11:57 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 12:02 pm)

Re: TALPA - a threat model? well sorta., Theodore Tso, (Wed Aug 13, 12:29 pm)

Re: TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 12:59 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 2:13 pm)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Wed Aug 13, 2:15 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 2:23 pm)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Wed Aug 13, 2:24 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Rik van Riel, (Wed Aug 13, 2:35 pm)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Wed Aug 13, 2:39 pm)

Re: TALPA - a threat model? well sorta., 7v5w7go9ub0o, (Wed Aug 13, 5:14 pm)

Re: TALPA - a threat model? well sorta., Mihai , (Wed Aug 13, 5:18 pm)

Re: TALPA - a threat model? well sorta., 7v5w7go9ub0o, (Wed Aug 13, 7:25 pm)

Re: TALPA - a threat model? well sorta., tvrtko.ursulin, (Thu Aug 14, 2:18 am)

Re: [malware-list] TALPA - a threat model? well sorta., tvrtko.ursulin, (Thu Aug 14, 2:30 am)

Re: [malware-list] TALPA - a threat model? well sorta., tvrtko.ursulin, (Thu Aug 14, 2:46 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Thu Aug 14, 4:58 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Thu Aug 14, 5:03 am)

RE: [malware-list] TALPA - a threat model? well sorta., tvrtko.ursulin, (Thu Aug 14, 5:27 am)

Re: [malware-list] TALPA - a threat model? well sorta., Mihai , (Thu Aug 14, 5:34 am)

Re: TALPA - a threat model? well sorta., Arnd Bergmann, (Thu Aug 14, 6:00 am)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 6:24 am)

Re: [malware-list] TALPA - a threat model? well sorta., Arjan van de Ven, (Thu Aug 14, 6:46 am)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 6:48 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 7:12 am)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 8:50 am)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Thu Aug 14, 8:57 am)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 10:29 am)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 12:17 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 12:20 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Christoph Hellwig, (Thu Aug 14, 12:34 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 12:41 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Christoph Hellwig, (Thu Aug 14, 1:20 pm)

Re: [malware-list] TALPA - a threat model? well sorta., J. Bruce Fields, (Thu Aug 14, 2:21 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 4:34 pm)

Re: TALPA - a threat model? well sorta., david, (Thu Aug 14, 6:31 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 6:37 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 6:44 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 7:04 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 8:25 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Arjan van de Ven, (Thu Aug 14, 8:41 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 9:48 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 10:05 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Johannes Weiner, (Thu Aug 14, 10:12 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 10:28 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 10:36 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Alan Cox, (Fri Aug 15, 1:51 am)

Re: TALPA - a threat model? well sorta., Helge Hafting, (Fri Aug 15, 3:07 am)

Re: TALPA - a threat model? well sorta., Peter Zijlstra, (Fri Aug 15, 3:37 am)

Re: TALPA - a threat model? well sorta., tvrtko.ursulin, (Fri Aug 15, 3:44 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 6:10 am)

Re: [malware-list] TALPA - a threat model? well sorta., douglas.leeder, (Fri Aug 15, 6:18 am)

Re: [malware-list] TALPA - a threat model? well sorta., Pavel Machek, (Fri Aug 15, 7:31 am)

Re: [malware-list] TALPA - a threat model? well sorta., Pavel Machek, (Fri Aug 15, 7:37 am)

Re: TALPA - a threat model? well sorta., Pavel Machek, (Fri Aug 15, 9:06 am)

RE: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 9:25 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 9:30 am)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Fri Aug 15, 10:04 am)

RE: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 10:33 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 10:40 am)

RE: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 10:47 am)

Re: [malware-list] TALPA - a threat model? well sorta., Valdis.Kletnieks, (Fri Aug 15, 11:06 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 11:09 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 11:17 am)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 1:05 pm)

RE: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 1:08 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Jan Harkes, (Fri Aug 15, 1:16 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Fri Aug 15, 1:17 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Arjan van de Ven, (Fri Aug 15, 3:05 pm)

Re: [malware-list] TALPA - a threat model? well sorta., David Collier-Brown, (Sun Aug 17, 2:11 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Sun Aug 17, 4:19 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Arjan van de Ven, (Sun Aug 17, 4:26 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Helge Hafting, (Mon Aug 18, 3:02 am)

Re: [malware-list] TALPA - a threat model? well sorta., Helge Hafting, (Mon Aug 18, 3:09 am)

Re: [malware-list] TALPA - a threat model? well sorta., Peter Zijlstra, (Mon Aug 18, 3:14 am)

Re: [malware-list] TALPA - a threat model? well sorta., tvrtko.ursulin, (Mon Aug 18, 3:24 am)

Re: [malware-list] TALPA - a threat model? well sorta., douglas.leeder, (Mon Aug 18, 3:25 am)

Re: TALPA - a threat model? well sorta., david, (Mon Aug 18, 5:21 am)

Re: TALPA - a threat model? well sorta., Pavel Machek, (Mon Aug 18, 6:30 am)

Re: [malware-list] TALPA - a threat model? well sorta., Alan Cox, (Mon Aug 18, 8:33 am)

Re: [malware-list] TALPA - a threat model? well sorta., Rik van Riel, (Mon Aug 18, 9:43 am)

Re: TALPA - a threat model? well sorta., david, (Mon Aug 18, 5:03 pm)

Re: [malware-list] TALPA - a threat model? well sorta., J. Bruce Fields, (Tue Aug 19, 2:43 pm)

Navigation

Popular discussions


linux-kernel:
Mel Gorman	Re: [PATCH 1/4] vmstat: remove zone->lock from walk_zones_in_node
Guenter Roeck	Re: [lm-sensors] Location for thermal drivers
David Woodhouse	Re: RFC: Moving firmware blobs out of the kernel.
Siddha, Suresh B	Re: [PATCH 2.6.21 review I] [11/25] x86: default to physical mode on hotplug CPU k...
Peter Zijlstra	Re: [patch 4/6] mm: merge populate and nopage into fault (fixes nonlinear)
git-commits-head:
Linux Kernel Mailing List	[MIPS] Fix potential latency problem due to non-atomic cpu_wait.
Linux Kernel Mailing List	USB: rename USB_SPEED_VARIABLE to USB_SPEED_WIRELESS
Linux Kernel Mailing List	lib/vsprintf.c: fix bug omitting minus sign of numbers (module_param)
Linux Kernel Mailing List	[Bluetooth] Initiate authentication during connection establishment
Linux Kernel Mailing List	[POWERPC] 4xx: Add ppc40x_defconfig
linux-netdev:
MERCEDES	Your mail id has won 950,000.00 in the MERCEDES Benz Online Promo.for claims send:
David Miller	Re: [PATCH] xen/netfront: do not mark packets of length < MSS as GSO
David Miller	Re: skb_segment() questions
Shan Wei	[RFC PATCH net-next 2/5]IPv6:netfilter: Send an ICMPv6 "Fragment Reassembly Timeou...
Stanislaw Gruszka	[PATCH 1/4] bnx2x: use smp_mb() to keep ordering of read write operations
git:
Nicolas Sebrecht	git-svn died of signal 11 (was "3 failures on test t9100 (svn)")
Junio C Hamano	Re: [PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
Martin Langhoff	Re: [PATCH] GIT commit statistics.
Alexandre Julliard	[PATCH] gitweb: Put back shortlog instead of graphiclog in the project list.
Josh Triplett	[PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
openbsd-misc:
Taisto Qvist XX	Re: AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics wi...
Nico Meijer	Re: gOS Develop Kit with VIA pc-1 Processor Platform VIA C7-D
Andreas Bihlmaier	Re: jetway board sensors (Fintek F71805F)
admin	Drive a 2009 car from R799p/m
Antti Harri	Re: how to create a sha256 hash

Colocation donated by:

Syndicate