Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforonaccess scanning

[Arjan van de Ven]

On Mon, 11 Aug 2008 16:45:47 +0300
Mihai DonÈu <mdontu@xxxxxxxxxxxxxxx> wrote:

> On Thursday 07 August 2008, Arjan van de Ven wrote:
> > On Thu, 7 Aug 2008 03:49:55 +0300
> >
> > Mihai DonÈu <mdontu@xxxxxxxxxxxxxxx> wrote:
> > > Well, here is one attempt.
> > >
> > > A good percentage of an AV product's job is to prevent
> > > exploitation of a security hole in a product before the vendor
> > > (assuming the vendor admits it's bug and not a misuse of the
> > > product's features).
> >
> > just to get things clear;
> > you're not talking about preventing the actual exploitation per se
> > (that would be the job of the various protection technologies) or
> > the containment (that would be SELinux), but more about detecting
> > the presence and preventing to (accidental) use of pre-canned,
> > widely used exploit binaries/files ?
> 
> I apologize for the late reply. The answer to your question is: yes.
> I was planning to write some more on this subject but this is
> unnecessary now, because I see [almost] everyone accepted that some
> kind of antimalware scanning is needed and are looking for
> alternative (better) solutions to the patch that started all this.

we do still appreciate your description, since I don't think there's a
clear "here's what we really try to protect against" statement yet.

Answering Ted's questions would be a really good start...


-- 
If you want to reach me at my work email, use arjan@xxxxxxxxxxxxxxx
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/