Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforonaccess scanning

[David Collier-Brown]

Arjan van de Ven wrote:
> > > just to get things clear; yyou're [ talking about ...] detecting
> > > the presence and preventing to (accidental) use of pre-canned,
> > > widely used exploit binaries/files ?

Mihai DonÈu <mdontu@xxxxxxxxxxxxxxx> wrote:
> > I apologize for the late reply. The answer to your question is: yes.
> > I was planning to write some more on this subject 

Arjan van de Ven wrote:
> we do still appreciate your description, since I don't think there's a
> clear "here's what we really try to protect against" statement yet.

 Perhaps I could try: the AV folks are trying to prevent the
execution of either modified normal binaries/files or 
specifically exploit binaries/files, by machines for which the 
files are executable or interpretable.

 The experience of those communities is predominantly
with DOS/Windows executables and interpretable files, which
they have difficulty generalizing from.

 In principle, they could be targeted at any machine, so any
mechanisms should be applicable to native executables and
interpretables as well as foreign ones.

--dave (who (in)famously wrote a UUCP virus, which warned sysadmins 
       if they had bad enough security settings to have run it as root) c-b
--
David Collier-Brown            | Always do right. This will gratify
Sun Microsystems, Toronto      | some people and astonish the rest
davecb@xxxxxxx                 |                      -- Mark Twain
cell: (647) 833-9377, bridge: (877) 385-4099 code: 506 9191#
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/