Dailydave mailing list archives

Re: NSRL status check

From: Gadi Evron <ge () linuxbox org>
Date: Mon, 11 Dec 2006 15:07:01 -0600 (CST)

On Mon, 11 Dec 2006 dan () geer org wrote:


The National Software Reference Library has or had a listing of the
hash values for known good software, known good in the sense of
what is on installation media or what otherwise still has its
integrity intact.

I say "has or had" as on first glance it appears that this listing
is stationary since sometime in 2004.  Would someone here know the
history and fate of this list?  On the face of it such a list seems
useful in forensic situations at least.


Zone Labs (now CheckPoint) has their own listing. They whitelist known
programs. "X per cent of our users believe this program is good". That way
people can make more educated decisions on programs which want to connect
to the Internet. Blacklisting bad files is not practical, or it would be
yet another almost useless anti virus.

Naturally, this has a lot of applications.

        Gadi.

--dan

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

NSRL status check dan (Dec 11)
- Re: NSRL status check Gadi Evron (Dec 12)
- Re: NSRL status check Joanna Rutkowska (Dec 12)
  - Re: NSRL status check Kevin Stadmeyer (Dec 12)
- <Possible follow-ups>
- Re: NSRL status check Holt Sorenson (Dec 12)
  - Re: NSRL status check Lance Spitzner (Dec 12)
- Re: NSRL status check Joanna Rutkowska (Dec 12)