RE: Show me the Virrii!

["Elsner, Donald, ALABS" <elsner () att com>]

-----Original Message-----

I like the idea of scanning for valid software.  There are some problems
with it that would need to be overcome, though:

1.  Who makes the list, and keeps it updated?  This would be a huge
undertaking. 

------------------- snip -----------------------------------
The U.S. Government is already doing this......  Please see
        
National Software Reference Library (NSRL)
(http://www.nsrl.nist.gov)

Overview: The National Software Reference Library (NSRL) provides a
repository of known software, file profiles, and file signatures for use
by law enforcement and other organizations in computer forensics
investigations.
Industry Need Addressed: Investigation of computer files requires a
tremendous effort to review individual files. A typical desktop computer
contains between 10,000 and 100,000 files, each of which may need to be
reviewed. Investigators need to eliminate as many known files as
possible from having to be reviewed. An automated filter program can
screen these files for specific profiles and signatures. If a specific
file's profile and signature match the database of known files, then the
file can be eliminated from review as a known file. Only those files
that do not match would be subject to further investigation. In
addition, investigators can search for files that are not what they
claim to be (e.g., the file has the same name, size, and date of a
common file, but not the same contents) or files that match a profile
(e.g., hacking tools).



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html