Full Disclosure mailing list archives
Re: Support the Sasser-author fund started
From: Valdis.Kletnieks () vt edu
Date: Mon, 17 May 2004 11:17:45 -0400
On Mon, 17 May 2004 13:33:44 +0200, Ondrej Krajicek <krajicek () ics muni cz> said:
we're faster". Add on an the required anti-virus program monitoring packets in and out and watch your performance drop as that eliminates the whole concept behind DMA as now you have to route all data through the host cpu anyways. Pretty soon, we'll need AV signature engines encoded in the data bus of Windows machines in silicon. I wouldn't be surprised if Intel or AMD had a skunkworks project on this very problem.
"Palladium". It's more about DRM than about real security (think about it - if somebody find yet another IIS exploit, the buffer overflow will run in the IIS context same as it does now....
IMHO the data are routed through host CPU anyway, DMA is not as clever to locate the proper file in the proper filesystem on the proper volume and pass them to the proper network card. You're right that the=20 CPU does not have to process every single bit of each (?) file. But this could be solved by used more advanced bus architecture (PCIX or even something faster) and adding more CPU. Dedicated anti-virus chip is a thing which I hope is not going to happen.
Hmm.. let me get this straight - I can run something like SELinux and get snappy performance on a 700mz PentiumIII, but to get security out of Windows I'll need even MORE CPU and a PCIX? What's wrong with this picture?
Attachment:
_bin
Description:
Current thread:
- Re: Support the Sasser-author fund started, (continued)
- Re: Support the Sasser-author fund started Stormwalker (May 17)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)
- Re: Support the Sasser-author fund started Nick FitzGerald (May 17)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)
- Re: Support the Sasser-author fund started Nick FitzGerald (May 18)
- Re: Support the Sasser-author fund started Alexander Schreiber (May 17)
- Re: Support the Sasser-author fund started Nick FitzGerald (May 18)
- Re: Support the Sasser-author fund started Alexander Schreiber (May 18)
- RE: Support the Sasser-author fund started Bill Royds (May 17)
- Re: Support the Sasser-author fund started Ondrej Krajicek (May 17)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)
- Re: Support the Sasser-author fund started Ondrej Krajicek (May 17)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 17)
- Re[2]: Support the Sasser-author fund started npguy (May 16)
- Re: Support the Sasser-author fund started Exibar (May 14)
- Re: Support the Sasser-author fund started Konstantin Gavrilenko (May 15)
- RE: Support the Sasser-author fund started Aditya, ALD [Aditya Lalit Deshmukh] (May 14)
- RE: Support the Sasser-author fund started - Please stop this thread m . garg (May 14)
- Re: Support the Sasser-author fund started Exibar (May 13)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 13)
- Re: Support the Sasser-author fund started Exibar (May 13)