Full Disclosure mailing list archives
RE: Multiple AV Vendors ignoring tar.gz archives
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 08 Feb 2005 11:26:47 +1300
Stuart Fox to me:
Isn't this similar to what MS do in Windows 2003/XP SP2 with Software Restriction Policies? Executables are only allowed to run provided they fit a prespecified pattern i.e. name (not very useful), signed or not, hash of the executable.
Yes, but it has to be much more thoroughly implemented. It needs to be at a low level in the file system (as existing on-access virus scanners' file system filter drivers and the like currently are) and it needs to be able to handle a much broader conception of "code" than the existing implementation (again, as existing on-access virus scanners have, with their "intelligent" file typing and such...). Such a "solution" would only ever be widely useful in properly managed corporate environments -- most small businesses (and many medium-sized ones) and most individual users would never have the discipline and/or interest in managing this, but in larger corporate, and many other large institutional, settings, where most PCs are really just tools providing a standard (and usually fairly limited) set of applications, such an integrity management approach would be easily adopted in place of on-access virus scanning and would only ever need updating just before standard maintenance procedures update/patch the contents of the managed PCs or new functionality (apps) were to be installed. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Multiple AV Vendors ignoring tar.gz archives, (continued)
- Re: Multiple AV Vendors ignoring tar.gz archives bkfsec (Feb 08)
- Software Licenses and compression (was: Multiple AV Vendors ignoring tar.gz archives) bkfsec (Feb 07)
- Re: Software Licenses and compression (was: Multiple AV Vendors ignoring tar.gz archives) James Eaton-Lee (Feb 07)
- Re: Multiple AV Vendors ignoring tar.gz archives Rodrigo Barbosa (Feb 10)
- Re: Multiple AV Vendors ignoring tar.gz archives Jorrit Kronjee (Feb 10)
- Re: Multiple AV Vendors ignoring tar.gz archives James Eaton-Lee (Feb 11)
- Re: Multiple AV Vendors ignoring tar.gz archives Barrie Dempster (Feb 06)
- Re: Multiple AV Vendors ignoring tar.gz archives Shoshannah Forbes (Feb 07)
- Re: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 07)
- RE: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 07)
- RE: Multiple AV Vendors ignoring tar.gz archives Barrie Dempster (Feb 08)
- RE: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 08)