Full Disclosure mailing list archives
Re: detecting targetted malware
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 23 Jan 2007 10:50:08 +1300
lsi wrote:
This is probably patented and implemented already but nonetheless its a new idea for me, so I mention it...
<<snip simple description of executable white-listing>> Fred Cohen "invented" this anti-malware approach in discussing the mitigation of computer viruses in his seminal (Ph.D. thesis) research of the properties of computer viruses. AFAIK he did not patent the idea, and he certainly did implement it in an unsuccessful commercial product so there is solid prior art. Further, there are several more recent implementations of more-or-less the same idea. The main problem with this approach to anti-malware is that it actually requires system admins to give a shit about understanding the code on the systems they "maintain" _and_ them understanding what their users should be doing. Of course that takes a few minutes of _effort_ on their part, so they continue to recommend the "suck it an see" approach of known virus scanning, etc, etc as then they can blame any "failures" on their "dumb users" and/or their slack suppliers... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- detecting targetted malware lsi (Jan 22)
- Re: detecting targetted malware 3APA3A (Jan 22)
- Re: detecting targetted malware kevin fielder (Jan 22)
- Re: detecting targetted malware Nick FitzGerald (Jan 22)
- <Possible follow-ups>
- Re: detecting targetted malware Randall M (Jan 22)
- Re: detecting targetted malware Randall M (Jan 22)