funsec mailing list archives
Re: standards status in the industry - opinion?
From: Blue Boar <BlueBoar () thievco com>
Date: Sat, 07 Jan 2006 23:52:54 -0800
Nick FitzGerald wrote:
Known virus scanning is not the only "signature scanning" approach -- as Fred Cohen suggested close to (or is that now "more than"??) two decades ago, by far the best solution to the generic problem of detecting the execution of unwanted code (of which, the problem of "detecting malware" is a sub-set) is to "fingerprint" the installed/ allowed code and prevent unknown code from being run. Thought of in a different way, this is the firewall equivalent of a default-deny rule for the program loader...
Whitelisting would be a huge help.But we're a little too far down the scripting language & executable data format path to completely solve the problem.
For example, you can't be a standards compliant browser at this point without supporting an executable data format.
BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: standards status in the industry - opinion?, (continued)
- Re: standards status in the industry - opinion? Gadi Evron (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Matthew Murphy (Jan 07)
- Re: standards status in the industry - opinion? Gadi Evron (Jan 07)
- Re: standards status in the industry - opinion? Florian Weimer (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Florian Weimer (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Gadi Evron (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 07)
- Re: standards status in the industry - opinion? Blue Boar (Jan 07)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- Re: standards status in the industry - opinion? Drsolly (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- RE: standards status in the industry - opinion? Stephen Villano (Jan 08)
- RE: standards status in the industry - opinion? Drsolly (Jan 08)
- RE: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)