funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 16 Jul 2008 21:52:25 -0400
It's called DEP or NX in Windows. At a system level it's turn on since XP SP2, and you can set it to apply to Windows code itself, but apps have to opt in (when this all came out, too many programs crashed ungracefully when forced into it). Programs can opt in with a simple linker switch I think. Many apps do, but many don't. IE8 will opt in by default. Acrobat 9 does. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Richard M. Smith Sent: Wednesday, July 16, 2008 9:34 PM To: funsec () linuxbox org Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting I did a talk a couple of years ago at Boston University along this lines. I pointed out that many (but of course not all) security flaws in software are due to data morphing into code. Examples: buffer overflow, SQL injection, and XSS errors. I'm not sure how Harvard Architecture, whatever it might be, would protect against SQL injection and XSS errors. Buffer overflows can be dealt with by marking data pages as non-execute in the page table. Why this relatively simple fix can't be implemented across the board in Windows is a head scratcher to me. Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah Sent: Wednesday, July 16, 2008 9:59 PM To: funsec () linuxbox org Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting Date sent: Wed, 16 Jul 2008 19:46:24 -0400 From: Rich Kulawiec <rsk () gsp org>
Wrong answer. The correct answer is to recognize that any operating system which requires anti-virus software is fundamentally, deeply broken and to either (a) fix it (b) get it fixed or (c) dump it.
Even better, let's dump von Neumann architecture, go back to Harvard architecture, and avoid viruses altogether ... Sorry, but I remember the late 80s when everybody was saying that once we got some security (mainframe-type, of course) into desktop operating systems viruses would be a thing of the past. They aren't, obviously. As long as data can be executed, and programs can be treated as data, viruses will be inherently possible. (And that's just viruses. The techie version of getting rid of a [favourite dumb- person epithet] by giving them a card with "Turn over" written on both sides is to tell someone to come up with a technical solution to trojans ...) ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org Before speaking, consider the interpretation of your words as well as their intent. - Andrew Alden victoria.tc.ca/techrev/rms.htm en.wikipedia.org/wiki/Robert_Slade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Toralv_Dirro (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob Thompson (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rich Kulawiec (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Larry Seltzer (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Toralv_Dirro (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Jeff Kell (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Valdis . Kletnieks (Jul 18)