nanog mailing list archives
Re: Quarantine your infected users spreading malware
From: Michael.Dillon () btradianz com
Date: Tue, 21 Feb 2006 13:03:38 +0000
Offer them a free windows infection blocker program that imposes the quarantine itself locally on the user's machine. This program would use stealth techniques to hide itself in the user's machine, just like viruses do.
As the defense is local to the user's machine, the attacker can just kick it away.
How are they going to identify the code to throw away? I believe that the state of the art for AV software is to create randomly named EXE files so that attackers cannot delete the running process, and then the EXE file ensures that the installed program and startup config are not tampered with. If AV software can protect itself this way, why would anyone build an infection blocker using any less protection? --Michael Dillon
Current thread:
- Re: Quarantine your infected users spreading malware, (continued)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 20)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 20)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 20)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Michael Painter (Feb 21)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 21)
- Re: Quarantine your infected users spreading malware Sean Donelan (Feb 21)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 20)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 21)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware PC (Feb 21)
- Re: Quarantine your infected users spreading malware Larry Smith (Feb 21)
- Re: Quarantine your infected users spreading malware Andy Davidson (Feb 22)