Re: Support the Sasser-author fund started

[Valdis.Kletnieks () vt edu]

On Mon, 17 May 2004 13:33:44 +0200, Ondrej Krajicek <krajicek () ics muni cz>  said:

> > we're faster".  Add on an the required anti-virus program monitoring
> > packets in and out and watch your performance drop as that eliminates
> > the whole concept behind DMA as now you have to route all data through
> > the host cpu anyways.  Pretty soon, we'll need AV signature engines
> > encoded in the data bus of Windows machines in silicon.  I wouldn't be
> > surprised if Intel or AMD had a skunkworks project on this very problem.

"Palladium".  It's more about DRM than about real security (think about it -
if somebody find yet another IIS exploit, the buffer overflow will run in the IIS
context same as it does now....

> IMHO the data are routed through host CPU anyway, DMA is not as clever
> to locate the proper file in the proper filesystem on the proper
> volume and pass them to the proper network card. You're right that the=20
> CPU does not have to process every single bit of each (?) file.
> But this could be solved by used more advanced bus architecture
> (PCIX or even something faster) and adding more CPU. Dedicated anti-virus
> chip is a thing which I hope is not going to happen.

Hmm.. let me get this straight - I can run something like SELinux and get
snappy performance on a 700mz PentiumIII, but to get security out of Windows
I'll need even MORE CPU and a PCIX?  What's wrong with this picture?

Attachment: _bin
Description: