Full Disclosure mailing list archives
RE: Multiple AV Vendors ignoring tar.gz archives
From: "Stuart Fox \(DSL AK\)" <StuartF () datacom co nz>
Date: Tue, 8 Feb 2005 09:56:54 +1300
For lack of a better name -- after all, this is a technology that has hardly been investigated -- I refer to this as integrity management. Basically you turn known virus scanning on its head to have the on- access scanner only allow known good code to run, rather than trying to do the impossible of finding all possible permutations of all possible (known) "bad" code. This can easily be done using the existing technology, but instead of depending on the a vendor to find new bad things, add detection of them and ship that update _finally_ giving the user protection, the user supplies their own list of _allowable_ code and new code can be run once the administrator updates their own, of allowable code database . (There are other clever things such a re- purposing of this technology neatly allows too -- for example, such technology could easily be configured to block access to all files of a given type; it can be easily used to track software usage for auditing and licensing checking; etc, etc...)
Isn't this similar to what MS do in Windows 2003/XP SP2 with Software Restriction Policies? Executables are only allowed to run provided they fit a prespecified pattern i.e. name (not very useful), signed or not, hash of the executable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Multiple AV Vendors ignoring tar.gz archives, (continued)
- Re: Multiple AV Vendors ignoring tar.gz archives James Eaton-Lee (Feb 07)
- Re: Multiple AV Vendors ignoring tar.gz archives bkfsec (Feb 08)
- Software Licenses and compression (was: Multiple AV Vendors ignoring tar.gz archives) bkfsec (Feb 07)
- Re: Software Licenses and compression (was: Multiple AV Vendors ignoring tar.gz archives) James Eaton-Lee (Feb 07)
- Re: Multiple AV Vendors ignoring tar.gz archives Rodrigo Barbosa (Feb 10)
- Re: Multiple AV Vendors ignoring tar.gz archives Jorrit Kronjee (Feb 10)
- Re: Multiple AV Vendors ignoring tar.gz archives James Eaton-Lee (Feb 11)
- Re: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 07)
- RE: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 07)
- RE: Multiple AV Vendors ignoring tar.gz archives Barrie Dempster (Feb 08)
- RE: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 08)