Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: detecting targetted malware

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 23 Jan 2007 10:50:08 +1300
lsi wrote:


This is probably patented and implemented already but nonetheless its 
a new idea for me, so I mention it...

<<snip simple description of executable white-listing>>

Fred Cohen "invented" this anti-malware approach in discussing the 
mitigation of computer viruses in his seminal (Ph.D. thesis) research 
of the properties of computer viruses.  AFAIK he did not patent the 
idea, and he certainly did implement it in an unsuccessful commercial 
product so there is solid prior art.  Further, there are several more 
recent implementations of more-or-less the same idea.

The main problem with this approach to anti-malware is that it actually 
requires system admins to give a shit about understanding the code on 
the systems they "maintain" _and_ them understanding what their users 
should be doing.  Of course that takes a few minutes of _effort_ on 
their part, so they continue to recommend the "suck it an see" approach 
of known virus scanning, etc, etc as then they can blame any "failures" 
on their "dumb users" and/or their slack suppliers...


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: