funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Texas Bank Dumps Antivirus for Whitelisting

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 16 Jul 2008 21:52:25 -0400
It's called DEP or NX in Windows. At a system level it's turn on since
XP SP2, and you can set it to apply to Windows code itself, but apps
have to opt in (when this all came out, too many programs crashed
ungracefully when forced into it). Programs can opt in with a simple
linker switch I think. Many apps do, but many don't. IE8 will opt in by
default. Acrobat 9 does.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Richard M. Smith
Sent: Wednesday, July 16, 2008 9:34 PM
To: funsec () linuxbox org
Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting

I did a talk a couple of years ago at Boston University along this
lines.  I
pointed out that many (but of course not all) security flaws in software
are
due to data morphing into code.  Examples: buffer overflow, SQL
injection,
and XSS errors.

I'm not sure how Harvard Architecture, whatever it might be, would
protect
against SQL injection and XSS errors.  Buffer overflows can be dealt
with by
marking data pages as non-execute in the page table.  Why this
relatively
simple fix can't be implemented across the board in Windows is a head
scratcher to me.

Richard

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On
Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah
Sent: Wednesday, July 16, 2008 9:59 PM
To: funsec () linuxbox org
Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting

Date sent:              Wed, 16 Jul 2008 19:46:24 -0400
From:                   Rich Kulawiec <rsk () gsp org>


Wrong answer.  The correct answer is to recognize that any operating
system which requires anti-virus software is fundamentally, deeply
broken and to either (a) fix it (b) get it fixed or (c) dump it.


Even better, let's dump von Neumann architecture, go back to Harvard 
architecture, and avoid viruses altogether ...

Sorry, but I remember the late 80s when everybody was saying that once
we
got 
some security (mainframe-type, of course) into desktop operating systems
viruses 
would be a thing of the past.  They aren't, obviously.  As long as data
can
be 
executed, and programs can be treated as data, viruses will be
inherently
possible.

(And that's just viruses.  The techie version of getting rid of a
[favourite
dumb-
person epithet] by giving them a card with "Turn over" written on both
sides
is to 
tell someone to come up with a technical solution to trojans ...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
Before speaking, consider the interpretation of your words as
well as their intent.                                 - Andrew Alden
victoria.tc.ca/techrev/rms.htm      en.wikipedia.org/wiki/Robert_Slade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: