Vulnerability Development mailing list archives
Re: ScriptGuard
From: ztang () WEBER LCS MIT EDU (Chon-Chon Tang)
Date: Tue, 16 May 2000 11:11:42 -0400
As you say, scripts can be written that appear obscured, and then de-cloak themselves as they run. The documentation on the http://www.tlsecurity.net/cleaner/scriptguard.htm site definitely needs to have it's claims softened. In particular, someone should explain Alan Turing's Halting Problem to them :-)
Just to be pedantic, their claims aren't necessarily off. In fact, they claim to warn about any potentially "dangerous" code. Certainly the halting problem can be solved for the set of scripts that have no loops (for example). They can just warn for the set of scripts that do have loops. If their static analysis was sufficiently comprehensive, it should definitely be a powerful tool.... probably overly conservative (rejecting safe scripts, obviously)... but powerful. I do question the part about it not being needed to be "updated". What, does it do a combination of natural language parsing of comments and psycho-analysis to figure out that someone wrote a malicious script, even if it's attempting to do something Script Guard has never seen?
Current thread:
- Re: New worm?, (continued)
- Re: New worm? mick chang (May 04)
- Re: New worm? Rich Corbett (May 04)
- Re: New worm? Edwin Concepcion (May 04)
- Re: New worm? Todd C. Campbell (May 10)
- Re: New worm? Dan Schrader (May 11)
- Re: New worm? Dimitry Andric (May 12)
- Re: New worm? Thierry Zoller (Apr 13)
- ScriptGuard Crispin Cowan (May 16)
- Re: ScriptGuard Thierry Zoller (Mar 16)
- Re: ScriptGuard Tim Wort (May 16)
- Re: ScriptGuard Chon-Chon Tang (May 16)
- warftpd exploit? Martin Ixter (May 16)
- Re: New worm? Dimitry Andric (May 12)
- Re: New worm? Bernie Cosell (May 12)
- ALERT: Bypassing Warnings For Invalid SSL Certificates In Netscape Navigator (fwd) Bluefish (May 13)