linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Rob Meijer" <capibara@xs4all.nl>
To: david@lang.hm
Cc: "Peter Dolding" <oiaohm@gmail.com>,
	"Theodore Tso" <tytso@mit.edu>,
	"Arjan van de Ven" <arjan@infradead.org>,
	rmeijer@xs4all.nl, "Alan Cox" <alan@lxorguk.ukuu.org.uk>,
	capibara@xs4all.nl, "Eric Paris" <eparis@redhat.com>,
	"Rik van Riel" <riel@redhat.com>,
	davecb@sun.com, linux-security-module@vger.kernel.org,
	"Adrian Bunk" <bunk@kernel.org>,
	"Mihai Don??u" <mdontu@bitdefender.com>,
	linux-kernel@vger.kernel.org, malware-list@lists.printk.net,
	"Pavel Machek" <pavel@suse.cz>
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon  access scanning
Date: Sun, 17 Aug 2008 12:33:20 +0200 (CEST)	[thread overview]
Message-ID: <6746.82.95.100.23.1218969200.squirrel@webmail.xs4all.nl> (raw)

On Sun, August 17, 2008 10:58, david@lang.hm wrote:
> On Sun, 17 Aug 2008, Peter Dolding wrote:
>> Instead swap across to the shorter white list to process and sort.
>> Quarantining for black list scanning so performance of machine is hit
>> with the least ammount.  Some areas like email, p2p for people using
>> formats that should not contain macros or executable code white list
>> scanning there is all that is needed before either blocking or asking
>> user if black list scanning should be preformed or the file just
>> deleted.  Lets close the door's on these malware writers without hurt
>> end users any more than we have to.  What is the point of running a full
>> black list across a file the user will delete because it was not what
>> they thought it was.
>
> you are arguing with the wrong people here. we are not trying to define
> the future of anti-virus technologies, we are trying to figure out how to
> provide the hooks so that people and companies can go off and do the
> research and experimentation and try different approaches.

Given recent demonstrations that show how easy it apparently is to bypass
blacklist base approaches, providing hooks to allow these blacklist
approaches may I feel be rather futile. Focusing only on hooks for white
list approaches in combination with hooks for least authority approaches
like the powerbox would IMHO seem like a much more reasonable approach
given the current state of things and knowledge concerning the blacklist
technologies. Explicitly adding support for technology that is quickly
becoming obsolete would seem like a waste of time and resources.


Rob




             reply	other threads:[~2008-08-17 10:35 UTC|newest]

Thread overview: 65+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-17 10:33 Rob Meijer [this message]
2008-08-17 10:46 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning david
2008-08-17 21:58   ` Pavel Machek
2008-08-17 22:30     ` david
  -- strict thread matches above, loose matches on Subject: below --
2008-08-15 12:22 Rob Meijer
2008-08-15 13:27 ` Peter Dolding
2008-08-15 17:31   ` david
2008-08-16  3:57     ` Peter Dolding
2008-08-16  4:09       ` Arjan van de Ven
2008-08-16  5:19         ` Peter Dolding
2008-08-16  9:39           ` Theodore Tso
2008-08-16 11:38             ` Peter Dolding
2008-08-16 15:17               ` Theodore Tso
2008-08-17  7:49                 ` Peter Dolding
2008-08-17  8:58                   ` david
2008-08-18  0:11                     ` Peter Dolding
2008-08-18  0:32                       ` david
2008-08-18  1:20                         ` Peter Dolding
2008-08-18 10:54                       ` douglas.leeder
2008-08-18 13:40                         ` Peter Dolding
2008-08-16  5:35         ` Valdis.Kletnieks
2008-08-16  7:27           ` david
     [not found]         ` <alpine.DEB.1.10.0808152115210.12859@asgard.lang.hm>
2008-08-16  9:28           ` Alan Cox
2008-08-16 10:14             ` david
2008-08-17 21:17       ` David Collier-Brown
2008-08-18  1:33         ` Peter Dolding
2008-08-18  1:44           ` david
2008-08-18  2:33             ` Peter Dolding
2008-08-15 14:18 ` Alan Cox
2008-08-15 10:10 Rob Meijer
2008-08-15 11:02 ` Alan Cox
2008-08-13 12:56 [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Pavel Machek
2008-08-13 13:52 ` tvrtko.ursulin
2008-08-14 12:54   ` Pavel Machek
2008-08-14 18:37     ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-14 22:39       ` Pavel Machek
2008-08-15  0:00         ` Rik van Riel
2008-08-15  0:43           ` Theodore Tso
2008-08-15  1:02             ` Rik van Riel
2008-08-15  3:00             ` Eric Paris
2008-08-15  5:22               ` david
2008-08-15  5:33                 ` david
2008-08-15  5:38                   ` david
2008-08-17 22:14                 ` Pavel Machek
2008-08-17 22:12               ` Pavel Machek
2008-08-17 22:47                 ` david
2008-08-17 22:58                   ` Pavel Machek
2008-08-17 23:24                     ` david
2008-08-18  0:00                     ` Casey Schaufler
2008-08-18  0:17                       ` david
2008-08-18  0:31                         ` Peter Dolding
2008-08-18  0:39                           ` david
2008-08-18  0:42                         ` Casey Schaufler
2008-08-18  0:07                     ` Rik van Riel
2008-08-19 10:41                       ` Pavel Machek
2008-08-15  8:35             ` Alan Cox
2008-08-15 11:35               ` Theodore Tso
2008-08-17 22:10               ` Pavel Machek
2008-08-06  0:51 [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Rik van Riel
2008-08-06 12:10 ` Press, Jonathan
2008-08-06 15:08   ` Theodore Tso
2008-08-06 15:33     ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-06 15:46       ` Rik van Riel
2008-08-06 16:12         ` tvrtko.ursulin
2008-08-06 16:25           ` Rik van Riel
2008-08-06 18:06             ` Eric Paris
2008-08-05 17:38 [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon " Arjan van de Ven
2008-08-05 18:04 ` Press, Jonathan
2008-08-05 18:11   ` Greg KH
2008-08-05 18:38     ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Press, Jonathan
2008-08-05 18:54       ` Theodore Tso
2008-08-05 20:37         ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-05 21:14           ` Greg KH
2008-08-05 20:18       ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Greg KH
2008-08-05 20:28         ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-05 20:51           ` Eric Paris
2008-08-05 21:08             ` Arjan van de Ven

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6746.82.95.100.23.1218969200.squirrel@webmail.xs4all.nl \
    --to=capibara@xs4all.nl \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=arjan@infradead.org \
    --cc=bunk@kernel.org \
    --cc=davecb@sun.com \
    --cc=david@lang.hm \
    --cc=eparis@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=malware-list@lists.printk.net \
    --cc=mdontu@bitdefender.com \
    --cc=oiaohm@gmail.com \
    --cc=pavel@suse.cz \
    --cc=riel@redhat.com \
    --cc=rmeijer@xs4all.nl \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).