[funsec] standards status in the industry - opinion?
BlueBoar at thievco.com
Sun Jan 8 01:52:54 CST 2006
Nick FitzGerald wrote:
> Known virus scanning is not the only "signature scanning" approach --
> as Fred Cohen suggested close to (or is that now "more than"??) two
> decades ago, by far the best solution to the generic problem of
> detecting the execution of unwanted code (of which, the problem of
> "detecting malware" is a sub-set) is to "fingerprint" the installed/
> allowed code and prevent unknown code from being run. Thought of in a
> different way, this is the firewall equivalent of a default-deny rule
> for the program loader...
Whitelisting would be a huge help.
But we're a little too far down the scripting language & executable data
format path to completely solve the problem.
For example, you can't be a standards compliant browser at this point
without supporting an executable data format.
More information about the funsec