[funsec] standards status in the industry - opinion?

[Blue Boar]

Nick FitzGerald wrote:
> Known virus scanning is not the only "signature scanning" approach -- 
> as Fred Cohen suggested close to (or is that now "more than"??) two 
> decades ago, by far the best solution to the generic problem of 
> detecting the execution of unwanted code (of which, the problem of 
> "detecting malware" is a sub-set) is to "fingerprint" the installed/ 
> allowed code and prevent unknown code from being run.  Thought of in a 
> different way, this is the firewall equivalent of a default-deny rule 
> for the program loader...

Whitelisting would be a huge help.

But we're a little too far down the scripting language & executable data 
format path to completely solve the problem.

For example, you can't be a standards compliant browser at this point 
without supporting an executable data format.

						BB