[funsec] Texas Bank Dumps Antivirus for Whitelisting

Richard M. Smith rms at computerbytesman.com
Wed Jul 16 20:33:32 CDT 2008


I did a talk a couple of years ago at Boston University along this lines.  I
pointed out that many (but of course not all) security flaws in software are
due to data morphing into code.  Examples: buffer overflow, SQL injection,
and XSS errors.

I'm not sure how Harvard Architecture, whatever it might be, would protect
against SQL injection and XSS errors.  Buffer overflows can be dealt with by
marking data pages as non-execute in the page table.  Why this relatively
simple fix can't be implemented across the board in Windows is a head
scratcher to me.

Richard

-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] On
Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah
Sent: Wednesday, July 16, 2008 9:59 PM
To: funsec at linuxbox.org
Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting

Date sent:      	Wed, 16 Jul 2008 19:46:24 -0400
From:           	Rich Kulawiec <rsk at gsp.org>

> Wrong answer.  The correct answer is to recognize that any operating
> system which requires anti-virus software is fundamentally, deeply
> broken and to either (a) fix it (b) get it fixed or (c) dump it.

Even better, let's dump von Neumann architecture, go back to Harvard 
architecture, and avoid viruses altogether ...

Sorry, but I remember the late 80s when everybody was saying that once we
got 
some security (mainframe-type, of course) into desktop operating systems
viruses 
would be a thing of the past.  They aren't, obviously.  As long as data can
be 
executed, and programs can be treated as data, viruses will be inherently
possible.

(And that's just viruses.  The techie version of getting rid of a [favourite
dumb-
person epithet] by giving them a card with "Turn over" written on both sides
is to 
tell someone to come up with a technical solution to trojans ...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca     slade at victoria.tc.ca     rslade at computercrime.org
Before speaking, consider the interpretation of your words as
well as their intent.                                 - Andrew Alden
victoria.tc.ca/techrev/rms.htm      en.wikipedia.org/wiki/Robert_Slade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



More information about the funsec mailing list