[funsec] Texas Bank Dumps Antivirus for Whitelisting

Richard M. Smith rms at computerbytesman.com
Wed Jul 16 21:00:05 CDT 2008


Yep.  What's taking so long to get this feature turned on all of the time?
Four years seems long enough.

Richard

-----Original Message-----
From: Larry Seltzer [mailto:larry at larryseltzer.com] 
Sent: Wednesday, July 16, 2008 9:52 PM
To: Richard M. Smith; funsec at linuxbox.org
Subject: RE: [funsec] Texas Bank Dumps Antivirus for Whitelisting

It's called DEP or NX in Windows. At a system level it's turn on since
XP SP2, and you can set it to apply to Windows code itself, but apps
have to opt in (when this all came out, too many programs crashed
ungracefully when forced into it). Programs can opt in with a simple
linker switch I think. Many apps do, but many don't. IE8 will opt in by
default. Acrobat 9 does.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer at ziffdavisenterprise.com


-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Richard M. Smith
Sent: Wednesday, July 16, 2008 9:34 PM
To: funsec at linuxbox.org
Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting

I did a talk a couple of years ago at Boston University along this
lines.  I
pointed out that many (but of course not all) security flaws in software
are
due to data morphing into code.  Examples: buffer overflow, SQL
injection,
and XSS errors.

I'm not sure how Harvard Architecture, whatever it might be, would
protect
against SQL injection and XSS errors.  Buffer overflows can be dealt
with by
marking data pages as non-execute in the page table.  Why this
relatively
simple fix can't be implemented across the board in Windows is a head
scratcher to me.

Richard

-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On
Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah
Sent: Wednesday, July 16, 2008 9:59 PM
To: funsec at linuxbox.org
Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting

Date sent:      	Wed, 16 Jul 2008 19:46:24 -0400
From:           	Rich Kulawiec <rsk at gsp.org>

> Wrong answer.  The correct answer is to recognize that any operating
> system which requires anti-virus software is fundamentally, deeply
> broken and to either (a) fix it (b) get it fixed or (c) dump it.

Even better, let's dump von Neumann architecture, go back to Harvard 
architecture, and avoid viruses altogether ...

Sorry, but I remember the late 80s when everybody was saying that once
we
got 
some security (mainframe-type, of course) into desktop operating systems
viruses 
would be a thing of the past.  They aren't, obviously.  As long as data
can
be 
executed, and programs can be treated as data, viruses will be
inherently
possible.

(And that's just viruses.  The techie version of getting rid of a
[favourite
dumb-
person epithet] by giving them a card with "Turn over" written on both
sides
is to 
tell someone to come up with a technical solution to trojans ...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca     slade at victoria.tc.ca     rslade at computercrime.org
Before speaking, consider the interpretation of your words as
well as their intent.                                 - Andrew Alden
victoria.tc.ca/techrev/rms.htm      en.wikipedia.org/wiki/Robert_Slade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.




More information about the funsec mailing list