Star 'Critical Linux Security API is Still a Kludge'
Linked by Thom Holwerda on Sun 22nd Oct 2006 22:56 UTC
Linux "The talk lately has centred about Vista's security APIs, but Linux certainly needs improvements in this area, because AV vendors still rely on an external kernel module to implement 'real time' file scanning." The Inq also reviews AVG antivirus for Linux, and concludes it is a must-have
E-mail Print r 0   165 Comment(s) http://osne.ws/cjl
Thread beginning with comment 173946
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[6]: Pointless
by bytecoder on Mon 23rd Oct 2006 02:33 UTC in reply to "RE[5]: Pointless"
bytecoder
Member since:
2005-11-27


Anti-virus programs are not a better solution.

I didn't say it was. I'm saying the complete opposite of this, which you'd probably known if you'd bothered to read my other post...



A better solution is to have a good security model for your system in the first place, and then to install only applications for which the source code can be and is inspected and auditable by independent people who have the same interest as you (ie, they are not being paid by the vendors of the programs, and they are end users of the programs themselves).

That's a terrible solution. It's impossible to catch all the bugs. The best security policy is that of containment, not perfection.

Reply Parent Bookmark Score: 1

RE[7]: Pointless
by hal2k1 on Mon 23rd Oct 2006 02:51 in reply to "RE[6]: Pointless"
hal2k1 Member since:
2005-11-11

"That's a terrible solution. It's impossible to catch all the bugs. The best security policy is that of containment, not perfection."

Not at all.

Despite the ironical similarity in names, a virus is not a bug. A virus is malware by intention.

One doesn't have to "catch all bugs" in order to ascertain if the code being inspected is not malware. One only has to work out what the code being inspected is trying to do.

If it is trying to catch key presses, cache them, then later send them all off as data to an IP address coded via its numbers only ... one would have to think ... "hmm, keylogger ... reject".

If it is a bunch of code trying to append a binary blob to the end of system libraries, one would have to think ... "hmm, virus ... reject".

One doesn't have to completely debug the program in order to spot malware. One just works out what the code is trying to do. If there is code included with a suspect purpose ... reject it. If it has good purpose but obscure hard-to-spot bugs, it still isn't malware. It is just buggy application software.

Edited 2006-10-23 03:00

Reply Parent Bookmark Score: 1

RE[8]: Pointless
by ma_d on Mon 23rd Oct 2006 03:12 in reply to "RE[7]: Pointless"
ma_d Member since:
2005-06-29

That line has historically been thin, see Robert Tappan Morris.

It's a bit thicker these days, but probably only because of those who've barely crossed over in the past and served time.

Reply Parent Bookmark Score: 1

RE[8]: Pointless
by bytecoder on Mon 23rd Oct 2006 12:49 in reply to "RE[7]: Pointless"
bytecoder Member since:
2005-11-27

No, but viruses exploit bugs to gain access to your computer. Besides, you expect normal users to audit source code to make sure it's secure and not malicious? Heh.

Reply Parent Bookmark Score: 1

Read more of this thread... >