Linked by Thom Holwerda on Sun 23rd Sep 2007 10:54 UTC, submitted by irbis
Bugs & Viruses "For at least a decade, the standard advice to every computer user has been to run antivirus software. But new, more commercial, more complex and stealthier types of malware have people in the industry asking: will antivirus software be effective for much longer? Among the threats they see are malware that uses the ability of the latest processors to run virtual machines that would be hidden from antivirus programs." Note: Please note that our icon contest is still running! So if you have an idea on how to rework this story's icon, read this.
Thread beginning with comment 273782
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: No
by netpython on Mon 24th Sep 2007 09:50 UTC in reply to "RE[4]: No"
Member since:

In principle, we do agree. Your comment is worth some comments.

Oh please don't i'm not worthy:-)

But finally, there's someone who uses software. No matter how good developers do their job, there are "evil doers" all around soon doing a better job bypassing means of security. These criminals are usually very educated in regards of security, else they could not do their "job"...

Yes it's an arms race, an ongoing battle with noone from either side winning the war. Though in my opinion what the security aware os designers should and can do is raise the entry level of exploitation a great deal. For example i have an grsecurity patched kernel somewhere running. The simple beauty of it enables me to categorize socket access in three groups. Namely: a) nosocks b) no server socks c) no client socks. Now its rather trivial to populate the groups with objects (deamons, users etc you get the idea..)

What if in the previous grsec implementation context i make a group nosocks and add root to it eg: groupadd -g <guid> <group> && gpasswd -a nosocks. As soon as someone tries to remotely elevate a file to root the connection will be cut off. A similar example would be adding every deamon and user that shouldn't have socket access (user man for example,.). Another example is adding xorg to the noclient group (why should xorg connect itself?).

Rather not as black and white as using an OS from outhern space or if you persist a read only system.
Please forgive my stupidity but does true read only uberhaupt exist? I mean the system memory has to be populated. And processes can still be hooked into?

Reply Parent Score: 2