Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Support the Sasser-author fund started

From: Ondrej Krajicek <krajicek () ics muni cz>
Date: Mon, 17 May 2004 17:29:04 +0200
IMHO the data are routed through host CPU anyway, DMA is not as clever
to locate the proper file in the proper filesystem on the proper
volume and pass them to the proper network card. You're right that the=20
CPU does not have to process every single bit of each (?) file.
But this could be solved by used more advanced bus architecture
(PCIX or even something faster) and adding more CPU. Dedicated anti-virus
chip is a thing which I hope is not going to happen.


Hmm.. let me get this straight - I can run something like SELinux and get
snappy performance on a 700mz PentiumIII, but to get security out of Windows
I'll need even MORE CPU and a PCIX?  What's wrong with this picture?


We are talking about on-line anti-virus scanning performance, which
is decided mainly by the troughput of the I/O bus and CPU
speed.

SELinux is about mandatory access control.

Ondra

+>>>-----------------------------------------------------------------+
|Ondrej Krajicek                                                 (-KO|
|Institute of Computer Science, Masaryk University Brno, CR          |
|http://isildur.ics.muni.cz/~ondra               krajicek () ics muni cz|
+--------------------------------------------------------------------+

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: