funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: standards status in the industry - opinion?

From: Blue Boar <BlueBoar () thievco com>
Date: Sat, 07 Jan 2006 23:52:54 -0800
Nick FitzGerald wrote:
Known virus scanning is not the only "signature scanning" approach -- as Fred Cohen suggested close to (or is that now "more than"??) two decades ago, by far the best solution to the generic problem of detecting the execution of unwanted code (of which, the problem of "detecting malware" is a sub-set) is to "fingerprint" the installed/ allowed code and prevent unknown code from being run. Thought of in a different way, this is the firewall equivalent of a default-deny rule for the program loader... 

Whitelisting would be a huge help.
But we're a little too far down the scripting language & executable data format path to completely solve the problem.
For example, you can't be a standards compliant browser at this point without supporting an executable data format. 

                                                BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: