RE: Vulnerability-based IPS Patent

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

From:                   "Richard M. Smith" <rms () bsf-llc com>
Date sent:              Wed, 29 Mar 2006 17:24:26 -0500

> Are you (or anyone else) aware of prior art for this AV patent:

> Data is tested in transit between a source medium and a destination medium, such
> as between two computer communicating over a telecommunications link or network.
> Each character of the incoming data stream is tested using a finite state
> machine which is capable of testing against multiple search strings representing
> the signatures of multiple known computer viruses. When a virus is detected the
> incoming data is prevented from remaining on the destination storage medium.

Following the CHRISTMA exec of 1987, many of the affected systems 
implemented "filters" that would have done pretty much exactly that.  You might 
also want to look at Fred's thesis and dissertation, from 1984 and 1986, to see 
whether he applied scanning to comm links: he was big into state machines.

I'd have to search the archives for email on it, but I rather suspect that someone 
might have discussed it.  It's a pretty obvious idea.

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca      slade () victoria tc ca      rslade () sun soci niu edu
More than any time in history mankind faces a crossroads.  One
path leads to despair and utter hopelessness, the other to total
extinction.  Let us pray that we have the wisdom to choose
correctly.                                             - Woody Allen
http://victoria.tc.ca/techrev/rms.htm
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.