funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: Drsolly <drsollyp () drsolly com>
Date: Thu, 17 Jul 2008 00:31:40 +0100 (BST)
On Wed, 16 Jul 2008, Richard M. Smith wrote:
Macro viruses can't be execute on my computer and many other people's computers. Ditto for scripting files. See my previous 3 messages. What other kinds of files do I need to be concerned about that can be executed from my hard drive and will have file system access and registry access?
I don't know. I use Linux.
Richard -----Original Message----- From: Drsolly [mailto:drsollyp () drsolly com] Sent: Wednesday, July 16, 2008 6:13 PM To: Richard M. Smith Cc: funsec () linuxbox org Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting On Wed, 16 Jul 2008, Richard M. Smith wrote:But don't infested document files install spyware .EXE files which will later be caught by a whitelist?Not all of them.In addition, Vista will block document files which use buffer overflows to do their dirty work.Macro viruses don't use buffer overflows.Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Alex Shipp (elist) Sent: Wednesday, July 16, 2008 12:09 PM To: funsec () linuxbox org Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of David Harley To be fair, the issue isn't really Word macro viruses: it's the fact that they represent a class of objects where executable code is found inplacesless obvious than a .EXE. A whitelisting solution that doesn't take them into account is obviously less effective.Whitelisting is fine as part of the solution, but it is obviously not appropriate for documents. Since the majority of industrial espionage attacks (via email) involve documents which exploit some bug in the executable which processes them, some other component is needed to cover this hole. No doubt there are also many other holes, which makes me wonder if the bank has really thought this through. Alex ----------------------------------------------- Alex Shipp Imagineer _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 22)
- Message not available
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Shipp (elist) (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 16)