funsec mailing list archives
Re: Texas Bank Dumps Antivirus for Whitelisting
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 17 Jul 2008 18:17:45 +1200
"Rob, grandpa of Ryan, Trevor, Devon & Hannah" to David Harley:
Change detector/integrity checker. Whatever happened to all those? ;-)
Nothing wrong with the basic idea -- just the implementation... Mind you, that was not helped by the grievous shortcomings of the OS on which these were being implemented -- "modern" OSes with proper security capabilities, process separation, muti-threading and so on makes this kind of approach much more tenable. Of course, "the market" has since been thoroughly brainwashed into believeing that "virus scanning" is "necessary, to the point that some banks, etc "require" such clearly inadequate "protection" be installed on their clients' computers to be covered for losses from their online banking systems (and even to get access to those systems under some suggested schemes).
Oh, my word, yes, Inegrity Master and all its ilk. (And, of course, Gene Kim will be highly offended if I don't mention Tripwire, although it came later.) However, an awful lot of them simply checksummed the existing proggies, and didn't care if you added anything. (I remember my shock at reviewing the first AV that handled things that way ...)
Of course, shoddily and seriously incompletely implemented instances of this class of product did not help its early image amongst (most) users (though that was all largely academic given the lack of sufficient OS resources, such as memory protection, multi-threading, etc as already alluded to). In short, it was a good idea well ahead of its time, given the limitations of the then-dominant (desktop, business) OS, whose image was further tarnished by poor implementations (and some shocking marketing -- anyone recall "never needs updating"?? 8-) ). Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
- Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
- Re: Texas Bank Dumps Antivirus for Whitelisting Toralv_Dirro (Jul 15)