funsec mailing list archives

Re: Texas Bank Dumps Antivirus for Whitelisting

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 17 Jul 2008 18:17:45 +1200

"Rob, grandpa of Ryan, Trevor, Devon & Hannah" to David Harley:

Change detector/integrity checker. Whatever happened to all those? ;-)


Nothing wrong with the basic idea -- just the implementation...

Mind you, that was not helped by the grievous shortcomings of the OS on 
which these were being implemented -- "modern" OSes with proper security 
capabilities, process separation, muti-threading and so on makes this 
kind of approach much more tenable.

Of course, "the market" has since been thoroughly brainwashed into 
believeing that "virus scanning" is "necessary, to the point that some 
banks, etc "require" such clearly inadequate "protection" be installed on 
their clients' computers to be covered for losses from their online 
banking systems (and even to get access to those systems under some 
suggested schemes).

Oh, my word, yes, Inegrity Master and all its ilk.  (And, of course, Gene Kim will 
be highly offended if I don't mention Tripwire, although it came later.)  However, 
an awful lot of them simply checksummed the existing proggies, and didn't care if 
you added anything.  (I remember my shock at reviewing the first AV that handled 
things that way ...)


Of course, shoddily and seriously incompletely implemented instances of 
this class of product did not help its early image amongst (most) users 
(though that was all largely academic given the lack of sufficient OS 
resources, such as memory protection, multi-threading, etc as already 
alluded to).  In short, it was a good idea well ahead of its time, given 
the limitations of the then-dominant (desktop, business) OS, whose image 
was further tarnished by poor implementations (and some shocking 
marketing -- anyone recall "never needs updating"??  8-) ).


Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Texas Bank Dumps Antivirus for Whitelisting, (continued)
- - - Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Alex Eckelberry (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Nick FitzGerald (Jul 17)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 17)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith (Jul 17)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 17)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Drsolly (Jul 16)
    - Re: Texas Bank Dumps Antivirus for Whitelisting David Harley (Jul 17)
    - Re: Texas Bank Dumps Antivirus for Whitelisting Toralv_Dirro (Jul 15)
- Re: Texas Bank Dumps Antivirus for Whitelisting Rob Thompson (Jul 15)

(Thread continues...)