AntiVirus?
Paul A. Houle
ph18 at cornell.edu
Mon Mar 21 13:35:32 UTC 2005
On Sun, 20 Mar 2005 22:02:47 -0500, Colin Walters <walters at redhat.com>
wrote:
>
> Prompting the user for access control decisions at the level of system
> calls is not useful unless your target audience is solely "Linux kernel
> developer"; i.e. .01% of Fedora users at best. Even at a much higher
> level you have to assume that if you prompt for this kind of stuff, 50%
> of the time they're going to get it wrong.
>
I've seen security products that do something like this on Windows. I
had something like that running during the virus crisis of Summer 2003,
and it didn't stop the machine from falling apart (Was it Gator? Some
toxic waste that rode in on Kazaa's boots? Did I actually click on one of
the 200,000 viruses I got in the mail? Was it the antivirus program?) and
was just one more thing that helped make the machine unusual.
Seems to me that we don't need anything radical to run a process in a box
with a limited set of system calls available; this can be done with
ptrace or selinux, and the next obvious step is to beef up those APIs if
they aren't quite adequate for what you want to do.
One of the reasons why security products for Windows are so bad is that
there isn't really a firewall API in Windows so every firewall product
finds a set of hooks that look good and then they pray that they don't
blow up the network stack. It makes sense to provide APIs that will let
people do things like that in a reasonable way, because otherwise they'll
do them in an unreasonable way.
More information about the fedora-devel-list
mailing list