Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning

[Rik van Riel]

On Fri, 15 Aug 2008 00:39:18 +0200
Pavel Machek <pavel@xxxxxxx> wrote:

> > > Okay, so goal of libmalware.so is to "not allow data in the black list
> > > to pass through Linux server". Threat model is windows machines trying
> > > to copy infected files through the server. 
> > 
> > That's only part of the threat model.
> 
> Yes, that's the part libmalware.so proposal solves. Given scary number
> of 0 Linux viruses in wild, it seems to solve the problem pretty well.

If you're trolling, you're not being very good at it.

Just because you cannot easily infect a Linux system from a
user application does not mean malware cannot do all kinds
of damage with user privileges.  Think of a key sniffer (using
the same interface that the X screensavers use) or a spam bot
running with user privileges.

Firefox, OpenOffice.org and other (mostly desktop) programs are 
extremely large and complex, deal with untrusted data on a daily
basis and could be used to spread worms and get malware onto systems.

The old DOS model of "you need to infect system binaries" is not
a good description of how today's malware works.  Malware is not
there to infect a system "as much as possible", but to accomplish
actual malice.

Consequently, the number of acceptable attack vectors on a system
is pretty large and we should protect against these kinds of
programs.

It would be good to get this additional layer of protection against
malware in place, before people start developing Linux malware.

-- 
All rights reversed.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/