RE: [malware-list] TALPA - a threat model? well sorta.

[david]

On Fri, 15 Aug 2008, Press, Jonathan wrote:

> > -----Original Message-----
> > From: malware-list-bounces@xxxxxxxxxxxxxxxx [mailto:malware-list-
> > bounces@xxxxxxxxxxxxxxxx] On Behalf Of Peter Zijlstra
> > Sent: Friday, August 15, 2008 6:37 AM
> > To: Helge Hafting
> > Cc: linux-kernel@xxxxxxxxxxxxxxx; malware-list@xxxxxxxxxxxxxxxx;
> hch@xxxxxxxxxxxxx;
> > andi@xxxxxxxxxxxxxx; viro@xxxxxxxxxxxxxxxxxx;
> alan@xxxxxxxxxxxxxxxxxxx; Arjan van
> > de Ven
> > Subject: Re: [malware-list] TALPA - a threat model? well sorta.
> >
> > On Fri, 2008-08-15 at 12:07 +0200, Helge Hafting wrote:
> > > It seems to me that this "scan on file open" business is the
> > > wrong way to do things - because it reduces performance.
> > >
> > > If you scan on file open, then your security sw is too late and
> > > getting in the way.
>
> The problem is that you have to account for the cases where the malware
> made it onto the system even if you were trying to catch it ahead of
> time.  For example:
>
> - Administrator turns off or reduces AV protection for some reason for
> some period of time.  It happens all the time.

according to the threat model actions of the administrator do not matter.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/