Re: Virus free desktop



On Tue, 18 Nov 2003, Alan wrote:

> Running programs in a sandbox or letting the OS decide what is or is not
> a virus would require some sort of database for the os to look up a
> binary fingerprint, or do some sort of heuristic check to see what the
> app or docuement is doing, and if it's allowed.  It would have to know
> that ssh starting up is different than a user (or root) executed program
> that opens up a port that allows incoming connections.

A central database of binary footprints is not the way to go.  
Microsoft tried something like this with Authenticode.  The
local database of footprints should only be used to enforce
policy decisions made by the user (e.g. "let this app open 
an IRC port").

-- 
			Stuart D. Gathman <stuart bmsi com>
      Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
	"[Microsoft] products are even less buggy than others, in terms of
	    per capita usage." - Steve Balmer, Microsoft Corporation




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]