RE: [malware-list] TALPA - a threat model? well sorta.

From: david
Date: Fri Aug 15 2008 - 13:32:55 EST

Next message: david: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning"
Previous message: Jaco Kroon: "Re: [ath5k-devel] ath5k on the Acer Aspire One"
In reply to: Press, Jonathan: "RE: [malware-list] TALPA - a threat model? well sorta."
Next in thread: Press, Jonathan: "RE: [malware-list] TALPA - a threat model? well sorta."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 15 Aug 2008, Press, Jonathan wrote:

-----Original Message-----
From: david@xxxxxxx [mailto:david@xxxxxxx]

The problem is that you have to account for the cases where the
malware
made it onto the system even if you were trying to catch it ahead of
time. For example:

- Administrator turns off or reduces AV protection for some reason
for
some period of time. It happens all the time.

according to the threat model actions of the administrator do not
matter.

Sorry, I don't know what you mean.

the threat model that was posted two days ago in the initial message of this thread specificly stated that actions of root are not something that this is trying to defend against.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: david: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning"
Previous message: Jaco Kroon: "Re: [ath5k-devel] ath5k on the Acer Aspire One"
In reply to: Press, Jonathan: "RE: [malware-list] TALPA - a threat model? well sorta."
Next in thread: Press, Jonathan: "RE: [malware-list] TALPA - a threat model? well sorta."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]