Re: malware defense

Jeffrey B. Siegal (jbs@quiotix.com)
Fri, 3 Dec 1999 20:51:06 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeffrey B. Siegal: "Re: Strange problem in my structs"
Previous message: Alex Belits: "Re: malware defense"
Maybe in reply to: andrew@daviel.org: "malware defense"
Next in thread: Jeffrey B. Siegal: "Re: malware defense"

> > > How do you protect against corruption/replacement of the daemon software
> > > that checks the images?
> > Keep it in physically unwritable media, like a CD-R in a CD-ROM drive.
> How will it help if trojan already modified the kernel image?

1. Keep the kernel image on non-writable media as well.

2. If the kernel is compromised, then kernel-level protection doesn't help
you either (the above was a reference to the claim that user-level daemons
couldn't be trusted). You're screwed unless your defense is implemented
in hardware (which is basically equivalent to putting the kernel and
security daemons on non-writable media).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeffrey B. Siegal: "Re: Strange problem in my structs"
Previous message: Alex Belits: "Re: malware defense"
Maybe in reply to: andrew@daviel.org: "malware defense"
Next in thread: Jeffrey B. Siegal: "Re: malware defense"