Re: Comptuer Virus Help

Sebastian Gottschalk wrote:
[snip]
Real protection against viruses is provided by ACLs, implementing a global
no-exec policy and by not allowing automatic code execution.

by acls i imagine you're making a reference to least privilege... fred cohen's early experiments with viruses demonstrate fairly unequivocally that least privilege does not stop viruses... it is a speed bump, not a road block - it will interfere with those viruses that were made with the assumption of having admin access and that's about all...

as for trying to control execution, determining executable data from non-executable data is undecidable in the general case...

they can be valuable additions to a defense in depth approach, but they are not, by themselves, a solution to the virus problem...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
.

Relevant Pages

  • Re: Spyware programme.
    ... It may interest you that some viruses don't spread by ... File infectors are pretty common though. ... itself into other executable files and ensures their execution. ... derived from similarity to behavior of biological viruses. ...
    (microsoft.public.windows.vista.security)
  • Re: Comptuer Virus Help
    ... those were just the most mainstream examples of apps that can be turned into operating environments for viruses - some more obscure examples include amipro, matlab, and ida pro... ... even if it were actually possible to block execution of all executable content in user writable areas that would necessarily impede with any ability the user might have otherwise had to automate his/her tasks.... ... fred cohen's seminal work in the field revealed that the ability to support viral programs is inherent to the general purpose computing platform - meaning that there is no way to manipulate a general purpose computer, short of making it not a general purpose computer anymore, that will stop all possible viruses from operating - ergo the problem is not solvable... ... totally incompetent, slow and dangerous solutions. ...
    (alt.computer.security)
  • Re: Duplicated email messages in & out
    ... blocks the execution of programs containing viruses, so blocking messages ... containing viruses isn't necessary (though it's useful on a mail *server*, ... to keep unprotected computers from receiving the viruses). ...
    (microsoft.public.outlook.general)