Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Different types of virus detection?

  1. #11
    Senior Member
    Join Date
    Nov 2005
    Posts
    115
    Originally posted here by IKnowNot
    4) the right functions on first hard drive are physically limited by a key switch ( actual interrupt of the wires which control writes. This allows, when necessary, to update the OS, etc. without too much difficulty, when absolutely necessary. Could also apply to bios changes: I liked the old jumpers )
    Originally posted here by thehorse13
    Yeah, there is no easy solution to this, which is why you don't have wide spread adoption today. I'm thinking that the only road home on this is to somehow integate it into the OS design. Again, no small or easy task.
    Originally posted here by Tiger Shark
    Until we come up with an OS that doesn't allow outside executable code to run except in an environment where it is isolated from data then there will always be malware..... and we will always have jobs.....
    I agree with all of these notions...

    I can see that IKnowNot's particular pattern could be deployed in almost every environment to some extent... Is this something we could deploy now? From a[n?] Unix perspective I believe this could be done quite easily... I have often thought about having binaries for a locked down server on a CD or other read-only partition...

    The CD to thwart those who may want to use the binaries other when doing maintenance or RO if I am using the system often and don't want the performance hit...

  2. #12
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    6) periodically the anti-malware program checks the hash of the OS and itself ( which is reloaded each time executed ) that is in memory with what is on the first hard drive

    7) the anti-malware program also checks hash functions of any executables on the second hard drive, which it stores in a separate swap file only writable by the anti-malware program

    8) if the hash doesn't match the OS or anti-malware program, or if it detects a unwanted signature, the first swap file is deleted, the administrator and user notified.
    As long as you're not using MD5, you should be ok. In case you haven't heard, there is now an automated tool to beat MD5 hashing. I have a thread here somewhere which gives the details so check it out. I'd rather not rehash (no pun intended) here because I want to keep the conversation on topic.



    For methods close to those described, check out the CIS website. They have all kinds of deployment schemes and goodies there.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #13
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206

    Smile

    How about this, can opennes save the internet? http://freshmeat.net/articles/view/1360/

  4. #14
    Originally posted here by bAgZ
    How about this, can opennes save the internet? http://freshmeat.net/articles/view/1360/
    In a word, no. It isn't that simple ... minded.

  5. #15
    Senior Member
    Join Date
    Nov 2005
    Posts
    115
    Originally posted here by bAgZ
    How about this, can opennes save the internet? http://freshmeat.net/articles/view/1360/
    Firstly, I am prejudiced from the start because there are some Cultural Assumption overtones...

    The government is the strongest supporter of closed source software, having committed to long-lasting delivery agreements with Microsoft...
    Sorry which government was that?


    Secondly, it simplifies the...

    proliferation of spam, worms, crackers, and viruses....
    ...into a "lets use open-source" bandwagon and then tacks on a "lets regulate the internet", marketing corporate networks and VPN as the method...

    Say whaat? Did you pick-up the contradiction?

    Al

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •