AntiVirus?

[Paul A. Houle]

On Sun, 20 Mar 2005 22:02:47 -0500, Colin Walters <walters at redhat.com>  
wrote:

>
> Prompting the user for access control decisions at the level of system
> calls is not useful unless your target audience is solely "Linux kernel
> developer"; i.e. .01% of Fedora users at best.  Even at a much higher
> level you have to assume that if you prompt for this kind of stuff, 50%
> of the time they're going to get it wrong.
>

	I've seen security products that do something like this on Windows.  I  
had something like that running during the virus crisis of Summer 2003,   
and it didn't stop the machine from falling apart (Was it Gator?  Some  
toxic waste that rode in on Kazaa's boots?  Did I actually click on one of  
the 200,000 viruses I got in the mail?  Was it the antivirus program?) and  
was just one more thing that helped make the machine unusual.

	Seems to me that we don't need anything radical to run a process in a box  
with a limited set of system calls available;  this can be done with  
ptrace or selinux,  and the next obvious step is to beef up those APIs if  
they aren't quite adequate for what you want to do.

	One of the reasons why security products for Windows are so bad is that  
there isn't really a firewall API in Windows so every firewall product  
finds a set of hooks that look good and then they pray that they don't  
blow up the network stack.  It makes sense to provide APIs that will let  
people do things like that in a reasonable way,  because otherwise they'll  
do them in an unreasonable way.