On Sun, 20 Mar 2005 16:10:03 -0500, Gregory Maxwell wrote: > I've used xdelta in the past on update rpms... they are small.. but > with current practice of not backporting fixes, they might end up > bigger. Yeah, OK. It'd be nice to have them anyway, the sheer volume of updates makes them a pain to install even on ADSL. > It's useless to only attack viruses, spyware is by *far* the bigger > problem on windows desktops these days, and antiviruses are usually > ineffective at stopping worms (since the whole internet gets infected > before someone can identify the spreading method). Right. Actually I have a prototype SELinux "quarantine zone" policy file open in emacs right now. I've been writing a packaging/installer system for a while and the spyware question is common enough to be in the FAQ: http://www.autopackage.org/faq.html#4_3 Not saying it's the right solution, but it's something I (we) have been thinking about a fair bit. > It's not even an arms race.. Once someone has gotten root priv code to > run on your system it's terribly difficult to remove it. There are > quite a few linux rootkits today that are harder than a reinstall to > remove, and even once you've done that you fundamentally can't be sure > that the system is secure. There are rootkits that can't be removed by a format/reinstall? How does that work? > ClamAV is a cross platform antivirus package that supports both server > scanning techniques (such as operating as a milter) and desktop style > virus scanner support (intercepting file IO). It has definitions for > the existing linux viruses and worms, in addition to all the windows > cruft. As I said, it's a solved problem. Ah interesting, I eat my words then. I guess you are right, solved problem (though it'd have to be installed by default I guess, with some GUI?) > Write software code that tracks changes to packages and detects changes > that might introduce security weaknesses. It's also a difficult > problem, but probably an easier problem than antivirus in the long > run... It would be useful today (since as you pointed out, bugs are > added, often unintentionally), and isn't quite as vulnerable to the > antivirus arms race. The new GCC mudflap system might help here. I don't know how badly it hits performance but I seem to recall reading it was meant to be used during development only, so I guess a fair bit ... I think it'd be more interesting to try developing some kind of whitelist/trust system to counter spyware/malware. Still it's a good idea. Thanks for correcting some of my misconceptions! -mike
