Stuart Fox to me: > Isn't this similar to what MS do in Windows 2003/XP SP2 with Software > Restriction Policies? Executables are only allowed to run provided they > fit a prespecified pattern i.e. name (not very useful), signed or not, > hash of the executable.
Yes, but it has to be much more thoroughly implemented. It needs to be at a low level in the file system (as existing on-access virus scanners' file system filter drivers and the like currently are) and it needs to be able to handle a much broader conception of "code" than the existing implementation (again, as existing on-access virus scanners have, with their "intelligent" file typing and such...). Such a "solution" would only ever be widely useful in properly managed corporate environments -- most small businesses (and many medium-sized ones) and most individual users would never have the discipline and/or interest in managing this, but in larger corporate, and many other large institutional, settings, where most PCs are really just tools providing a standard (and usually fairly limited) set of applications, such an integrity management approach would be easily adopted in place of on-access virus scanning and would only ever need updating just before standard maintenance procedures update/patch the contents of the managed PCs or new functionality (apps) were to be installed. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
