Pat
Sorry about the previous response. I tend to agree with you - it can
be a simple matter to "scan" for "known criteria". To find items (e.g.
blowing an array in CICS transaction) - that would have other consequences
would be a tough chore to handle.
Regards
Brian Fitzgibbon
SEGUS Inc
On Mon, Aug 11, 2008 at 4:53 PM, Brian Fitzgibbon <[EMAIL PROTECTED]>wrote:
> Pat,
>
>
>
> On Mon, Aug 11, 2008 at 3:59 PM, Patrick O'Keefe <[EMAIL PROTECTED]>wrote:
>
>> On Mon, 11 Aug 2008 17:12:57 +0200, Dr. Stephen Fedtke
>> <[EMAIL PROTECTED]> wrote:
>>
>> >...
>> >we are specialized in runtime-related z/OS malicious code detection,
>> and
>> >programcode scan for virus/malicious code on load module level
>> ...
>>
>> Interesting. Your system can determine intent just by reading load
>> modules? That's neat. I'm about to maliciously use IEBGENER
>> to wipe out the directory of a library and you can detect that.
>> Or I'm going to embezzle gobs of money by rounding up rather
>> truncating (or whatever that technique is).
>>
>> Looking for a virus with an obvious signiture is maybe not too
>> hard. Looking for "non normative code, a code that makes things
>> not allowed or planned intentionally or not" is another matter
>> altogether. I'm willing to be proven wrong, but I suspect any
>> system that claims to do that would be so plagued with false
>> positives (and probably false negatives) that it would be next
>> to useless.
>>
>> Pat O'Keefe
>>
>> ----------------------------------------------------------------------
>> For IBM-MAIN subscribe / signoff / archive access instructions,
>> send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
>> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>>
>>
>
>
> --
> Regards
>
> Brian Fitzgibbon
> SEGUS Inc
> (800)-327-9650
> www.segus.com
>
> For support:
> [EMAIL PROTECTED]
>
>
> The information contained in this e-mail and any accompanying documents may
> contain information that is confidential or otherwise protected from
> disclosure. If you are not the intended recipient of this message, or if
> this message has been addressed to you in error, please immediately alert
> the sender by reply e-mail and then delete this message, including any
> attachments. Any dissemination, distribution or other use of the contents of
> this message by anyone other than the intended recipient is strictly
> prohibited.
>
--
Regards
Brian Fitzgibbon
SEGUS Inc
(800)-327-9650
www.segus.com
For support:
[EMAIL PROTECTED]
The information contained in this e-mail and any accompanying documents may
contain information that is confidential or otherwise protected from
disclosure. If you are not the intended recipient of this message, or if
this message has been addressed to you in error, please immediately alert
the sender by reply e-mail and then delete this message, including any
attachments. Any dissemination, distribution or other use of the contents of
this message by anyone other than the intended recipient is strictly
prohibited.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
