Sorry, got caught in the reply to issue.
-----Original Message-----
From: Tim Newsom <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Possible security hole for Dialers/troyan horses
Date: Mon, 5 Mar 2007 7:02:58 -0800
On Mon, 5 Mar 2007 0:05, Evgeny wrote:
On Fri, 2007-03-02 at 07:35 -0800, Tim Newsom wrote:
On Fri, 2 Mar 2007 6:09, Evgeny wrote:
>
> It still Linux based phone — there is absolutely no real-life
viruses
> for Linux at this time, trojans are possible treat, but user have to
> install them by himself.
That's a pretty strong statement.. Are you absolutely sure there are
no
viruses for linux in the wild?
Nope.
If you find one, let me know I'll get, compile $ run "the beast" a
little (In virtual machine of course).
Well if & then you speak about trojans, the cure is "DO NOT INSTALL
THEM". Security holes may exist, but patching them is simple then you
know about them, and in OpenMoko it will be automated by "ipkg".
Read trough http://tldp.org/HOWTO/Security-HOWTO/ it contains some
basics of security in Linux.
When we will speak the same language.
There is no Norton Internet security, that can protect you from unknown
treats. When you know about trojan or something, you simple don't use
(it if you don't wont to).
--
Sincerely Evgeny
I realize nothing can protect you from every possible manner of attack,
but I do know there are vulnerabilities that exist in linux. If not,
SELinux would not have been necessary. If you say there are no viruses,
I would say that's either because no one has written them or they are
just not popular right now because windows is a much easier target to
hit. My statement was that something like Norton Internet Security
combined with the ability to run programs in isolated memory should
provide a lot of protection. The isolated memory would prevent the
infected programs from accessing the memory of other running programs
(something that's possible on windows for sure) and the anti-malware
program could do like someone previously suggested and check a hash of
the program to see if it is a known and accepted version with allowed
rights, etc. Maybe check the hash and a signature so show
authenticity?
While you can't detect unknown threats automatically (though I thought
an anti-virus company said they could do that recently) you can block
the unexpected behaviors automatically and recommed to the user certain
actions.
Remember, there are rootkits out there too. Maybe it would be nice to
have a startup mode where the system goes into rootkit detection mode
and scans the physical memory of the device and filesystem or
something.
Regardless, I think its better to have a pound of caution when a half
pound would do...
--Tim
--Tim
_______________________________________________
OpenMoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community
