[guardian-dev] Whats better than antivirus? Whitelisting!

Lee Azzarello lee at rockingtiger.com
Thu Apr 18 15:05:26 EDT 2013


On Wed, Apr 17, 2013 at 1:57 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> Cooper Quintin:
>> Apparently McAfee is releasing some kernel level app whitelisting thing
>> for Android devices.  Has anyone heard anything about this yet?  It
>> seems like a really, really good idea, I only wish that McAfee weren't
>> the ones doing it.  What are the potential problems with something like
>> this, other than placing one's trust in McAfee?  Has anyone used it yet?
>>  Any thoughts on how difficult it would be to make an open source
>> version of this?
>>
>
> Hi Cooper,
>
> I think such a technique is generally interesting - we already have such
> a list in theory - it is every binary with the executable bit set, right? :)

It could be something that extends the UNIX permissions system like
SELinux. Kernel enforced application level authorization.

> I'd love to see the implementation as I was just thinking about how to
> write such a hook in user/kernel space to stop phising, redirect
> specific downloads to a secure download (eg: bazaar, thandy, bittorrent)
> and so on...
>
> Do you have a link?
>
> As a side note: I find it really fascinating that racist and sexist
> language is adopted by the security community all of the time.

LOL. How about we spend some time this weekend doing a penetration
test of the whitelist for the slave database?

-lee

>
> All the best,
> Jacob
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>
> You are subscribed as: lee at guardianproject.info


More information about the Guardian-dev mailing list