-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-07-09 at 19:00 -0000, Jim Henderson wrote:
There is something else.
An antivirus only protects agains _known_ viruses, while apparmour, that doesn't make the computer slower, protects agains new, unknown, "bad things".
But if those things have to be initiated by the user - just like a virus - then why do we need AA? We didn't need it 5 years ago, right?
AA is initiated by the admin, not the user. It does not protect programs, but services.
Isn't that somewhat the same argument now about AV - we don't need it now, so we'll never need it? And since we'll never need it, there's no use in discussing options for OAS for AV?
The philosophy and method of working is different, they protect different things. AA doesn't scan anything, doesn't search for patterns. What is does is simply allow or disallow certain actions against a list of allowed actions. For example, if postfix is compromised and suddenly wants to create a new user (write to /etc/passwd), the profile will not allow it. This is something an antivirus will not detect and avoid, unless it is a previously known _binary_ pattern.
I don't see how logically one can be said to be needed and the other isn't.
AA was designed for Linux and for the kinds of attacks Linux suffers. The antivirus were designed for the attacks Windows suffers. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdRWstTMYHG2NR9URAmu8AJsHHCZ6d6b6TpSYU4UNlfiHnbBbuQCfe+P4 iz+2zIXSEMmXy9ZGhp70SqA= =EEE8 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org