Mailinglist Archive: opensuse (2803 mails)
| < Previous | Next > |
Re: [opensuse] Re: A BIG "show stopper" for openSUSE at the corporate level anyway!!
- From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
- Date: Wed, 9 Jul 2008 21:46:51 +0200 (CEST)
- Message-id: <alpine.LSU.1.00.0807092133530.6698@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Wednesday 2008-07-09 at 19:00 -0000, Jim Henderson wrote:
AA is initiated by the admin, not the user. It does not protect programs, but services.
The philosophy and method of working is different, they protect different things. AA doesn't scan anything, doesn't search for patterns. What is does is simply allow or disallow certain actions against a list of allowed actions.
For example, if postfix is compromised and suddenly wants to create a new user (write to /etc/passwd), the profile will not allow it.
This is something an antivirus will not detect and avoid, unless it is a previously known _binary_ pattern.
AA was designed for Linux and for the kinds of attacks Linux suffers. The antivirus were designed for the attacks Windows suffers.
- -- Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFIdRWstTMYHG2NR9URAmu8AJsHHCZ6d6b6TpSYU4UNlfiHnbBbuQCfe+P4
iz+2zIXSEMmXy9ZGhp70SqA=
=EEE8
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Hash: SHA1
The Wednesday 2008-07-09 at 19:00 -0000, Jim Henderson wrote:
There is something else.
An antivirus only protects agains _known_ viruses, while apparmour, that
doesn't make the computer slower, protects agains new, unknown, "bad
things".
But if those things have to be initiated by the user - just like a virus
- then why do we need AA? We didn't need it 5 years ago, right?
AA is initiated by the admin, not the user. It does not protect programs, but services.
Isn't that somewhat the same argument now about AV - we don't need it
now, so we'll never need it? And since we'll never need it, there's no
use in discussing options for OAS for AV?
The philosophy and method of working is different, they protect different things. AA doesn't scan anything, doesn't search for patterns. What is does is simply allow or disallow certain actions against a list of allowed actions.
For example, if postfix is compromised and suddenly wants to create a new user (write to /etc/passwd), the profile will not allow it.
This is something an antivirus will not detect and avoid, unless it is a previously known _binary_ pattern.
I don't see how logically one can be said to be needed and the other
isn't.
AA was designed for Linux and for the kinds of attacks Linux suffers. The antivirus were designed for the attacks Windows suffers.
- -- Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFIdRWstTMYHG2NR9URAmu8AJsHHCZ6d6b6TpSYU4UNlfiHnbBbuQCfe+P4
iz+2zIXSEMmXy9ZGhp70SqA=
=EEE8
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |