-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-07-09 at 21:40 -0000, Jim Henderson wrote:
On Wed, 09 Jul 2008 21:46:51 +0200, Carlos E. R. wrote:
But if those things have to be initiated by the user - just like a virus - then why do we need AA? We didn't need it 5 years ago, right?
AA is initiated by the admin, not the user. It does not protect programs, but services.
And services are....*programs*, right?
Yes, but not any program. AA would be very difficult to apply, say, to oowriter.
For example, if postfix is compromised and suddenly wants to create a new user (write to /etc/passwd), the profile will not allow it.
Sure. And how exactly would Postfix decide to do something like this? Wouldn't it have to run some sort of executable code to do something like this - something that's not in its normal behaviour patterns to do?
It could be in memory, a buffer overflow hack. It could be the main program or a child. Not important.
This is something an antivirus will not detect and avoid, unless it is a previously known _binary_ pattern.
Yes. And there is value in looking for *known* threats. rkhunter works based on previously known patters, not the unknown. Or are you saying that we should kill off rkhunter as well because it only looks for known threats?
No, I'm pointing the difference and the dificulty. Searching for patterns will seldom protect against new types of attacks.
I don't see how logically one can be said to be needed and the other isn't.
AA was designed for Linux and for the kinds of attacks Linux suffers. The antivirus were designed for the attacks Windows suffers.
And it's fair to say that Linux will never ever ever *ever* suffer the type of attacks Windows suffers? *ever*?
I have been seeing that argument for at least ten years, and it hasn't happened. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdUjNtTMYHG2NR9URAvDLAKCNeDqP3gWxd8fnLds0fyzNGnx4gACdEHvt 0VMiZneqnYPOzANyQjTmsRw= =QTl7 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org