-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-07-10 at 16:02 -0000, Jim Henderson wrote:
For example, if postfix is compromised and suddenly wants to create a new user (write to /etc/passwd), the profile will not allow it.
Sure. And how exactly would Postfix decide to do something like this? Wouldn't it have to run some sort of executable code to do something like this - something that's not in its normal behaviour patterns to do?
It could be in memory, a buffer overflow hack. It could be the main program or a child. Not important.
But it is important. Many people here are saying "you have to explicitly make the file executable before running it" - but a buffer overflow or
I mean it is not important if it is the main program or its siblings that is hacked.
something similar is a way around that without the user knowing. Then the thing attaches itself to a file already flagged executable - or writes itself out to the filesystem and makes itself executable. No user intervention needd.
Notice that AA will protect against an attack made in the memory image, with the binaries of the program affected not modified. Ie, it watchs for variations in the behavior of the service, not on what code it contains. It is different.
AA was designed for Linux and for the kinds of attacks Linux suffers. The antivirus were designed for the attacks Windows suffers.
And it's fair to say that Linux will never ever ever *ever* suffer the type of attacks Windows suffers? *ever*?
I have been seeing that argument for at least ten years, and it hasn't happened.
Absence of evidence is not evidence of absence. Again, can you *guarantee* it will *never ever happen*?
No, but for till then (if!) it is a non-issue. There will first have to be a real virus attack, and then an antivirus will have to be made against it... Meanwhile, I will not scan my linux system for viruses if there is nothing to search for yet. Let windows protect itself :-P - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIdpcztTMYHG2NR9URArfDAJ9dnUgIYaLBHQkdrpAKEZ+x8JQCpwCeK7h/ tctV+ih/2Hfx9pDpQH0osQg= =ixoY -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org