On Fri, 11 Jul 2008 01:11:46 +0200, Carlos E. R. wrote:
It could be in memory, a buffer overflow hack. It could be the main program or a child. Not important.
But it is important. Many people here are saying "you have to explicitly make the file executable before running it" - but a buffer overflow or
I mean it is not important if it is the main program or its siblings that is hacked.
I see. I think I actually conflated a couple of things there by mistake. :-)
something similar is a way around that without the user knowing. Then the thing attaches itself to a file already flagged executable - or writes itself out to the filesystem and makes itself executable. No user intervention needd.
Notice that AA will protect against an attack made in the memory image, with the binaries of the program affected not modified. Ie, it watchs for variations in the behavior of the service, not on what code it contains. It is different.
How well it does that, though, depends on how well things are profiled, correct?
Absence of evidence is not evidence of absence. Again, can you *guarantee* it will *never ever happen*?
No, but for till then (if!) it is a non-issue.
There will first have to be a real virus attack, and then an antivirus will have to be made against it... Meanwhile, I will not scan my linux system for viruses if there is nothing to search for yet. Let windows protect itself :-P
Then again, that's your choice as a system user. I personally think waiting until the first major attack to go "oh, wow, we need an AV solution *now*" is the wrong time to start developing a solution or looking at the options. I really don't understand what's so wrong about being proactive. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org