Curt Wilson wrote: [snip]
> Sure, you can load some things without being admin. However, from what I > understand most malware in the wild still assumes admin. [snip] > I don't imagine it will be that way long though. [snip] > I guess there is no good way around this.... The question I have for you is: How do we know how the bleeding edge of malware is constructed? The reason I posit this question is because it seems to me that awareness of malware in the wild only occurs when it is either badly constructed and it gives itself away, like the Morris worm, or it actually causes detected harm of some sort that we actually attribute to the correct cause. To give an example, I'll use one from medicine. How many years and how many quack "cures" was it from the first thought that ulcers could be bacterially induced until it was an accepted fact? The first hint was published by a family doctor in JAMA in 1954 and ignored for 40+ years. Finally in 1998 researchers proved that Helicobacter pylori was the root cause of 80+% of all ulcers. *Then* somebody noticed the original research. How much effort and wasted money could have been saved if the first real clue, which was merely a suggestion that it merited further investigation, had been followed up on? I think we are in the same position with regard to malware. So my view is that just because we have only seen malware with a given assumption does not mean that malware based on alternative assumptions does not exist. It may be that we do not have the proper view or diagnostic tools to hand to see it. You are correct that the conversation might be drifting away from FDE, but I don't see that as bad in this case. It is much like the problems I run into all the time where the positive business case is the only one presented. Then everyone is surprised when it is discovered that the solution fails because corner cases were not thought about in order to chose or create the correct solution. My sense is that FDE needs to be looked at from all the various vectors, even imaginary ones, where it might be compromised and see if it can be constructed in such a way as to meet the mentally constructed possible threat vectors. If we don't see analyze all the potential threats and see how to overcome them we *will* be caught between a rock and a hard place sooner or later. But then, I have been *known* to be *wrong* on occasion. Best, Allen _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
