On Mon, 17 May 2004 13:33:44 +0200, Ondrej Krajicek <[EMAIL PROTECTED]> said:
> > we're faster". Add on an the required anti-virus program monitoring > > packets in and out and watch your performance drop as that eliminates > > the whole concept behind DMA as now you have to route all data through > > the host cpu anyways. Pretty soon, we'll need AV signature engines > > encoded in the data bus of Windows machines in silicon. I wouldn't be > > surprised if Intel or AMD had a skunkworks project on this very problem. "Palladium". It's more about DRM than about real security (think about it - if somebody find yet another IIS exploit, the buffer overflow will run in the IIS context same as it does now.... > IMHO the data are routed through host CPU anyway, DMA is not as clever > to locate the proper file in the proper filesystem on the proper > volume and pass them to the proper network card. You're right that the=20 > CPU does not have to process every single bit of each (?) file. > But this could be solved by used more advanced bus architecture > (PCIX or even something faster) and adding more CPU. Dedicated anti-virus > chip is a thing which I hope is not going to happen. Hmm.. let me get this straight - I can run something like SELinux and get snappy performance on a 700mz PentiumIII, but to get security out of Windows I'll need even MORE CPU and a PCIX? What's wrong with this picture?
pgpmBixBZ2VIA.pgp
Description: PGP signature
