Macro viruses can't be execute on my computer and many other people's computers. Ditto for scripting files. See my previous 3 messages.
What other kinds of files do I need to be concerned about that can be executed from my hard drive and will have file system access and registry access? Richard -----Original Message----- From: Drsolly [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2008 6:13 PM To: Richard M. Smith Cc: [email protected] Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting On Wed, 16 Jul 2008, Richard M. Smith wrote: > But don't infested document files install spyware .EXE files which will > later be caught by a whitelist? Not all of them. > In addition, Vista will block document files which use buffer overflows to > do their dirty work. Macro viruses don't use buffer overflows. > Richard > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Alex Shipp (elist) > Sent: Wednesday, July 16, 2008 12:09 PM > To: [email protected] > Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting > > >-----Original Message----- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > >Behalf Of David Harley > > > >To be fair, the issue isn't really Word macro viruses: it's the fact that > >they represent a class of objects where executable code is found in places > >less obvious than a .EXE. A whitelisting solution that doesn't take them > >into account is obviously less effective. > > Whitelisting is fine as part of the solution, but it is obviously > not appropriate for documents. Since the majority of industrial espionage > attacks > (via email) involve documents which exploit some bug in the executable > which processes them, some other component is needed to cover this hole. > > No doubt there are also many other holes, which makes me wonder if the > bank has really thought this through. > > Alex > > ----------------------------------------------- > Alex Shipp > Imagineer > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
