On Wed, 16 Jul 2008, Richard M. Smith wrote: > Macro viruses can't be execute on my computer and many other people's > computers. Ditto for scripting files. See my previous 3 messages. > > What other kinds of files do I need to be concerned about that can be > executed from my hard drive and will have file system access and registry > access?
I don't know. I use Linux. > Richard > > -----Original Message----- > From: Drsolly [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 16, 2008 6:13 PM > To: Richard M. Smith > Cc: [email protected] > Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting > > On Wed, 16 Jul 2008, Richard M. Smith wrote: > > > But don't infested document files install spyware .EXE files which will > > later be caught by a whitelist? > > Not all of them. > > > In addition, Vista will block document files which use buffer overflows to > > do their dirty work. > > Macro viruses don't use buffer overflows. > > > > Richard > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > Behalf Of Alex Shipp (elist) > > Sent: Wednesday, July 16, 2008 12:09 PM > > To: [email protected] > > Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting > > > > >-----Original Message----- > > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > >Behalf Of David Harley > > > > > >To be fair, the issue isn't really Word macro viruses: it's the fact that > > >they represent a class of objects where executable code is found in > places > > >less obvious than a .EXE. A whitelisting solution that doesn't take them > > >into account is obviously less effective. > > > > Whitelisting is fine as part of the solution, but it is obviously > > not appropriate for documents. Since the majority of industrial espionage > > attacks > > (via email) involve documents which exploit some bug in the executable > > which processes them, some other component is needed to cover this hole. > > > > No doubt there are also many other holes, which makes me wonder if the > > bank has really thought this through. > > > > Alex > > > > ----------------------------------------------- > > Alex Shipp > > Imagineer > > > > _______________________________________________ > > Fun and Misc security discussion for OT posts. > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > > Note: funsec is a public and open mailing list. > > > > _______________________________________________ > > Fun and Misc security discussion for OT posts. > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > > Note: funsec is a public and open mailing list. > > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
