Missing pressure :( Or when was the last time you have seen a buying decision made because the app supports NX, has this ever been part of an RFP?
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Richard M. Smith > Sent: Donnerstag, 17. Juli 2008 04:00 > To: [email protected] > Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting > > Yep. What's taking so long to get this feature turned on all > of the time? > Four years seems long enough. > > Richard > > -----Original Message----- > From: Larry Seltzer [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 16, 2008 9:52 PM > To: Richard M. Smith; [email protected] > Subject: RE: [funsec] Texas Bank Dumps Antivirus for Whitelisting > > It's called DEP or NX in Windows. At a system level it's turn > on since XP SP2, and you can set it to apply to Windows code > itself, but apps have to opt in (when this all came out, too > many programs crashed ungracefully when forced into it). > Programs can opt in with a simple linker switch I think. Many > apps do, but many don't. IE8 will opt in by default. Acrobat 9 does. > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > [EMAIL PROTECTED] > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Richard M. Smith > Sent: Wednesday, July 16, 2008 9:34 PM > To: [email protected] > Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting > > I did a talk a couple of years ago at Boston University along > this lines. I pointed out that many (but of course not all) > security flaws in software are due to data morphing into > code. Examples: buffer overflow, SQL injection, and XSS errors. > > I'm not sure how Harvard Architecture, whatever it might be, > would protect against SQL injection and XSS errors. Buffer > overflows can be dealt with by marking data pages as > non-execute in the page table. Why this relatively simple > fix can't be implemented across the board in Windows is a > head scratcher to me. > > Richard > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On > Behalf Of Rob, grandpa of Ryan, Trevor, Devon & Hannah > Sent: Wednesday, July 16, 2008 9:59 PM > To: [email protected] > Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting > > Date sent: Wed, 16 Jul 2008 19:46:24 -0400 > From: Rich Kulawiec <[EMAIL PROTECTED]> > > > Wrong answer. The correct answer is to recognize that any > operating > > system which requires anti-virus software is fundamentally, deeply > > broken and to either (a) fix it (b) get it fixed or (c) dump it. > > Even better, let's dump von Neumann architecture, go back to > Harvard architecture, and avoid viruses altogether ... > > Sorry, but I remember the late 80s when everybody was saying > that once we got some security (mainframe-type, of course) > into desktop operating systems viruses would be a thing of > the past. They aren't, obviously. As long as data can be > executed, and programs can be treated as data, viruses will > be inherently possible. > > (And that's just viruses. The techie version of getting rid > of a [favourite > dumb- > person epithet] by giving them a card with "Turn over" > written on both sides is to tell someone to come up with a > technical solution to trojans ...) > > ====================== (quote inserted randomly by Pegasus Mailer) > [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] > Before speaking, consider the interpretation of your words as > well as their intent. - Andrew Alden > victoria.tc.ca/techrev/rms.htm en.wikipedia.org/wiki/Robert_Slade > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > Firmensitz: Muenchen Amtsgericht: AG Muenchen Handelsregister: HRB 144340 Geschaeftsfuehrer: Eric F. Brown, Anthony E. Ruiseal Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006 UST-ID: DE168122444 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
