This is probably patented and implemented already but nonetheless its
a new idea for me, so I mention it...
While mass-produced malware remains an issue for a most users, an
significant threat is also posed by malware customised for a specific
victim (so called 'targetted malware'). This
Dear lsi,
This approach is already implemented, at least partially, to limit
functionality of unknown applications. It can be found in multiple
personal firewalls or things like http://www.securesize.com/GeSWall/
There is a better approach - every good application should be signed
Hi
What you are referring to is a 'white-list' of applications, e.g. you
have an application that runs at a low level and only allows a list of
approved or allowed applications to run. These do not necessarily
need to scan you system as they can work at run-time - each time an
application of any
lsi wrote:
This is probably patented and implemented already but nonetheless its
a new idea for me, so I mention it...
snip simple description of executable white-listing
Fred Cohen invented this anti-malware approach in discussing the
mitigation of computer viruses in his seminal (Ph.D.
[
[--
[
[Message: 1
[Date: Mon, 22 Jan 2007 12:42:43 -
[From: lsi [EMAIL PROTECTED]
[Subject: [Full-disclosure] detecting targetted malware
[To: Full-disclosure@lists.grok.org.uk
[Message-ID: [EMAIL PROTECTED]
[Content-Type
[--
[
[Message: 15
[Date: Tue, 23 Jan 2007 10:50:08 +1300
[From: Nick FitzGerald [EMAIL PROTECTED]
[Subject: Re: [Full-disclosure] detecting targetted malware
[To: Full-disclosure@lists.grok.org.uk
[Message-ID: [EMAIL PROTECTED]
[Content-Type: text/plain; charset=US