Death of antivirus software imminent
Leichter, Jerry
leichter_jerrold at emc.com
Wed Jan 2 19:15:05 EST 2008
| One virtualization approach that I have not see mentioned on this
| thread is to run the virtual machine on a more secure OS than is used
| by the applications of interest.
|
| For example, one could run VMware on SELinux and use VMware to host
| Windows/Vista. Thus, even if a virus subverts Windows it still has no
| more capabilities than any errant program in SELinux. And, the virus
| author has to cope with the complications created by the dual
| operating systems.
It's not clear to me what threats this protects you against. A Windows
virus would work within the Windows environment just as it always did.
If that's *your* working environment, it's just as contaminated as if
you were running Windows on bare metal.
Of course, if you're using the sandbox idea, you can throw out your
contaminated Windows environment periodically and start from fresh.
As always, you need to be in a position to throw *everything* out,
which can be rather painful.
A virus that could break through Windows, then through VMWare (with
or without SELinux), then actually do something in that environment
to establish itself more strongly, probably doesn't exist today - and
would be quite an interesting challenge.
| Me, I do just the opposite. I browse the web with firefox running on
| SELinux (targeted policy) on VMware hosted on Windows XP.
That's a more reasonable approach.
| That would be secure if I didn't run as root half the time.
:-(
-- Jerry
| Chuck Jackson
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list