[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?

Gordan Bobic gordan at bobich.net
Tue Jul 10 10:06:47 BST 2012


On 07/10/2012 09:13 AM, Tzafrir Cohen wrote:
> On Fri, Jul 06, 2012 at 07:39:02PM +0100, Gordan Bobic wrote:
>
>> and no on-access anti-virus scanning (you didn't even seem to
>> know what I was talking about with on-open scanning hooks when I first
>> mentioned it).
>
> One minor note: on Linux I don't see the point in such a scanner. It
> mostly serves to increase the attack surface.

How do you figure that?

You suggest that the scope of an exploit in the AV scanner a-la buffer 
overrun is greater than the risk of the user running a trojan? Maybe 
your users are better than mine...

Couple that with a privilege escalation kernel bug (one of these seems 
to crop up once every 10 years or so, not a huge risk, but my point is 
that it does happen, no matter how rarely) and you have potential for 
some serious damage to occur.

> Keeping the system up-to-date is more useful than keeping a proprietary
> scanner up-to-date.

I largely agree.

Personally I don't run on-access scanning on my Linux desktops, but I 
mitigate that by being behind firewalls and proxies that do the malware 
scanning (AV milter on the mail server and AV scanner on clam). So the 
attack scope is reasonably limited.

For the average user I would at the very least recommend Firefox and 
Thunderbird AV plugins.

Gordan



More information about the arm-netbook mailing list