[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?
Tzafrir Cohen
tzafrir at cohens.org.il
Tue Jul 10 12:10:40 BST 2012
On Tue, Jul 10, 2012 at 10:06:47AM +0100, Gordan Bobic wrote:
> On 07/10/2012 09:13 AM, Tzafrir Cohen wrote:
> > On Fri, Jul 06, 2012 at 07:39:02PM +0100, Gordan Bobic wrote:
> >
> >> and no on-access anti-virus scanning (you didn't even seem to
> >> know what I was talking about with on-open scanning hooks when I first
> >> mentioned it).
> >
> > One minor note: on Linux I don't see the point in such a scanner. It
> > mostly serves to increase the attack surface.
>
> How do you figure that?
>
> You suggest that the scope of an exploit in the AV scanner a-la buffer
> overrun is greater than the risk of the user running a trojan? Maybe
> your users are better than mine...
>
> Couple that with a privilege escalation kernel bug (one of these seems
> to crop up once every 10 years or so, not a huge risk, but my point is
> that it does happen, no matter how rarely) and you have potential for
> some serious damage to occur.
I suggest that such a scanner is not a useful right way to mitigate those
risks.
>
> > Keeping the system up-to-date is more useful than keeping a proprietary
> > scanner up-to-date.
>
> I largely agree.
>
> Personally I don't run on-access scanning on my Linux desktops, but I
> mitigate that by being behind firewalls and proxies that do the malware
> scanning (AV milter on the mail server and AV scanner on clam). So the
> attack scope is reasonably limited.
>
> For the average user I would at the very least recommend Firefox and
> Thunderbird AV plugins.
Ahem.
/me will avoid from further responding to this thread. There has been
enough off-topic nonsense in it as-is. Though Gordan is not to blame for
the bulk of it.
--
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
tzafrir at debian.org | | friend
More information about the arm-netbook
mailing list