LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel-based malware scanning

Kernel-based malware scanning

Posted Dec 8, 2007 3:06 UTC (Sat) by dvdeug (subscriber, #10998)
Parent article: Kernel-based malware scanning 

The only real solution to the local user problem, I would think, is walls of separation. At
the simplest level, never open a file a user asks you to open; always copy it and run chmod
600 over it first, then check it, then open it. At a larger level, design things with clear
gateways; documents have to be loaded onto the server with FTP/CVS/SVN/HTTP, wherein they get
checked before distributed. Don't trust anyone with log-on access that you wouldn't trust with
all the data on the computer.

This doesn't work in some environments, like a shared university system, but I would consider
those secured as much by the university's power over those who access it then any software
protection. I certainly wouldn't trust such a system for anything even slightly sensitive.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds