TALPA strides forward
Posted Aug 29, 2008 1:21 UTC (Fri) by njs
Parent article: TALPA strides forward
> Eric Paris proposed a fairly straightforwardthough still somewhat controversialmodel for the threats that TALPA is supposed to handle.
It sounds like the threat model TALPA is designed for is actually a social engineering attack: AV vendors using "marketing" to convince companies to install poorly-engineered kernel-kluging software, with predictable results on reliability, support load, etc.
A cleaner approach would be to patch IT managers to be more resistant to this class of marketing attacks, but given the difficulty of field-upgrading such units and the poor success of previous attempts to fix this problem (non-
execuacceptable gift policies, administrator phone number randomization, etc.), the threat mitigation provided by TALPA may represent a reasonable medium-term compromise.
to post comments)