|
|
Subscribe / Log in / New account

Another new ABI for fanotify

Another new ABI for fanotify

Posted Nov 12, 2009 11:18 UTC (Thu) by etienne_lorrain@yahoo.fr (guest, #38022)
Parent article: Another new ABI for fanotify

> The intended use case is malware-scanning utilities

Some would say the other intended use case is malware-spreading utilities, it is better to "infect" executables which are often executed than those who lay dormant... and having a standard interface for viruses would greatly simplify their development.
Moreover, because it seems you should be able to use multiple independant virus checker, you can hook "under" or "over" a virus checker, to hide your virus from upper layers, or to add it once the file has been certified clean.

to post comments

Another new ABI for fanotify

Posted Nov 12, 2009 15:26 UTC (Thu) by eparis (guest, #33060) [Link]

Clearly you don't understand the interface. I'm not going say anything other than "you are wrong" but if you do decide to do some research and find a real problem with my architecture please let me know and it will be addressed.

Another new ABI for fanotify

Posted Nov 13, 2009 2:46 UTC (Fri) by bronson (subscriber, #4806) [Link]

> having a standard interface for viruses would greatly simplify their development.

That's an argument for keeping useful features out of the kernel? Are you kidding??

Pretty much all viruses are transferred via network. Does that mean that the networking stack should be removed from the kernel?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds