A Windows Vista forum. Vista Banter

Welcome to Vista Banter.

You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact support.

Go Back   Home » Vista Banter forum » Microsoft Windows Vista » Security and Windows Vista
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security)

System Calls



 
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old March 16th 10, 04:19 PM posted to comp.os.linux.security,alt.comp.virus,microsoft.public.windows.vista.security,comp.os.linux.setup,comp.programming
Karthik Balaguru
external usenet poster
 
Posts: 41
Default System Calls

On Mar 16, 5:09*pm, "FromTheRafters"
wrote:
"Karthik Balaguru" wrote in message

...

I think, REMUS(Kernel module for Linux) helps in identification of
the incorrect parameters, access rights by interaction with the
AccessControl Database managed by the sysctl command,
but not sure if it would be help in identifying whether the system
calls have been tweaked.

***
It looks for suspicious activity regarding programs using legitimate
calls in a suspicious (possibly malicious) manner. Some attack patterns
are known to use certain combinations of calls, any program using that
certain combination of calls will be suspect. The calls themselves are
not malicious. Seehttp://www.pdf-tube.com/download/ebook/REMUS:%20A%20Security-Enhanced...
***



Yeah, i do find that malicious calls have different views.

From the REMUS document from the link provided by you
it seems that malicious calls also include -
- Illegal invocation of critical system calls that could
cause hijacking of control of any privileged process.
- In efficient check of the argument values of the system calls

The remus homepage link was actually breaking and
hence i was collecting information by searching in internet -
http://cesare.dsi.uniroma1.it/Sicurezza/doc/remus.pdf
Thx for providing the link. I will check it out.

Thx in advans,
Karthik Balaguru
  #12 (permalink)  
Old March 16th 10, 07:42 PM posted to comp.os.linux.security,alt.comp.virus,microsoft.public.windows.vista.security,comp.os.linux.setup
[email protected]
external usenet poster
 
Posts: 60
Default System Calls

And verily, didst David H. Lipman hastily babble thusly:
From:

| And verily, didst Karthik Balaguru hastily babble thusly:
[Karthik Balaguru]
So, does it imply that the virus scanners check for
malicious system calls from malicious applications
in Windows ? Are there any opensource implementation
of those virus scanners that check for malicious
system calls from certain applications in Windows ?


| No, it means the virus scanners don't scan running processes.
| They scan files on hard disk and in e-mails/other network related stuff that
| are destined for transfer to windows based networks/machines... and then
| quarantine anything that matches a virus profile.

McAfee scans running processes.


McAfee wuns on linux now?

--
| |What to do if you find yourself stuck in a crack|
| |in the ground beneath a giant boulder, which you|
| |can't move, with no hope of rescue. |
| Andrew Halliwell BSc |Consider how lucky you are that life has been |
| in |good to you so far... |
| Computer Science | -The BOOK, Hitch-hiker's guide to the galaxy.|
  #13 (permalink)  
Old March 16th 10, 09:10 PM posted to comp.os.linux.security,alt.comp.virus,microsoft.public.windows.vista.security,comp.os.linux.setup
David H. Lipman
external usenet poster
 
Posts: 474
Default System Calls

From:


McAfee scans running processes.


| McAfee wuns on linux now?

http://www.mcafee.com/us/enterprise/...nuxshield.html


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


  #14 (permalink)  
Old March 17th 10, 01:46 AM posted to comp.os.linux.security,alt.comp.virus,microsoft.public.windows.vista.security,comp.os.linux.setup,comp.programming
FromTheRafters[_2_]
external usenet poster
 
Posts: 221
Default System Calls

"Karthik Balaguru" wrote in message
...
On Mar 16, 5:09 pm, "FromTheRafters"
wrote:
"Karthik Balaguru" wrote in message

...

I think, REMUS(Kernel module for Linux) helps in identification of
the incorrect parameters, access rights by interaction with the
AccessControl Database managed by the sysctl command,
but not sure if it would be help in identifying whether the system
calls have been tweaked.

***
It looks for suspicious activity regarding programs using legitimate
calls in a suspicious (possibly malicious) manner. Some attack
patterns
are known to use certain combinations of calls, any program using that
certain combination of calls will be suspect. The calls themselves are
not malicious.
Seehttp://www.pdf-tube.com/download/ebook/REMUS:%20A%20Security-Enhanced...
***



Yeah, i do find that malicious calls have different views.

From the REMUS document from the link provided by you
it seems that malicious calls also include -
- Illegal invocation of critical system calls that could
cause hijacking of control of any privileged process.
- In efficient check of the argument values of the system calls

The remus homepage link was actually breaking and
hence i was collecting information by searching in internet -
http://cesare.dsi.uniroma1.it/Sicurezza/doc/remus.pdf
Thx for providing the link. I will check it out.

[...]

***
It might be worth pondering that viruses, in particular, don't generally
need to exploit software flaws. REMUS seems to be a good enhancement for
the OS, but AV has (or had) a different goal.
***


  #15 (permalink)  
Old March 18th 10, 12:51 AM posted to comp.os.linux.security,alt.comp.virus,microsoft.public.windows.vista.security,comp.os.linux.setup,comp.programming
Karthik Balaguru
external usenet poster
 
Posts: 41
Default System Calls

On Mar 17, 6:46*am, "FromTheRafters"
wrote:
"Karthik Balaguru" wrote in message

...
On Mar 16, 5:09 pm, "FromTheRafters"
wrote:





"Karthik Balaguru" wrote in message


....


I think, REMUS(Kernel module for Linux) helps in identification of
the incorrect parameters, access rights by interaction with the
AccessControl Database managed by the sysctl command,
but not sure if it would be help in identifying whether the system
calls have been tweaked.


***
It looks for suspicious activity regarding programs using legitimate
calls in a suspicious (possibly malicious) manner. Some attack
patterns
are known to use certain combinations of calls, any program using that
certain combination of calls will be suspect. The calls themselves are
not malicious.
Seehttp://www.pdf-tube.com/download/ebook/REMUS:%20A%20Security-Enhanced...
***


Yeah, i do find that malicious calls have different views.

From the REMUS document from the link provided by you
it seems that malicious calls also include -
- Illegal invocation of critical system calls that could
* cause hijacking of control of any privileged process.
- In efficient check of the argument values of the system calls

The remus homepage link was actually breaking and
hence i was collecting information by searching in internet -http://cesare.dsi.uniroma1.it/Sicurezza/doc/remus.pdf
Thx for providing the link. I will check it out.

[...]

***
It might be worth pondering that viruses, in particular, don't generally
need to exploit software flaws. REMUS seems to be a good enhancement for
the OS, but AV has (or had) a different goal.
***


Interesting to know that generally viruses do not exploit this flaw.

Thx,
Karthik Balaguru
  #16 (permalink)  
Old March 18th 10, 01:27 AM posted to comp.os.linux.security,alt.comp.virus,microsoft.public.windows.vista.security,comp.os.linux.setup
Karthik Balaguru
external usenet poster
 
Posts: 41
Default System Calls

On Mar 17, 2:10*am, "David H. Lipman"
wrote:
From:

McAfee scans running processes.


| McAfee wuns on linux now?

http://www.mcafee.com/us/enterprise/...urity/servers/...


But, it is not opensource :-(

Karthik Balaguru
  #17 (permalink)  
Old March 18th 10, 02:02 AM posted to comp.os.linux.security,alt.comp.virus,microsoft.public.windows.vista.security,comp.os.linux.setup,comp.programming
FromTheRafters[_2_]
external usenet poster
 
Posts: 221
Default System Calls

"Karthik Balaguru" wrote in message
...
On Mar 17, 6:46 am, "FromTheRafters"
wrote:

***
It might be worth pondering that viruses, in particular, don't
generally
need to exploit software flaws. REMUS seems to be a good enhancement
for
the OS, but AV has (or had) a different goal.
***


Interesting to know that generally viruses do not exploit this flaw.

***
Or rather, that they don't *need* to exploit *any* flaw. REMUS helps
protect the OS from privilege escalation attacks against software flaws.
***


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 12:14 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.Search Engine Optimization by vBSEO 3.0.0 RC6
Copyright ©2004-2024 Vista Banter.
The comments are property of their posters.