Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
|
LinkBack | Thread Tools | Display Modes |
|
|||
System Calls
On Mar 16, 5:09*pm, "FromTheRafters"
wrote: "Karthik Balaguru" wrote in message ... I think, REMUS(Kernel module for Linux) helps in identification of the incorrect parameters, access rights by interaction with the AccessControl Database managed by the sysctl command, but not sure if it would be help in identifying whether the system calls have been tweaked. *** It looks for suspicious activity regarding programs using legitimate calls in a suspicious (possibly malicious) manner. Some attack patterns are known to use certain combinations of calls, any program using that certain combination of calls will be suspect. The calls themselves are not malicious. Seehttp://www.pdf-tube.com/download/ebook/REMUS:%20A%20Security-Enhanced... *** Yeah, i do find that malicious calls have different views. From the REMUS document from the link provided by you it seems that malicious calls also include - - Illegal invocation of critical system calls that could cause hijacking of control of any privileged process. - In efficient check of the argument values of the system calls The remus homepage link was actually breaking and hence i was collecting information by searching in internet - http://cesare.dsi.uniroma1.it/Sicurezza/doc/remus.pdf Thx for providing the link. I will check it out. Thx in advans, Karthik Balaguru |
|
|||
System Calls
And verily, didst David H. Lipman hastily babble thusly:
From: | And verily, didst Karthik Balaguru hastily babble thusly: [Karthik Balaguru] So, does it imply that the virus scanners check for malicious system calls from malicious applications in Windows ? Are there any opensource implementation of those virus scanners that check for malicious system calls from certain applications in Windows ? | No, it means the virus scanners don't scan running processes. | They scan files on hard disk and in e-mails/other network related stuff that | are destined for transfer to windows based networks/machines... and then | quarantine anything that matches a virus profile. McAfee scans running processes. McAfee wuns on linux now? -- | |What to do if you find yourself stuck in a crack| | |in the ground beneath a giant boulder, which you| | |can't move, with no hope of rescue. | | Andrew Halliwell BSc |Consider how lucky you are that life has been | | in |good to you so far... | | Computer Science | -The BOOK, Hitch-hiker's guide to the galaxy.| |
|
|||
System Calls
From:
McAfee scans running processes. | McAfee wuns on linux now? http://www.mcafee.com/us/enterprise/...nuxshield.html -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
|
|||
System Calls
"Karthik Balaguru" wrote in message
... On Mar 16, 5:09 pm, "FromTheRafters" wrote: "Karthik Balaguru" wrote in message ... I think, REMUS(Kernel module for Linux) helps in identification of the incorrect parameters, access rights by interaction with the AccessControl Database managed by the sysctl command, but not sure if it would be help in identifying whether the system calls have been tweaked. *** It looks for suspicious activity regarding programs using legitimate calls in a suspicious (possibly malicious) manner. Some attack patterns are known to use certain combinations of calls, any program using that certain combination of calls will be suspect. The calls themselves are not malicious. Seehttp://www.pdf-tube.com/download/ebook/REMUS:%20A%20Security-Enhanced... *** Yeah, i do find that malicious calls have different views. From the REMUS document from the link provided by you it seems that malicious calls also include - - Illegal invocation of critical system calls that could cause hijacking of control of any privileged process. - In efficient check of the argument values of the system calls The remus homepage link was actually breaking and hence i was collecting information by searching in internet - http://cesare.dsi.uniroma1.it/Sicurezza/doc/remus.pdf Thx for providing the link. I will check it out. [...] *** It might be worth pondering that viruses, in particular, don't generally need to exploit software flaws. REMUS seems to be a good enhancement for the OS, but AV has (or had) a different goal. *** |
|
|||
System Calls
On Mar 17, 6:46*am, "FromTheRafters"
wrote: "Karthik Balaguru" wrote in message ... On Mar 16, 5:09 pm, "FromTheRafters" wrote: "Karthik Balaguru" wrote in message .... I think, REMUS(Kernel module for Linux) helps in identification of the incorrect parameters, access rights by interaction with the AccessControl Database managed by the sysctl command, but not sure if it would be help in identifying whether the system calls have been tweaked. *** It looks for suspicious activity regarding programs using legitimate calls in a suspicious (possibly malicious) manner. Some attack patterns are known to use certain combinations of calls, any program using that certain combination of calls will be suspect. The calls themselves are not malicious. Seehttp://www.pdf-tube.com/download/ebook/REMUS:%20A%20Security-Enhanced... *** Yeah, i do find that malicious calls have different views. From the REMUS document from the link provided by you it seems that malicious calls also include - - Illegal invocation of critical system calls that could * cause hijacking of control of any privileged process. - In efficient check of the argument values of the system calls The remus homepage link was actually breaking and hence i was collecting information by searching in internet -http://cesare.dsi.uniroma1.it/Sicurezza/doc/remus.pdf Thx for providing the link. I will check it out. [...] *** It might be worth pondering that viruses, in particular, don't generally need to exploit software flaws. REMUS seems to be a good enhancement for the OS, but AV has (or had) a different goal. *** Interesting to know that generally viruses do not exploit this flaw. Thx, Karthik Balaguru |
|
|||
System Calls
On Mar 17, 2:10*am, "David H. Lipman"
wrote: From: McAfee scans running processes. | McAfee wuns on linux now? http://www.mcafee.com/us/enterprise/...urity/servers/... But, it is not opensource :-( Karthik Balaguru |
|
|||
System Calls
"Karthik Balaguru" wrote in message
... On Mar 17, 6:46 am, "FromTheRafters" wrote: *** It might be worth pondering that viruses, in particular, don't generally need to exploit software flaws. REMUS seems to be a good enhancement for the OS, but AV has (or had) a different goal. *** Interesting to know that generally viruses do not exploit this flaw. *** Or rather, that they don't *need* to exploit *any* flaw. REMUS helps protect the OS from privilege escalation attacks against software flaws. *** |
|
Thread Tools | |
Display Modes | |
|
|