----- Original Message ----- From: "Casper Hornstrup" ch@csh-consult.dk Sent: Wednesday, November 16, 2005 6:18 PM Subject: RE: [ros-dev] Security Suite
So it's a performance optimization? Once an executable image is first cleared by the virus scanner, it doesn't have to check the file for viruses again until the file is written to. I would imagine that any mature virus scanner would keep track of files that were recently scanned so it doesn't have to scan them again.
Casper
Virus scanners can do whatever they want. Of course, they should keeping track of files, but it's an internal implementation. I'm not wanting users to avoid virus scanners. I'm talking about a way to ensure security on ROS, not to discard virus scanners.
Mike: "That would be extremely difficult to do. You're then expecting the filesystem to know everything about every single file that is on the system." I'm not expecting the FS to know everything. Only to know when files change, and i think it's pretty easy as programs must use system calls to change files.
"it'd make more sense to try to get things so that they don't run with privileges that are able to really do any damage" If the programs doesn't have +x, they are not expected to be run, so they should run with any privilege. If the program can be run, then we should determine what is privileged to do, they don't exclude (but programs will usually be run under the privileges of user's account).
"I don't +x my PHP scripts ..." - I don't talk about making php files executables (they are not .exe, are they?), i'm talking of a way to control that files are not modified, and then programs should use it, to control what are files expecting it to do.
About the FAT. I agree that FAT has not chance of improve, i was talking that if i has a FAT partition, the system should have some 'hack' to remember the attrib.
"...users tend to be pretty bad housekeepers when it comes to computing. It's best to leave the system work without trying to introduce new points of failure..." Well, if it's not implemented, there's not such limitation so it's not a new point of failure. It's a new control method. However, it could be ok to have it pre-configured to reset +x autamatically each week, for example.
"It actually sounds like it'd create a veritable load of problems; essentially, breaking compatibility with Win32 and how Windows does things. Remember, the system needs to come out being compatible, that's one of the design goals." It doesn't need to break compatibility. Programs should know that LoadLibrary can fail, and if they want to run a program, that program can even not exist.
"It sounds like one of the better ways to go about handling this would be to use the process management aspects of the system to reduce the execution priority of the virus scanner toolset; this would enable the system to not lose any performance to a virus-scanner, while keeping the system running at a proper speed. I don't think changing the system's interfaces is the answer to this, in any case." what are you talking about?? :S
Summing up, this would only be a new layer to check files. I can be so soft as a "accept to all", search for virus, ask the user for permission (as firewalls do), or determine in function of the folder, filename and date if the program can run or send a copy to an online virus scanning while shutdowning the computer and calling the police. ReactOS is an open OS, so many implementations would be available, and everyone could make its favourite without problems. That's the way i'd like it to work, a way i think better than microsoft's of giving execute permission to everyfile. Specially if it's considered that windows antivirus will not work in a long time. But if ROS community determine that it's not a good idea, i have no problem.