Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756074AbYHOQad (ORCPT ); Fri, 15 Aug 2008 12:30:33 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753979AbYHOQa0 (ORCPT ); Fri, 15 Aug 2008 12:30:26 -0400 Received: from mail14.ca.com ([208.232.182.53]:44789 "EHLO mail14.ca.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753879AbYHOQaZ convert rfc822-to-8bit (ORCPT ); Fri, 15 Aug 2008 12:30:25 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT Subject: RE: [malware-list] TALPA - a threat model? well sorta. Date: Fri, 15 Aug 2008 12:30:24 -0400 Message-ID: <2629CC4E1D22A64593B02C43E855530304AE4C0C@USILMS12.ca.com> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [malware-list] TALPA - a threat model? well sorta. Thread-Index: Acj+83xcERtd8OoNSvGg72vMJsAYIAAAJhZg References: <1218645375.3540.71.camel@localhost.localdomain><20080813103951.1e3e5827@infradead.org><1218653864.3540.109.camel@localhost.localdomain><20080813143908.38796217@infradead.org><1218723133.3540.137.camel@localhost.localdomain><48A55574.9070508@aitel.hist.no> <1218796645.10800.242.camel@twins> <2629CC4E1D22A64593B02C43E855530304AE4BF6@USILMS12.ca.com> From: "Press, Jonathan" To: Cc: "Peter Zijlstra" , "Helge Hafting" , , , , , , , "Arjan van de Ven" X-OriginalArrivalTime: 15 Aug 2008 16:30:25.0080 (UTC) FILETIME=[38579B80:01C8FEF4] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1085 Lines: 32 > -----Original Message----- > From: david@lang.hm [mailto:david@lang.hm] > Sent: Friday, August 15, 2008 12:25 PM > To: Press, Jonathan > Cc: Peter Zijlstra; Helge Hafting; linux-kernel@vger.kernel.org; malware- > list@lists.printk.net; hch@infradead.org; andi@firstfloor.org; > viro@ZenIV.linux.org.uk; alan@lxorguk.ukuu.org.uk; Arjan van de Ven > Subject: RE: [malware-list] TALPA - a threat model? well sorta. > > The problem is that you have to account for the cases where the malware > > made it onto the system even if you were trying to catch it ahead of > > time. For example: > > > > - Administrator turns off or reduces AV protection for some reason for > > some period of time. It happens all the time. > > according to the threat model actions of the administrator do not matter. Sorry, I don't know what you mean. Jon -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/