1996-11-21 - Re: Finjan “SurfinGate”

Header Data

From: Adam Shostack <adam@homeport.org>
To: m5@tivoli.com
Message Hash: 9de13f5ad108ef468531f4f8771c86a7409fe5802095675e5bc3bb58aa78d302
Message ID: <199611212036.PAA04813@homeport.org>
Reply To: <32949B2B.5217@tivoli.com>
UTC Datetime: 1996-11-21 20:40:13 UTC
Raw Date: Thu, 21 Nov 1996 12:40:13 -0800 (PST)

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Thu, 21 Nov 1996 12:40:13 -0800 (PST)
To: m5@tivoli.com
Subject: Re: Finjan "SurfinGate"
In-Reply-To: <32949B2B.5217@tivoli.com>
Message-ID: <199611212036.PAA04813@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


	These thoughts are generic, and I haven't even looked at the
surfgate web page.

	Does it access a file?  winsock?  hard coded memory addresses?
Does it modify itself (Its code sections)?  What system calls does it
make?  Are they all on the thought safe list?

	If it does not, then you have a first level analysis and can
say that it might not be unsafe; you're a *LOT* better off than you
were before.

	Trying to prove the code is safe is hard.  Looking for obvious
attacks (java that writes .rhosts, mails off /etc/passwd) is not very
hard.   It can lead to a false sense of security.


Adam


Mike McNally wrote:
| Check out http://www.finjan.com and the stuff about "SurfinGate".  The
| software supposedly can perform an on-the-fly inspection of a Java 
| applet or ActiveX control, and then apply a signature to it along with
| a "safety" level qualifier to feed into a configurable policy mechanism.
| 
| Any ideas as to how you can look at an ActiveX control and determine
| whether it's safe or not?
| -- 
| ______c_________________________________________________________________
| Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
| mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
| http://www.io.com/~m101/                 * processing" are different!
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







Thread