From: Adam Shostack <adam@homeport.org>
Date: Thu, 21 Nov 1996 12:40:13 -0800 (PST)
To: m5@tivoli.com
Subject: Re: Finjan "SurfinGate"
In-Reply-To: <32949B2B.5217@tivoli.com>
Message-ID: <199611212036.PAA04813@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


	These thoughts are generic, and I haven't even looked at the
surfgate web page.

	Does it access a file?  winsock?  hard coded memory addresses?
Does it modify itself (Its code sections)?  What system calls does it
make?  Are they all on the thought safe list?

	If it does not, then you have a first level analysis and can
say that it might not be unsafe; you're a *LOT* better off than you
were before.

	Trying to prove the code is safe is hard.  Looking for obvious
attacks (java that writes .rhosts, mails off /etc/passwd) is not very
hard.   It can lead to a false sense of security.


Adam


Mike McNally wrote:
| Check out http://www.finjan.com and the stuff about "SurfinGate".  The
| software supposedly can perform an on-the-fly inspection of a Java 
| applet or ActiveX control, and then apply a signature to it along with
| a "safety" level qualifier to feed into a configurable policy mechanism.
| 
| Any ideas as to how you can look at an ActiveX control and determine
| whether it's safe or not?
| -- 
| ______c_________________________________________________________________
| Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
| mailto:m5@tivoli.com mailto:m101@io.com  * "deer processing" and "data
| http://www.io.com/~m101/                 * processing" are different!
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume