From: Adamsc@io-online.com (Adamsc)
To: “m5@tivoli.com>
Message Hash: c6f24bf0a046ae2dee95b11563b3c36ed265b1337f956b499f6bcfc2705bf39a
Message ID: <19961122064500531.AAA48@rn37.io-online.com>
Reply To: N/A
UTC Datetime: 1996-11-22 06:47:15 UTC
Raw Date: Thu, 21 Nov 1996 22:47:15 -0800 (PST)
From: Adamsc@io-online.com (Adamsc)
Date: Thu, 21 Nov 1996 22:47:15 -0800 (PST)
To: "m5@tivoli.com>
Subject: Re: Finjan "SurfinGate"
Message-ID: <19961122064500531.AAA48@rn37.io-online.com>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 21 Nov 1996 12:10:51 -0600, Mike McNally wrote:
>Check out http://www.finjan.com and the stuff about "SurfinGate". The
>software supposedly can perform an on-the-fly inspection of a Java
>applet or ActiveX control, and then apply a signature to it along with
>a "safety" level qualifier to feed into a configurable policy mechanism.
>
>Any ideas as to how you can look at an ActiveX control and determine
>whether it's safe or not?
You can't. Anyone who claims to be able to do so is betting their scanning
ability against the collective programming skill of hundreds of
brilliant-but-twisted programmers/hackers. Remember CHK4BOMB? The old DOS
program that would dump strings from an EXE so you could look for things
like "Happy birthday yoshi"? They started encrypting and adding
polymorphing and stealthing and . . .
Now you could write a program that would scan for more 'obvious' attacks but
it will probably be a continual catch-up game. You don't even have the
ability to do checksumming of existing files (like you do w/virii).
# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# <cadams@acucobol.com> | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
--- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)
Return to November 1996
Return to “Adamsc@io-online.com (Adamsc)”
1996-11-22 (Thu, 21 Nov 1996 22:47:15 -0800 (PST)) - Re: Finjan “SurfinGate” - Adamsc@io-online.com (Adamsc)