[PC-BSD Testing] About safety

Dru Lavigne dru.lavigne at att.net
Tue Apr 3 13:06:12 PDT 2012



> Considering the sophistication of attacks against browsers
> and holes in 
> apps, there's no such thing as too secure. Somewhere there
> is a balance. 
> I'm a firm believer in running the latest version of
> anything but as 
> thing such as pwn2own prove, it doesn't matter if you have a
> fancy 
> sandbox or think your code is tight. If there is a will,
> there is a way.
> 
> Arthur
> 
> > Hi.
> >
> > I thought about it too. For the security sensitive
> tasks or to try/test third party software I look forward
> making tool/script to start one-time jail. I look forward
> "wasting" some time for it.
> >
> > Returning to thing that you've described. I thought
> about such pattern: what if someone drop a script to your
> autostart. Is there any tool to detect it? This could be
> done through (for example) vulnerable browser and doesn't
> need gaining root privileges.
> >
> > Am I too paranoid regarding security and intrusions to
> the system or is it a real pattern?
> >
> > Regards,
> > Vans.
> >
> >
> > 09.03.2012, 16:04, "Hans Ruhe"<hansruhe1 at gmail.com>:
> >    
> >> Hi Kris and fellowtesters,
> >>
> >> I am wondering if there is a tool or a possibility
> to build in a malware detection system into the Operating
> system itself. Allthough there is a rootkithunter which I
> installed and there is clamav, it is not possible to make
> some base antivirus and malware detection system into PCBSD
> - Freebsd itself.
> >>
> >> I have been working with an anti virus company
> (Norman from Norway) but I always find it a safe idea to
> built safety within, for instance a lot of people use
> telebanking and you don't want to have someone to spy on you
> when you are paying your bills.


I believe this is the purpose of Capsicum: http://www.cl.cam.ac.uk/research/security/capsicum/.

It will be interesting to see if any capsicum-enabled components will be ready for FreeBSD 9.1 (and thus in PC-BSD).

Cheers,

Dru


More information about the Testing mailing list