On Thu, 21 Nov 1996 12:10:51 -0600, Mike McNally wrote:
Check out http://www.finjan.com and the stuff about "SurfinGate". The software supposedly can perform an on-the-fly inspection of a Java applet or ActiveX control, and then apply a signature to it along with a "safety" level qualifier to feed into a configurable policy mechanism.
Any ideas as to how you can look at an ActiveX control and determine whether it's safe or not?
You can't. Anyone who claims to be able to do so is betting their scanning ability against the collective programming skill of hundreds of brilliant-but-twisted programmers/hackers. Remember CHK4BOMB? The old DOS program that would dump strings from an EXE so you could look for things like "Happy birthday yoshi"? They started encrypting and adding polymorphing and stealthing and . . . Now you could write a program that would scan for more 'obvious' attacks but it will probably be a continual catch-up game. You don't even have the ability to do checksumming of existing files (like you do w/virii). # Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp # <cadams@acucobol.com> | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)