Language Selection

English French German Italian Portuguese Spanish

Kernel space: Virus scanning API spawns security debate

Filed under
Linux

The TALPA malware scanning API was covered in LWN in December, 2007. Several months later, TALPA is back - in the form of a patch set posted by a Red Hat employee. The resulting discussion has certainly not been what the TALPA developers would have hoped for; it is, instead, a good example of how a potentially useful idea can be set back by poor execution and presentation to the kernel community.

The idea behind TALPA is simple: various companies in the virus-scanning business would like a hook into the kernel which allows them to check for malware and prevent its spread. So the patch adds a hook into the VFS code which intercepts every file open operation. A series of filters can be attached to this intercept, with the most important one being a mechanism which makes the file being opened available to a user-space process as a read-only file descriptor. That process can scan the file and tell the kernel whether the open operation should be allowed to proceed or not. In this way, the scanning process can prevent any sort of access to files which are deemed to contain bits with evil intentions.

There are a few other details, of course. A caching mechanism prevents rescanning of unchanged files, increasing performance considerably.

More here




More in Tux Machines

Alfresco Raises A Fresh $45M To Fuel Open-Source Enterprise Content Management

Alfresco, an open source, enterprise content management startup, is today announcing a new round of funding of $45 million — a Series D round that is more than twice as big as all of its previous rounds put together. The UK-based company competes against legacy services like Documentum (which was co-founded by one of Alfresco’s co-founders, John Newton) and Sharepoint to help large organisations manage their disparate document storage both in the cloud and on-premises, and also offer versioning control and other compliance requirements across mobile, PC and other devices. Alfresco will use the new funding to step its business up a gear, with new sales and marketing efforts, and moves into more cloud-based services that could see it competing more directly also against the likes of Dropbox, Box and Huddle. Read more

HandyLinux 1.6.1 Is a Linux Distro with a Windows Vibe

HandyLinux is a newer operating system and its developers have tried to provide a clear and familiar desktop interface. It might feel like it has a Windows 8 vibe, which is probably an effect of the theme used, but the OS is actually quite interesting. One of the most interesting aspects of the distribution is the menu launcher, which is quite odd. It opens a new window with all the applications and the user has to choose from there on. It's definitely something different from the norm. Read more

New Human Interface Guidelines for GNOME and GTK+

I’ve recently been hard at work on a new and updated version of the GNOME Human Interface Guidelines, and am pleased to announce that this will be ready for the upcoming 3.14 release. Over recent years, application design has evolved a huge amount. The web and native applications have become increasingly similar, and new design patterns have become the norm. During that period, those of use in the GNOME Design Team have worked with developers to expand the range of GTK+’s capabilities, and the result is a much more modern toolkit. Read more

Intel's Latest Linux Graphics Code Competes Against OS X 10.9

Tests I carried out last month with a Haswell-based Apple MacBook Air showed Linux largely smashing OS X 10.9 with the latest open-source graphics driver code on Linux over Apple's OpenGL driver. Today I'm testing the latest OS X 10.9.4 state against the newest Linux kernel and Intel Mesa driver code on Ubuntu while this time using an older Sandy Bridge era Apple Mac Mini. Read more