• Portable4775
    link
    fedilink
    arrow-up
    2
    ·
    8 months ago

    A whitelisting application has a list of what it knows it bad AND what it knows in advance to be good.

    How would it know this? Is this defined by a person/people? If so, that wouldn’t have mattered. liblzma was known in advance to be good, then the malicious update was added, and people still presumed that it was good.

    This wasn’t a case of some random package/program wreaking havoc. It was trusted malicious code.

    Also, you’re asking for an antivirus that uploads and uses a sandbox to analyze ALL packages. Good luck with that. (AVs would probably have a hard time detecting malicious build actions, anyways).

    • EmperorHenry@discuss.tchncs.de
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      8 months ago

      Also, you’re asking for an antivirus that uploads and uses a sandbox to analyze ALL packages. Good luck with that. (AVs would probably have a hard time detecting malicious build actions, anyways).

      three different antivirus programs already do that. Comodo for example has a built in sandbox to do that.

      • Portable4775
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        It places unknown/new software in a sandbox. You want an AV that tests all pre-existing packages in a sandbox.