[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DotGNU]Virus writers take an early crack at .Net
From: |
Barry Fitzgerald |
Subject: |
Re: [DotGNU]Virus writers take an early crack at .Net |
Date: |
Thu, 10 Jan 2002 15:08:21 +0000 (UTC) |
On Thu, 10 Jan 2002, Rhys Weatherley wrote:
> Date: Thu, 10 Jan 2002 17:49:17 +1000
> From: Rhys Weatherley <address@hidden>
> To: John <address@hidden>
> Cc: Gopal.V <address@hidden>, address@hidden, address@hidden
> Subject: Re: [DotGNU]Virus writers take an early crack at .Net
>
> John wrote:
>
> > "Gopal.V" wrote:
> > > Also I guess that the certifcate verifcation and
> > > stuff like that comes in the domain of SEE ?
> >
> > Currently we've not even considered what the SEE should really do. Right
> > now it just mounts plugins. This seems like a resonable feature request
> > though. What do you think David?
>
> Depends upon where the signature is. Windows typically
> puts these things inside the .exe or .dll itself, which means
> that SEE will need to pull apart the PE/COFF file to verify
> the signature.
>
> Portable.NET already has code for pulling apart PE/COFF
> files. If there was some SEE oracle available that I could
> ask "Is this valid according to SEE guidelines?", then I can
> hook it through during the program load process.
>
Verification of signatures is such a generic procedure that it probably
shouldn't be part of SEE explicitely, rather - it should be a standard
plugin, I think.
Then, we could include support for it through a shared lib and provide the
plugin program as an interface to it. The library could then funnel the
information to SEE for use in other plugins. Make sense?
-Barry
Re: [DotGNU]Virus writers take an early crack at .Net, Rhys Weatherley, 2002/01/10