So if one wants to build an AV scanning engine in which the signatures *can’t* be reverse engineered, where do we start? FHE?
-
-
What would you suggest instead? (Decompiled) code analysis? Simulated execution?
-
Isolation of privilege contexts, not executing untrusted code in contexts with anything valuable accessible.
-
I agree, mostly. Yet current isolation models have suffered from so many escalation attacks. Seems host might still need AV-like monitoring.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.