| Open-AudIT https://www.open-audit.org/phpBB3/ |
|
| File scanning - is it worth revisiting? https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2591 |
Page 1 of 1 |
| Author: | jamesc [ Wed Jan 30, 2008 8:36 pm ] |
| Post subject: | File scanning - is it worth revisiting? |
I know this has already been discussed in [url]http://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2218[/url] but I'd like to re-open the discussion if that's OK. From a licensing perspective, I think it's pretty useful to be able to scan for any particular filetype. Fonts, for example, may well not show up as MSIs or through control panel but are subject to copyright and there are examples of font foundries suing companies for using unlicensed fonts. Similarly, there are a few programs which are installed as "Copy this .exe file to C:\Program Files\Program Name". And if you're looking at a dodgy copy of some commercial software, who knows how that appears. The biggest problem has already been discussed - that such a scan will generate an enormous amount of white noise. What I'm thinking is, is it possible to somehow reduce this to manageable levels - perhaps by generating a fingerprint for files based on filename, size and metadata and associating this fingerprint with known-good software. There already appears to be some basic framework for an XML file describing packages using softwarefiles.xml but I couldn't find any reference to that outside the code so perhaps it's never really been fleshed out. A centralised database for such fingerprints (in a similar manner to CDDB) would be nice but realistically that's a long way in the future, if at all. |
|
| Page 1 of 1 | All times are UTC + 10 hours |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|