[sleuthkit-developers] Application Categories - second try
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] Application Categories - second try
|
From: Matthias H. <mat...@mh...> - 2004-02-01 11:46:53
|
Hi all, here a short writeup from our last discussion about application categorie= s. (kg) means, default for this category is known-good and (kb) is known-bad= . Application entry: - remote management (kg) Examples: vnc,PC Anywhere, BO/BO2K, SubSeven (???) ... - office tools (kg) Examples: the different office suits - MS Office, OpenOffice, StarOffic= e, Adobe Acrobat ... - database (kg) Examples: the database server and clients, database content files - desktop (kg) Examples: desktop programs like kde tools, acrobat reader, winzip, games, screensavers,web browser, email clients - security (kg) Examples: nmap, hping2, virus scanners and signatures, content filter software, tripwire/aide/samhain, IDS tools - sysutils (kg) Examples: every day sysadmin utilities (*nix: /sbin/*,/usr/bin ...) - server daemons (kg) Examples: sendmail,postfix,pop3d,imapd,apache,... - web/network (?) (kg) Examples: cgi scripts, php files, ... - multimedia (kg) Examples: sound-, picture-, video-files - drivers (kg) Examples: driver software (sic!) - (child-)porn (kb) Examples: the name says it all - malware (kb) Examples: rootkits, malicious code, worms, viruses, trojans, backdoors = ... - other (kg) Examples: everything which doesn't fit in the other categories Is "malware" an appropiate name ? Shall we further divide this category ? How about the separate "child-porn" section ? There are other kinds of illegal porn which do not fit in this category. Is "web" or "network" a better name ? What more content would include network which doesn't fit in the other categories ? It seems that our "remote management" categoriy includes potentially more known-bad (subseven/BO(2K) ...) than known-good tools. Should we disband this category and absorb it in the other categories ? Has anyone good ideas for other groups or better group names ? Regards, Matthias --=20 Matthias Hofherr mail: mat...@mh... web: http://www.forinsect.de gpg: http://www.forinsect.de/pubkey.asc |
