A whitelisting application has a list of what it knows it bad AND what it knows in advance to be good.
How would it know this? Is this defined by a person/people? If so, that wouldn’t have mattered. liblzma was known in advance to be good, then the malicious update was added, and people still presumed that it was good.
This wasn’t a case of some random package/program wreaking havoc. It was trusted malicious code.
Also, you’re asking for an antivirus that uploads and uses a sandbox to analyze ALL packages. Good luck with that. (AVs would probably have a hard time detecting malicious build actions, anyways).
deleted by creator
What?
deleted by creator
That would do nothing for liblzma as it was trusted.
deleted by creator
The developer of XZ. What your describing is package verification which already happens
How would it know this? Is this defined by a person/people? If so, that wouldn’t have mattered. liblzma was known in advance to be good, then the malicious update was added, and people still presumed that it was good.
This wasn’t a case of some random package/program wreaking havoc. It was trusted malicious code.
Also, you’re asking for an antivirus that uploads and uses a sandbox to analyze ALL packages. Good luck with that. (AVs would probably have a hard time detecting malicious build actions, anyways).
deleted by creator
It places unknown/new software in a sandbox. You want an AV that tests all pre-existing packages in a sandbox.