| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Avecho Glasswall Anti virus technolog? "Zach Forsyth" <Zach.Forsyth@...ndra.com> wrote: > Just wanted to see if anyone knew anything about the company called > Avecho or their flagship product "Glasswall". Nothing is known about the product, at least outside the company, as it is all hush hush because they have "revolutionary new technology" awaiting the granting of patents. How revolutionary? Well, it must be pretty damn revolutionary because it seems they have found a way to break the currently accepted laws of physics. What Avecho claims its revolutionary new technology can achieve is outright impossible if certain heretofore unchallenged basic tenets of mathematics are actually true. For example, the Halting Problem would have to fall for Avecho's claims to be true. If you go to avecho.net and follow the "virus center", "GlassWall central", "how it works" menu items you come to page with suspiciously little descriptive text and a map-animated graphic. Flying the mouse over the GlassWall part of the graphic displays this text: GlassWall(TM) avecho's GlassWall(TM) engine is the core of this revolutionary anti-virus technology. It will accept data from any source and any data that passes through the engine is certified 100% virus free. GlassWall(TM) will respond instantly to any virus threat known or unknown. It requires no definition files or administrator intervention during its operation which makes GlassWall(TM) the only 100% effective anti-virus technology capable of automatic, instant response and zero propagation of any virus, known or yet to be developed. Note -- "GlassWall ... will accept data from any source and any data that passes through the engine is certified 100% virus free". That is clearly a claim that Avecho's staff have either solved, or otherwise rebuked, the Halting program... Oh, but wait a minute -- unlike all the "revolutionary" approaches that have come before, also claiming to make existing antivirus technology obsolete, there is no talk of false positive rates. Usually these revolutionary approaches claim perfect detection (as does Avecho) and perfect differentiation (i.e. "no false positives"). Perhaps Avecho has not solved the Halting Problem at all and has simply decided that a any number of healthy babies being thrown out with the bath water is an acceptable price? And note the sophistry in Avecho's claims for GlassWall. Still on the animated graphic, fly your mouse over "trust bypass": trust bypass Administrators can manage the coverage of the GlassWall(TM) engine by defining data types that may avoid the anti-virus engine but still pass through the system for users to access. Bypassing GlassWall(TM) is done at your own risk. Account administrators must understand that absolute protection cannot be assured if you choose this option, although industry best practice screening is still applied. So, viruses can still be passed through a _system_ using Avecho's "revolutionary" technology (many of which would be detected by what Avecho suggests is "inferior" conventional virus scanners through their emulation, heuristic and generic detection technologies) but to do this they pass "around", rather than "through" Avecho's GlassWall technology allowing Avecho to maintain the claim that GlassWall is clearly better. And note that I am entirely ignoring the issue of whether Avecho's virusCensor and/or GlassWall can perfectly detect any and every example of malformed message and attachment encoding, embedding and so on that some or other hokey, real-world MUA will "correctly" decode. At a conference recently, when I pointed out to an Avecho company representative that such malformations were the bane of content filtering packages pretty much regardless of what they were trying to filter out, he simply brushed the claim off saying that if that was my concern I clearly had no idea how the product worked. How that sales- oid's brush-off and the nice "how it works" diagram discussed above fit together I'll leave as an exercise for those readers of this list who have the necessary technical expertise in such matters (a level that must, apparently, be greater than my own) to decide. > Any information from someone on the list that has had contact with them > would be great. Bearing in mind they are _aching_ to sell this off (and apparently in a huge rush to do so, perhaps even before the ink on the patents is dry) here is a paraphrase of what I told the just-mentioned sales-oid... "Avecho and its "revolutionary" technology most likely won't exist in a few (2-3) years. Most likely Avecho's principals will have sold the major IP (the patents) to some technology company that has no idea what AV and the like is about and will then dissolve the company pocketing a tidy sum each. The technically able folk at the company that made Avecho's principals multi-millionaires will look at the gift horse they've just been presented by the prat who was suckered into parting with a chunk of that company's cash reserves, laugh and return to doing whatever it was they do that ensures their employer keeps paying their wages." (Another moderately likely scenario I did not suggest to him is that actually the world will see through Avecho's glorified 90-something% effective blocking technology, they will fail to sell it (perhaps the patent applications fail?) and they will go on to make a modestly comfortable, but not outrageously luxurious, living running a virus- filtering Email, web, etc ASP much like MessageLabs...) I'll finally point out -- in case the sales-oid mentioned above still hasn't figured it out and gets to see this -- that I am not defending the rest of AV against the bogus Avecho GlassWall claims. I am, as usual, pointing out the badly misleading, technologically inept and other stupidities surrounding the clearly overly marketing-driven claims being made for the products and services of his company. In this, his company is no better than _or different from_ most other AV producers at some time or other in their development. As the brattish "new kids on the block" he and his cronies are simply repeating the idiotic overhyping we've all seen far too many times already. If Avecho had really wanted to be taken seriously (assuming there actually might be something serious or interesting in what it is doing) it certainly chose precisely the best way to appear that it was much more interested in achieving exactly the opposite impression... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists