lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mvp at joeware.net (joe)
Subject: MS Anti Virus?

My initial thought of a response to this was something along the lines of do
you wear an aluminum foil helmet as you seem to fit the profile... I decided
against that. I mean I still think it but I think this response is
better....

Antivirus software will probably always be around. Why? Because it is mostly
software to prevent uneducated users from hurting themselves and it is
probably impossible to get to a point that all users will be educated and
there won't be ways to hurt themselves and people specifically trying to
hurt them. While AV is simply an extension of the user interface of the OS,
at this point in the game if the OS vendor treats it that way it would
simply result in lawsuits by the AV vendors against the OS vendors which is
why MS will have to sell what they have.

It is possible now to run without AV software and be safe, if you are fully
educated user and take precautions and patch when the patches are available,
you will be pretty safe even if you don't run AV and there are probably many
users on this list that fit that category and don't run AV. 

Many of the recent viruses hitting the corporate world haven't been holes in
MS products causing the problem. It has been good social engineering. One of
the more recent ones that had me laughing was an email that came through
with a password protected zip file with the password in the email and the
note sounding like it came from the IT dept. People all over the world
opened that up and ran it. If they would have had to have downloaded it,
chmod'ed it, and then run it they would have done so if the instructions had
said so. Yes you could probably stop this with a simple note in a small
company, maybe 50,100,1000 people. This was a company comprising 250k people
from around the world and no simple note was going to do the trick. You
could also lock machines down to the point that they are merely kiosks as
well but this isn't realistic except in a tightly controlled corporate
environment and even still you would have considerable bitching by users who
wanted more control. 

I don't care what OS you run, if it is a user popular OS and if that OS gets
targeted by someone with a clever social engineering scheme, it will have
impact. 

I have pretty close ties to MS so most of your post simply make me smirk. I
have met and talked with many developers there and know how busy they are
and that they are mostly good guys trying to do a good job. Now that the
company has switched to a more secure stance they are allowed to do more
good whereas before they didn't have a hammer in terms of security. 

I have had "official" access to MS OS source now for almost a year and can
say that the code base is huge. While it is possible that someone could bury
something in there purposely it is more likely that someone makes a mistake
and doesn't understand all of the different ways that their function or
module could be used. This is changing, the new code being written is being
looked at very closely for security now and not just functionality. I know I
know... "MS did a complete security review of all code when they made this
decision and....". Again this code base is huge, no way they could catch
everything. I am, however, not happy about some of the things that have
gotten through such as the various USN/BER encoding and RPC issues but it is
getting better whether you want to admit it or not. 


  joe


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Todd Burroughs
Sent: Thursday, June 17, 2004 5:04 AM
To: Chris Cappuccio
Cc: Andre Ludwig; slacker; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] MS Anti Virus?

They are planning to get into a market that gaurds against the failures in
their own product.  I don't like this, as it seems that they are going to be
in a position to intentionally make holes that their "anti-virus"
software will fix.  If we had a more competitive market in this type of
software there would be no market for AV software and the AV companies would
be making better operating systems.  Remember, Microsoft is a marketing
company and they are very good at it and very powerful.

Educate your friends and family.  Unfortunately, there isn't much choice
right now, but someone will do for Linux (or *BSD) what Apple has done.
If Apple was smart, they would make an OS for PCs.  Maybe they will...

It's sad that we are wasting so much resources on what should be a
non-problem.

Todd Burroughs
---
The Internet has given us unprecedented opportunity to communicate and share
on a global scale without borders; fight to keep it that way.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ