lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 30 Jun 2014 01:48:47 +0200
From: Reindl Harald <h.reindl@...lounge.net>
To: fulldisclosure@...lists.org
Subject: Re: [FD] AV scan on read vs write debate....


Am 30.06.2014 01:38, schrieb Exibar:
> I see a war a-brewing in our Macintosh area, they're pushing for AV
> scanning on Write only...  I'm pushing back, hard and winning so far....
> They don't seem to get it no matter how much they say they understand the
> dangers, they're still stuck in the world where "Mac viruses just don't
> exist", and apparently they don't care if they have a Windows virus dormant
> on their machines either.... they claim they have a huge performance
> improvement with scan on read turned off...  It always comes back to
> performance in their argument....
> 
> Does anyone have any white papers or any links or even any off the cuff
> thoughts that I can bring to these folks that will help prove my point that
> only having scan on write is a *very* bad idea and a huge security hole?

easy - ask them what the scan of a download helps
if it's executed later while due download there
was no matching signature

first comes the malware and then the signature to detect

if the dumb folk scan only once while store the malware
on a central fileserver that will greatly multiply damage
everytime a client opens the file with no scanning again

but if you are talk with Apple "the OS is secure" priests
forget it, they are learning resistent


Download attachment "signature.asc" of type "application/pgp-signature" (247 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ