lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <E1887D334D8CD511942100B0D0D85DF955E24F@avman05.us.dg.com>
From: Rob.Barrett at zurnwilkins.com (Barrett, Rob)
Subject: AV "feature" does more DDoS than Sobig

If you don't like the feature, turn it off. That is why we have the options
tab. Obviously we can not control what others do with the AV but you could
minimize what extra traffic you may be creating with these messages. I
personally have never had it send a message to the sender, this being one of
the reasons. 
As far as the "marketing" goes for Big AV businesses I believe most of the
items you listed can be disabled and you can bet the AV companies are surely
not going to send it out that way...It's all about the $$$$    my $.02

Take Care
Rob 


 -----Original Message-----
From: 	3APA3A [mailto:3APA3A@...URITY.NNOV.RU] 
Sent:	Thursday, August 28, 2003 6:12 AM
To:	Fabio Gomes de Souza; Russ; da@...urityfocus.com
Cc:	bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com
Subject:	Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig

Dear Fabio Gomes de Souza,

Few  Russian  security  and  Internet professionals who's mailboxes were
flooded  by  AV  reports  signed an open letter to antiviral developers,
administrators and users called "AntiViruses to ruin Internet?". It ends
up  with  words  "If  we  want  to  live  here we must shut up all these
robots".

http://www.bugtraq.ru/library/security/antiantivirus.html  (sorry,  it's
in Russian).

It  was  published  on  few  well-known  sites.  At  least few huge mail
services now do not generate AV reports to sender. May be it's a time to
make same PR action worldwide.

--Thursday, August 28, 2003, 5:05:20 PM, you wrote to
bugtraq@...urityfocus.com:

FGdS> Hello,

FGdS> Anti-virus products are causing more harm than the Sobig Worm.

FGdS> Some of my customers are having the following problem:

FGdS> B = Customer of my customer (infected)
FGdS> C,D,E = Some random company (victims of Sobig)
FGdS> A = My customer (victim of AV marketing)

FGdS> The Sobig worm infected B.

FGdS> In its propagation loop, the worm composes a message, chooses two
random 
FGdS> items in the Address Book, and puts the first in the "From:" and the 
FGdS> second in the "To:" header. Then all virus messages are spoofed.

FGdS> The problem is that many e-mail virus scanners send a "You are
infected" 
FGdS> reply to the address contained in the "From" header. Since the
messages 
FGdS> are spoofed, the inoccent, uninfected user "A" is flooded by automatic

FGdS> complaints from "C","D","E" regarding the virus that "B" sends.

FGdS> Anti-virus companies seem to spend more money on marketing/visibility 
FGdS> than on actually protecting their customers. This marketing stupidity
is 
FGdS> done by adding USELESS features, which spreads false information and 
FGdS> delivers false sense of security:

FGdS>         - "You're infected" reply (false positive)
FGdS>         - "This message is 100% virus-free certified" signature line
(false 
FGdS> sense of security)
FGdS>         - Anti-virus buttons on Internet Explorer toolbar (just to
launch the AV)
FGdS>         - Splash screens every time you:
FGdS>                 - boot your computer
FGdS>                 - send e-mail
FGdS>                 - check pop3 e-mail
FGdS>                 - turn your computer off
FGdS>         - System tray useless icons (in some AVs, the system tray icon
does 
FGdS> nothing except for launching the AV program)
FGdS>         - Redundant shortcut icons in Desktop, Start Menu root, Quick
Launch 
FGdS> and Start Menu program folder

FGdS> This kind of stupidity from AV companies makes me hate them more every
day.



-- 
~/ZARAZA
???????, ?????? ????? - ????????!  (???)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030828/07f7e696/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ