| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Rob.Barrett at zurnwilkins.com (Barrett, Rob) Subject: AV "feature" does more DDoS than Sobig If you don't like the feature, turn it off. That is why we have the options tab. Obviously we can not control what others do with the AV but you could minimize what extra traffic you may be creating with these messages. I personally have never had it send a message to the sender, this being one of the reasons. As far as the "marketing" goes for Big AV businesses I believe most of the items you listed can be disabled and you can bet the AV companies are surely not going to send it out that way...It's all about the $$$$ my $.02 Take Care Rob -----Original Message----- From: 3APA3A [mailto:3APA3A@...URITY.NNOV.RU] Sent: Thursday, August 28, 2003 6:12 AM To: Fabio Gomes de Souza; Russ; da@...urityfocus.com Cc: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig Dear Fabio Gomes de Souza, Few Russian security and Internet professionals who's mailboxes were flooded by AV reports signed an open letter to antiviral developers, administrators and users called "AntiViruses to ruin Internet?". It ends up with words "If we want to live here we must shut up all these robots". http://www.bugtraq.ru/library/security/antiantivirus.html (sorry, it's in Russian). It was published on few well-known sites. At least few huge mail services now do not generate AV reports to sender. May be it's a time to make same PR action worldwide. --Thursday, August 28, 2003, 5:05:20 PM, you wrote to bugtraq@...urityfocus.com: FGdS> Hello, FGdS> Anti-virus products are causing more harm than the Sobig Worm. FGdS> Some of my customers are having the following problem: FGdS> B = Customer of my customer (infected) FGdS> C,D,E = Some random company (victims of Sobig) FGdS> A = My customer (victim of AV marketing) FGdS> The Sobig worm infected B. FGdS> In its propagation loop, the worm composes a message, chooses two random FGdS> items in the Address Book, and puts the first in the "From:" and the FGdS> second in the "To:" header. Then all virus messages are spoofed. FGdS> The problem is that many e-mail virus scanners send a "You are infected" FGdS> reply to the address contained in the "From" header. Since the messages FGdS> are spoofed, the inoccent, uninfected user "A" is flooded by automatic FGdS> complaints from "C","D","E" regarding the virus that "B" sends. FGdS> Anti-virus companies seem to spend more money on marketing/visibility FGdS> than on actually protecting their customers. This marketing stupidity is FGdS> done by adding USELESS features, which spreads false information and FGdS> delivers false sense of security: FGdS> - "You're infected" reply (false positive) FGdS> - "This message is 100% virus-free certified" signature line (false FGdS> sense of security) FGdS> - Anti-virus buttons on Internet Explorer toolbar (just to launch the AV) FGdS> - Splash screens every time you: FGdS> - boot your computer FGdS> - send e-mail FGdS> - check pop3 e-mail FGdS> - turn your computer off FGdS> - System tray useless icons (in some AVs, the system tray icon does FGdS> nothing except for launching the AV program) FGdS> - Redundant shortcut icons in Desktop, Start Menu root, Quick Launch FGdS> and Start Menu program folder FGdS> This kind of stupidity from AV companies makes me hate them more every day. -- ~/ZARAZA ???????, ?????? ????? - ????????! (???) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030828/07f7e696/attachment.html
Powered by blists - more mailing lists