| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: yossarian at planet.nl (yossarian) Subject: AV "feature" does more DDoS than Sobig Many users on corporate networks cannot choose the setting of the AV installed. Which would be a good thing - not turning it off that is, but for the crappy ads. Most admins doing remote update and install don't care enough, and people get used to it. So this problem is probably here to stay, till some ISP or something decides to sue them. ISP have not signed the EULA's of their customers' software..... I'll just have to change my FW to a sort of retaliate mode to the originator adress, I guess. And send everyone who sends me a destructive virus a different one, instructing the Pentium it is a 286 form now on - now that would be funny. O noooooh, that would be illegal! yossarian ----- Original Message ----- From: <DStark@...seon.com> To: <full-disclosure@...ts.netsys.com> Sent: Thursday, August 28, 2003 6:25 PM Subject: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig > > > Anti-virus companies seem to spend more money on marketing/visibility > > than on actually protecting their customers. This marketing stupidity is > > done by adding USELESS features, which spreads false information and > > delivers false sense of security: > > - "You're infected" reply (false positive) > > - "This message is 100% virus-free certified" signature line (false sense > of security) > > - Anti-virus buttons on Internet Explorer toolbar (just to launch the AV) > > - Splash screens every time you: > > - boot your computer > > - send e-mail > > - check pop3 e-mail > > - turn your computer off > > - System tray useless icons (in some AVs, the system tray icon does > nothing except for launching the AV program) > > - Redundant shortcut icons in Desktop, Start Menu root, Quick Launch and > Start Menu program folder > > The only annoyance that comes of these "Features" is from when the user is > too lazy to find out how to turn them off. The majority of av products that > offer such also have the options of disabling them (Such as the splash > screens and the email alerts). And as for what you view as "Marketing", I > see more along the lines of a visual for consumers. For instance, how many > people do you know that are Computer-Challenged? And how many times have > you asked those people 'When was the last time you ran a virus scan?' only > to hear 'Oh, gosh, you know, I don't remember.' And to find out def's and > sig's are about as old as dirt. Most "End-Users"/"Customers" need to be > reminded a lot imho, especially when it comes to protection products like > AV on over to things like Defragment and Scan Disk. Without these visuals > to remind them, they are more than likely to just continue working away and > never ponder about making sure their computer is up to date and virus free. > > > > > This kind of stupidity from AV companies makes me hate them more every > day. > > That's like getting pissed off at Ford because they put their name on the > sides, front and back of your car. > > > - d > > > > > > Fabio Gomes de Souza > <bugtraq@....com.br> To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com > Sent by: cc: > full-disclosure-admin@...ts Subject: [Full-Disclosure] AV "feature" does more DDoS than Sobig > .netsys.com > > > 08/28/2003 10:05 AM > > > > > > > Hello, > > Anti-virus products are causing more harm than the Sobig Worm. > > Some of my customers are having the following problem: > > B = Customer of my customer (infected) > C,D,E = Some random company (victims of Sobig) > A = My customer (victim of AV marketing) > > The Sobig worm infected B. > > In its propagation loop, the worm composes a message, chooses two random > items in the Address Book, and puts the first in the "From:" and the > second in the "To:" header. Then all virus messages are spoofed. > > The problem is that many e-mail virus scanners send a "You are infected" > reply to the address contained in the "From" header. Since the messages > are spoofed, the inoccent, uninfected user "A" is flooded by automatic > complaints from "C","D","E" regarding the virus that "B" sends. > > Anti-virus companies seem to spend more money on marketing/visibility > than on actually protecting their customers. This marketing stupidity is > done by adding USELESS features, which spreads false information and > delivers false sense of security: > > - "You're infected" reply (false positive) > - "This message is 100% virus-free certified" signature line > (false > sense of security) > - Anti-virus buttons on Internet Explorer toolbar (just to > launch the AV) > - Splash screens every time you: > - boot your computer > - send e-mail > - check pop3 e-mail > - turn your computer off > - System tray useless icons (in some AVs, the system tray icon > does > nothing except for launching the AV program) > - Redundant shortcut icons in Desktop, Start Menu root, Quick > Launch > and Start Menu program folder > > This kind of stupidity from AV companies makes me hate them more every day. > > -- > Fabio Gomes de Souza <fabio@....com.br> Fone: (81) 9127-0597 > > GS2 TECNOLOGIA DA INFORMA??O LTDA > - Infra-estrutura de TI, seguran?a, sistemas embutidos e Linux > - Consultoria, planejamento, implementa??o e gerenciamento > > http://www.gs2.com.br negocios@....com.br (81) 3492-7777 > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists