lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040810181409.GA41905@localghost.muenther.de>
From: jan.muenther at nruns.com (Jan Muenther)
Subject: AV Naming Convention

Hey there,

> Oh, I am not unhappy with AV companies at all. They do their job and most do
> it very well and very fast. But there are programs that aren't detectable by
> any AV programs. I have one sitting on my desktop; I received it in the
> e-mail weeks ago. I send it in as a sample and heard nothing. Why? Because
> it isn't running thru the news and in everyone's e-mail. The largest threats
> should be taken care of first, given. But should the public not be informed
> about things like this. Where is the protection?

While I understand your point, you must also understand that AV vendors need
to focus whatever manpower they have at hand on the more immanent threats to
the biggest part of their userbase. 

If you just execute everything that you can get a hold of on your box, don't
cry for your AV vendor. It's your own fault, basta la pasta.
Besides, their reactivity really depends on the AV vendor, at least according
to my experience. 

> Some people question sig-based scanning and I understand their point. We
> need to help the AV companies think outside the box and create new ways of
> detection and prevention. We are the community help them. 

Erm. AV detection goes a little bit beyond simple pattern matching nowadays. 

If you ask me, it's far more important to tell people it's just not a good idea
to run everything and the kitchen sink with Administrator/root rights, even
if you have AV software running with recent signatures. 

Like in a car, you can have excellent security measures, such as airbags and 
seat belts, but in the end, it's you who's at the wheel. 

cheers, J.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ