lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <972357127.20040914012427@SECURITY.NNOV.RU>
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: AV companies better hire good lawyers soon.

Dear Micheal Espinola Jr,

Symantec  incorrectly identifies 3proxy as a trojan. Now, please explain
me, HOW should I submit 3proxy to Symantec if I'm not Symantec user? All
attempts to contact Symantec failed. With Kaspersky AV it took few weeks
of  time,  private  contacts  with  KAV  developers  and mass media were
involved to correct this situation.

Any  Antivirus is dangerous. Antiviral company has greater control level
on your computer than developer of your OS. Microsoft tests it's patches
for months, in most cases you do additional testing before implementing.
Antiviral  developers  test  their  signatures in few minutes. You can't
check  any  update,  because  it's recommended to update bases every 3-4
hours.  Antiviral  bases  grow.  If situation doesn't change, finally we
will  have a risk of installing antiviral software to be comparable with
a  risk  of  not  having  one (I know real incidents of damage caused by
antiviral software of different vendors, not only Symantec, in corporate
networks).  One  mistake  of  tired developer on the late night can ruin
your network or result of your development.

I extremely hope this precedent to change antiviral vendor's approach to
testing and relations with software developers.


--Monday, September 13, 2004, 9:28:49 PM, you wrote to full-disclosure@...ts.netsys.com:

MEJ> I disagree.  Programmer's should know to submit their code to the
MEJ> various AV companies in order to avoid false-positives.


MEJ> On Mon, 13 Sep 2004 12:12:35 +0200 (CEST), Feher Tamas
MEJ> <etomcat@...email.hu> wrote:
>> Analysts urge McAfee to settle out of court on false alarm damages
>> claim.
>> 
>> http://news.zdnet.com/2100-1009-5361660.html
>> 
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>> 





-- 
~/ZARAZA
????, ? ???? ??????. (????)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ