| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4147429F.3020102@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: AV companies better hire good lawyers soon.
Mister Coffee wrote:
>
>Making it the other guy's fault doesn't wash. It's more bad QC on the AV vendor's part. But as you mentioned previously, they'll get pounced if zome 0day gets past them and some clown loses his data. It's a thankless task. But it's _far_ more reasonable for them to err on the side of "Physician, do no harm" and miss the first day of an outbreak than it is for them to rush out and -break existing programs- because they were in such a hurry to "Be first to recognize ScatMaster@....MM!!"
>
>
>
I'm not sure I entirely agree with that.
If AV vendors were physicians and operating system/application
combinations biological entities, I might agree.
However, if XYZ AV program blows away a copy of c0rph0re.exe thinking
its "scatmaster", it's not nearly as bad as if "scatmaster" were allowed
to spread and cause other damage to people's PCs. A compromised system
can cause considerable problems for an organization, not to mention
damage programs and files.
It can be assumed that if said person has c0rph0re.exe on his system,
he/she should be able to reinstall it should it get blown out of the
water. Recovery in this situation is relatively simple. Recovery in
the case of, say, a keylogger or a backdoor or a rootkit is not nearly
so simple.
I would definately err on the side of caution here.
-Barry
Powered by blists - more mailing lists