lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41B5E87F.6080903@clientsecure.net>
From: colinm at clientsecure.net (colinm@...entsecure.net)
Subject: A suggestion to all AV vendors...

Couldn't agree more, their concern isn't security, but 
survival of the business model.
By providing a what you proposed would be a threat to their 
profitable model as so
eloquently pointed out by Valdis and many others time and 
time again.


-cm

Valdis.Kletnieks@...edu wrote:
> On Mon, 06 Dec 2004 19:29:26 PST, bipin gautam said:
> 
> 
>>	A simple yet effective solution would be, for AV
>>vendors to (say) add the vulnerable system dll's,
>>execudables etc... in a threat list (Refering to
>>Microsoft's KB or something similar) And after
>>completing the virus scan, suggest the users to
>>download proper patches accordingly to threat level
>>and directing the end users towards  proper link to do
>>so?
> 
> 
> Simple, effective, and Won't Happen In Our Lifetime.
> 
> Remember - we're talking about a multi-billion dollar market segment
> devoted to fixing shortcomings in another company's software.  And said
> segment doesn't want to kill the goose that laid the golden eggs.
> 
> Repeat after me:  Most A/V vendors don't actually give a squat about
> your security.  They are there to sell you products and improve their
> bottom line, not yours.  They don't care about your bottom line as long
> as your bottom line can still pay their invoices.
> 
> The A/V vendors have known for several years now exactly how not to
> send "a virus was cleaned from your email by ShinyAV" spam, but they keep
> doing it anyhow, just to get brainshare for ShinyAV.  What business case
> is there for them to give you a pointer to vendor patches that will close
> some of the holes that let the malware in?
> 
> (Also, keep in mind that if they don't point you at IE fixes, then when
> you get 0wned by an IE hole, they can just say "Hey, that's not a virus,
> that's an IE hole, Not Our Problem"...)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ