lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20090502153024.BBD.0@paddy.troja.mff.cuni.cz>
Date: Sun, 3 May 2009 01:41:08 +0200 (CEST)
From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Anti virus installations on Windows servers

On Fri, 1 May 2009, T Biehn wrote:

> The example provides an easy to concoct scenario where perhaps
> anti-virus software might be employed to great benefit where the
> actual OS's security would be a moot point.

Very unlikely. If your OS has got more holes than a piece of Emmentaler
malicious code might exploit one of them to circumvent or disable
detection even before your antivirus gets a chance to scan it. You lose.
Game over.

> It's interesting to see that so many on this list have become so
> hypnotized that they would go so far to say that A/V is useless and
> the only possible protection is switching to some other OS.

Let me check: Can antivirus prevent an arbitrary piece of malware from
causing harm? No--it is impossible even in theory (see Rice's theorem). 
Can OS with a strict MAC policy prevent an arbitrary piece of malware from
causing harm? Yes--it is not easy but it is certainly possible.

> It is equally obvious to point to an example when, yes, an A/V
> (however deployed) would provide a worthwhile added value to the user
> experience, this point is sufficient for winning the debate.

Primo: "A worthwhile added value" might be very far from "optimal".
Secundo: Does "however deployed" includes "defunct"?
Tertio: User experience?!

-- 
Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21th century edition /

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ