lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <53B30716.4050408@thelounge.net>
Date: Tue, 01 Jul 2014 21:08:06 +0200
From: Reindl Harald <h.reindl@...lounge.net>
To: fulldisclosure@...lists.org
Subject: Re: [FD] AV scan on read vs write debate....



Am 01.07.2014 20:26, schrieb Joe Brown:
> A compromise might be to have scan on Write only, with a forced full system scan of all files at a certain time.
> For example at lunch time.

bad idea

> 1. You don't have an all the time performance hit

if i scan my full system it takes 8 hours

> 2. Files will be checked on a daily/weekly basis

daily is not doable -> see above
weekly is not enough

typically AV signatures are a few hours behind new malware, so it
helps at least if you download something now and don't open the
payload directly after download, maybe in a ZIP only specific
files are affected

the same applies for ZIP's you got from a person you know
which has a infected machine per email, while receive the
mail your signatures maybe not recent enough, in the time
between receive and open files you may get updates

> Negatives are that these files may sit on the device while waiting for the next scheduled scan.

> 
> On Mon, Jun 30, 2014 at 2:45 AM, Yoann Gini <yoann.gini@...il.com <mailto:yoann.gini@...il.com>> wrote:
> 
> 
>     Le 30 juin 2014 à 01:48, Reindl Harald <h.reindl@...lounge.net <mailto:h.reindl@...lounge.net>> a écrit :
> 
>     > but if you are talk with Apple "the OS is secure" priests
>     > forget it, they are learning resistent
> 
>     This is not true anymore. Any Apple representative wont tell you that nowadays. Even more, Apple has a small
>     antivirus builtin in the system. But signatures based, focused on major OS X threats. No heuristics, no
>     detection of windows malwares.
> 
>     Le 30 juin 2014 à 01:38, Exibar <exibar@...lair.com <mailto:exibar@...lair.com>> a écrit :
> 
>     > they claim they have a huge performance
>     > improvement with scan on read turned off...
> 
> 
>     This is also true. Sadly. I work only on Apple products (and I use antivirus), I never seen a good product who
>     don’t slow down the computer as shit.
> 
>     From a sys admin perspective, Antivirus editors don’t take the Mac seriously, their product are slow and
>     sometime published with too much bug inside. That don’t help Mac users to have any trust in it…


Download attachment "signature.asc" of type "application/pgp-signature" (247 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ