Clueless anti-virus products/vendors (was Re: Sober)

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sunday 04 December 2005 21:27, Church, Chuck wrote:
> What about all the viruses out there that don't forge addresses?
> Sending a warning message makes sense for these.  Unless someone has
> done the research to determine the majority of viruses forge addresses,
> you really can't complain about the fact that the default is to warn.
> Calling vendors 'clueless' because a default doesn't match your needs is
> a little extreme, don't you think?  The ideal solution would be for the
> scanning software to send a warning only if the virus detected is known
> to use real addresses, otherwise it won't warn.

True, but the "capability" has been in most AV software for quite a long time 
now to know which ones "forge" and which do not.  Clamav has a "list" of 
which virii are "forging" and which are not - I am reasonably certain that 
most other AV products have the same information at hand (a quick search of 
Symantec confirms that they know [ref sober worm, para 23, From:   
(spoofed)).  So while I agree with your basic concept of notifying someone 
that they are infected - when you can notify the "right" person - blanket 
notifications are more trouble than the virus itself in many cases.  And yes, 
as of yesterday I have more "blowback" from sober than from the worm 
itself....

-- 
Larry Smith
SysAd ECSIS.NET
sysad at ecsis.net

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]