[fw-wiz] Opinions on the security of antivirus software

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 07/05/02


From: Mikael Olsson <mikael.olsson@clavister.com>
To: firewall-wizards@honor.icsalabs.com
Date: Fri Jul  5 11:41:13 2002

Hi,

I was wondering what opinions you people have on different antivirus
packages, security-wise.

From what I've seen, most popular antivirus packages tend to distribute
their updates in self-executing files with little or no authenticity
validation.

This, in my opinion, leaves a lot to be desired for security.
The downloads are themselves completely unauthenticated (usually
plain FTP, which has its own sets of problems, as we all know),
and even those that attempt authenticity validation do not appear
to have to know-how to do it properly. [1]

So: what are YOUR opinions on the (in)security of the antivirus
packages out there?
And: How competent is the scanner engine? What kind of encodings
and packaging formats does it recognize? And, most importantly:
what does it do when something is "bad"? (e.g. broken base64
encoding that the browser will handle even though it is broken)?

Signature update speed is secondary here (most get updates out
within a day -- fine by me), and beautiful GUIs get zero points.

I recently looked at Sophos' site; it appears they distribute
the brunt of the changes through CDs and only distribute new
signatures over the 'net. To me, this seems a sound idea... ?

Thanks,
/Mikael

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
"It's July. I'm on vacation. Can't you tell? :)"
[1] At least one major vendor claimed to do this, I believe it was
    Symantec, although huge flaws were found that allowed an attacker
    to inject pretty much ANY executable and have it run by the
    internal server(s). They claim it is fixed now, but ...


Relevant Pages

  • Re: [kde] All KNotes gone
    ... obsolete packages like knotes, ... When it spits out the proposed updates, I examine any USE flag changes ... Sometimes it involves running epc (a stub for emerge --changelog ... For core packages like portage or systemd, ...
    (KDE)
  • Re: Fedora 9 will not update
    ... And since there are updates for the two packages you queried, ... sure you've got the latest Yum. ... No Presto metadata available for fedora ...
    (Fedora)
  • Re: how to jigdo download a fedora 8 re-spin in one easy step?
    ... One stinkin' bleep or bloop in the process and the DVD is an ... that I insert the CD and it would install packages, ... FedoraUnity re-spin DVDis the updated packages as of Dec 18, ... If there have been, for your installation, 50 updates ...
    (Fedora)
  • Re: Help revert from KDE4
    ... "But the updates in the stable updates you pointed to are NOT the ones which caused that. ... FEDORA-UPDATES.REPO IS ENABLED BY DEFAULT (confirmed by a bare metal install this morning). ... adding atrpms to the mix can surely complicate your life a bit. ... And you still need faac, faad, lame etc. *and their devel packages* to compile mplayer. ...
    (Fedora)
  • Re: [PHILOSOPHY] Stability and Release Schedules
    ... I'm for a stable base to allow for a more free flowing progression of all the many packages involved and a distribution that tracks upstream as closely as possible. ... I do think that putting a time limitation on the phased update release would rush developers as well as those testing the updates for problems. ... If major or minor base system components need revising to progress the phase of updates, the whole lot of currently being developed packages that depend on components needing changes has to be implemented. ...
    (Fedora)