SV: Authencity of AV downloads
From: Anders Lundman (Anders.Lundman_at_skb.se)
Date: 03/10/04
- Previous message: Tiago Halm: "RE: passwords in asp pages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Mar 2004 10:45:37 +0100 To: "Raghu Chinthoju" <chraghu_ml@mailcan.com>, <security-basics@securityfocus.com>
Hi all
With regards to Checking AV files for authenticity. It is possible to check this in McAfee's .zip files. Follow this link to info from NAI. https://knowledgemap.nai.com/phpclient/viewKDoc.aspx?externalID=KB_nai18653&sliceID=&docID=KC.KB_nai18653&url=kb/kb_nai18653.xml&dialogID=5214837&docType=DOC_KnowledgeBase&iterationID=1
I would imagine that this process can be duplicated by extracting validate.exe and running in directory of choice containing McAfee files,
Regards
Anders Lundman
"What you do in this world is a matter of no consequence;The question is, what can you make people believe that you have done." --Sherlock Holmes in "A Study in Scarlet"
-----Ursprungligt meddelande-----
Från: Raghu Chinthoju [mailto:chraghu_ml@mailcan.com]
Skickat: den 6 mars 2004 21:03
Till: security-basics@securityfocus.com
Ämne: Authencity of AV downloads
Hi Group,
I have been looking at the virus definition files distribution mechanism of few of the Antivirus vendors like McAfee, Sophos, Symantec, ESafe etc. None of these folks provide any authenticity like MD5 hashes, PGP signatures etc along with these downloads, nor these files are encrypted in some form, nor do their sites run any secure web services. The files are downloadable from plain HTTP and FTP servers. The same is the case with download of the virus removal tools like stinger etc. The sole authenticity of the downloaded stuff depends on "how authentic the domain name to IP resolution is" OR "how secure the name services in the path from my PC to the AV vendor are"! In my opinion, it is relatively easy to compromise plain DNS. Things can get worse if the AV vendors name server itself is compromised! May be I'm not the first to raise this, but how come these AV vendors have not acted upon this (hope I'm not missing any thing here)?
Your thoughts?
Regards,
Raghu
-- http://www.fastmail.fm - Same, same, but different... --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: Tiago Halm: "RE: passwords in asp pages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
