Re: Running program files on XP with non-executable extension?

From: Leythos (void_at_nowhere.lan)
Date: 11/04/05


Date: Fri, 04 Nov 2005 11:12:53 GMT

In article <k7dmm1dtdorf826hv69be7soh9jcvqcfih@4ax.com>,
support@replace_with_domain.com says...
> Leythos <void@nowhere.lan> wrote:
> > In article <Xzvaf.1600$5R2.518@trnddc08>, DLipman~nospam~@Verizon.Net
>
> > > >> As I said, I've been in the vx side for many years. I'm well versed on
> > > >> both aspects of it, from antivirus perspective as well as vx
> > > >> perspective. I'm not giving my opinion per say, I'm giving that of the
> > > >> general consensus of both the Av and Vx side of things.
> > > |
> > > | That's great for them and you - not being snide here, but, as I said
> > > | before, never seen a false positive on more than 1500 systems, and we'll
> > > | continue to use it scanning all files on access.
> > >
> > > { just to stir the pot a bit... }
> [...]
> > Which does not change the fact that I've not had the experience of false
> > positives
>
> The reason could be little experience, or assuming that all the alerts that you
> saw were true positives, without confirming that they are indeed. Your
> assertions do not sound credible.

I agree, if I was some slouch, I would think it not credible too, but as
I've been doing this type of work since the mid 70's, I would think that
I know a little about security by now :) I've designed everything from
small 5 node SOHO's to 400 node medical centers, of all the ones we
manage, not one has been compromised, and I've only see a virus on two
that we didn't manage, but that was due to letting a unclean laptop into
the network, none of the other nodes were compromised.

As for alerts of any type, they are always checked against two or three
AV products, so I feel comfortable that my statements are true on our
networks.

-- 
spam999free@rrohio.com
remove 999 in order to email me


Relevant Pages

  • Re: Running program files on XP with non-executable extension?
    ... > The reason could be little experience, or assuming that all the alerts that you ... > saw were true positives, without confirming that they are indeed. ... the network, none of the other nodes were compromised. ... As for alerts of any type, they are always checked against two or three ...
    (comp.security.misc)
  • Re: Statistical Anomaly Analysis? (was: a bunch of things)
    ... > intrusion on your network environment. ... but those aren't the people complaining about too many alerts. ... > the point of an intrusion detection system. ... If you disagree with my suggestion about disabling alerts then how do ...
    (Focus-IDS)
  • Re: Snort false positive[Scanned]
    ... I get the exact alerts on the network I administer simply because I haven't ... "tuned" the Snort box to the network environment. ...
    (Focus-IDS)
  • RE: Statistical Anomaly Analysis?
    ... Subject: Statistical Anomaly Analysis? ... those alerts generated by statistical analysis ... to the network and generate different alerts. ... > The fact that statistical methods generally don't pronounce a binary ...
    (Focus-IDS)
  • Re: Win32/SQLSlammer.virus
    ... If you are getting a significant number of alerts from BlackICE, ... *are* alerts about incoming packets, then there might very well be a machine ... infected with Slammer on your *network*. ... then the BlackICE alerts probably include the IP ...
    (microsoft.public.sqlserver.security)