Re: Running program files on XP with non-executable extension?

From: Dustin Cook (bughunter.dustin_at_gmail.com)
Date: 11/07/05


Date: 6 Nov 2005 18:46:16 -0800


Leythos wrote:

> I talk with David on a personal/email level once a week or so, and I'm
> not some kid/hack that doesn't have a clue, but I don't need to know how
> Symantec AV works internally, only that it works in our environments.
> I'm sure you don't know how ALL AV products work at the internal levels
> either, or if you think you do, you're just what you claim I am.

Thats' great. David can verify who I claim to be quiet easily. Isn't it
fun dropping names for credibility? As for knowing how AV products work
internally, Back when I was active in VX; it was sorta my job to know
how the enemy worked at an intimate level as to avoid/disable/kill the
enemy before they could get me. As I said originally, I'm a coder.
Software is my thing. Your right tho, I never learned how Ewido's
routines work internally, but NAV I do. :)

> I've not had an issue with false positives with Symantec Corp edition
> software, at least not in the last 5 years, and we've not had a single
> virus inside our protected networks - and we test the servers and select
> workstations on a schedule with different vendors products, so I'm
> confident in saying that.

In all fairness, I'm not attacking you or your methods. So please don't
misunderstand my intentions. If more individuals like yourself took
security that seriously, I'd be a happier camper, as would many others.
:)

> I'm sorry you believe it can't be true, maybe you should look at how to
> secure entry points a little better and then you might understand how
> easy it is.

I didn't say I don't believe it to be true, Only that what your
claiming just seems a bit far fetched; Not the security of your
networks, but the no false alarms thing. That's all.