Re: XP Security - in general
From: Robert Moir (robert.moir@ntlworld.com)
Date: 10/16/02
- Next message: mikeyp: "Outlook Express access"
- Previous message: Dan: "Internal Hacker"
- In reply to: Rob Rosenberger: "Re: XP Security - in general"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Robert Moir" <robert.moir@ntlworld.com> Date: Wed, 16 Oct 2002 20:48:47 +0100
Rob Rosenberger wrote:
[snip]
> Signature scanning fails to detect new viruses. More important,
> signature scanners fail *open* -- it lets a virus run rampant if it
> doesn't recognize the virus by name.
I have what might be an amusing story for you. I work at a small college
with a big university just up the road. The big university exchanges a lot
of documents with us and one day a lecturer there sent one of ours a word
document.
The email virus scanner passed it as clean.
The "nasty swear words" filter I'm ordered to operate on our mail blocked
the mail for using various cuss words. I saw the report and had queries from
the sending and hopeful receiever lecturer so I had a look. Not one bit of
cussing in the document itself. Yet still the report spoke clearly of
several occurances of some very nasty words. On an impulse i opened up the
macro editor and voila! A word macro virus which the scanner wasn't updated
to deal with, but had been caught because the programmer used various cuss
words for variable names and the "nasty swear words" scan picked them up.
Hows that for an unusual heuristic scan?
> However, this built-in failure
> only created small, localized problems for the antivirus industry
> throughout the 1990s. Ironically, the world's rosy view of signature
> scanning persisted after the Melissa virus struck in 1999 and after
> the ILoveYou virus struck in 2000.
We've never been hit by one of them. For quite a while now we've been
working another filter on email that said "If it has multiple extensions,
its probably not up to much good. Lets block it". Simple.
> Even today, if a reporter begrudging notes the flaw of antivirus
> software, he/she will insist no other technology exists to save the
> world from viruses. Reporters dismiss generic (or "profile based" or
> heuristic") detection as "a somewhat promising new idea that needs
> years of development before it can replace signature scanning. And
> that's assuming generic detection even proves viable." These
> reporters usually don't know generic virus detection pre-dates
> signature scanning -- and they universally think another antivirus
> methodology must "replace" signature scanning rather than complement
> it. (sigh)
Well of course the editors choice can only go to one product. And that
product over there scans instant messenger transfers of files, it says so on
the box. So it must be better than this scanner that does generic scanning,
let alone being better than this signature based scanner that doesn't claim
to scan IM file transfers but by default will scan any files created in the
IM file transfer directory along with the rest of the system.
> To this day, society refuses to blame the multi-billion-dollar
> antivirus industry (i.e. signature scanners) for failing to protect
> customers' PCs. The world at large blames everything & everyone else
> -- especially Microsoft, which does not sell an antivirus product.
> (Read http://Vmyths.com/rant.cfm?id=133&page=4 more insight.)
> Ironically, Microsoft has done more since 1999 to stop the spread of
> viruses than the entire antivirus industry combined. I don't make
> this claim lightly. Microsoft did it for a simple reason: because
> society demanded it from them.
>
> ...Society will someday finally blame antivirus firms for antivirus
> failures and demand better antivirus products. I assure you we'll
> see some real changes. The industry already possesses better
> antivirus software -- they just can't sell it. As I said in my
> earlier reply, society at large believes the cure (better antivirus
> software) is worse than the disease (viruses). Right now, reporters
> won't give it free ink and customers won't buy into it.
>
> So the antivirus industry sits on its thumbs and reaps huge profits on
> inferior software. Quality is not job #1, and the customer at large
> blames everyone except the antivirus industry for it, and I blame the
> customer at large for blaming everyone except the antivirus industry.
You know there have been some flames in here from people who have not liked
the fact a few of the regulars have noted that we don't always run antivirus
software. Funny how I've *never* had a virus outbreak on any of my
computers, and many of the posts asking for help with viruses say something
along the lines of "I don't know how it got past XYZ scanner because it was
running all the time, but...."
Regards
Robert Moir
- Next message: mikeyp: "Outlook Express access"
- Previous message: Dan: "Internal Hacker"
- In reply to: Rob Rosenberger: "Re: XP Security - in general"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
