Security Basics mailing list archives
Re: Looking for a Trojan
From: Eitan Adler <eitanadlerlist () gmail com>
Date: Thu, 22 Jan 2009 14:52:24 -0500
dan.crowley () gmail com wrote:
I actually just wrote about the inherent flaws in AV systems in my blog here... http://s148954166.onlinehome.us/2009/01/18/determining-legitimacy-the-inherent-problem-with-bad-detectors/
You are only talking about a false negative. This is to be expected and you should be aware of it in your use of AV programs. An AV program is designed to prevent one thing and one thing only: viruses. The batch script you mention isn't a virus but a harmful command. Defense against malicious commands isn't something that a AV program should be looking for. Why should an unprivileged process be able to run del /F /S /Q C:\*.* is a better question. Defense in depth is what it boils down to. A good working AV is the first step. A decent firewall is the second step. Running untrusted programs in an untrusted environment is the third step. etc. -- Eitan Adler "Security is increased by designing for the way humans actually behave." -Jakob Nielsen
Current thread:
- Re: Looking for a Trojan, (continued)
- Re: Looking for a Trojan michael (Jan 20)
- Re: Looking for a Trojan Adam Pal (Jan 20)
- Re: Looking for a Trojan Shreyas Zare (Jan 20)
- RE: Looking for a Trojan David Harley (Jan 20)
- Message not available
- Re: Looking for a Trojan Shreyas Zare (Jan 20)
- Re: Looking for a Trojan David Maus (Jan 20)
- Re: Looking for a Trojan Wagner Brett (Jan 21)
- Re: Looking for a Trojan Javier Reyna Padilla (Jan 20)
- Re: Looking for a Trojan ArcSighter Elite (Jan 27)
- Re: Looking for a Trojan dan . crowley (Jan 22)
- Re: Looking for a Trojan Eitan Adler (Jan 22)
- Re: Looking for a Trojan Sarapan (Jan 23)