Full Disclosure mailing list archives
Re: (no subject)
From: Maarten <fulldisc () ultratux org>
Date: Fri, 13 Aug 2004 18:06:06 +0200
On Friday 13 August 2004 05:00, Brad Griffin wrote:
network but located inside the "dirty" lab, say) they often do not _want_ to break their own concentration. I'd suggest they're not so isolated as you claim. For one thing, howdo you suppose they get to hear new strains are found ? Or receive samples ? Did you take the term 'isolated' to mean locked away with no human or other contact? ...strange...
Not per se. But the argument about not wanting to break concentration doesn't really fly if one is constantly interrupted by coworkers either...
*virii* grrrr
What ? You prefer viruses ? virusses ? Viri ? Virea ? Virux ? ;-)
No. It may not matter IF you only use one single brand of AV software. But that is NOT how it works in the real world. Companies tend todeploymultiple AV solutions on different layers so as to decrease thelikelihood of some virus slipping through. And maybe even more importantly, "Googleresearch" is done all the time, which doesn't work well if a straingoes by many different names. I am yet to come across a 'large' company or enterprise that uses separate brand av applications for desktop and server solutions. It makes economic and logistic sense to use one vendor for your av solution that is deployed at different levels (or layers if you prefer that terminology). About the only people I've seen use different antivirus products in one environment are home users or small businesses that misinterpret 'layers of defence' in an anti-virus context to mean 'different brands of defence'. Considering that many major av co's products are cross platform nowadays, I doubt many companies will continue using separate brand products in a mixed OS environment for much longer either.
Well, whoever said 'large' companies are the only ones that matter? In my experience having multiple brands happens often. In some cases they may deploy a filtering mail gateway that's bundled with a brand X virusscanner. In other cases they may find that brand Y on the desktop offers better value than using brand Z which they equipped their exchange server with... In any case, deploying multiple brands IS a good practise, security-wise. If a buffer overflow (or a botched Datfile update) is found in one product it will probably affect their whole line of products. That's bad. Then let's consider the various timezones; using european and US AV products can sometimes give you the few hours advance that you need to avoid a disaster. If you want 4 locks on your front door, would you buy four locks of the same brand ? (or even, for paranoid people like me: would you have them all installed by the same guy ?) For me, the answer would be a resounding NO.
I can't understand how the Google research is a problem with naming conventions. Google for a virus name and multiple hits come up, mostly for descriptions on a/v sites that also carry the alias names in most cases.
Yes they do. But I hardly think it is LESS work for them to track all those "aka" names and versions to include in their description pages than it would be to standardize after the fact on one single name for the virus. Right ?
My take is that so long as anti-virus developers are managing to keep their reactive model of virus detection and removal almost up to speed with the release of new malware, I don't really care if they name the next virus George or Mildred, so long as their software will identify and remove it from a system.
Well, precisely. You hit the nail on the head... It happened on SO many occasions to me that the installed AV scanner did identify the virus but was unable to remove it (or it instantly came back after "removal") that I had to hunt down a different (better) removal tool (rescue-CD, dedicated removal tool, or otherwise). It is at those moments that all the aliases in use for the virus bite you. Maarten -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: (no subject), (continued)
- RE: (no subject) Corey Hart (Aug 09)
- (no subject) Dufresne (Aug 09)
- RE: (no subject) Seamus Hartmann (Aug 09)
- RE: (no subject) Stephen Agar (Aug 09)
- RE: (no subject) Todd Towles (Aug 09)
- RE: (no subject) Michael Poulin - Home Office (Aug 09)
- Re: (no subject) tcleary2 (Aug 10)
- Re: (no subject) Marek Isalski (Aug 10)
- (no subject) phoenix (Aug 11)
- RE: (no subject) Brad Griffin (Aug 12)
- Re: (no subject) Maarten (Aug 13)
- Re: (no subject) Kyle Maxwell (Aug 13)
- RE: (no subject) Nick FitzGerald (Aug 14)
- Re: (no subject) Maarten (Aug 13)
- RE: (no subject) Todd Towles (Aug 13)
- Re: (no subject) Barry Fitzgerald (Aug 13)
- RE: (no subject) Todd Towles (Aug 13)
- RE: (no subject) Todd Towles (Aug 13)
- Re: Virus naming conventions, or lack of them Etaoin Shrdlu (Aug 13)
- Re: (no subject) Barry Fitzgerald (Aug 13)