RE: MS Anti Virus?

["joe" <mvp () joeware net>]

My initial thought of a response to this was something along the lines of do
you wear an aluminum foil helmet as you seem to fit the profile... I decided
against that. I mean I still think it but I think this response is
better....

Antivirus software will probably always be around. Why? Because it is mostly
software to prevent uneducated users from hurting themselves and it is
probably impossible to get to a point that all users will be educated and
there won't be ways to hurt themselves and people specifically trying to
hurt them. While AV is simply an extension of the user interface of the OS,
at this point in the game if the OS vendor treats it that way it would
simply result in lawsuits by the AV vendors against the OS vendors which is
why MS will have to sell what they have.

It is possible now to run without AV software and be safe, if you are fully
educated user and take precautions and patch when the patches are available,
you will be pretty safe even if you don't run AV and there are probably many
users on this list that fit that category and don't run AV. 

Many of the recent viruses hitting the corporate world haven't been holes in
MS products causing the problem. It has been good social engineering. One of
the more recent ones that had me laughing was an email that came through
with a password protected zip file with the password in the email and the
note sounding like it came from the IT dept. People all over the world
opened that up and ran it. If they would have had to have downloaded it,
chmod'ed it, and then run it they would have done so if the instructions had
said so. Yes you could probably stop this with a simple note in a small
company, maybe 50,100,1000 people. This was a company comprising 250k people
from around the world and no simple note was going to do the trick. You
could also lock machines down to the point that they are merely kiosks as
well but this isn't realistic except in a tightly controlled corporate
environment and even still you would have considerable bitching by users who
wanted more control. 

I don't care what OS you run, if it is a user popular OS and if that OS gets
targeted by someone with a clever social engineering scheme, it will have
impact. 

I have pretty close ties to MS so most of your post simply make me smirk. I
have met and talked with many developers there and know how busy they are
and that they are mostly good guys trying to do a good job. Now that the
company has switched to a more secure stance they are allowed to do more
good whereas before they didn't have a hammer in terms of security. 

I have had "official" access to MS OS source now for almost a year and can
say that the code base is huge. While it is possible that someone could bury
something in there purposely it is more likely that someone makes a mistake
and doesn't understand all of the different ways that their function or
module could be used. This is changing, the new code being written is being
looked at very closely for security now and not just functionality. I know I
know... "MS did a complete security review of all code when they made this
decision and....". Again this code base is huge, no way they could catch
everything. I am, however, not happy about some of the things that have
gotten through such as the various USN/BER encoding and RPC issues but it is
getting better whether you want to admit it or not. 


  joe


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Todd Burroughs
Sent: Thursday, June 17, 2004 5:04 AM
To: Chris Cappuccio
Cc: Andre Ludwig; slacker; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] MS Anti Virus?

They are planning to get into a market that gaurds against the failures in
their own product.  I don't like this, as it seems that they are going to be
in a position to intentionally make holes that their "anti-virus"
software will fix.  If we had a more competitive market in this type of
software there would be no market for AV software and the AV companies would
be making better operating systems.  Remember, Microsoft is a marketing
company and they are very good at it and very powerful.

Educate your friends and family.  Unfortunately, there isn't much choice
right now, but someone will do for Linux (or *BSD) what Apple has done.
If Apple was smart, they would make an OS for PCs.  Maybe they will...

It's sad that we are wasting so much resources on what should be a
non-problem.

Todd Burroughs
---
The Internet has given us unprecedented opportunity to communicate and share
on a global scale without borders; fight to keep it that way.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html