Re: AV companies better hire good lawyers soon.

[Barry Fitzgerald <bkfsec () sdf lonestar org>]

Mister Coffee wrote:

> Making it the other guy's fault doesn't wash.  It's more bad QC on the AV vendor's part.  But as you mentioned previously, they'll get pounced if 
> zome 0day gets past them and some clown loses his data.  It's a thankless task.  But it's _far_ more reasonable for them to err on the side of "Physician, do 
> no harm" and miss the first day of an outbreak than it is for them to rush out and -break existing programs- because they were in such a hurry to "Be first to 
> recognize ScatMaster () w32 MM!!"
>
>  
I'm not sure I entirely agree with that.

If AV vendors were physicians and operating system/application 
combinations biological entities, I might agree.

However, if XYZ AV program blows away a copy of c0rph0re.exe thinking 
its "scatmaster", it's not nearly as bad as if "scatmaster" were allowed 
to spread and cause other damage to people's PCs.  A compromised system 
can cause considerable problems for an organization, not to mention 
damage programs and files. 

It can be assumed that if said person has c0rph0re.exe on his system, 
he/she should be able to reinstall it should it get blown out of the 
water.  Recovery in this situation is relatively simple.  Recovery in 
the case of, say, a keylogger or a backdoor or a rootkit is not nearly 
so simple.

I would definately err on the side of caution here.

               -Barry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html