Full Disclosure mailing list archives
Re: AV companies better hire good lawyers soon.
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 15 Sep 2004 12:29:52 +1200
Frank Knobbe wrote:
Alternatively, software manufacturers can add their applications into AV exclusion lists upon installation of their products. Applications already have to "register" with the operating systems. Why not make it register with the AV software if the software is prone to false positives? Or at least advice the end-user of such recommended manual step during installation.
Do I detect the re-emergence of parasitic binary infectors?
If the user trusts the application, and does not trust the AV software, he can override the AV checks for this software. If AV vendors present a lot of false positives, my guess is that the trust of the end user in those AV products will wane. So, it is in the best interest for the AV vendor to ensure low/no false positives. There is no need for software manufacturers to "register" their products with AV vendors.
Of course, the best solution is to fix the cart-before-the-horse design of contemporary scanners. They should not be black-listing (by it's nature heavily prone to _both_ false-positives (the issue here) and false-negatives ("you should expoect us to miss new malware")) but enforcing white lists. The "bad old days" of severe hardware (RAM, CPU cycles, I/O speed) limitations that made black-listing only marginally acceptable because it was the only amrginallt viable approach, are _long_ past. Idiot users that want to run just any old cr*p code from anywhere are welcome to keep failing to be "protected" by black-listing scanners, but informed admin types should have been agitating for years npw for their AV developers (or, perhaps better, other security system developers) to develop a useful, real-time black-listing solution that would work in a corporate setting. Partly because this did not happen we then had all manner of further idiocies "enforced" on us, such as the truly screwed-up notion that we should accept arbitrary code from web servers (in the form of HTML-embedded scripts, scripting in third- party interpreted languages such as are used in SWF, etc, etc). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: AV companies better hire good lawyers soon., (continued)
- Re: AV companies better hire good lawyers soon. James Tucker (Sep 14)
- Re: AV companies better hire good lawyers soon. Mister Coffee (Sep 14)
- Re: AV companies better hire good lawyers soon. Manuel C. -aka- ekerazha (Sep 14)
- Re: AV companies better hire good lawyers soon. Barry Fitzgerald (Sep 14)
- Re: AV companies better hire good lawyers soon. Mister Coffee (Sep 14)
- Re: AV companies better hire good lawyers soon. gadgeteer (Sep 14)
- Re: AV companies better hire good lawyers soon. Micheal Espinola Jr (Sep 14)
- Re: AV companies better hire good lawyers soon. Frank Knobbe (Sep 14)
- Re: AV companies better hire good lawyers soon. Valdis . Kletnieks (Sep 14)
- Re: AV companies better hire good lawyers soon. Frank Knobbe (Sep 14)
- Re: AV companies better hire good lawyers soon. Nick FitzGerald (Sep 14)
- RE: AV companies better hire good lawyers soon. Jean Gruneberg (Sep 13)
- Re: AV companies better hire good lawyers soon. Frank Knobbe (Sep 14)
- Re: AV companies better hire good lawyers soon. Michael Simpson (Sep 15)
- Re: AV companies better hire good lawyers soon. Florian Weimer (Sep 14)
- Re: AV companies better hire good lawyers soon. gadgeteer (Sep 14)
- Re: Re: AV companies better hire good lawyers soon. James Tucker (Sep 14)
- Re: Re: AV companies better hire good lawyers soon. Florian Weimer (Sep 14)