funsec mailing list archives
Re: Kaspersky strikes again
From: coderman <coderman () gmail com>
Date: Fri, 21 Dec 2007 17:49:53 -0800
On Dec 21, 2007, Larry Seltzer wrote:
Even so, there would be so much less testing to do, wouldn't there?
the beauty of a network based approach is the transparency and low maintenance; but you don't get the visibility of on-host detection... (SSL, large compressed payloads, etc) [0] (and yes, almost no testing client side. manage false positives as they occur at the network appliance) On Dec 21, 2007, Drsolly wrote:
If you update your sigs hourly, then you have less than an hour to do all the testing.
depending on the platform and workflow you can parallelize testing (patches, upgrades, beta, etc) to varying success with virtual machines and a test automation framework. still, even the fastest test configurations would be hard pressed to verify malware feeds real-time before deploying to production. i'd love to know if anyone has even tried such a thing. *grin* 0. Yoggie uses this method to good effect, as example: http://www.yoggie.com/products _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Kaspersky strikes again, (continued)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- RE: Kaspersky strikes again Richard M. Smith (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- RE: Kaspersky strikes again Drsolly (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- RE: Kaspersky strikes again Drsolly (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- RE: Kaspersky strikes again Drsolly (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- Re: Kaspersky strikes again Dude VanWinkle (Dec 22)
- Re: Kaspersky strikes again coderman (Dec 21)
- Re: Kaspersky strikes again silky (Dec 21)
- Re: Kaspersky strikes again Drsolly (Dec 22)
- Re: Kaspersky strikes again silky (Dec 22)
- RE: Kaspersky strikes again Richard M. Smith (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- RE: Kaspersky strikes again Alex Eckelberry (Dec 21)
- RE: Kaspersky strikes again Peter Kosinar (Dec 21)
- RE: Kaspersky strikes again Hubbard, Dan (Dec 21)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Alex Eckelberry (Dec 21)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 21)