Re: Do AV products detect PHP backdoors? Should they?

[Jim Murray <jim () digitaldaemons co uk>]

Gadi Evron wrote:

> I feel your pain, but I personally believe that the AV world:
> 1. Has no business doing web security.
> 2. Will.

I'd have to disagree with you on that one Gadi. Take for example the
common practice of hosting multiple clients on a single server. It would
be very useful for the hosting company to be able to automatically
detect malicious files and remove them (ideally generating an
administrative alert at the same time).

Client FTP passwords do get compromised. Clients do use insecure
versions of web applications. Clients frequently don't bother to update
when bugfixes come out. All of those mean that client sites can and will
get compromised regardless of how good the primary host's web security is.

Anything which can automatically mitigate such problems can only be a
good thing, surely.

I don't see it as AV doing 'web security' as such. I see it as AV doing
what AV is designed to do, detecting and removing malicious files.
Dealing with how they got there is something which AV can't and
shouldn't try to do - that's a job for the server's admin to do with
thier big, heavy stick ;)

Jim.

-- 
      DigitalDaemons IT Services.
---------------------------------------
   E-Mail : jim () digitaldaemons co uk
       PGP Key ID : 0xB7066495

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.