nanog mailing list archives
Re: Clueless anti-virus products/vendors (was Re: Sober)
From: Larry Smith <lesmith () ecsis net>
Date: Sun, 4 Dec 2005 21:44:08 -0600
On Sunday 04 December 2005 21:27, Church, Chuck wrote:
What about all the viruses out there that don't forge addresses? Sending a warning message makes sense for these. Unless someone has done the research to determine the majority of viruses forge addresses, you really can't complain about the fact that the default is to warn. Calling vendors 'clueless' because a default doesn't match your needs is a little extreme, don't you think? The ideal solution would be for the scanning software to send a warning only if the virus detected is known to use real addresses, otherwise it won't warn.
True, but the "capability" has been in most AV software for quite a long time now to know which ones "forge" and which do not. Clamav has a "list" of which virii are "forging" and which are not - I am reasonably certain that most other AV products have the same information at hand (a quick search of Symantec confirms that they know [ref sober worm, para 23, From: (spoofed)). So while I agree with your basic concept of notifying someone that they are infected - when you can notify the "right" person - blanket notifications are more trouble than the virus itself in many cases. And yes, as of yesterday I have more "blowback" from sober than from the worm itself.... -- Larry Smith SysAd ECSIS.NET sysad () ecsis net
Current thread:
- RE: Clueless anti-virus products/vendors (was Re: Sober), (continued)
- RE: Clueless anti-virus products/vendors (was Re: Sober) W.D.McKinney (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Christian Kuhtz (Dec 04)
- RE: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Rich Kulawiec (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Steve Sobol (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Rich Kulawiec (Dec 05)
- RE: Clueless anti-virus products/vendors (was Re: Sober) W.D.McKinney (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Robert Bonomi (Dec 04)
- RE: Clueless anti-virus products/vendors (was Re: Sober) Church, Chuck (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Geo. (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Christian Kuhtz (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Larry Smith (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Steven M. Bellovin (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Edward B. Dreger (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Jamie C. Pole (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Christopher L. Morrow (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Valdis . Kletnieks (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 06)