Security Basics mailing list archives
FW: Authencity of AV downloads
From: "Jack Solomon" <solzjack43 () hotmail com>
Date: Tue, 09 Mar 2004 09:57:21 +0000
RaghuSophos Enterprise Manager Library performs integrity checking to ensure that the AV product and the virus signatures are authentic. This is to prevent virus authors from subverting the AV product itself. I'd advise you to go to sophos.com/support/docs and read the EM1.1 manual.
Good luck! Jack
-----Original Message----- From: Raghu Chinthoju [mailto:chraghu_ml () mailcan com] Sent: 06 March 2004 20:03 To: security-basics () securityfocus com Subject: Authencity of AV downloads Hi Group, I have been looking at the virus definition files distribution mechanism of few of the Antivirus vendors like McAfee, Sophos, Symantec, ESafe etc. None of these folks provide any authenticity like MD5 hashes, PGP signatures etc along with these downloads, nor these files are encrypted in some form, nor do their sites run any secure web services. The files are downloadable from plain HTTP and FTP servers. The same is the case with download of the virus removal tools like stinger etc. The sole authenticity of the downloaded stuff depends on "how authentic the domain name to IP resolution is" OR "how secure the name services in the path from my PC to the AV vendor are"! In my opinion, it is relatively easy to compromise plain DNS. Things can get worse if the AV vendors name server itself is compromised! May be I'm not the first to raise this, but how come these AV vendors have not acted upon this (hope I'm not missing any thing here)? Your thoughts? Regards, Raghu -- http://www.fastmail.fm - Same, same, but different... --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- ************************************** CONFIDENTIALITY NOTICE/DISCLAIMER This email and any attachments are confidential, protected by copyright/intellectual property rights and may be legally privileged. If you are not the intended recipient, dissemination or copying of this email is prohibited. If you have received this in error, please notify us by forwarding this email to the following address ( mailto:Support.Desk () Markelintl Com ) and then delete the email completely from your system. This email and any attachments have been scanned for computer viruses by a market leading anti-virus system. However, it is the responsibility of the recipient to conduct its own security measures. No responsibility is accepted by Markel International Ltd. and/or its subsidiaries/service companies for loss or damage arising from the receipt or use of this email and any attachments. No responsibility is accepted by Markel International Ltd. and/or its subsidiaries/service companies for personal emails. Markel International Ltd, http://www.Markelintl.Com **************************************
_________________________________________________________________ Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- Authencity of AV downloads Raghu Chinthoju (Mar 08)
- Re: Authencity of AV downloads Charley Hamilton (Mar 09)
- <Possible follow-ups>
- FW: Authencity of AV downloads Jack Solomon (Mar 09)
- SV: Authencity of AV downloads Anders Lundman (Mar 10)