FW: Authencity of AV downloads

["Jack Solomon" <solzjack43 () hotmail com>]

Raghu

Sophos Enterprise Manager Library performs integrity checking to ensure that 
the AV product and the virus signatures are authentic.  This is to prevent 
virus authors from subverting the AV product itself.  I'd advise you to go 
to sophos.com/support/docs and read the EM1.1 manual.

Good luck!

Jack


> -----Original Message-----
> From: Raghu Chinthoju [mailto:chraghu_ml () mailcan com]
> Sent: 06 March 2004 20:03
> To: security-basics () securityfocus com
> Subject: Authencity of AV downloads
>
>
> Hi Group,
>
> I have been looking at the virus definition files distribution mechanism
> of few of the Antivirus vendors like McAfee, Sophos, Symantec, ESafe etc.
> None of these folks provide any authenticity like MD5 hashes, PGP
> signatures etc along with these downloads, nor these files are encrypted
> in some form, nor do their sites run any secure web services. The files
> are downloadable from plain HTTP and FTP servers. The same is the case
> with download of the virus removal tools like stinger etc. The sole
> authenticity of the downloaded stuff depends on "how authentic the domain
> name to IP resolution is" OR "how secure the name services in the path
> from my PC to the AV vendor are"! In my opinion, it is relatively easy to
> compromise plain DNS. Things can get worse if the AV vendors name server
> itself is compromised! May be I'm not the first to raise this, but how
> come these AV vendors have not acted upon this (hope I'm not missing any
> thing here)?
>
> Your thoughts?
>
> Regards,
> Raghu
>
> --
> http://www.fastmail.fm - Same, same, but different...
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
>
> **************************************
> CONFIDENTIALITY NOTICE/DISCLAIMER
>
> This email and any attachments are confidential,
>  protected by copyright/intellectual property rights and
> may be legally privileged.  If you are not the intended
> recipient, dissemination or copying of this email is
> prohibited.
>
> If you have received this in error, please notify us by
> forwarding this email to the following address
>  ( mailto:Support.Desk () Markelintl Com ) and then
>  delete the email completely from your system.
>
> This email and any attachments have been scanned for
> computer viruses by a market leading anti-virus system.
> However, it is the responsibility of the recipient to conduct
>  its own security measures. No responsibility is accepted
>  by Markel International Ltd. and/or its
> subsidiaries/service companies for loss or damage
>  arising from the receipt or use of this email and any
> attachments.
>
> No responsibility is accepted by Markel International Ltd.
>  and/or its subsidiaries/service companies for personal
>  emails.
>
> Markel International Ltd, http://www.Markelintl.Com
>
> **************************************

_________________________________________________________________
Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------