Firewall Wizards mailing list archives

Re: Opinions on the security of antivirus software

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sat, 6 Jul 2002 02:45:58 -0400 (EDT)


Of course there was a recent thread on pgp signatures and e-mail in which
it was mentioned that few folks actually check the signature keys within
those signed messages they get.  The quetion I pose here then is, how many
actually check the pgp signatures, or even md5 checksums on all the code
they scarf up off the net?  Of course, if I recall correctly also, when
monkey.org was compromised recently and trojaned ode placed there, were
not the md5 checksums also altered to make the trojaned code appear valid?
If a site is compromised using pgp signatures, how much of an issue would
it be to alter then also?

Thanks,

Ron DuFresne

On Fri, 5 Jul 2002, bill earley wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 05 July 2002 07:59 am, Mikael Olsson wrote:

So: what are YOUR opinions on the (in)security of the antivirus
packages out there?


F-Protect ( http://www.f-prot.com ) signs all their "packages" with PGP.

They are also one of the best "scan engines" I 've seen for Dos, Win, or *nix.

And since we run Linux at the "web-front" we get them in tarballs instead of 
self-extracting executables.

Bill Earley

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9JnGaej43sadgu/sRAjt0AJ9qRFP2WyFtbMHeK0Y88OoFkcnQ4gCgqa5H
tI2lHy1YlCf+MMv+NlS6m2g=
=9o1p
-----END PGP SIGNATURE-----

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Opinions on the security of antivirus software Mikael Olsson (Jul 05)
- Re: Opinions on the security of antivirus software H. Morrow Long (Jul 05)
- Re: Opinions on the security of antivirus software bill earley (Jul 05)
  - Re: Opinions on the security of antivirus software R. DuFresne (Jul 06)
    - Re: Opinions on the security of antivirus software bill earley (Jul 06)