Firewall Wizards mailing list archives
Opinions on the security of antivirus software
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Fri, 05 Jul 2002 14:59:59 +0200
Hi, I was wondering what opinions you people have on different antivirus packages, security-wise.
From what I've seen, most popular antivirus packages tend to distribute
their updates in self-executing files with little or no authenticity validation. This, in my opinion, leaves a lot to be desired for security. The downloads are themselves completely unauthenticated (usually plain FTP, which has its own sets of problems, as we all know), and even those that attempt authenticity validation do not appear to have to know-how to do it properly. [1] So: what are YOUR opinions on the (in)security of the antivirus packages out there? And: How competent is the scanner engine? What kind of encodings and packaging formats does it recognize? And, most importantly: what does it do when something is "bad"? (e.g. broken base64 encoding that the browser will handle even though it is broken)? Signature update speed is secondary here (most get updates out within a day -- fine by me), and beautiful GUIs get zero points. I recently looked at Sophos' site; it appears they distribute the brunt of the changes through CDs and only distribute new signatures over the 'net. To me, this seems a sound idea... ? Thanks, /Mikael -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "It's July. I'm on vacation. Can't you tell? :)" [1] At least one major vendor claimed to do this, I believe it was Symantec, although huge flaws were found that allowed an attacker to inject pretty much ANY executable and have it run by the internal server(s). They claim it is fixed now, but ... _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Opinions on the security of antivirus software Mikael Olsson (Jul 05)
- Re: Opinions on the security of antivirus software H. Morrow Long (Jul 05)
- Re: Opinions on the security of antivirus software bill earley (Jul 05)
- Re: Opinions on the security of antivirus software R. DuFresne (Jul 06)
- Re: Opinions on the security of antivirus software bill earley (Jul 06)
- Re: Opinions on the security of antivirus software R. DuFresne (Jul 06)