Full Disclosure mailing list archives
RE: E-mail virus free tags (Was: SHUT THE F**K UP)
From: "Andrew Aris" <andrew () dev bigfishinternet co uk>
Date: Thu, 25 Mar 2004 14:46:08 -0000
This has been something I've wondered about for a while, its a good idea for e-mails to carry some kind of "passed" tag from AV systems only if it actually means something. Which as just a plain text, easily duplicatable signature it doesn't in-fact as recent Netsky variants are busy proving its worse than not having it. Sowhy don'tthe AV vendors use for example PGP to sign mails? Surelythis would give the process some meaning? Sorry -- this is a moronic idea. _What_ value does it add? Say we even managed to securely include the scanning time- & date- stamp, the name and version of the scanner engine and .DEF/.DAT/etc files and even important information such as "scanned using most gnarly heuristics level" or "used aggressive scan mode", etc... What would that buy us? It would tell us that a product that was _by definition_ out of date at the time it did the scanning, and a product that is _by definition_ unable to detect all possible viruses, failed to detect a virus in this message. Whoopdie fucking doooo! And you want us to waste gazillions of CPU cycles worldwide every minute, adding all these worthless signatures to Email messages and even more cycles optionally "authenticating" them? Man -- whatever it is you are on, you should find a new supplier...
errr.. thanks for that Nick. Can I suggest you lay off the caffeine for the rest of the day? You seem a little agitated is all ;-) My post was just a suggestion, no particular need to get offensive about it. Fair enough you don't think its a smart idea and you make some excellent points (at least I'm pretty sure that I saw some amidst all that biting sarcasm and swearing) so I'm now inclined to agree with you. Sure enough all you gain from it is that notion that you can choose to trust the AV vendor rather than just the sender and the situations where that could be useful are probably really quite rare. I wasnt even really seriously suggesting that it be taken up as a standard practice, after all as you point out the resource costs of doing so would be very high compared with the really quite small gain. I was more puzzled as to why the AV vendors who have gone down the "rubber stamp" route haven't chosen to implement something more than a plain text sign. I'm sure at some point in your life Nick you must have come up with the occasional bad idea and then realised it for what it was when someone pointed out something to you so try and keep a little perspective. On reflection perhaps the post was something of a newbie question - one that would have been better posted on Security Basics. I posted on FD purely because it seemed to follow on from something I had seen on here. regards, Andrew _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SHUT THE FUCK UP, (continued)
- Re: SHUT THE FUCK UP Raymond Morsman (Mar 24)
- Re: SHUT THE FUCK UP Dave Horsfall (Mar 24)
- Re: SHUT THE FUCK UP Stormwalker (Mar 24)
- Re: SHUT THE FUCK UP Berend-Jan Wever (Mar 24)
- Re: SHUT THE FUCK UP John Sage (Mar 24)
- meep meep. stop it. the lumpalaya (Mar 24)
- Re: SHUT THE FUCK UP morning_wood (Mar 24)
- Re: SHUT THE FUCK UP Valdis . Kletnieks (Mar 24)
- E-mail virus free tags (Was: SHUT THE F**K UP) Andrew Aris (Mar 25)
- Re: E-mail virus free tags (Was: SHUT THE F**K UP) Nick FitzGerald (Mar 25)
- RE: E-mail virus free tags (Was: SHUT THE F**K UP) Andrew Aris (Mar 25)
- Re: E-mail virus free tags (Was: SHUT THE F**K UP) Troy (Mar 26)
- RE: E-mail virus free tags (Was: SHUT THE F**K UP) Larry Seltzer (Mar 27)
- Re: SHUT UP Steve Marin (Mar 24)
- Re: SHUT UP David Hane (Mar 24)
- Re: SHUT UP Valdis . Kletnieks (Mar 24)
- Re: SHUT UP Steve Marin (Mar 24)
- Re: SHUT UP Valdis . Kletnieks (Mar 24)
- Re: SHUT UP Maarten (Mar 24)
- Re: SHUT UP madsaxon (Mar 24)
- RE: SHUT UP Brent Colflesh (Mar 24)