Full Disclosure mailing list archives

Re[4]: McAfee VirusScan vs Metasploit Framework v2.x


From: Thierry Zoller <Thierry () Zoller lu>
Date: Sun, 11 Dec 2005 12:48:15 +0100

Dear sk GroundZero,

sG> well but you dont see the developer side of this.
sG> the big companies can "buy their way out of the
sG> signature file", that means that their application 
sG> wont be included as "potential unwanted software".

You mix the parameters here, you are refering to CLARIA
and Microsoft. Claria never developed "hacking" related
tools but adware. I never saw this reported otherwehere ?
(imho)

sG> but for small companies and freeware developers,
sG> this is a big loss, since if a AV vendors mark their 
sG> software as malware, noone will download it 
sG> anymore or even send complain mails and its hard
sG> for a little company or a single programmer to do
sG> much about this.
Like I said I know the developer side of this becuase one of my tools
was flagged. I choose to write a sentence above the download link
about it, that cut 98% of the complaint mails.

sG> for a small company that
sG> is selling shareware this could mean loss of money.
Tell me, I am/was doing trialware.

sG> sure an AV vendor wont care if some little company 
sG> goes out of business. i remember this one tool called
sG> pest remover or something ..it simply removes anything 
sG> that could possibly harm.
It still exists : "Pest Patrol". Companies bought it explicitely
_because_ it reported _everything_. On some critical LANS not
even netcat should be installed. That's where these programs
come in and fill the gap. Yes on the business side there was a gap
the common AV solutions reported _not enough_ for certain
environments, AV vendors saw this and partielly closed the gap.

sG> but their selection is very stupid
sG> as even a C programming text (!) will be removed
sG> and various portscanners or other administrative tools.
IMHO : Yes and no. Again in _some_ highly critical enviroment
there should never be source code lying around on workstation
which opens sockets or similar. It's hard to see but there IS actually
a rising demand for these scanners that tag everything.

sG> anyhow the most redicilous malware
sG> removing tool i ever saw!
I agreed years ago, now I disagree.


-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Current thread: