Re: Oops: McAfee Update Exterminates Excel

["Joe Jaroch (Tera Innovations, Inc.)" <security () terainnovations com>]

I don't really see why these companies can't do testing before releasing 
definitions. We test (and I'm sure others test) all of the definitions 
before releasing them by updating our copies of our program internally, 
and then using a network of ~20 high end computers to scan (on-demand 
scan, which should really be almost exactly the same as an on access 
scan in most cases) a few million 'clean' files. With fast enough 
computers that I'm sure McAfee could afford, this process takes just a 
couple minutes. I'm imagining (or at least hoping) that well established 
companies do this, and I don't see why they wouldn't. Even when a brand 
new, global threat comes out, you NEED to test even the beta definitions 
because if the cure is worse than the illness, we have a problem.

I also wonder what definition they could have added which caused CTX to 
be detected. Were they modifying the actual CTX detection, or did they 
find a new variant?

-Joe Jaroch
Tera Innovations, Incorporated.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.