funsec mailing list archives
RE: Overloading AV software, try #2
From: Drsolly <drsollyp () drsolly com>
Date: Fri, 7 Jul 2006 22:14:30 +0100 (BST)
On Fri, 7 Jul 2006, Richard M. Smith wrote:
The goal of the 200 warning messages is to get someone to turn off their AV software and not to immedieately infect their machine.
You're probably have to select an especially stupid user if their response to seeing 200 viruses arrive on their computer, was to switch off their AV. That's a bit like, your response to being stung by a nettle, would be to take off all your clothes and dive into the nettle patch. I'm not saying that there aren't people who would do such a thing. Just that there aren't many of them, because most of them were Intelligently Designed out (or were eliminated by evolution, if you believe the lies called evolution).
Richard -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Friday, July 07, 2006 4:38 PM To: Richard M. Smith Cc: 'FunSec LList' Subject: Re: [funsec] Overloading AV software, try #2 On Fri, 07 Jul 2006 16:24:53 EDT, "Richard M. Smith" said:My question is about overloading the user with warning messages, notDoSinga box. Let me try asking my question a different way. If an AV software package suddenly sees 200 virus files being written to a hard drive, willitpresent to the user 200 individual warning messages about these virusfiles? Depends on its design. At that point, the more important question is how/why the source is able to write 200 files that could potentially be viruses onto the disk - that indicates a massive sandbox failure on the part of the MUA or browswer or whatever. (And yes, I know it's *theoretically* possible that a webpage have 200 alledged jpeg's on it that have malformed headers that cause a buffer overrun and a code exploit - but if you have *that*, you just want to send *one* so you can try to fly under the wire...) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Question about Viruses, (continued)
- Re: Re: Question about Viruses Peter Kosinar (Jul 08)
- Re: Re: Question about Viruses Drsolly (Jul 08)
- Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- RE: Overloading AV software, was Question about Viruses Peter Kosinar (Jul 07)
- Re: Overloading AV software, was Question about Viruses Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- RE: Overloading AV software, try #2 Drsolly (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Peter Kosinar (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Drsolly (Jul 08)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Peter Kosinar (Jul 07)
- RE: Overloading AV software, try #2 Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)