Re: Kaspersky strikes again

[coderman <coderman () gmail com>]

On Dec 21, 2007, Larry Seltzer wrote:
> Even so, there would be so much less testing to do, wouldn't there?

the beauty of a network based approach is the transparency and low
maintenance; but you don't get the visibility of on-host detection...
(SSL, large compressed payloads, etc) [0]

(and yes, almost no testing client side.  manage false positives as
they occur at the network appliance)


On Dec 21, 2007, Drsolly wrote:
> If you update your sigs hourly, then you have less than an hour to do all
> the testing.

depending on the platform and workflow you can parallelize testing
(patches, upgrades, beta, etc) to varying success with virtual
machines and a test automation framework.  still, even the fastest
test configurations would be hard pressed to verify malware feeds
real-time before deploying to production.

i'd love to know if anyone has even tried such a thing.  *grin*


0. Yoggie uses this method to good effect, as example:
http://www.yoggie.com/products
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.