funsec mailing list archives
Re: No AV? Shock, horror!
From: Charles Miller <cmiller () securityevaluators com>
Date: Mon, 28 Sep 2009 15:06:07 -0500
Ah Dan. There is an error in your logic. If AV couldn't detect the "bot" on a machine, then it is not a bot. How else would you prove it was a bot! ;) Charlie On Sep 28, 2009, at 2:08 PM, Dan Kaminsky wrote:
This only measures AV detected infections. If I take 10,000 machines that did have AV, and 10,000 machines that did not, and compare, say, botnet infection rates manually -- is there a difference? I'm looking for: 'A node running AV is n% less likely to be running malicious software than a node not running AV.'. On Sep 28, 2009, at 2:34 PM, <Toralv_Dirro () McAfee com> wrote:All logs from a central AV-management console listing what has been detected by the OnAccess scanner on the workstations would qualify as that source of data (after sorting out the things that actually infect a machine from the things AV is expected to detect nowadays in addition). Without AV most entries in that log would have resulted in an infected machine... cheers, Toralv-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Dan Kaminsky Sent: Monday, September 28, 2009 7:56 PM To: Blanchard_Michael () emc com Cc: funsec () linuxbox org; rMslade () shaw ca Subject: Re: [funsec] No AV? Shock, horror! Non-rhetorical question: Is there a source of data showing 10,000 machines with AV are less likely to be infected than 10,000 machines without? On Mon, Sep 28, 2009 at 7:38 PM, <Blanchard_Michael () emc com> wrote:There are plenty of AV products for *nix platforms. It'snot that there is a *huge* amount of viruses for those platforms, it's that those platforms are often accessed by Windows platforms and the merchant should want to provide a clean file to a customer...Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation4400 ComputerDr. Westboro, MA 01580 -----Original Message----- From: funsec-bounces () linuxbox org[mailto:funsec-bounces () linuxbox org]On Behalf Of Drsolly Sent: Friday, September 25, 2009 5:13 PM To: Rob, grandpa of Ryan, Trevor, Devon & Hannah Cc: funsec () linuxbox org Subject: Re: [funsec] No AV? Shock, horror! Maybe some merchants don't use Windows? On Fri, 25 Sep 2009, Rob, grandpa of Ryan, Trevor, Devon &Hannah wrote:PCI survey finds some merchants don't use antivirus software http://www.networkworld.com/news/2009/092309-pci-survey-finds- some- merchants.html?hpg1=bn (But absolutely no surprise whatsoever ...) ====================== (quote inserted randomly byPegasus Mailer)rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org Living well is the best revenge. George Herbert, 16th century Englishclergymanhttp://victoria.tc.ca/techrev/rms.htm http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/NoticeBored _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.Firmensitz: Muenchen Amtsgericht: AG Muenchen Handelsregister: HRB 144340 Geschaeftsfuehrer: Emmet Russell, Keith Krzeminski, Douglas Rice Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006 UST-ID: DE168122444_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: No AV? Shock, horror!, (continued)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Blanchard_Michael (Sep 29)
- Re: No AV? Shock, horror! Kenneth L. Bechtel, II (Sep 29)
- Re: No AV? Shock, horror! Blanchard_Michael (Sep 29)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 30)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Toralv_Dirro (Sep 28)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 28)
- Re: No AV? Shock, horror! Charles Miller (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 28)
- Re: No AV? Shock, horror! Paul Ferguson (Sep 28)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Paul Ferguson (Sep 29)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 29)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Charles Miller (Sep 29)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)