Security Incidents mailing list archives
RE: strange windows behaviour.
From: "Harley David" <david.harley () nhsia nhs uk>
Date: Fri, 10 Oct 2003 09:40:28 +0100
From what I've seen of this thread, I'm not sure that
streams are quite as "safe" as I thought they were. However, I think Paul's point essentially still stands, individual AV implementation quirks apart. -Except- for the assertion that there's no advantage to detecting inert malware. If vendors really believed this, they wouldn't scan for Mac viruses on PCs, or Windows viruses on Unix boxes. If it's malicious, it's on a system, and it's technically possible to detect it, surely it's reasonable to expect at least an available option to detect it? After all, viruses already exist that force the vendors to mess with streams to repair the infection. -- David Harley Threat Assessment Centre Manager Anti-Virus/Email Abuse Specialist NHS Information Authority 07765 250765
There's been a lot of discussion about this amongst av professionals. There's really no advantage to scanning streams because they are "inert". In order for the trojan to do anything, it has to "come out of hiding" as it were, and when it does, av on access scanning will detect it **if it's a known trojan**. While it's in the stream it's merely in storage, not being used. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
This e-mail is confidential and privileged. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: strange windows behaviour., (continued)
- Re: strange windows behaviour. Tobias Rice (Oct 10)
- RE: strange windows behaviour. Harlan Carvey (Oct 09)
- Administrivia: strange windows behaviour. Dan Hanson (Oct 09)
- RE: strange windows behaviour. Chris Brenton (Oct 09)
- RE: strange windows behaviour. Pepijn Vissers (Oct 09)
- Re: strange windows behaviour. Karl Levinson (Oct 09)
- Re: strange windows behaviour. Harlan Carvey (Oct 10)
- RE: strange windows behaviour. Schmehl, Paul L (Oct 09)
- RE: strange windows behaviour. J Mike Rollins (Oct 09)
- RE: strange windows behaviour. Harley David (Oct 10)
- RE: strange windows behaviour. Harley David (Oct 10)
- RE: strange windows behaviour. Schmehl, Paul L (Oct 10)
- Re: strange windows behaviour. Derek (Oct 14)