nanog mailing list archives

Re: Clueless anti-virus products/vendors (was Re: Sober)

From: Robert Bonomi <bonomi () mail r-bonomi com>
Date: Sun, 4 Dec 2005 23:12:15 -0600 (CST)

From owner-nanog () merit edu  Sun Dec  4 22:34:54 2005
Date: Mon, 05 Dec 2005 04:30:26 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Subject: Re: Clueless anti-virus products/vendors (was Re: Sober)
To: "Steven M. Bellovin" <smb () cs columbia edu>
Cc: "Church, Chuck" <cchurch () netcogov com>, nanog () merit edu

On Sun, 4 Dec 2005, Steven M. Bellovin wrote:

In message <B6621ED4D0AD394BBA73CA657DFD8976869630 () MSPEXBE01 wamnet inc>, "Chur
ch, Chuck" writes:


What about all the viruses out there that don't forge addresses?
Sending a warning message makes sense for these.  Unless someone has


A-V companies are in the business of analyzing viruses.  They should
*know* how a particular virus behaves.


This has also been said before, but... they are also in the business of
SELLING their product. It seems that the 'default' (note I don't either:
use av, nor scan emails for virii so I'm not sure what defaults to what...
just use something other than outlook and you can care less about it) is
possibly there for advertising effect more than anything else :(

Hey, bob's company stopped this virus with $PRODUCT_12, why aren't we
using that product $VP_O_IT ??


"Because they 'very thoughtfully' fowarded the entire message, INCLUDING
 THE VIRUS ITSELF, to us.  _Even_though_ the original message did not 
 originate here.

"Do you _really_ think we should start forwarding viruses to our customers,
 'just because' their address was forged into a message sent us?  Just how
 do you think our customers would respond to _that_?"


There _is_ an art-form to backing management into an untennable corner, when
they are bound and determined to do something 'wrong'.  It's simply a matter
of finding the "right" consequences of the action, to illustrate _why_ the
proposed thing is 'wrong'.   'Revenues', and 'customer satisfaction' are 
almost _universal_ "hot buttons" that can frequently be used to advantage.

Current thread:

Re: Recording the return path (was Re: Clueless anti-virus products/vendors), (continued)
- - - Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Per Heldal (Dec 12)
    - Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Stephen Sprunk (Dec 12)
    - Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Todd Vierling (Dec 12)
    - Re: Recording the return path (was Re: Clueless anti-virus products/vendors) Todd Vierling (Dec 12)
    - Re: Clueless anti-virus products/vendors (was Re: Sober) Michael . Dillon (Dec 08)
    - Re: Clueless anti-virus products/vendors (was Re: Sober) Niels Bakker (Dec 08)
    - Re: Clueless anti-virus products/vendors Florian Weimer (Dec 07)
  - RE: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 04)
  - Message not available
    - RE: Clueless anti-virus products/vendors (was Re: Sober) Daniel Senie (Dec 04)
  - Re: Clueless anti-virus products/vendors (was Re: Sober) Rich Kulawiec (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Robert Bonomi (Dec 04)