[87126] in North American Network Operators' Group
Re: Clueless anti-virus products/vendors (was Re: Sober)
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sun Dec 4 23:05:21 2005
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Church, Chuck" <cchurch@netcogov.com>
Cc: nanog@merit.edu
In-Reply-To: (Your message of "Sun, 04 Dec 2005 21:27:58 CST.")
<B6621ED4D0AD394BBA73CA657DFD8976869630@MSPEXBE01.wamnet.inc>
Date: Sun, 04 Dec 2005 23:04:52 -0500
Errors-To: owner-nanog@merit.edu
In message <B6621ED4D0AD394BBA73CA657DFD8976869630@MSPEXBE01.wamnet.inc>, "Chur
ch, Chuck" writes:
>
>What about all the viruses out there that don't forge addresses?
>Sending a warning message makes sense for these. Unless someone has
>done the research to determine the majority of viruses forge addresses,
>you really can't complain about the fact that the default is to warn.
>Calling vendors 'clueless' because a default doesn't match your needs is
>a little extreme, don't you think? The ideal solution would be for the
>scanning software to send a warning only if the virus detected is known
>to use real addresses, otherwise it won't warn.
>
A-V companies are in the business of analyzing viruses. They should
*know* how a particular virus behaves.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
