Full Disclosure mailing list archives
Re: AV companies better hire good lawyers soon.
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 15 Sep 2004 12:29:52 +1200
Frank Knobbe wrote:
Alternatively, software manufacturers can add their applications into AV exclusion lists upon installation of their products. Applications already have to "register" with the operating systems. Why not make it register with the AV software if the software is prone to false positives? Or at least advice the end-user of such recommended manual step during installation.
Do I detect the re-emergence of parasitic binary infectors?
If the user trusts the application, and does not trust the AV software, he can override the AV checks for this software. If AV vendors present a lot of false positives, my guess is that the trust of the end user in those AV products will wane. So, it is in the best interest for the AV vendor to ensure low/no false positives. There is no need for software manufacturers to "register" their products with AV vendors.
Of course, the best solution is to fix the cart-before-the-horse design
of contemporary scanners. They should not be black-listing (by it's
nature heavily prone to _both_ false-positives (the issue here) and
false-negatives ("you should expoect us to miss new malware")) but
enforcing white lists. The "bad old days" of severe hardware (RAM, CPU
cycles, I/O speed) limitations that made black-listing only marginally
acceptable because it was the only amrginallt viable approach, are
_long_ past. Idiot users that want to run just any old cr*p code from
anywhere are welcome to keep failing to be "protected" by black-listing
scanners, but informed admin types should have been agitating for years
npw for their AV developers (or, perhaps better, other security system
developers) to develop a useful, real-time black-listing solution that
would work in a corporate setting. Partly because this did not happen
we then had all manner of further idiocies "enforced" on us, such as
the truly screwed-up notion that we should accept arbitrary code from
web servers (in the form of HTML-embedded scripts, scripting in third-
party interpreted languages such as are used in SWF, etc, etc).
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: AV companies better hire good lawyers soon., (continued)
- Re: AV companies better hire good lawyers soon. James Tucker (Sep 14)
- Re: AV companies better hire good lawyers soon. Mister Coffee (Sep 14)
- Re: AV companies better hire good lawyers soon. Manuel C. -aka- ekerazha (Sep 14)
- Re: AV companies better hire good lawyers soon. Barry Fitzgerald (Sep 14)
- Re: AV companies better hire good lawyers soon. Mister Coffee (Sep 14)
- Re: AV companies better hire good lawyers soon. gadgeteer (Sep 14)
- Re: AV companies better hire good lawyers soon. Micheal Espinola Jr (Sep 14)
- Re: AV companies better hire good lawyers soon. Frank Knobbe (Sep 14)
- Re: AV companies better hire good lawyers soon. Valdis . Kletnieks (Sep 14)
- Re: AV companies better hire good lawyers soon. Frank Knobbe (Sep 14)
- Re: AV companies better hire good lawyers soon. Nick FitzGerald (Sep 14)
- RE: AV companies better hire good lawyers soon. Jean Gruneberg (Sep 13)
- Re: AV companies better hire good lawyers soon. Frank Knobbe (Sep 14)
- Re: AV companies better hire good lawyers soon. Michael Simpson (Sep 15)
- Re: AV companies better hire good lawyers soon. Florian Weimer (Sep 14)
- Re: AV companies better hire good lawyers soon. gadgeteer (Sep 14)
- Re: Re: AV companies better hire good lawyers soon. James Tucker (Sep 14)
- Re: Re: AV companies better hire good lawyers soon. Florian Weimer (Sep 14)