RE: Kaspersky strikes again

["Larry Seltzer" <Larry () larryseltzer com>]

I once actually asked Eugene Kaspersky about this on a press tour (we
met at the Starbucks in Penn Station). He sort of mumbled (actually,
everything he says is a mumble I guess), but he didn't really answer the
question. I took it as confirmation of my fears. 
 
I think their attitude is the Netscape/Google philosophy: "Testing?
That's what customers are for."
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ <http://security.eweek.com/> 
<http://blogs.pcmag.com/securitywatch/>
http://blogs.pcmag.com/securitywatch/
<http://blogs.pcmag.com/securitywatch/Contributing> 
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

 

________________________________

From: Richard M. Smith [mailto:rms () computerbytesman com] 
Sent: Friday, December 21, 2007 3:29 PM
To: Larry Seltzer; funsec () linuxbox org
Subject: RE: [funsec] Kaspersky strikes again


It seems to me that signature testing should also include making sure
that system files and common application files are never flagged as
malware.......
 
Testing can also be speeded up, by running tests in parallel in a farm
of testing computers.
 
Richard

________________________________

From: Larry Seltzer [mailto:Larry () larryseltzer com] 
Sent: Friday, December 21, 2007 10:46 AM
To: Richard M. Smith; funsec () linuxbox org
Subject: RE: [funsec] Kaspersky strikes again


I remember years ago writing about the speed of updates necessary now
for a/v vendors, and how kaspersky talked about how they do it hourly.
It basically makes it impossible to do meaningful tests.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ <http://security.eweek.com/> 
<http://blogs.pcmag.com/securitywatch/>
http://blogs.pcmag.com/securitywatch/
<http://blogs.pcmag.com/securitywatch/Contributing> 
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

 

________________________________

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Richard M. Smith
Sent: Friday, December 21, 2007 9:11 AM
To: funsec () linuxbox org
Subject: [funsec] Kaspersky strikes again


Kaspersky false alarm quarantines Windows Explorer
Accidents will happen
 
By John Leyden
<blocked::http://forms.theregister.co.uk/mail_author/?story_url=/2007/12
/20/kaspersky_false_alarm/>  
20 Dec 2007 17:00
http://www.channelregister.co.uk/2007/12/20/kaspersky_false_alarm/
<blocked::http://www.channelregister.co.uk/2007/12/20/kaspersky_false_al
arm/> 

A faulty signature update from Kaspersky Lab on Wednesday flagged up
Windows Explorer (explorer.exe) as infected with a low-risk virus,
Huhk-C. As a result the core Windows component was quarantined or worse.

Kaspersky released a revised update alongside advice on how to recover
legitimate system and application files from quarantine (the default
setting) within two hours. But that's not much consolation for users
that had set their software to auto-delete infected files, who found
themselves with hosed systems.

Among those affected was Reg reader Carl. "A false positive caused the
deletion of explorer.exe.," he reports. "It would have only caused
problems for companies performing their network scan during the hours
that the dodgy update was present - which included me, unfortunately. I
was working out of hours to fix the previous Kaspersky update problem. I
finally finished sorting it all at 5am.".

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.