funsec mailing list archives
RE: Kaspersky strikes again
From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Fri, 21 Dec 2007 15:34:34 -0500
I once actually asked Eugene Kaspersky about this on a press tour (we met at the Starbucks in Penn Station). He sort of mumbled (actually, everything he says is a mumble I guess), but he didn't really answer the question. I took it as confirmation of my fears. I think their attitude is the Netscape/Google philosophy: "Testing? That's what customers are for." Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <http://security.eweek.com/> <http://blogs.pcmag.com/securitywatch/> http://blogs.pcmag.com/securitywatch/ <http://blogs.pcmag.com/securitywatch/Contributing> Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com ________________________________ From: Richard M. Smith [mailto:rms () computerbytesman com] Sent: Friday, December 21, 2007 3:29 PM To: Larry Seltzer; funsec () linuxbox org Subject: RE: [funsec] Kaspersky strikes again It seems to me that signature testing should also include making sure that system files and common application files are never flagged as malware....... Testing can also be speeded up, by running tests in parallel in a farm of testing computers. Richard ________________________________ From: Larry Seltzer [mailto:Larry () larryseltzer com] Sent: Friday, December 21, 2007 10:46 AM To: Richard M. Smith; funsec () linuxbox org Subject: RE: [funsec] Kaspersky strikes again I remember years ago writing about the speed of updates necessary now for a/v vendors, and how kaspersky talked about how they do it hourly. It basically makes it impossible to do meaningful tests. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <http://security.eweek.com/> <http://blogs.pcmag.com/securitywatch/> http://blogs.pcmag.com/securitywatch/ <http://blogs.pcmag.com/securitywatch/Contributing> Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com ________________________________ From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Richard M. Smith Sent: Friday, December 21, 2007 9:11 AM To: funsec () linuxbox org Subject: [funsec] Kaspersky strikes again Kaspersky false alarm quarantines Windows Explorer Accidents will happen By John Leyden <blocked::http://forms.theregister.co.uk/mail_author/?story_url=/2007/12 /20/kaspersky_false_alarm/> 20 Dec 2007 17:00 http://www.channelregister.co.uk/2007/12/20/kaspersky_false_alarm/ <blocked::http://www.channelregister.co.uk/2007/12/20/kaspersky_false_al arm/> A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows Explorer (explorer.exe) as infected with a low-risk virus, Huhk-C. As a result the core Windows component was quarantined or worse. Kaspersky released a revised update alongside advice on how to recover legitimate system and application files from quarantine (the default setting) within two hours. But that's not much consolation for users that had set their software to auto-delete infected files, who found themselves with hosed systems. Among those affected was Reg reader Carl. "A false positive caused the deletion of explorer.exe.," he reports. "It would have only caused problems for companies performing their network scan during the hours that the dodgy update was present - which included me, unfortunately. I was working out of hours to fix the previous Kaspersky update problem. I finally finished sorting it all at 5am.". ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Kaspersky strikes again Richard M. Smith (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- RE: Kaspersky strikes again Richard M. Smith (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- RE: Kaspersky strikes again Drsolly (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- RE: Kaspersky strikes again Drsolly (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- RE: Kaspersky strikes again Drsolly (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)
- Re: Kaspersky strikes again Dude VanWinkle (Dec 22)
- Re: Kaspersky strikes again coderman (Dec 21)
- Re: Kaspersky strikes again silky (Dec 21)
- Re: Kaspersky strikes again Drsolly (Dec 22)
- RE: Kaspersky strikes again Richard M. Smith (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 21)