funsec mailing list archives

Re: Kaspersky strikes again

From: silky <michaelslists () gmail com>
Date: Sun, 23 Dec 2007 13:10:26 +1100

On Dec 23, 2007 12:05 PM, Drsolly <drsollyp () drsolly com> wrote:


On Sat, 22 Dec 2007, silky wrote:

On Dec 22, 2007 10:35 AM, Larry Seltzer <Larry () larryseltzer com> wrote:

Even so, there would be so much less testing to do, wouldn't there?
After all, on an appliance users can't just arbitrarily install
applications (not and expect support).

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: Drsolly [mailto:drsollyp () drsolly com]
Sent: Friday, December 21, 2007 6:29 PM
To: Larry Seltzer

Cc: funsec () linuxbox org; Richard M. Smith
Subject: RE: [funsec] Kaspersky strikes again

On Fri, 21 Dec 2007, Larry Seltzer wrote:

Damn, I'm going to get a good column out of this.

Doc: What about gateway appliances? Is a signature system more
reasonable when you have a limited number of closed platforms?


You've misunderstood my concern.

If you update your sigs hourly, then you have less than an hour to do
all the testing. It doesn't matter how many computers are running the
new version; they're all running something that has had less than an
hour of testing, and I don't really want to run something that has been
tested for less than an hour, on my systems.


sorry but i don't see how 'hourly releases' translates into 'one hour
of testing'. that seems like an assumption on your part, it's not a
direct result of that strategy.

you need to look at the actual number of signatures they generate
internally. if they only write one once an hour, then that's the one
they must release. but if they write more then that, or have a
stockpile they release from, then clearly they can spend more then one
hour testing.


What's the point of hourly releases, if you're releasing stuff that you
did a week ago?


Marketing tool? +time to test?


-- 
mike
http://lets.coozi.com.au/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

RE: Kaspersky strikes again, (continued)
- - RE: Kaspersky strikes again Drsolly (Dec 21)
    - RE: Kaspersky strikes again Larry Seltzer (Dec 21)
    - RE: Kaspersky strikes again Drsolly (Dec 21)
    - RE: Kaspersky strikes again Larry Seltzer (Dec 21)
    - RE: Kaspersky strikes again Drsolly (Dec 21)
    - RE: Kaspersky strikes again Larry Seltzer (Dec 21)
    - Re: Kaspersky strikes again Dude VanWinkle (Dec 22)
    - Re: Kaspersky strikes again coderman (Dec 21)
    - Re: Kaspersky strikes again silky (Dec 21)
    - Re: Kaspersky strikes again Drsolly (Dec 22)
    - Re: Kaspersky strikes again silky (Dec 22)
    - RE: Kaspersky strikes again Alex Eckelberry (Dec 21)
    - RE: Kaspersky strikes again Peter Kosinar (Dec 21)
- RE: Kaspersky strikes again Young, Keith (Dec 21)
  - RE: Kaspersky strikes again Hubbard, Dan (Dec 21)
- shit happens, et tu, AVG? was Re: Kaspersky strikes again Kitsune (Dec 21)
  - RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Alex Eckelberry (Dec 21)
    - RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 21)
    - Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again Valdis . Kletnieks (Dec 21)
    - RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again David Harley (Dec 22)
    - RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 22)

(Thread continues...)