RE: Kaspersky strikes again

["Thomas Raef" <traef () ebasedsecurity com>]

> > Is it constant corporate rivalries that forced AV companies to "brag"
> about releasing updates every hour?
>
> Ya know, a few years back, the vendor that does the A/V part of our
> front-end email boxes took about 6 hours to get us a pattern that
> matched a fast-burning
> email-based worm.   In those 6 hours, we got pounded by so many copies
> all
> sending themselves to everybody (which is pretty badly synergistic in a
> mostly closed community like a .EDU with 50K active mailboxes, and
> almost every single one of them has zillions of *other* valid addresses
> on the same server just floating around on the drive waiting to be
> scraped).  How badly?  The backend system folded under the load when
> the load average got to 1487 or so, and it took us several *days* to
> get a clean restart (it proved to be harder than it looked to bring up
> the back end without the front ends dumping several tens of millions of
> messages onto the server and pounding it back into the Stone Age).
>
> When 6 or 8 hours of delay means you could have a meltdown with
> literally millions of backlogged messages, suddenly "every hour" starts
> sounding good...
[Tom Replied With:] 

Yes, but if that same sig had mis-identified a system executable, what damage could have been done?

I guess there is no clear answer - but it has been very interesting following this thread. Some very enlightening 
information has been shared.

Thomas J. Raef
e-Based Security, LLC
http://www.ebasedsecurity.com
traef () ebasedsecurity com
1-866-251-5803

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.17.6/1193 - Release Date: 12/22/2007 2:02 PM
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.