funsec mailing list archives
RE: Kaspersky strikes again
From: "Thomas Raef" <traef () ebasedsecurity com>
Date: Mon, 24 Dec 2007 06:33:10 -0600
Is it constant corporate rivalries that forced AV companies to "brag"about releasing updates every hour? Ya know, a few years back, the vendor that does the A/V part of our front-end email boxes took about 6 hours to get us a pattern that matched a fast-burning email-based worm. In those 6 hours, we got pounded by so many copies all sending themselves to everybody (which is pretty badly synergistic in a mostly closed community like a .EDU with 50K active mailboxes, and almost every single one of them has zillions of *other* valid addresses on the same server just floating around on the drive waiting to be scraped). How badly? The backend system folded under the load when the load average got to 1487 or so, and it took us several *days* to get a clean restart (it proved to be harder than it looked to bring up the back end without the front ends dumping several tens of millions of messages onto the server and pounding it back into the Stone Age). When 6 or 8 hours of delay means you could have a meltdown with literally millions of backlogged messages, suddenly "every hour" starts sounding good...
[Tom Replied With:] Yes, but if that same sig had mis-identified a system executable, what damage could have been done? I guess there is no clear answer - but it has been very interesting following this thread. Some very enlightening information has been shared. Thomas J. Raef e-Based Security, LLC http://www.ebasedsecurity.com traef () ebasedsecurity com 1-866-251-5803 No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.6/1193 - Release Date: 12/22/2007 2:02 PM _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again, (continued)
- Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again Dude VanWinkle (Dec 22)
- RE: [stuff] happens, et tu, AVG? was Re: Kaspersky strikes again Young, Keith (Dec 21)
- RE: Kaspersky strikes again Daniel H. Renner (Dec 21)
- RE: Kaspersky strikes again Thomas Raef (Dec 23)
- RE: Kaspersky strikes again Larry Seltzer (Dec 23)
- RE: Kaspersky strikes again Alex Eckelberry (Dec 23)
- Re: Kaspersky strikes again Dude VanWinkle (Dec 23)
- RE: Kaspersky strikes again Larry Seltzer (Dec 23)
- RE: Kaspersky strikes again Thomas Raef (Dec 23)
- Re: Kaspersky strikes again Valdis . Kletnieks (Dec 23)
- Re: Kaspersky strikes again Drsolly (Dec 24)
- Re: Kaspersky strikes again Valdis . Kletnieks (Dec 23)
- RE: Kaspersky strikes again Thomas Raef (Dec 24)