North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Clueless anti-virus products/vendors (was Re: Sober)
On Sunday 04 December 2005 21:27, Church, Chuck wrote: > What about all the viruses out there that don't forge addresses? > Sending a warning message makes sense for these. Unless someone has > done the research to determine the majority of viruses forge addresses, > you really can't complain about the fact that the default is to warn. > Calling vendors 'clueless' because a default doesn't match your needs is > a little extreme, don't you think? The ideal solution would be for the > scanning software to send a warning only if the virus detected is known > to use real addresses, otherwise it won't warn. True, but the "capability" has been in most AV software for quite a long time now to know which ones "forge" and which do not. Clamav has a "list" of which virii are "forging" and which are not - I am reasonably certain that most other AV products have the same information at hand (a quick search of Symantec confirms that they know [ref sober worm, para 23, From: (spoofed)). So while I agree with your basic concept of notifying someone that they are infected - when you can notify the "right" person - blanket notifications are more trouble than the virus itself in many cases. And yes, as of yesterday I have more "blowback" from sober than from the worm itself.... -- Larry Smith SysAd ECSIS.NET [email protected]
|