North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Clueless anti-virus products/vendors (was Re: Sober)

  • From: Steven M. Bellovin
  • Date: Sun Dec 04 23:06:04 2005

In message <[email protected]>, "Chur
ch, Chuck" writes:
>What about all the viruses out there that don't forge addresses?
>Sending a warning message makes sense for these.  Unless someone has
>done the research to determine the majority of viruses forge addresses,
>you really can't complain about the fact that the default is to warn.
>Calling vendors 'clueless' because a default doesn't match your needs is
>a little extreme, don't you think?  The ideal solution would be for the
>scanning software to send a warning only if the virus detected is known
>to use real addresses, otherwise it won't warn.

A-V companies are in the business of analyzing viruses.  They should 
*know* how a particular virus behaves.

		--Steven M. Bellovin,