[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] E-mail virus free tags (Was: SHUT THE F**K UP)
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] E-mail virus free tags (Was: SHUT THE F**K UP)
- From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Mar 2004 00:30:58 +1200
"Andrew Aris" <andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> This has been something I've wondered about for a while, its a good idea for
> e-mails to carry some kind of "passed" tag from AV systems only if it
> actually means something. Which as just a plain text, easily duplicatable
> signature it doesn't in-fact as recent Netsky variants are busy proving its
> worse than not having it. So why don't the AV vendors use for example PGP to
> sign mails? Surely this would give the process some meaning?
Sorry -- this is a moronic idea.
_What_ value does it add?
Say we even managed to securely include the scanning time- & date-
stamp, the name and version of the scanner engine and .DEF/.DAT/etc
files and even important information such as "scanned using most gnarly
heuristics level" or "used aggressive scan mode", etc...
What would that buy us?
It would tell us that a product that was _by definition_ out of date at
the time it did the scanning, and a product that is _by definition_
unable to detect all possible viruses, failed to detect a virus in this
message.
Whoopdie fucking doooo!
And you want us to waste gazillions of CPU cycles worldwide every
minute, adding all these worthless signatures to Email messages and
even more cycles optionally "authenticating" them?
Man -- whatever it is you are on, you should find a new supplier...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html