[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x

To: Fyodor <fyodor@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
From: Bipin Gautam <gautam.bipin@xxxxxxxxx>
Date: Mon, 12 Dec 2005 22:43:27 +0545

The sad thing is AV vendor don't have a proper boundary on their
products work-scope. Though, giving a clean chit to products like
Claria/Gator is a big shame... I still strongly support the move of AV
vendors to classify product like nmap, netcat, metasploit as POTENTIAL
THREATS; though it's childish to treat those product equv. as
hack-tools. What AV vendor currently lack is a proper and CLEAR way to
let the users choose the level of security they want. All AV vendors
still lack even basics as, proper & basic common standards that are
followed by all AV products.

BUT guys commonâ so you want to share the stupid flames of users over
your security product with the AV vendors as they have classified it
as a BAD-TOOL. Will that make you feel better?  It's more of your
headache & responsibility to let the users know before download that
your security product might be classified by AV as potential threats
as, YOU KNOW they may be used for either good or bad purpose. I don't
suppose Fyodor will take any responsibility for the action of a
malicious user if nmap is used for some malicious purpose??? How AV
software would know whether software's like netcat, metasploit or nmap
found in a machine is put there by a legitimate user or by a malicious
person willing to some further evil deeds. So as a proactive measure
they rate the software's as a threat. DEFAULT DENY. Makes sense to meâ
( but I agree AV vendors lack proper classification ) hey... User
always has the option to ask their AV to ignore the particular
file/directory if they own the privilege in the machine anyways.

So what's the point in discussing such stuffs??? oOo ya... a proper
and CLEAR classification from the vendors side so that the user can
easily choose the level of protection he/she wants. But that needs
some design changes not just on the AV signatures. Let's hope we'll
see those on some upcoming version.

>>>Would you yank out Canvas, and Core Impact products as well?
>>>oh, wait... there probably isn't a sig for those so you wouldn't know.
Is that just I or everyone is hearing the whispering words;
Partialityâ shortsightednessâââââ

best regards,
-Bipin Gautam

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
  - From: Yvan Boily

References:
- [Full-disclosure] McAfee VirusScan vs Metasploit Framework v2.x
  - From: H D Moore
- [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
  - From: Fyodor

Prev by Date: Re: [Full-disclosure] Famous n3td3v quotes - The Director's Cut (out now on DVD)
Next by Date: [Full-disclosure] SCOSA-2005.53 UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSH Multiple Vulnerabilities
Previous by thread: RE: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
Next by thread: Re: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
Index(es):
- Date
- Thread