Re: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x

[Yvan Boily <yboily@xxxxxxxxx>]

>
> BUT guys common… so you want to share the stupid flames of users over
> your security product with the AV vendors as they have classified it
> as a BAD-TOOL. Will that make you feel better?  It's more of your
> headache & responsibility to let the users know before download that
> your security product might be classified by AV as potential threats
> as, YOU KNOW they may be used for either good or bad purpose. I don't
> suppose Fyodor will take any responsibility for the action of a
> malicious user if nmap is used for some malicious purpose??? How AV
> software would know whether software's like netcat, metasploit or nmap
> found in a machine is put there by a legitimate user or by a malicious
> person willing to some further evil deeds. So as a proactive measure
> they rate the software's as a threat. DEFAULT DENY. Makes sense to me…
> ( but I agree AV vendors lack proper classification ) hey... User
> always has the option to ask their AV to ignore the particular
> file/directory if they own the privilege in the machine anyways.


 The issue isn't that it is a default deny approach; it is the case that
when a user requests additional information from the tool that would delete
the software, they receive a very skewed perspective.

Anyone who uses McAffee want to download the load of FoundStone tools and
determine if any of those (including SuperScan!) qualify as 'hacking tools'?
http://www.foundstone.com/resources/freetools.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/