[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Anti virus installations on Windows servers
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Anti virus installations on Windows servers
- From: Pavel Kankovsky <peak@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 3 May 2009 01:41:08 +0200 (CEST)
On Fri, 1 May 2009, T Biehn wrote:
> The example provides an easy to concoct scenario where perhaps
> anti-virus software might be employed to great benefit where the
> actual OS's security would be a moot point.
Very unlikely. If your OS has got more holes than a piece of Emmentaler
malicious code might exploit one of them to circumvent or disable
detection even before your antivirus gets a chance to scan it. You lose.
Game over.
> It's interesting to see that so many on this list have become so
> hypnotized that they would go so far to say that A/V is useless and
> the only possible protection is switching to some other OS.
Let me check: Can antivirus prevent an arbitrary piece of malware from
causing harm? No--it is impossible even in theory (see Rice's theorem).
Can OS with a strict MAC policy prevent an arbitrary piece of malware from
causing harm? Yes--it is not easy but it is certainly possible.
> It is equally obvious to point to an example when, yes, an A/V
> (however deployed) would provide a worthwhile added value to the user
> experience, this point is sufficient for winning the debate.
Primo: "A worthwhile added value" might be very far from "optimal".
Secundo: Does "however deployed" includes "defunct"?
Tertio: User experience?!
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21th century edition /
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/