Return-Path: <sentto-279987-4444-1013118455-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 07 Feb 2002 13:50:08 -0800 (PST) Received: (qmail 26456 invoked by uid 510); 7 Feb 2002 21:47:58 -0000 Received: from n35.groups.yahoo.com (216.115.96.85) by all.net with SMTP; 7 Feb 2002 21:47:58 -0000 X-eGroups-Return: sentto-279987-4444-1013118455-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.187] by n35.groups.yahoo.com with NNFMP; 07 Feb 2002 21:47:35 -0000 X-Sender: junkmail@barnowl.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-8_0_2); 7 Feb 2002 21:47:34 -0000 Received: (qmail 18501 invoked from network); 7 Feb 2002 21:47:31 -0000 Received: from unknown (216.115.97.167) by m6.grp.snv.yahoo.com with QMQP; 7 Feb 2002 21:47:31 -0000 Received: from unknown (HELO server-7.tower-15.messagelabs.com) (63.210.62.243) by mta1.grp.snv.yahoo.com with SMTP; 7 Feb 2002 21:47:30 -0000 X-VirusChecked: Checked Received: (qmail 9215 invoked from network); 7 Feb 2002 21:47:29 -0000 Received: from nospam.barnowl.com (HELO barnowl.com) (206.72.12.109) by server-7.tower-15.messagelabs.com with SMTP; 7 Feb 2002 21:47:29 -0000 Received: from Office01 (unknown [10.1.1.133]) by barnowl.com (Postfix) with SMTP id A6889ED64 for <iwar@yahoogroups.com>; Thu, 7 Feb 2002 15:41:05 -0600 (CST) To: <iwar@yahoogroups.com> Message-ID: <NDBBJBDJCGCKGDILPNNECEKLHGAA.junkmail@barnowl.com> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal From: "Junkmail Rosenberger" <junkmail@barnowl.com> X-Yahoo-Profile: barnowlcom Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 7 Feb 2002 15:47:31 -0600 Subject: [iwar] AV software exploits on the horizon? Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Heads up. The state of New York sued Network Associates, Inc. today for deceptive practices. To whit: NAI claims censorship rights over anything remotely labeled as a "product review." See http://www.oag.state.ny.us/press/2002/feb/feb07a_02.html for details. I agree strongly with NY's lawsuit. HOWEVER, I wonder if the resulting PR may finally bring attention to the many unacceptable vulnerabilities lurking in AV software. We must accept the fact AV exploits still sound like a "new thing" to the world. European virus expert Andreas Marx, for example, realized the EIS exploits last year and published a paper in "Virus Bulletin" before he ever learned of my work in this area. If NY's lawsuit pours enough PR into the mainstream, it may spark a "hacker reads, hacker talks, reporter writes, hacker reads, hacker talks, reporter writes..." cycle. This means we may finally see those attacks I fretted about in 1999. Forget the security holes for a moment. Let's just talk about DoS attacks. Marx feels many antivirus firms to this day overlook "DoS governors" for their products despite my call for them in 1999. We may finally see a change if black hats start exploiting AV software vulnerabilities. ...This brings up an interesting question. "What does Mr. Anti-Hysteria think will happen?" I'm glad you asked. In the SHORT term, we may see one or two media-popularized attacks. Ironically, such an attack will only work against those who protect themselves with AV software. I predict pavlovian AV users will (a) update their products in typical panicky fashion and then (b) applaud vendors for "quickly" offering "updates." (Savvy vendors will label them "updates" instead of "patches." The term "quickly" will gloss over events in the previous millennium.) In the MID term, we may see a wave of AV software vulnerability alerts. Mind you, we already *do* see such alerts, but the AV community in general tends to keep them out of the limelight. (Microsoft would kill for the vulnerability secrecy enjoyed by AV vendors.) We can suppose these alerts will force no more updating than already occurs in the AV user community. Remember: we currently advise people to update their AV software 52-365 times per year. In the LONG term, pursuit of AV software vulnerabilities will lead to safer AV software. Open source OSs enjoy a serious degree of safety because so many people look for security flaws. Closed-source OSs like Microsoft products grow safer every day for exactly the same reason. ...I'll wrap up by restating my major point. I agree with NY's lawsuit against NAI but I wonder if its PR will alert hackers to pursue AV software vulnerabilities. Rob ------------------------ Yahoo! Groups Sponsor ---------------------~--> Sponsored by VeriSign - The Value of Trust When building an e-commerce site, you want to start with a secure foundation. Learn how with VeriSign's FREE Guide. http://us.click.yahoo.com/kWSNbC/XdiDAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST