Re: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
BUT guys common… so you want to share the stupid flames of users overyour security product with the AV vendors as they have classified it as a BAD-TOOL. Will that make you feel better? It's more of yourheadache & responsibility to let the users know before download thatyour security product might be classified by AV as potential threats as, YOU KNOW they may be used for either good or bad purpose. I don'tsuppose Fyodor will take any responsibility for the action of amalicious user if nmap is used for some malicious purpose??? How AVsoftware would know whether software's like netcat, metasploit or nmap found in a machine is put there by a legitimate user or by a maliciousperson willing to some further evil deeds. So as a proactive measurethey rate the software's as a threat. DEFAULT DENY. Makes sense to me… ( but I agree AV vendors lack proper classification ) hey... Useralways has the option to ask their AV to ignore the particularfile/directory if they own the privilege in the machine anyways. The issue isn't that it is a default deny approach; it is the case that when a user requests additional information from the tool that would delete the software, they receive a very skewed perspective. Anyone who uses McAffee want to download the load of FoundStone tools and determine if any of those (including SuperScan!) qualify as 'hacking tools'? http://www.foundstone.com/resources/freetools.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
The sad thing is AV vendor don't have a proper boundary on their products work-scope. Though, giving a clean chit to products like Claria/Gator is a big shame... I still strongly support the move of AV vendors to classify product like nmap, netcat, metasploit as POTENTIAL THREATS; though it's childish to treat those product equv. as hack-tools. What AV vendor currently lack is a proper and CLEAR way to let the users choose the level of security they want. All AV vendors still lack even basics as, proper & basic common standards that are followed by all AV products. BUT guys common… so you want to share the stupid flames of users over your security product with the AV vendors as they have classified it as a BAD-TOOL. Will that make you feel better? It's more of your headache & responsibility to let the users know before download that your security product might be classified by AV as potential threats as, YOU KNOW they may be used for either good or bad purpose. I don't suppose Fyodor will take any responsibility for the action of a malicious user if nmap is used for some malicious purpose??? How AV software would know whether software's like netcat, metasploit or nmap found in a machine is put there by a legitimate user or by a malicious person willing to some further evil deeds. So as a proactive measure they rate the software's as a threat. DEFAULT DENY. Makes sense to me… ( but I agree AV vendors lack proper classification ) hey... User always has the option to ask their AV to ignore the particular file/directory if they own the privilege in the machine anyways. So what's the point in discussing such stuffs??? oOo ya... a proper and CLEAR classification from the vendors side so that the user can easily choose the level of protection he/she wants. But that needs some design changes not just on the AV signatures. Let's hope we'll see those on some upcoming version. >>>Would you yank out Canvas, and Core Impact products as well? >>>oh, wait... there probably isn't a sig for those so you wouldn't know. Is that just I or everyone is hearing the whispering words; Partiality… shortsightedness… best regards, -Bipin Gautam ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
Heck they even block WinPcap_3_1.exe the network drivers that are Used by many programs And these are just the drivers. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
On Sat, Dec 10, 2005 at 01:53:59PM -0800, Fyodor wrote: > Competitors such as Trend Micro and Norton seem to focus on > actual malware. Not so fast: Symantec Corporate edition v10 flags Famatech's RAdmin (remote administrator) as badware, mainly because it's been used by Trojans in the past as a remote control mechanism. I know that if I didn't use this software on my network, I'd want to know that it was somewhere. But a customer *does* use this software, and there is no centralized way to tell it "Ignore RAdmin if it's in the expected place" or at least "Ignore RAdmin"; it has to be excluded by hand in a couple of places on each desktop, and it's just been a nightmare. >From what I understand, Symantec has not been terribly concerned about this, and I'm sure the poor folks at Famatech are beside themselves. Steve --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/