RE: AVG released BAD update
Any antivirus or antispyware ever attack one of its own files? Maybe NAV killing NPF? I wonder how the AVs prevent that from happening, considering some of the methods they use in the software. Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185 Cell [EMAIL PROTECTED] -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2008 10:17 PM To: NT System Admin Issues Subject: Re: AVG released BAD update I bet it would be a better idea to verify the signature - ask Microsoft for the public portion of their X.509 signing key to verify the integrity of system files. The AV package would use it's own copy of Microsoft's public key since it would have no way of knowing if the key store was somehow compromised. Ben Scott wrote: I wonder why the AV companies don't find a better way to prevent something like this, do not delete digitally signed files, something. Anything they did, the attackers could do, too. You're asking for the inverse of the evil bit defined in RFC-3514 -- a good bit that can be set on files that aren't dangerous. -- Phil Brutsche [EMAIL PROTECTED] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: AVG released BAD update
I can tell you that during the McAfee install if you had all the options turned on it would block part of its install. However during the install. Now that may be part of our automated install, but it would block if we had that option set. -Original Message- From: Gene Giannamore [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 3:00 PM To: NT System Admin Issues Subject: RE: AVG released BAD update Any antivirus or antispyware ever attack one of its own files? Maybe NAV killing NPF? I wonder how the AVs prevent that from happening, considering some of the methods they use in the software. Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185 Cell [EMAIL PROTECTED] -Original Message- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2008 10:17 PM To: NT System Admin Issues Subject: Re: AVG released BAD update I bet it would be a better idea to verify the signature - ask Microsoft for the public portion of their X.509 signing key to verify the integrity of system files. The AV package would use it's own copy of Microsoft's public key since it would have no way of knowing if the key store was somehow compromised. Ben Scott wrote: I wonder why the AV companies don't find a better way to prevent something like this, do not delete digitally signed files, something. Anything they did, the attackers could do, too. You're asking for the inverse of the evil bit defined in RFC-3514 -- a good bit that can be set on files that aren't dangerous. -- Phil Brutsche [EMAIL PROTECTED] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
AVG released BAD update
http://tech.slashdot.org/tech/08/11/10/2319209.shtml I don't use it? But, maybe you know someone who might find this useful? Gene C. In Memory of my little brother http://genec-lori.com/ PackRat GarageSale http://genec-lori.biz/ Genes-Computers Inc. Yulee ,Fl Established 1981, Microsoft OEM Registered member, system builder Active registered Microsoft Partner Active Charter Partner of The Association of System Builders and Integrators If you think you're beaten, Then you are! If you give up the fight, Accept it !! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: AVG released BAD update
We use avg8 in this small office. I wonder why the AV companies don't find a better way to prevent something like this, do not delete digitally signed files, something. Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577Office (707) 935-9387Fax (707) 766-4185 Cell [EMAIL PROTECTED] -Original Message- From: c.e. gene c. [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2008 7:51 PM To: NT System Admin Issues Subject: AVG released BAD update http://tech.slashdot.org/tech/08/11/10/2319209.shtml I don't use it? But, maybe you know someone who might find this useful? Gene C. In Memory of my little brother http://genec-lori.com/ PackRat GarageSale http://genec-lori.biz/ Genes-Computers Inc. Yulee ,Fl Established 1981, Microsoft OEM Registered member, system builder Active registered Microsoft Partner Active Charter Partner of The Association of System Builders and Integrators If you think you're beaten, Then you are! If you give up the fight, Accept it !! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: AVG released BAD update
On Wed, Nov 12, 2008 at 5:02 PM, Gene Giannamore [EMAIL PROTECTED] wrote: I wonder why the AV companies don't find a better way to prevent something like this, do not delete digitally signed files, something. Anything they did, the attackers could do, too. You're asking for the inverse of the evil bit defined in RFC-3514 -- a good bit that can be set on files that aren't dangerous. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: AVG released BAD update
I bet it would be a better idea to verify the signature - ask Microsoft for the public portion of their X.509 signing key to verify the integrity of system files. The AV package would use it's own copy of Microsoft's public key since it would have no way of knowing if the key store was somehow compromised. Ben Scott wrote: I wonder why the AV companies don't find a better way to prevent something like this, do not delete digitally signed files, something. Anything they did, the attackers could do, too. You're asking for the inverse of the evil bit defined in RFC-3514 -- a good bit that can be set on files that aren't dangerous. -- Phil Brutsche [EMAIL PROTECTED] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~