Home page logo

basics logo Security Basics mailing list archives

Authencity of AV downloads
From: "Raghu Chinthoju" <chraghu_ml () mailcan com>
Date: Sun, 07 Mar 2004 01:33:23 +0530

Hi Group,

I have been looking at the virus definition files distribution mechanism
of few of the Antivirus vendors like McAfee, Sophos, Symantec, ESafe etc.
None of these folks provide any authenticity like MD5 hashes, PGP
signatures etc along with these downloads, nor these files are encrypted
in some form, nor do their sites run any secure web services. The files
are downloadable from plain HTTP and FTP servers. The same is the case
with download of the virus removal tools like stinger etc. The sole
authenticity of the downloaded stuff depends on “how authentic the domain
name to IP resolution is” OR “how secure the name services in the path
from my PC to the AV vendor are”! In my opinion, it is relatively easy to
compromise plain DNS. Things can get worse if the AV vendors name server
itself is compromised! May be I’m not the first to raise this, but how
come these AV vendors have not acted upon this (hope I’m not missing any
thing here)? 

Your thoughts?


http://www.fastmail.fm - Same, same, but different…

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]