Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Anti virus installations on Windows servers
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Sun, 3 May 2009 01:41:08 +0200 (CEST)

On Fri, 1 May 2009, T Biehn wrote:

The example provides an easy to concoct scenario where perhaps
anti-virus software might be employed to great benefit where the
actual OS's security would be a moot point.

Very unlikely. If your OS has got more holes than a piece of Emmentaler
malicious code might exploit one of them to circumvent or disable
detection even before your antivirus gets a chance to scan it. You lose.
Game over.

It's interesting to see that so many on this list have become so
hypnotized that they would go so far to say that A/V is useless and
the only possible protection is switching to some other OS.

Let me check: Can antivirus prevent an arbitrary piece of malware from
causing harm? No--it is impossible even in theory (see Rice's theorem). 
Can OS with a strict MAC policy prevent an arbitrary piece of malware from
causing harm? Yes--it is not easy but it is certainly possible.

It is equally obvious to point to an example when, yes, an A/V
(however deployed) would provide a worthwhile added value to the user
experience, this point is sufficient for winning the debate.

Primo: "A worthwhile added value" might be very far from "optimal".
Secundo: Does "however deployed" includes "defunct"?
Tertio: User experience?!

Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21th century edition /

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]