mailing list archives
Re: Anti virus installations on Windows servers
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Sun, 3 May 2009 01:41:08 +0200 (CEST)
On Fri, 1 May 2009, T Biehn wrote:
The example provides an easy to concoct scenario where perhaps
anti-virus software might be employed to great benefit where the
actual OS's security would be a moot point.
Very unlikely. If your OS has got more holes than a piece of Emmentaler
malicious code might exploit one of them to circumvent or disable
detection even before your antivirus gets a chance to scan it. You lose.
It's interesting to see that so many on this list have become so
hypnotized that they would go so far to say that A/V is useless and
the only possible protection is switching to some other OS.
Let me check: Can antivirus prevent an arbitrary piece of malware from
causing harm? No--it is impossible even in theory (see Rice's theorem).
Can OS with a strict MAC policy prevent an arbitrary piece of malware from
causing harm? Yes--it is not easy but it is certainly possible.
It is equally obvious to point to an example when, yes, an A/V
(however deployed) would provide a worthwhile added value to the user
experience, this point is sufficient for winning the debate.
Primo: "A worthwhile added value" might be very far from "optimal".
Secundo: Does "however deployed" includes "defunct"?
Tertio: User experience?!
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21th century edition /
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/