Home page logo

nanog logo nanog mailing list archives

Re: Email virus protection
From: "Karsten W. Rohrbach" <karsten () rohrbach de>
Date: Wed, 20 Aug 2003 23:16:29 +0200

Jack Bates(jbates () brightok net)@2003.08.20 15:49:01 +0000:

That's what the net admin was telling me when I mentioned one of his 
branch bank offices had Sobig-F. Apparently they all run A/V and I think 
he said his mail server does as well. Unfortunately, they still allow 
executables in.

The problem is the false sense of security while using anti-virus
products. For having a working signature, somebody has to be hit first
and submit the virus to the AV vendor. This requires a certain time,
which leads - in case of the latest womr occurences which appear to be
pretty aggressive - to a certain amount of infections that happen before
there are signatures available. And then, the update still has to be
downloaded to the AV scanning software which extends the time window
being unprotected against a certain worm or virus variant.

So, the virus and worm authors are always one step ahead. This is by
design of the AV concept.

Better put the wasted cash and time into the design of better systems,
which brings the software developers this critical one step in the lead.

Due to what obscure reason does a mail user agent have to execute
interpreted code and do unasked things to mail attachments, nowadays?


Those who do not understand Unix are condemned to reinvent it, poorly. 
--Henry Spencer 
webmonster.de -- InterNetWorkTogether -- built on the open source platform
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
Please do not remove my address from To: and Cc: fields in mailing lists. 10x

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]