Comments on: Multiple Bugs In Anti-Virus Software Revealed http://www.darknet.org.uk/2009/04/multiple-bugs-in-anti-virus-software-revealed/ Ethical Hacking, Penetration Testing & Computer Security Sat, 21 Nov 2009 06:04:59 +0000 http://wordpress.org/?v=2.8.6 hourly 1 By: Darknet http://www.darknet.org.uk/2009/04/multiple-bugs-in-anti-virus-software-revealed/#comment-144021 Darknet Fri, 17 Apr 2009 07:55:56 +0000 http://www.darknet.org.uk/?p=1688#comment-144021 Thanks for your interesting and well thought out comment, I agree with what you say - it is a complex area. But still they should try and control the updates as best they can. It's not easy sending out updates for multiple OS versions/architectures/update levels. Thanks for the compliment, keep reading and keep commenting and I'll keep publishing :) Thanks for your interesting and well thought out comment, I agree with what you say – it is a complex area. But still they should try and control the updates as best they can.

It’s not easy sending out updates for multiple OS versions/architectures/update levels.

Thanks for the compliment, keep reading and keep commenting and I’ll keep publishing :)

]]> By: nubanx http://www.darknet.org.uk/2009/04/multiple-bugs-in-anti-virus-software-revealed/#comment-143863 nubanx Thu, 16 Apr 2009 20:12:22 +0000 http://www.darknet.org.uk/?p=1688#comment-143863 Its the nature of the beast. As of this year, the tipping point between white listed software and blacklisted software will tilt towards black listed for the first time (ever). This means that there is now actually more malicious software created than """good""" software. More and more companies will begin working from the whitelisted software models. The complexity of the AV solutions out there have had no choice but to play catch up, and move towards signature based attacks and other heuristic based protection. Throw this elevated complexity into the ever increasing complexity of the windows environment, and.. well.. you have today. Antivirus updates don't just always mean adding defs to the database for the local client. It could be engine updates and other components as well. Pushing these types of updates to the world of windows machines (running version X with software Y on hardware Z)is an extremely complex mechanism. Updates do "odd" things all the time from a corporate standpoint. Most corporations invest in the support services from the AV vendor. Home users? well.. some pay for the support, others probably don't even need it. (MAC and GNU/Linux users don't require much in this arena, and they are gaining market share into home computing use. also - currently most AV products (depending on how its configured, of course) do not experience the old recursive zip bomb, and limit their nested file scanning limit to ~9 deep. and... everytime i read bomb, i dont know why but i always think of :(){ :|:& };: :-P please keep up the good work you do with this site. i enjoy it. -nubanx Its the nature of the beast.
As of this year, the tipping point between white listed software and blacklisted software will tilt towards black listed for the first time (ever). This means that there is now actually more malicious software created than “”"good”"” software.
More and more companies will begin working from the whitelisted software models.

The complexity of the AV solutions out there have had no choice but to play catch up, and move towards signature based attacks and other heuristic based protection. Throw this elevated complexity into the ever increasing complexity of the windows environment, and.. well.. you have today.

Antivirus updates don’t just always mean adding defs to the database for the local client. It could be engine updates and other components as well. Pushing these types of updates to the world of windows machines (running version X with software Y on hardware Z)is an extremely complex mechanism. Updates do “odd” things all the time from a corporate standpoint. Most corporations invest in the support services from the AV vendor. Home users? well.. some pay for the support, others probably don’t even need it. (MAC and GNU/Linux users don’t require much in this arena, and they are gaining market share into home computing use.

also – currently most AV products (depending on how its configured, of course) do not experience the old recursive zip bomb, and limit their nested file scanning limit to ~9 deep.
and… everytime i read bomb, i dont know why but i always think of :( ){ :| :& };:

:-P

please keep up the good work you do with this site.
i enjoy it.

-nubanx

]]>