tag:blogger.com,1999:blog-4088979.post3593981926037104339..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Another Anti-Virus ProblemRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-4088979.post-43450162055763038692009-07-27T19:36:33.184-04:002009-07-27T19:36:33.184-04:00Some have we solve problem but some are it has a b...Some have we solve problem but some are it has a bad effect.Free Virus Protectionhttp://www.freevirusprotection.org/noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-41527006237654660732007-03-25T18:07:00.000-04:002007-03-25T18:07:00.000-04:00thegreenvoid.blogspot.comthegreenvoid.blogspot.comCarloshttps://www.blogger.com/profile/09647368605144422899noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-2615973108410518482007-02-25T19:06:00.000-05:002007-02-25T19:06:00.000-05:00About 7 or 8 months ago I was working for a networ...About 7 or 8 months ago I was working for a networking company that used Trend Micro Client/Server Suite on 95% of it's customers. We also used RealVNC to remotely "fix" issues that arrived over a VPN. Trend sent out an update that classified RealVNC as a trojan, but not one instance,but many thousand per machine and every customer at the same time freaked out. Subsequently Trend had to send a patch a few hours later , and we spent a few days reassuring everyone that the issue was resolved and that they weren't infected many thousand times over with the troj/generic 'virus'.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-65908158608728040522007-02-16T22:36:00.000-05:002007-02-16T22:36:00.000-05:00AV agents/scanners are crap. I currently use Blin...AV agents/scanners are crap. I currently use Blink for personal use when I have to. When I have to make an AV recommendation to an organization, it is usually BigFix.<BR/><BR/>I never use typical AV scanners and recommend you also do not. They are fine for incident response, when you have the computer in an electronically-shielded room with no network connections.<BR/><BR/>In fact, I have BartPE on a bootable USB key with the portable version of NOD32. I use it to do this sort of "offline" scanning.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-19204991448150761062007-02-15T11:07:00.000-05:002007-02-15T11:07:00.000-05:00Good point, although I am reflexively queasy about...Good point, although I am reflexively queasy about having a system without A/V installed.<BR/><BR/>"Even" Windows Vista becomes instantly vulnerable if you install Windows Defender anti-spyware on it without the Feb. 14 update. <BR/><BR/>Microsoft Security Bulletin MS07-010, Affected Software: <BR/><BR/>Microsoft Windows Defender in Windows Vista<BR/>Windows Live OneCare<BR/>Microsoft Antigen for Exchange 9.x<BR/>Microsoft Antigen for SMTP Gateway 9.x<BR/>Microsoft Windows Defender<BR/>Microsoft Windows Defender x64 Edition<BR/>Microsoft Forefront Security for Exchange Server <BR/>Microsoft Forefront Security for SharePoint <BR/> <BR/>Thanks Richard, for a most awesome website.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-47101550893485206222007-02-14T09:46:00.000-05:002007-02-14T09:46:00.000-05:00I have blogged before on trusting analysis softwar...I have blogged before on trusting analysis software. Not specifically AV but disassemblers/debuggers etc. They contain vulnerabilities as well and we are silly to think malware will not start targeting them explicitly.Chris Rohlfhttps://www.blogger.com/profile/16615531060194715892noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-61594491058283333112007-02-13T01:24:00.000-05:002007-02-13T01:24:00.000-05:00UPX file format vulnerabilities have been widely-r...<I>UPX file format vulnerabilities have been widely-reported in the past, and UPX file fuzzers are commonly available</I><BR/><BR/>It's almost as if the virus writers (or at least the designer of UPX) knew that the AV writers were going to screw up something like a UPX parser and baited them into such a screw-up.Anonymousnoreply@blogger.com