Dennis Skinner [EMAIL PROTECTED] wrote: > Julian Mehnle wrote: > > Counter question: What do have the following in common: 1. tricking a > > user into clicking a link that takes him to a virus, and 2. tricking a > > user into clicking a link that takes him to a web page that tricks him > > into clicking on a link that takes him to the virus? > > > > Answer: It's not ClamAV's responsibility to protect the user from > > immediate threats that are outside of its sphere of action. > > And a password protected zipped virus could be considered outside > ClamAV's sphere too. We should not block those because it would be the > job of the unzip program to protect the user, right?
No, because the unzip program can't ever be expected to provide reasonable protection, plus it is just acting as a component of ClamAV, plus the user never operates the unzip program directly. E-Mail virus scanners can reasonably be expected to scan e-mails for malware, web browsers can reasonable be expected to prevent users from executing code from unknown websites. What those two have in common is that they are responsible for not letting dangerous objects onto the user's system. > Oh wait! Don't catch doc macro viruses because that is MSWord's job to > protect the user. No, because then, the dangerous object already _is_ on the user's system. Current versions of Microsoft Word do warn the user before executing untrusted macros, but it is still not really Word's responsibility. Microsoft probably decided to build protection against untrusted macros into Word for the same reason some ClamAV fans want to have phishing protection in ClamAV: because they want to accomodate ignorant users and are willing to do nearly all they can to protect them from possible dangers. One could consider this a good thing, but it leads to a world where every software tries to do everything security-wise, and even if someone wanted to disable a certain security measure, he can't because ten other programs will take over the job and "offer" their protection instead. Good software needs to have a somewhat clear definition of what it is responsible to do and what not, so the "I take every protection I can get" argument doesn't hold. > I think your slope is just as slippery as mine :) I don't think so. :-) _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
