Hi there, On Fri, 18 Oct 2019, Paul Kosinski via clamav-users wrote:
"of course you can't even really trust brand new drives any more" Do you mean unreliability, or active insecurity? If the latter, any examples? (Of drives per se, not hardware systems or subsystems.)
Reliability, in purely mechanical terms, seems to be improving all the time. There was a time not so long ago when I was wondering if I'd be replacing our drives every six months or so. It really was that bad. But I looked into the problems methodically, changed suppliers where it seemed advisable, and now I don't seem to need to worry about that. Security on the other hand seems to be getting worse. I guess we're going to have to live with a similar kind of learning curve. The term you're looking for is "supply chain". See for example https://www.theregister.co.uk/2019/09/19/it_supply_chain_attack/ which doesn't specifically single out drives, but talks about some of the issues. I keep a library of links from publications like this and it just keeps getting scarier. I particularly liked the creativity in the compromise of the well-known AV product 'Ccleaner', especially as it's one I've used quite a bit in the past. It was really little more than good luck that this one didn't catch me (or rather, and extremely embarrassing it would have been, a bunch of clients). To answer your specific question, I don't have any evidence of drives being compromised. But given the amounts of money that are sloshing around in criminal circles, and the number of openings that they must have into hardware suppliers, if it isn't alreasdy going on under our noses it has to be just a matter of time before somebody gets hurt.
And what can any AV do about it?
Good question. Probably you'd need to do deeper inspection of things like drive firmware using specialist tools, but it is feasible. The fact that drives all have serial numbers is slightly comforting. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
