On Fri, 1 May 2009, T Biehn wrote: > The example provides an easy to concoct scenario where perhaps > anti-virus software might be employed to great benefit where the > actual OS's security would be a moot point.
Very unlikely. If your OS has got more holes than a piece of Emmentaler malicious code might exploit one of them to circumvent or disable detection even before your antivirus gets a chance to scan it. You lose. Game over. > It's interesting to see that so many on this list have become so > hypnotized that they would go so far to say that A/V is useless and > the only possible protection is switching to some other OS. Let me check: Can antivirus prevent an arbitrary piece of malware from causing harm? No--it is impossible even in theory (see Rice's theorem). Can OS with a strict MAC policy prevent an arbitrary piece of malware from causing harm? Yes--it is not easy but it is certainly possible. > It is equally obvious to point to an example when, yes, an A/V > (however deployed) would provide a worthwhile added value to the user > experience, this point is sufficient for winning the debate. Primo: "A worthwhile added value" might be very far from "optimal". Secundo: Does "however deployed" includes "defunct"? Tertio: User experience?! -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21th century edition / _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
