Actually, to say they had only an hour of testing would not necessarily
be true.
The individual def sigs are (to the best of my knowledge) developed and
tested independently. No telling how long they are actually tested
unless you worked for that company...
Sincerely,
Daniel H. Renner
President
Los Angeles Computerhelp
A division of Computerhelp, Inc.
818-352-8700
http://losangelescomputerhelp.com
[EMAIL PROTECTED] wrote:
Date: Fri, 21 Dec 2007 23:28:40 +0000 (GMT)
From: Drsolly <[EMAIL PROTECTED]>
Subject: RE: [funsec] Kaspersky strikes again
To: Larry Seltzer <[EMAIL PROTECTED]>
Cc: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 21 Dec 2007, Larry Seltzer wrote:
Damn, I'm going to get a good column out of this.
Doc: What about gateway appliances? Is a signature system more
reasonable when you have a limited number of closed platforms?
You've misunderstood my concern.
If you update your sigs hourly, then you have less than an hour to do all
the testing. It doesn't matter how many computers are running the new
version; they're all running something that has had less than an hour of
testing, and I don't really want to run something that has been tested for
less than an hour, on my systems.
A month would probably be enough. A day would probably not be enough.
<snip>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
