On Sat, 22 Dec 2007, silky wrote: > On Dec 22, 2007 10:35 AM, Larry Seltzer <[EMAIL PROTECTED]> wrote: > > Even so, there would be so much less testing to do, wouldn't there? > > After all, on an appliance users can't just arbitrarily install > > applications (not and expect support). > > > > Larry Seltzer > > eWEEK.com Security Center Editor > > http://security.eweek.com/ > > http://blogs.pcmag.com/securitywatch/ > > Contributing Editor, PC Magazine > > [EMAIL PROTECTED] > > > > > > -----Original Message----- > > From: Drsolly [mailto:[EMAIL PROTECTED] > > Sent: Friday, December 21, 2007 6:29 PM > > To: Larry Seltzer > > > > Cc: [email protected]; Richard M. Smith > > Subject: RE: [funsec] Kaspersky strikes again > > > > On Fri, 21 Dec 2007, Larry Seltzer wrote: > > > > > Damn, I'm going to get a good column out of this. > > > > > > Doc: What about gateway appliances? Is a signature system more > > > reasonable when you have a limited number of closed platforms? > > > > You've misunderstood my concern. > > > > If you update your sigs hourly, then you have less than an hour to do > > all the testing. It doesn't matter how many computers are running the > > new version; they're all running something that has had less than an > > hour of testing, and I don't really want to run something that has been > > tested for less than an hour, on my systems. > > sorry but i don't see how 'hourly releases' translates into 'one hour > of testing'. that seems like an assumption on your part, it's not a > direct result of that strategy. > > you need to look at the actual number of signatures they generate > internally. if they only write one once an hour, then that's the one > they must release. but if they write more then that, or have a > stockpile they release from, then clearly they can spend more then one > hour testing.
What's the point of hourly releases, if you're releasing stuff that you did a week ago? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
