Yes; the Antivirus Toolkit was *never* just a scanner. It also included an integrity checker; you got both of them (and both memory-resident versions too) included in the bundle. But what everyone actually wanted was the scanner, when they wanted site licences.
For a long time, I also thought they were wrong. But then I thought, maybe their priorities aren't what I thought they were, and that's when I realised that maybe they weren't wrong. On Wed, 16 Jul 2008, Alex Eckelberry wrote: > Didn't you release a whitelisting product for DOS/Win 3.1 back in the > day? > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Drsolly > Sent: Wednesday, July 16, 2008 4:42 AM > To: Nick FitzGerald > Cc: 'funsec' > Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting > > On Wed, 16 Jul 2008, Nick FitzGerald wrote: > > > Richard M. Smith to DrSolly (tho I didn't see Alan's response on the > > list): > > > > > > Another one who hasn't heard of Word acro viruses and similar. > > > > > > You're showing your age. ;-) Word macro viruses haven't been much > > > of a problem for 6 or 7 years ever since Microsoft went to signed > > > VBA code in Office. > > > > That's Alan's standard, ill-considered, response to any suggestion of > > using whitelisting (or various other integrity management-oriented > > products) over blacklisting (aka "conventional known virus detection > > enhanced, or not, with heuristics, behaviour analysis, etc, etc") > > since a few days after his (former) conventional AV product included > > proper handling of Word format files. > > > > It totally ignores that "proper" whitelisting implementations, _just > > like_ proper blacklisting implementations, have to know how to locate > > and indentify all kinds of code in all the kinds of files likely to be > > > encountered by the system one is trying to protect. > > > _IF_ it is a carte blanche argument against whitelisting, as Alan's > > common use of it tends to suggest, then it is an equally damning > > argument against blacklisting. > > > > Assuming that we think either (or both) types of "listing" may > > reasonably survive despite Alan's reputedly telling blow, then > > whitelisting certainly faces by far the less complex _technical_ > > problem. Breaking down the hoary old mindset that has allowed the > > patently stupid blacklisting approach to initially thrive, then > > survive for so long, will be whitelisting's biggest challenge to > > broader acceptability (and likely prevent it ever becoming widely used > > > in the least IT-literate parts of the market such as the SOHO and > individual user segment). > > Nick's theory is that the reason why whitelisting isn't adopted > universally, is that everyone is so stupid that they can't see what a > good idea it is. > > My theory is that, although blacklisting isn't perfect (or, in some > cases, really quite poor), it gets closer to solving the *real* problem > that whiltelisting. > > The *real* problem is to minimise the cost of using computers in a world > that includes viruses. The problem with whitelisting is only partly that > "executables" are a lot more diverse than just exe files and word docs. > The main problem with whitelisting, is the high cost of maintenance. > > Of course, a better solution is grannix :-) > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
