I'll be using this at my Helsinki talk as an example of why the current AV design for software cannot work.
On Fri, 23 Apr 2010, Attrition wrote: > Ah yes, this was the day I learned that my ePO server was not > exactly handling the deployment of new DAT files as I had initially > thought... (You know, in phases -- the first of which being to deploy > DATs into a test group several hours before general release.) What a > day, endless hours of fun. > > Between this and the fact that McAfee consistently fails to detect > certain malware (A Monkif variant most recently, for example), it's > becoming increasingly difficult to justify staying with them. > > Cheers, > > -bjl > Ben J. Lindsey > [email protected] > > ------------------------------------ > Date: Wed, 21 Apr 2010 12:32:05 -0400 > From: The Security Community <[email protected]> > Subject: [funsec] Apparently McAfee stepped on their genitals today... > To: funsec <[email protected]> > Message-ID: > <[email protected]> > Content-Type: text/plain; charset=UTF-8 > > http://isc.sans.org/ > > We have received several reports indicating some issues with McAfee > DAT 5958 causing Windows XP SP3 clients to be locked out. It is > affecting svchost.exe. Here is an example of the message: > > The file C:WINDOWSsystem32svchost.exe contains the W32/Wecorl.a Virus. > Undetermined clean error, OAS denied access and continued. Detected > using Scan engine version 5400.1158 DAT version 5958.0000. > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
