I can tell you that during the McAfee install if you had all the options turned on it would block part of its install. However during the install. Now that may be part of our automated install, but it would block if we had that option set.
-----Original Message----- From: Gene Giannamore [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 3:00 PM To: NT System Admin Issues Subject: RE: AVG released BAD update Any antivirus or antispyware ever attack one of its own files? Maybe NAV killing NPF? I wonder how the AVs prevent that from happening, considering some of the methods they use in the software. Gene Giannamore Abide International Inc. Technical Support 561 1st Street West Sonoma,Ca.95476 (707) 935-1577 Office (707) 935-9387 Fax (707) 766-4185 Cell [EMAIL PROTECTED] -----Original Message----- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2008 10:17 PM To: NT System Admin Issues Subject: Re: AVG released BAD update I bet it would be a better idea to verify the signature - ask Microsoft for the public portion of their X.509 signing key to verify the integrity of system files. The AV package would use it's own copy of Microsoft's public key since it would have no way of knowing if the key store was somehow compromised. Ben Scott wrote: >> I wonder why the AV companies don't find a better way to prevent >> something like this, do not delete digitally signed files, something. > Anything they did, the attackers could do, too. > > You're asking for the inverse of the "evil bit" defined in RFC-3514 > -- a "good bit" that can be set on files that aren't dangerous. -- Phil Brutsche [EMAIL PROTECTED] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
