Hi Gary, On Sunday 08 October 2006 20:29, Gary VanderMolen Inscribed Thus: > > My comments were aimed at the complacency created by the > > "Application does it all so you don't have to" approach ! In this > > instance, how does the user really know that the updates are > > coming from a genuine source ? and not from a bogus one ? > > > > The DNS could have been tampered with and the IP hijacked ! > > At the remote DNS server? Very unlikely.
My understanding is that this is a real threat ! http://isc.sans.org/presentations/dnspoisoning.php > At the local DNS cache or Hosts file on the user's PC? Possibly, but > if one has malware or a Trojan residing on one's machine, you have > much worse concerns than getting valid AV updates. Besides, the valid > AV update server probably has an encrypted handshake with the PC to > ensure authenticity. > > Gary VanderMolen http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1085136,00.html "Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address. When a Web user seeks the page with that address, the request is redirected by the rogue entry in the table to a different address. At that point, a worm, spyware, Web browser hijacking program, or other malware can be downloaded to the user's computer from the rogue location." -- Best Regards: Derrick. Pontefract Linux Users Group. plug at play-net.co.uk -- ---------------------------------------- The WIN-HOME mailing list is powered by L-Soft's renowned LISTSERV(R) list management software. For more information, go to: http://www.lsoft.com/LISTSERV-powered.html
