OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Win2k Security Advice Archives: Re: Happy New Year / a little n

Re: Happy New Year / a little new yeasr rant - AntiVirus

Subject: Re: Happy New Year / a little new yeasr rant - AntiVirus
From: Ryan Russell (Ryan.RussellSYBASE.COM)
Date: Sat Jan 01 2000 - 18:52:02 CST

>Antivirus companies are RIGHT when they assume that BO, BO2K, L0pthcrack
>and many other "false tools" are considered as virues. And i am VERY
>happy they DO SO. Otherwise all of our networks will be subject of
>permanent danger, security problems and open to anybody brainless and
>wishing to make harm.

Why would you be happy about that?

First of all, what happens with your antivirus software when it finds something?
Who does it report it to? The person sitting in front of the machine. In
general,
not your corporate security people, not your systems administrators, and not
you unless it's you sitting in front.

So, What's the point of finding L0phtcrack? There is no reason to "sneak"
L0phtcrack onto someone else's machine. If I've got L0phtcrack (and I do)
it's because I put it there. I don't need my AV software to tell me that.

There are many legitimate uses for BO2K. What If I'm using it to administer my
machines?
Why would I want my VA software flagging it?

Second, why pick on those tools? There are many others that do exactly the
same,
including software from Microsoft. If you like the fact the your AV software
finds
BO2K, why aren't you complaining that it doesn't also find Timbuktu, PCAnywhere,
and SMS?

                              Ryan

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

This archive was generated by hypermail 2b27 : Sat Jan 01 2000 - 19:23:17 CST