Linked by David Adams on Fri 23rd Apr 2010 15:58 UTC
Bugs & Viruses A version of the McAfee antivirus software used in the corporate and public sectors misidentified the svchost.exe file in Windows XP systems as malware, sending the affected machines into a loop of restarts. Only users of McAfee VirusScan Enterprise on Windows XP service pack 3 were affected, but the fallout was pretty severe, with hospital and police systems among those taken down.
Permalink for comment 420674
To read all comments associated with this story, please click here.
RE[4]: State of AV today
by moondino on Sat 24th Apr 2010 21:52 UTC in reply to "RE[3]: State of AV today"
moondino
Member since:
2010-03-27

A quote from that link:

"the contestants are required to do this in default browser installations without plugins such as Flash or Java, which are commonly used as vectors for attacks."

So basically, not a real world situation.

Every product has security flaws... the security software / anti-virus needs to look at the choke points and protect those, instead of stupid hash detection or proactive detection that hits almost as many false positives as it does legit malware. Choke points being, the registry keys that have to be changed for a program to survive a reboot, the installation of a device driver or service, etc.

In a business environment, tell me how we are going to move thousands of users who are accustomed to Adobe Acrobat / Reader to FoxIt without training or extensive documentation, re-training of the Help Desk, etc.

To boot, FoxIt has it's own slew of security issues. There are PDFs out there that buffer overflow FoxIt as well, just scan Secunia or disclosure sites for a few examples. Security via obsecurity doesn't work in an age of targeted attacks.

I'm not trying to toot my own horn, but I used to work for a major AV security company and I'm only putting this kind of thing out there to help people be better protected. Google Chrome does have the ability to control javascript execution per site now, but you have to whitelist them manually, which is a huge pain. If you could simply right click the address bar and then choose allow top-level site, it would be manageable and I would switch from Firefox / NoScript almost immediately. With the current model, however, Firefox is easier to manage, although quite a bit slower. ;)

Edited 2010-04-24 21:59 UTC

Reply Parent Score: 1