Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-virus > 02 > 110032.html (Request Expert securityfocus.com Support)

Re: how broken are antivirus products?

From: Schmehl, Paul L <pauls(at)utdallas.edu>
Date: Mon Nov 18 2002 - 21:41:49 EST


>-----Original Message-----
>From: H C [mailto:keydet89@yahoo.com]
>Sent: Monday, November 18, 2002 2:13 PM
>To: focus-virus@securityfocus.com
>Subject: re: how broken are antivirus products?
>
>I've taught my Win2K live forensics course at several

Although I've never seen this discussed in professional AV circles, I suspect that may be because the AV companies are concerned about lawsuits if they were to identify netcat as a trojan (much like the hullabaloo over some other RATS that purport to be "legitimate" (think NetBus.) I wonder if you've ever tried to detect it using the --program option in McAfee?

>NTFS alternate data streams still aren't checked by

ADS is a non-issue as far as AV software is concerned. No matter how much malicious data you hide in ADS, you still have to get it out in the open for it to do any damage, and when it is placed in memory, the AV scanners will pick it up. The vendors addressed this issue a while ago, and the decision was made that scanning ADS was a waste of time and CPU cycles.

>About a year ago, I did some work for a client that

This is already being done by several viruses, most recently the "Braid" or "Brid" virus.

>Then, it could copy malware from the

This has also been done, by Hybris initially, but others have followed.

Do you need help?X

Paul Schmehl (pauls@utdallas.edu)
TCS Department Coordinator
University of Texas at Dallas
http://www.utdallas.edu/~pauls/ Received on Wed Nov 20 04:40:12 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:38 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library