During this most enjoyable of times, I've realized a certain truth:

Anti-Virus programs are, by and large, useless for preventing attacks from new viruses.

Let's think about it--McAfee, our company's choice, didn't have a correct definition set until fully 30 hours after our company's network was taken down because of this beast! That means that I could've been updating those freaking definitions every 2 hours, and I still wouldn't have been safe.

It is my opinion that antivirus software provides a certain false sense of security for folks, and is really only good for preventing old viruses from infecting computers, most of which are dead. I am angry at the entire antivirus software community for fostering this false sense of security, instead of educating the Ignorant Masses on proper habits that impair virus spreading.

Discussion, if anyone cares, is welcome.

------------------
--Jynx

I used to be a kleptomanicac, but I took something for it.

And in light of all this B.S., I am slowly but surely moving ALL of my department's Web stuff to Apache. I can't handle IIS any more.

hax0rs : 1, MS : 0

But this Nimda worm has brought to light something I didn't think was allowed at a University. Who the fuck runs Win98 on a P-133 with 16MB of RAM and is ok with that? I hate the fact that people aren't more careful about opening their email. I hate the fact that they leave their systems wide open with sharing then yell about how critical it is we get over there to patch it all up!

Tip to those in the field who may suddenly find the installed AV software can't be updated. http://housecall.antivirus.com

Web-based scans can help a lot in a jam.

edit: Something else I just thought over. What about those routines in the AV software that's supposed to detect unknown viruses? Has anyone actually seen them work?

------------------
When 1337 hax0rs start impaling each other with swords and typing code with a hook on one hand, then they can modify the term "pirate."

This message has been edited by Observer on September 24, 2001 at 05:21 PM

quote:

---

Originally posted by Observer:

edit: Something else I just thought over. What about those routines in the AV software that's supposed to detect unknown viruses? Has anyone actually seen them work?

---

Yep, i may be one of the reasons that symantec had a patch out so quick. the bloodhound sniffed this little bugger out trying to plant itself into one of my servers and shot me a warning. I found the file in question and sent it to symantec. litte bastard spread quick but i was able keep a lid on things by closing a firewall i have between here and Corp HQ. Seams that i have my shit together more than they do.

Nice little worm if i do say so myself. Like to find the guy that made it and set him on fire to show my thanks for it...asshole.

------------------
Fucknuggets flamed while you wait.TeamWolfguard.com
Robot Conflict

------------------
simultaneity is not absolute. So just because you think i'm wrong, from my frame of reference i'm right!

------------------
All that I know there was no God for me
Force that shatters all, absence of mortality

quote:

---

Originally posted by Observer:
edit: Something else I just thought over. What about those routines in the AV software that's supposed to detect unknown viruses? Has anyone actually seen them work?

---

Norton has an excellent heuristical scanner. 9 out of 10 times norton will pick up what mcaffee, fsecure, thunderbyte, pc-cillion, etc wont befor the patch.

*edit* but you have to be actually running it to get the benefits. Damn you hybriss. DAMN YOU TO HELL.

------------------
"Kenny called, hes in jail"
-The guy on the couch.

This message has been edited by L33T_h4x0r_d00d on September 25, 2001 at 09:00 AM

------------------
When 1337 hax0rs start impaling each other with swords and typing code with a hook on one hand, then they can modify the term "pirate."