Archive Formats Kill Antivirus Products 115
nemiloc sends us to the F-Secure blog for breaking news about widespread vulnerabilities in programs that process archive files: "The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors — including several antivirus vendors... including us." Here is test material from OUSPG and a joint advisory from Finnish and English security organizations. It isn't news that security products can have have security vulnerabilities. What makes this advisory important is that antivirus software is a perfect target. It is run in critical places with high privileges and auto-updates to keep versions coherent.
Secure Platform without Anti-virus (Score:5, Insightful)
I don't need to mention names, you know.
Re:Secure Platform without Anti-virus (Score:5, Insightful)
Your 'solution' may work for some, but probably not for most, and for the rest of us, thats what these articles are posted for!
Re:Secure Platform without Anti-virus (Score:5, Insightful)
Re:Proofread? (Score:5, Insightful)
Re:Secure Platform without Anti-virus (Score:5, Insightful)
But you have a point that many people, yourself included, are stuck with Windows. It wouldn't be easy to migrate. Much more convenient to buy some crappy virus scanner and keep the plates spinning.
Re:Old Problem (Score:3, Insightful)
If correcting the repercussions of the incident takes less time than the total time lost by doing things the correct way, then I will take the fast way, please.
Re:Secure Platform without Anti-virus (Score:3, Insightful)
Unless your employer is prepared to pay for code to be written specifically for every little business requirement that no half-decent Free solution exists for, I defy you to avoid vendor lock-in. Commercial applications with fully documented data schemas are more or less non-existent.
Email solutions are easy. They've been done to death. So have office applications - wordprocessors, spreadsheets, that kind of stuff.
Groupware is harder, but not impossible. It becomes much harder, however, if "seamless Outlook or similarly featureful client app integration" is a requirement.
Accounting solutions aren't easy either - they're boring to write and have to account for every nations' tax legislation in their localisation - and they need to be updated rapidly if that legislation changes. Neither is payroll for much the same reason. Even if the app vendor hasn't tied their app to a specific database (unlikely), they'll have the most horrendous schema with zero documentation.
As soon as you get into the realm of particularly specialist software for a given market, forget it. The goal of business is to make money for the investors, not a bunch of unknown software developers, so if something off the shelf can be purchased for a quarter of what it'll cost for something to be custom written, guess what will happen. Vendor lockin is a bridge that shall be crossed when it is reached.
Re:Old Problem (Score:3, Insightful)
That is the same thing that says, do I leave an unsecured wireless AP, or a lightly secured WEP AP that shows I did at least due dilligence?
For personal Machines, I'd take the fast way, for shure, assuming data is backed up regularly.
For corporate machines,(in general,Caveat emptor, and risk assesment would need to be performed on a per machine basis.) I wouldn't trust an icecubes chance in hell (hey, what if Satan has a freezer?), it'd be slow and working 100% or not implemented. (again, for the most part)
The thing is, Great amount of work can be lost (or Stolen) in just a days time. Also, most people don't save (or backup) incrementally throughout the day, they save at the end of the day and if they are really good, sometimes at lunch too.
Hell, I am a computer nerd, and I only back up quarterly. (in addition to saving most "true work" to the network drives)
Re:Secure Platform without Anti-virus (Score:3, Insightful)
Re:Secure Platform without Anti-virus (Score:5, Insightful)
It's unfair to pretend non-MS solutions are somehow expensive because it's so hard to break free from MS once you allowed yourself to get hooked into their proprietary world. You could just as well have developed your enterprise apps in something other than ASP, haven't you?
OK, I know I'm probably barking up the wrong tree here - probably it's not *your* fault after all. But I guess you know what I'm trying to point out.
Re:Secure Platform without Anti-virus (Score:3, Insightful)