[Dshield] Trendmicro Venting

James Riden j.riden at massey.ac.nz
Thu Jun 9 20:24:18 GMT 2005


Joel Esler <eslerj at gmail.com> writes:

> 11 hours?  I don't know the standards for virus definition release,
> but..  is 11 hours slow?

It is when you've got the virus du jour running around your network.

But it's not entirely unexpected - occasionally I have to write manual
removal procedures - in the case of one recent mytob variant, a pskill
of 'test2' and deleting the file will 'fix' the machine temporarily at
least.

The point I'd like to make is that AV is detection and response, not
prevention and that it will have drawbacks for exactly that
reason. For example, the custom trojan that Gadi Evron has posted
about recently would probably not have been caught at all if it had
not been publicised.

AV is better than nothing, but it's not ideal.

-- 
James Riden / j.riden at massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/




More information about the list mailing list