[funsec] standards status in the industry - opinion?
Drsolly
drsollyp at drsolly.com
Sat Jan 7 18:29:25 CST 2006
On Sun, 8 Jan 2006, Florian Weimer wrote:
> * Drsolly:
>
> > On Sun, 8 Jan 2006, Florian Weimer wrote:
> >> How many anti-virus programs have got an ^MZ checkbox which is enabled
> >> by default?
> >
> > What do you mean by an "MZ checkbox"?
> >
> > Why would anyone *not* scan executable files? So why would you want to
> > give people an option to disable scanning those files?
>
> Activating the checkbox would flag anything that is received over the
> network, looks like an executable, and lacks a proper AuthentiCode
> signature as malware. (IIRC, Microsoft has promised to implement
> something similar, but I haven't seen any warnings on Windows XP SP2
> yet.)
>
> Apart from PGP users, who sends .EXE files by email?
Ah, I see what you mean, I thought you were talking about what to
scan. Yes, I've been advocating this (and I'm not sure that I'd trust
Authenticode) for a while.
More information about the funsec
mailing list