[funsec] Kaspersky strikes again
drsollyp at drsolly.com
Sat Dec 22 19:05:08 CST 2007
On Sat, 22 Dec 2007, silky wrote:
> On Dec 22, 2007 10:35 AM, Larry Seltzer <Larry at larryseltzer.com> wrote:
> > Even so, there would be so much less testing to do, wouldn't there?
> > After all, on an appliance users can't just arbitrarily install
> > applications (not and expect support).
> > Larry Seltzer
> > eWEEK.com Security Center Editor
> > http://security.eweek.com/
> > http://blogs.pcmag.com/securitywatch/
> > Contributing Editor, PC Magazine
> > larry.seltzer at ziffdavisenterprise.com
> > -----Original Message-----
> > From: Drsolly [mailto:drsollyp at drsolly.com]
> > Sent: Friday, December 21, 2007 6:29 PM
> > To: Larry Seltzer
> > Cc: funsec at linuxbox.org; Richard M. Smith
> > Subject: RE: [funsec] Kaspersky strikes again
> > On Fri, 21 Dec 2007, Larry Seltzer wrote:
> > > Damn, I'm going to get a good column out of this.
> > >
> > > Doc: What about gateway appliances? Is a signature system more
> > > reasonable when you have a limited number of closed platforms?
> > You've misunderstood my concern.
> > If you update your sigs hourly, then you have less than an hour to do
> > all the testing. It doesn't matter how many computers are running the
> > new version; they're all running something that has had less than an
> > hour of testing, and I don't really want to run something that has been
> > tested for less than an hour, on my systems.
> sorry but i don't see how 'hourly releases' translates into 'one hour
> of testing'. that seems like an assumption on your part, it's not a
> direct result of that strategy.
> you need to look at the actual number of signatures they generate
> internally. if they only write one once an hour, then that's the one
> they must release. but if they write more then that, or have a
> stockpile they release from, then clearly they can spend more then one
> hour testing.
What's the point of hourly releases, if you're releasing stuff that you
did a week ago?
More information about the funsec