[Full-disclosure] McAfee VirusScan vs Metasploit Framework v2.x
Thierry at Zoller.lu
Sun Dec 11 11:48:15 GMT 2005
Dear sk GroundZero,
sG> well but you dont see the developer side of this.
sG> the big companies can "buy their way out of the
sG> signature file", that means that their application
sG> wont be included as "potential unwanted software".
You mix the parameters here, you are refering to CLARIA
and Microsoft. Claria never developed "hacking" related
tools but adware. I never saw this reported otherwehere ?
sG> but for small companies and freeware developers,
sG> this is a big loss, since if a AV vendors mark their
sG> software as malware, noone will download it
sG> anymore or even send complain mails and its hard
sG> for a little company or a single programmer to do
sG> much about this.
Like I said I know the developer side of this becuase one of my tools
was flagged. I choose to write a sentence above the download link
about it, that cut 98% of the complaint mails.
sG> for a small company that
sG> is selling shareware this could mean loss of money.
Tell me, I am/was doing trialware.
sG> sure an AV vendor wont care if some little company
sG> goes out of business. i remember this one tool called
sG> pest remover or something ..it simply removes anything
sG> that could possibly harm.
It still exists : "Pest Patrol". Companies bought it explicitely
_because_ it reported _everything_. On some critical LANS not
even netcat should be installed. That's where these programs
come in and fill the gap. Yes on the business side there was a gap
the common AV solutions reported _not enough_ for certain
environments, AV vendors saw this and partielly closed the gap.
sG> but their selection is very stupid
sG> as even a C programming text (!) will be removed
sG> and various portscanners or other administrative tools.
IMHO : Yes and no. Again in _some_ highly critical enviroment
there should never be source code lying around on workstation
which opens sockets or similar. It's hard to see but there IS actually
a rising demand for these scanners that tag everything.
sG> anyhow the most redicilous malware
sG> removing tool i ever saw!
I agreed years ago, now I disagree.
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
Full-Disclosure is hosted and sponsored by Secunia.