Forwarded from: Kurt Seifried <kurtat_private> Keeping AV definitions up to date is essentially patching (hint: those virus definitions aren't kept one to a file). The only difference is that the AV industry has figured out how to patch stuff safely and correctly. The major players even update the engines and other core components, not just the signatures automatically now as well. This isn't to say I'm blaming Microsoft completely, I mean the amount of work they must go through in order to ensure a patch maintains backwards compatibility and doesn't break anything major is horrifying. Having said that they could have been more intelligent about designing the system, things like IIS requiring Internet Explorer to be installed so that Java can be supported, Outlook Express providing MHTML support or file locking that makes it incredibly easy to lock files but almost impossible to pry those locks off have left Microsoft painted into a nasty corner. As well patching is always going to leave you behind the curve, just like Anti-Virus definitions. The time needed for someone to notice the new security flaw/virus in the wild, report it to vendor, fot the vendor to confirm it, create a patch, test it, and then make said patch available is minimum several hours, sometimes several years. Add to this the user's time requirement (identify new security vulnerability, see if it applies to systems, if yes does a fix exist, if yes is it going to cause problems, if no actually deploy it, etc.). Personally I don't think this is a very sane future. Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon May 05 2003 - 02:31:48 PDT