Clueless anti-virus products/vendors (was Re: Sober)

From Sun Dec 4 22:34:54 2005
Date: Mon, 05 Dec 2005 04:30:26 +0000 (GMT)
From: "Christopher L. Morrow" <>
Subject: Re: Clueless anti-virus products/vendors (was Re: Sober)
To: "Steven M. Bellovin" <>
Cc: "Church, Chuck" <>,

> >
> >What about all the viruses out there that don't forge addresses?
> >Sending a warning message makes sense for these. Unless someone has
> A-V companies are in the business of analyzing viruses. They should
> *know* how a particular virus behaves.

This has also been said before, but... they are also in the business of
SELLING their product. It seems that the 'default' (note I don't either:
use av, nor scan emails for virii so I'm not sure what defaults to what...
just use something other than outlook and you can care less about it) is
possibly there for advertising effect more than anything else :frowning:

Hey, bob's company stopped this virus with $PRODUCT_12, why aren't we
using that product $VP_O_IT ??

"Because they 'very thoughtfully' fowarded the entire message, INCLUDING
THE VIRUS ITSELF, to us. _Even_though_ the original message did not
originate here.

"Do you _really_ think we should start forwarding viruses to our customers,
'just because' their address was forged into a message sent us? Just how
do you think our customers would respond to _that_?"

There _is_ an art-form to backing management into an untennable corner, when
they are bound and determined to do something 'wrong'. It's simply a matter
of finding the "right" consequences of the action, to illustrate _why_ the
proposed thing is 'wrong'. 'Revenues', and 'customer satisfaction' are
almost _universal_ "hot buttons" that can frequently be used to advantage.