They never listen to the prophets

By Roger on August 25, 2005 1:15 PM | | Comments (0)

Based on some discussion no the myitforum.com antivirus email list, I wanted to highlight a post I made back in january.

Apparently, I was wrong. Mydoom.a wasn't the deathknell of the file blocking crowd. People just added zip to the list of things to block and went on their merry way.

I really have to question that way of thinking. What happens when the next major virus exploits vulnerabilities in Adobe 7.0.1. Are you going to block pdf files until everyone is upgraded to Adobe 7.0.3? What happens when the next major virus is an exe embedded in a ppt file. Are you going to ban powerpoint. What happens when the next virus is in an image? Most of the major image types have had vulnerabilities lately.

Before you ban everything but text, I think its time to reexamine the true cost of a decent antivirus mail gateway. Perhaps esafe, messagelabs, postini, and Sybari should be considered over what you have been using.

We left a Trend Micro mailgateway for Message Labs and the difference is astounding. Rather than reacting to every new virus, I am totally confident that Message Labs will stop it before I even know its in the wild. And just because they are nice guys, they'll let the other AV vendors know about it so they can stop it too.

Categories

Antivirus

Tags

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on August 25, 2005 1:15 PM.

Symantec Antivirus 9 Privilege Escalation was the previous entry in this blog.

ARGH! SAV 10 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search