Subj : Ddge 3.99/SR9/SR16 released and avai
To   : Nicholas Boel
From : mark lewis
Date : Thu Dec 14 2017 01:50 am


On 2017 Dec 13 17:50:36, you wrote to me:

ml>> honest question: if the files are scanned at the initial distribution
ml>> point, why do they need to be scanned again at every intermediate
ml>> point? do you trust all of them? do you trust all of their chosen
ml>> scanners? some choose to validate against virustotal but it is well
ml>> known that virustotal doesn't use the newest or even all of the
ml>> detection capabilities that are offered by the scanners the scan
ml>> against...

NB> And an honest answer in question form: How do you know every
NB> intermediate point is clean and clear of virus injection of any kind?

really? when is the last time you've seen a virus inject itself into binaries
inside a zip file? are you in the habit of unzipping the files where a virus
can find the binaries and infest them? think about it...

NB> Some people have absolutely no clue what they're doing, let alone know
NB> that their system has ringworm.

true on both accounts... especially with the sneaky bastards out there,
today... eg: the guy that came up with a way to infest a compiler so the
compiler injects the virus during compilation... even when the compiler builds
itself...

NB> I'd rather do it myself and be sure I'm not *that* idiot passing on
NB> infected files to others, thank you very much!

and if you miss then you are *that* one... especially if your chosen tool(s)
don't detect something nefarious... the real ugly is that because you made the
effort and missed, it is your responsibility... this is on the same lines as
those ""legal notices"" posted on some BBSes where they say they will read
every message posted looking for illegal activities... that puts them in legal
hot water if they miss something... better to not do it at all and be safe...
besides, there's no way to find all possible hidden messages within posts...
that's a chase game just like virus scanning is a chase game... you'll never
know you had it until it bites you...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it
wrong...
... One hot pepper short of an enchilada.
---
* Origin:  (1:3634/12.73)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.