?

Log in

No account? Create an account

fanf

It's a virus-eat-virus world out there...

« previous entry | next entry »
3rd Mar 2004 | 19:01
mood: cynicalcynical

The situation is getting silly. See dotaturls for a link to the F-Secure anti-virus research weblog. I've done a little analysis of McAfee virus signature file updates over the last six months, and it clearly shows how their usual weekly release schedule just isn't frequent enough any more. To the nearest hour:

4287 19 Aug 2003 16:00:00
4288 20 Aug 2003 23:00:00
4289 27 Aug 2003 19:00:00
4290 28 Aug 2003 14:00:00
4291 03 Sep 2003 20:00:00
4292 10 Sep 2003 21:00:00
4293 17 Sep 2003 22:00:00
4294 18 Sep 2003 19:00:00
4295 24 Sep 2003 20:00:00
4296 01 Oct 2003 19:00:00
4297 08 Oct 2003 19:00:00
4298 15 Oct 2003 20:00:00
4299 22 Oct 2003 19:00:00
4300 29 Oct 2003 19:00:00
4301 31 Oct 2003 17:00:00
4302 05 Nov 2003 20:00:00
4303 13 Nov 2003 02:00:00
4304 14 Nov 2003 13:00:00
4305 19 Nov 2003 21:00:00
4306 26 Nov 2003 19:00:00
4307 03 Dec 2003 20:00:00
4308 10 Dec 2003 20:00:00
4309 17 Dec 2003 20:00:00
4310 22 Dec 2003 03:00:00
4311 24 Dec 2003 17:00:00
4312 31 Dec 2003 17:00:00
4313 07 Jan 2004 19:00:00
4314 14 Jan 2004 22:00:00
4315 16 Jan 2004 16:00:00
4316 19 Jan 2004 06:00:00
4317 21 Jan 2004 20:00:00
4318 26 Jan 2004 17:00:00
4319 27 Jan 2004 05:00:00
4320 28 Jan 2004 19:00:00
4321 29 Jan 2004 22:00:00
4322 04 Feb 2004 22:00:00
4323 11 Feb 2004 19:00:00
4324 17 Feb 2004 17:00:00
4325 18 Feb 2004 16:00:00
4326 18 Feb 2004 22:00:00
4327 24 Feb 2004 01:00:00
4328 25 Feb 2004 18:00:00
4329 28 Feb 2004 02:00:00
4330 01 Mar 2004 01:00:00
4331 02 Mar 2004 18:00:00
4332 03 Mar 2004 03:00:00

| Leave a comment | Share

Comments {5}

Pete

from: pjc50
date: 3rd Mar 2004 15:54 (UTC)

I'm starting to think that the only way this is going to stop is a speed-camera like solution: make passing on an email virus a criminal offence (which arguably it already is under the CMA; it's just a question of strict liability vs. mens rea). Make it a fineable offence with strict liability and let the police or a quango rake in the fines. When people start getting prosecuted for clicking on attachments they might stop doing it. If not, at least we can tax stupidity.

This is a rather Daily Mail solution, but I'm wondering what part of "don't do that" people don't understand.

Reply | Thread

glitterboy - the dark lord of washing

from: glitterboy1
date: 3rd Mar 2004 22:52 (UTC)

their usual weekly release schedule just isn't frequent enough any more

Or even their recent, near-daily schedule! We ended up yesterday using two generations of their daily DAT files, just to keep on top of what we were seeing. *sigh*

Reply | Thread

Tony Finch

from: fanf
date: 4th Mar 2004 02:02 (UTC)

Yes they aren't able to keep up with the exceptional pressure this week.

I'm thinking of putting a mandatory 6 hour delay on any email from outside that's even remotely suspicious, to give time for the AV software to catch up. (HHOS)

Reply | Parent | Thread

glitterboy - the dark lord of washing

from: glitterboy1
date: 4th Mar 2004 04:24 (UTC)

Heh. Well, it wouldn't be any worse than some of what we've already had to do at times.

Still getting better bagle-handling on Windows and Linux with the daily DAT files (even yesterday's dailies!) than with 4333. Bugger.

Reply | Parent | Thread

oldbloke

from: oldbloke
date: 4th Mar 2004 13:27 (UTC)

I update our Sophos CIDs immediately whenever I get an email from the alert list. About 4 a day this week.
I was off on Wednesday, when the passworded versions of Bagle turned up, and also Nachi-B has got onto campus somehow (including my boss's machine, naughty boy stopped doing his Windows Update). When oh when will they tell me where I can have server space for Enterprise Manager? Why oh why did he let the Sophos licence expire?
I must say VirusScan 7 is waaaaay better than any previous version. If it wasn't for the userbase I might have said, hey, let's not renew Sophos.

Reply | Parent | Thread