csw08-alvarez

Recommendations

Info

Anti-Virus Software > General problems
Anti-Virus Software > General problems Vulnerability Notification We report every bug to the vendor before publishing *any* Information > It’s difficult ! > Even finding the correct person to talk to > secure@ / security@ - do not always exist > Bugs are more often than not fixed quietly > 10 Bugs reported transformed in 1 Bug being published (“Fixed Archive bypass”) > For Bypasses - Risk Rating is often a joke > Don’t make the difference between Client and Gateway Solutions > We spent days explaining bugs : > “It just crashes because it jump invalid memory location, EIP points to x41414141, that address does not exist, it’s not a security Problem…” > Hey, but that exceptions is handled !
Page 1 and 2: The Death of AV Defense in Depth ?
Page 3 and 4: Revisiting AV Software ? What will
Page 5 and 6: Death of AV Defense in Depth ? > In
Page 7 and 8: Death of AV Defense in Depth ? > IT
Page 9 and 10: Anti-Virus Software > Anti-Virus So
Page 11 and 12: Anti-Virus Software > Myths Why bot
Page 13 and 14: Anti-Virus Software > Facts Here ar
Page 15 and 16: Anti-Virus Software > Facts Here ar
Page 17: Anti-Virus Software > General probl
Page 21 and 22: Anti-Virus Software > General probl
Page 23 and 24: Anti-Virus Software > General probl
Page 25 and 26: Death of Defense in Depth ? > TOC 1
Page 27 and 28: Anti-Virus Software > Hunting Bugs
Page 37 and 38: Anti-Virus Software > Facts The Res
Page 39 and 40: Anti-Virus Software > E-Mail AV Vul
Page 41 and 42: Anti-Virus Software > Email Exploit
Page 43 and 44: Anti-Virus Software > Final Words F
Page 45 and 46: Anti-Virus Software > Final Words F
Page 47: Anti-Virus Software > Final Words R

csw08-alvarez

Create successful ePaper yourself

Delete template?

Save as template?